Are there specific requirements for the validity of an electronic signature?
Technology (second edition)
Under the ITE Law, as amended and GR 82/2012, the following are the minimum validity requirements for an electronic signature:
a. the data creation of the electronic signature is relevant to the signatory;
b. the data creation of the electronic signature during the signing is only within the possession of the signatory;
c. all changes to the electronic signature that occur after signing can be known;
d. all changes to electronic information related to the electronic signature after signing can be known;
e. there are certain methods used to identify the signatory; and
f. there are certain methods to show that the signatory has given consent for the relevant electronic information.
As a rule, Dutch law does not require agreements to be in written form, or to be signed. Generally, agreements can be entered into 'form-free' (exceptions apply for example to certain real estate agreements and share transactions). In principle, there is no distinction in validity or enforceability between handwritten ('wet') signatures and electronic signatures.
EU Regulation 910/2014 ("Electronic Identification Regulation"), which has direct effect in the Netherlands, sets out the validity requirements for electronic signatures. Under the Electronic Identification Regulation, a 'qualified electronic signature' has the same effect as a handwritten signature (Article 25(2)) as long as it was created by a qualified electronic signature device and based on a qualified certificate for electronic signatures (Article 3(12)). The validity requirements for a qualified electronic signature are set out in Article 26 and Annexes I and II of the Electronic Identification Regulation and include the following: the signature must be uniquely linked to the signatory (Article 26(a)), the qualified electronic signature creation device must have appropriate technical and procedural measures to ensure that the confidentiality of the signature is assured (Paragraph 1(a), Annex II) and the qualified certificate for electronic signatures must clearly indicate the name or pseudonym of the signatory (Paragraph (d), Annex I).
The Provisional Measure 2,200-2/2001 attributes presumption of authenticity for digital signatures electronically certified by a certification authority accredited by ICP-Brasil, a hierarchical and reliable chain that governs and enables the issuance of digital certificates for the virtual identification of an individual or legal entity. However, the parties may also choose other methods to certify the signatures authenticity, including the use of a digital certificate issued by any entity not accredited by ICP-Brasil; in this case, the certification must be accepted by the parties as valid or accepted by the person to whom the document was opposed to.
Luxembourg law does not require an agreement to be in written form or to be signed. However, to prove a valid contract, a signature can be useful.
The EU Regulation 910/2014 (“Electronic Identification Regulation”, also called the eIDAS Regulation), which has direct effect in Luxembourg, sets out the validity requirements for electronic signatures. Under this regulation, a ‘qualified electronic signature’ has the same effect as a handwritten signature as long as it was created by a qualified electronic signature device and based on a qualified certificate for electronic signatures.
The validity requirements for a qualified electronic signature include the following: the signature must be uniquely linked to the signatory, the qualified electronic signature creation device must have appropriate technical and procedural measures to ensure that the confidentiality of the signature is assured, and the qualified certificate for electronic signatures must clearly indicate the name or pseudonym of the signatory.
Article 4 of Law no. 455/2001 on electronic signature (implementing the eIDAS Regulation), defines the electronic signature (e-signature) and the extended e-signature. The latter is the equivalent of the advanced e-signature in eIDAS Regulation and it must fulfill four conditions in order to be valid:
- it is uniquely linked to the signatory;
- it ensures the identification of the signatory;
- it is created using electronic signature creation data that the signatory can use under his sole control;
- it is linked to the data signed therewith in such a way that any subsequent change in the data is identifiable.
Under Article 5 of the said law, an extended e-signature ensures the validity of an electronic document if it is based on a qualified certificate and generated by a secure signature creation device. Simultaneously, Article 6 recognizes the validity of an electronic document if e-signatures were used. Moreover, in the instance where one of the parties does not recognize the e-signature, the court must have it verified by an expert.
Currently, the Spanish E-signature regulatory framework is composed by: (i) EU Regulation Number 910/2014 on electronic identification and trust services for electronic transactions in the internal market ("eIDAS Regulation") and (ii) Spanish Law 59/2003 on Electronic Signatures (E-Signature Act). Even though the E-Signature Act has not been formally repealed yet, most doctrine considers it applicable to any matters not regulated by the eIDAS Regulation and/or that do not contradict the provisions of the eIDAS Regulation.
In light of the above, there are three types of e-signatures:
- Simple electronic signature, that is data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.
- Advanced electronic signature, that is an electronic signature which meets several legal requirements, for example, is uniquely linked to the signatory or capable of identifying the signatory.
- Qualified electronic signature, that is an electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures. Qualified e-signatures must be validated through the fulfilment of several requirements according to law.
The above types of e-signature must comply with different requirements. In general, electronic contracts will be binding, whatever the form under which they have entered into, provided that they comply with the contract requirements under Spanish law, which are: consent; a certain object; and cause of the obligation.
Most transactions do not require e-signatures. In principle, there are no limitations applicable to the use of e-signatures but only a qualified electronic signature satisfies the legal requirements of a signature in the same manner as a handwritten signature.
This said, in April 2018 a Spanish draft bill regulating certain aspects of "Trust Electronics Services" was issued and this is expected to formally repeal the E-Signature Act. This new law will develop certain aspects of Trust Electronic Services not covered by the eIDAS Regulation and so, once in effect, the Spanish E-signature regulatory framework will be composed of: (i) the eIDAS Regulation (Advance E-electronic signatures will be mostly regulated by this UE Regulation) and (ii) the new law on certain aspects of "Trust Electronics Services".
The Evidence Act, 1872 recognises both: (i) ‘electronic signatures’ that have their own security protocols; and (ii) electronic signatures based on an authentication method prescribed by the law (asymmetric crypto system and hash function as required under the Information Technology Act, 2000 (IT Act)) issued by authorities appointed under the IT Act, legally termed as ‘digital signatures’.
Validity of an electronic signature (that follows its own security protocols) is presently subject to the below conditions:
- The data created with respect to signature creation and authentication is linked between the signatory and the authenticator only;
- The signatory of the electronic document has the intent to sign the document and he alone has the control of the electronic signature;
- Any change made to the signature, information, data, etc. is evident and detectable.
Digital Signatures are considered more authentic and are not subjected to tests, given that the entire authentication process is prescribed and regulated under the IT Act.
Electronic signatures in Turkey are regulated by Law on Electronic Signatures Numbered 5070. For an electronic signature to be considered as a legal substitute for wet signature it must be considered as a “Secure Electronic Signature”. Secure Electronic Signatures are defined under the Law on Electronic Signatures as the electronic signature that
- is related only to the signor;
- is created by using secure electronic signature tool that is only at the possession and of the signor;
- can be used to verify the identity of the signor by relying on a “qualified electronic certificate” and
- can be used for detecting whether any subsequent alteration on a signed electronic data have been done.
“Qualified electronic certificates” can only be issued by Electronic Certificate Service Providers who are public or private institutions that are authorized and accredited by Information Technologies and Communications Authority to provides services in relation to the relevant certificates and electronic signatures.
On an additional note on foreign electronic signatures, Article 14 states that the legal consequences of electronic certificates issued by a foreign electronic certificate service provider established in a foreign country shall be determined by international agreements.
The general requirements for electronic signatures are set out in the eIDAS Regulation (EU 910/2014) and the Act on Supplementary Regulations to the eIDAS Regulation (Sw. Lag med kompletterande bestämmelser till EU:s förordning om elektronisk identifiering). Detailed provisions regarding the requirements are however not included in the aforementioned documents. Instead, the Commission has the authority to further specify the standards required.
An electronic signature can be created in two ways.
- Either directly, with the help of an electronic certificate that connects validation data for an electronic signature to a physical person, confirming at least the name or pseudonym of the person, or
- Indirectly, in the sense that the user proves her/his identity so that a special signature certificate can be delivered by a third-party service and then used to produce the electronic signature.
In eIDAS, there are three levels of security relating to electronic signatures. These are: standard electronic signatures, advanced electronic signatures (AdES), and qualified electronic signatures (QES). Standard electronic signatures have the lowest level of trust, and can e.g. be in the shape of a scanned handwritten signature. A QES has the highest level of trust. It is the only type of signature that has the same legal value as a handwritten signature. For an electronic signature to become a QES, it requires that the signatory uses a certificate based digital ID that has been issued by a Trust Service Provider (TSP), together with a qualified signature creating device (QSCD). The QSCD can be in the shape of a smart card, a USB token or an application that creates a disposable password.
Different levels of security are needed depending on what the signatory wants to do.
The Code of Obligations sets out the principles governing e-signatures and refers to the Electronic Signatures Act of 18 March 2016, as amended (ESA), for the technical details, which in turn refers to its respective ordinance. An electronic signature is defined as electronic data which is joined or linked logically to other electronic data and which serves to verify such other data. The ESA distinguishes three levels of e-signatures: regular e-signatures, advanced e-signatures and authenticated e-signatures. The authenticated e-signature is deemed equivalent to a handwritten signature and can only be obtained from a recognised authority. A list of all such authorities in Switzerland is available on the competent federal authority’s website. Authenticated e-signatures are treated like handwritten signatures. Therefore, e-signatures cannot be used where the law sets out additional formal requirements, for example, in the case of a will (which must be handwritten in its entirety) or real estate deals (requiring a public deed). Additionally, authenticated e-signatures are only available for natural persons, not for legal entities.
Pursuant to the Electronic Signature Law, ‘electronic signature’ refers to the data in electronic form contained in and attached to a data message, for the use of identifying the identity of the signatory and showing that the signatory has recognized the content of the data massage. A reliable electronic signature has equal legal force with a hand-written signature or a seal. When an electronic signature concurrently meets the following conditions, it is reliable.
- When the creation data of the electronic signature is used for the electronic signature, it is exclusively owned by the electronic signatory.
- When the electronic signature is entered, the creation data is controlled solely by the electronic signatory.
- After the electronic signature is entered, any alteration to the electronic signature is detectable.
- After the electronic signature is entered, any alteration to the content and the form of the data massage is detectable.
The Federal Commerce Code (Código de Comercio) was amended in August 29th, 2003, for the sole purpose of regulating the use of the electronic signature. In this regard, the Federal Commerce Code recognized the existence of two kinds of electronic signatures: (i) the regular electronic signature and (ii) the advanced electronic signature.
The regular electronic signature is referred to as “Data stored in electronic, usually included or attached to a data message or logically associated to it by any technology. It is used to match any given signer with a specific data message, indicating that the signer approves the information contained in the data message, and producing the same legal effects as autograph signatures, being admissible as evidence in legal proceedings”.
On the other hand, the Federal Commerce Code provides that the advanced electronic signature is a regular electronic signature which additionally complies with the following requirements:
i. The creation data of the relevant signature belongs exclusively to the signatory;
ii. At the moment of use, the creation data of the signature was under the signatory’s exclusive control;
iii. It’s possible to detect any modification made to the relevant electronic signature after it was used; and
iv. As regards to the integrity of the information contained in any given data message, it is possible to detect modifications made to such information after the relevant signature.
Under applicable law, authorized Certification Services Providers (Proveedores de Servicios de Certificación), assess if at the moment of a data message signature, the electronic signature met the requirements needed to be deemed as advanced, and therefore, were valid for such purposes. Likewise, the Tax Administration Service (Servicio de Administración Tributaria) provides this certification free of charge.
In January 11th, 2012, the Advanced Electronic Signature Act (Ley de Firma Electrónica Avanzada), was enacted to regulate, from a technical perspective, the use of the advanced electronic signature, the digital certificate issuance and the services related to the use of the advanced electronic signature among others.
Said act provides that in order to use the advanced electronic signature, signatories must have a valid digital certificate issued by a Certification Services Provider (only valid for up to 4 years) and a private key generated under their exclusive control.
Save for transactions involving powers of attorney, wills and codicils, trusts and other negotiable instruments, the Electronic Commerce Act 2006 (“ECA”) applies to commercial transactions conducted through electronic means.
Section 9(1) of the ECA provides that “Where any law requires a signature of a person on a document, the requirement of the law is fulfilled, if the document is in the form of an electronic message, by an electronic signature which—
(a) is attached to or is logically associated with the electronic message;
(b) adequately identifies the person and adequately indicates the person's approval of the information to which the signature relates; and
(c) is as reliable as is appropriate given the purpose for which, and the circumstances in which, the signature is required.”
Section 9(2) of the ECA further states that “For the purposes of paragraph (1)(c), an electronic signature is as reliable as is appropriate if—
(a) the means of creating the electronic signature is linked to and under the control of that person only;
(b) any alteration made to the electronic signature after the time of signing is detectable; and
(c) any alteration made to that document after the time of signing is detectable.”
The ECA further provides that the Digital Signature Act 1997 (“DSA”) continues to apply to any digital signature used as an electronic signature in any commercial transaction. Section 62(1) of the DSA specifically prescribes that:
“Where a rule of law requires a signature or provides for certain consequences in the absence of a signature, that rule shall be satisfied by a digital signature where—
(a) that digital signature is verified by reference to the public key listed in a valid certificate issued by a licensed certification authority;
(b) that digital signature was affixed by the signer with the intention of signing the message; and
(c) the recipient has no knowledge or notice that the signer—
(i) has breached a duty as a subscriber; or
(ii) does not rightfully hold the private key used to affix the digital signature.”
Section 66 of the DSA also provides that a certificate issued by a licensed certification authority shall be an acknowledgement of a digital signature verified by reference to the public key listed in the certificate if that digital signature is (a) verifiable by that certificate; and (b) affixed when that certification was valid.
According to the Civil Code provisions that implement EU legislation governing this matter (latterly, EU regulation 910/2014 of 23 July 2014), an electronic signature is considered as a ‘signature,’ that is, as effectively identifying the author of an act and showing his consent, only when it results from a reliable identification process that guarantees its connection with the act. Qualified electronic signatures are deemed by statute to offer such reliability and, consequently, to have the same legal effects as a handwritten signature, because they fulfil certain requirements that are set out in regulations.
These requirements include the use of a qualified certificate which must be delivered to the signatory in person, as well as other requirements that, in practice, are seldom fully satisfied. Accordingly, so called ‘electronic signatures’ in current use on the market may most often not be considered as ‘qualified electronic signatures’ under the law. This means that, when challenged before the courts, their users will have to demonstrate their probative value.
German requirements on electronic signatures are laid down in the Regulation on Electronic Identification and Trust Services (eIDAS) which replaced the German Signature Act (SigG) only recently in July 2017. The new regulation contains binding European-wide rules in the areas of electronic identification and electronic trust services. The eIDAS Regulation introduced the so called “electronic seals”. Technically, these are similar to the electronic signatures. The main difference is the assignment to a legal rather than a natural person. While electronic signatures can be used to sign a declaration of intent, the electronic seal of an institution serves as proof of origin: It can be used wherever a personal signature is not necessary, but proof of authenticity is desired, e.g. in the case of official decisions, certificates and account statements.
For the validity of electronic signatures in general (for example in e-mails or PDF documents), there are no specific requirements. However, for legal acts which require written form according to section 126 German Civil Code (BGB) , this form requirement can (where not excluded in the law) only be replaced by a qualified electronic signature. A qualified electronic signature is only given in cases where an certified identification unit was used when creating the signature (which is rarely the case). Electronic documents only have the same value of proof as documents which were signed by hand if a qualified electronic signature is used in the document (section 371a German Code of Civil Procedure.
Yes. Electronic signatures have to fulfil the requirements under Section 8 of the Electronic Transactions Act (Chapter 88) in order for it to be valid. Essentially, there must be a method used to identify the person and indicate his intention in respect of the information contained in the electronic record. Furthermore, the method used must either be as reliable as appropriate for the purposes for which the electronic record was generated or communicated; or proven in fact, by itself or together with further evidence, to have fulfilled the above functions of identification and indication of intention.
The Electronic Transactions Act 1999 (Cth) sets out the validity requirements for electronic signatures in Australia. Under the Commonwealth Act, an electronic signature has the same effect as a handwritten signature where the following criteria are satisfied:
(a) the recipient has consented to receiving information electronically;
(b) the method of signing identifies the person sending the information and indicates that the person approves of the content of the electronic document signed; and
(c) having regard to all the circumstances of the transaction, the method of signing is as reliable as appropriate for the purposes for which the electronic document was generated. Alternatively, the identity of the signor and their approval of the content must be self-evident within the document or be otherwise available in some manner.
Each State and Territory has also introduced legislation which set out the above validity requirements in the same or similar terms.
Yes, the federal Electronic Signatures in Global and National Commerce Act ("E-SIGN") and the state implementations of the Uniform Electronic Transactions Act ("UETA") both address the use of electronic signatures. Both statutes provide that a signature, record or contract cannot be denied effectiveness solely because it is signed in electronic form. Notably, the statutes exclude certain documents and instruments from their scope, including wills, adoption and divorce records, court documents, and documents (other than contracts) governed by the Uniform Commercial Code (which would include negotiable instruments and security agreement).
In order for electronic signatures to be valid, the parties must consent to doing business electronically. Before a consumer can consent to use of an electronic signature, E-SIGN provides a list of disclosure requirements that must be met, including the records covered by the consent, how to withdraw consent, and how to update contact information to contact the consumer electronically.
As for a handwritten signature, if a document is signed or sealed by the principal or his or her agent, such document will be presumed to be authentically created under the Code of Civil Procedure. Likewise, in order for a digital record with an electronic signature by the principal to be presumed to be created authentically, such electronic signature must meet the requirements set forth under the Act on Electronic Signatures and Certification Business. There are no other specific requirements for the validity of an electronic signature.
The enactment of Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC was aimed at unifying within the EU the requirements regarding electronic identification in order to guarantee mutual recognition of an electronic signature based on a qualified certificate issued in any of the Member States. Under Regulation No 910/2014, Member States are thus not allowed to formulate any mandatory requirements towards qualified certificates exceeding the requirements laid down in this regulation. Consequently, such requirements are not provided for in the Polish legal system. The regulation allows for the introduction in the national legal systems of Member States of additional legal requirements relating to trust services in so far as those services are not fully harmonised by the regulation. There are, however, no country-specific requirements as to the validity of an electronic signature.