Are there specific requirements for the validity of an electronic signature?
The Electronic Commerce Act, Chapter 426 of the Laws of Malta, (the ‘E-Commerce’) deals with the validity of electronic transactions in the internal market and has recently been amended to ensure the implementation of the Regulation No. 910/2014 on electronic identification and trust services for electronic transactions in the internal market (the ‘eIDAS Regulation’). The eIDAS Regulation speaks of electronic signatures, described as data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign and classifies them into qualified electronic signatures (which is an advanced electronic signature created by a qualified electronic signature creation device and based on a qualified certificate for electronic signatures) and advanced electronic signatures.
The eIDAS Regulation provides that advanced electronic signatures must be uniquely linked to the signatory, capable of identifying the signatory, created using electronic signature creation data that the signatory can, with a high level of confidence, use under his or her exclusive control and is linked to the data signed therewith, in such a manner that any subsequent change of data is detectable.
Act no. 81 of 15 June 2001 on Electronic Signatures (the E-signatures Act) Section 3 no. 1 defines an electronic signature as data in electronic form which are attached to or logically associated with other electronic data and which serves as a method of authentication.
The Act differentiates between different types of electronic signatures. The most commonly used form of electronic signature within Norway is the advanced electronic signature, which requires that the electronic signature be:
- Uniquely linked to the signatory;
- capable of identifying the signatory;
- created using means that the signatory can maintain under his sole control; and
- linked to the data to which it relates in such a manner that any subsequent change of the data is detectable.
A qualified electronic signature is an advanced electronic signature that is based on a qualified certificate and produced by an approved secure signature creation system, cf. the Act Section 4. Providers of qualified electronic signatures and certificates are subject to requirements in the Act Chapter III and the Regulation on the Requirements of Qualified Certificates of 15 June 2001 no. 611, as well as the supervision of Nkom.
Where law, regulation or other instruments prescribes that a signature is a requirement necessary to obtain a specific legal effect, and such act can be conducted electronically, a qualified electronic signature shall always be deemed to fulfil such a requirement, cf. the Act Section 6. Furthermore, an electronic signature that is not qualified may also fulfil such requirement.
Digital signatures are the most commonly used form of electronic signatures. A digital signature must be linked between a physical person and the electronic data, and requires an electronic certificate consisting of information of the signatory (the private key) and a public key, in which the latter is linked to a certificate that confirms the signatory’s identity to other parties. The Act prescribes that the private key must be under the certificate holder’s control, for instance as a plastic card or a data chip (smartcard).
Yes. Turkey has an Electronic Signature Law w. no 5070. Pursuant to the Law, only those electronic signatures which are obtained from licensed Electronic Certificate Service Providers are valid.
Electronic signatures shall have the following requirements;
- exclusively linked to the signature owner,
- generated with a secure electronic signature creation device which is maintained under the sole control of the signature owner,
- enables the identification of the signature owner based on a qualified electronic certificate,
- enables to detect whether signed electronic data has been changed or not.
Foreign Electronic Certificates: The legal effects of electronic certificates issued by any Electronic Certificate Service Provider established in a foreign country shall be recognized under international agreements. In case that electronic certificates issued by any Electronic Certificate Service Provider established in a foreign country are recognized by an Electronic Certificate Service Provider established in Turkey, such electronic certificates are deemed to be Qualified Electronic Certificates.