New EU regulation for electronic signatures

Intellectual Property and Technology News


The EU has adopted a new regulation, which will introduce a new legal framework for electronic signatures, seals, time stamps and electronic documents.

These rules aim at creating a uniform regime across EU for the mutual recognition of electronic identification between member states. This new regulatory framework (910/2014/EU) was published in the Official Journal of the EU on 28 August 2014 under the name "Regulation on electronic identification and trust services for electronic transactions in the internal market" (commonly referred as "e-IDAS" Regulation).

It will apply from 1 July 2016 replacing the Directive on Electronic Signatures (1999/93/EC).

Revising the previous Directive is one of the 12 policy initiatives proposed in the Single Market Act (the Act) with the main purpose of ensuring confidence in electronic transactions and creating a pan-European legal framework for all EU member states. The need for a new regulatory framework was identified as being necessary during the public consultation on Electronic Signatures carried out by the European Commission as part of the Digital Agenda for Europe in 2011. Various shortcomings were identified in the legal framework governing electronic signatures and authentication (Directive on Electronic Signatures 1999/93/EC). In order to repair these weaknesses and develop a single European digital market, a review had to be conducted and a new regulation to be adopted.

The e-IDAS Regulation introduces mutual recognition of e-identification means and electronic trust services (e-signatures, e-seals, e-registered delivery services, time stamping, website authentication). Articles 6 to 12 of the regulation focus on electronic identification (eID) and the provisions apply when member states choose to notify the Commission of their national eID schemes. However, there is no obligation for EU member states to introduce such a scheme. Articles 13 to 24 cover trust services and the ancillary infrastructure related to electronic transactions such as verifying electronic signatures, creating certificates for website authentication and preserving electronic seals. Articles 35-40 introduce the use of electronic seals, which are similar to electronic signatures but only available to legal persons.

One key change of the new regulation is the introduction of the advanced electronic signature. This signature – as opposed to the basic electronic signature that is in place under the current Directive 1999/93/EC – allows unique identification and authentication of the signer of the document and enables the verification of the integrity of the signed data. The signer is capable of using the latest technologies for providing his signature, such as mobile devices.

Another key change is the mutual recognition of qualified electronic signatures from all member states that will adopt the new regulation. For those member states with eID schemes, the concept of the mutual
recognition will have a significant effect facilitating more efficient interaction with public service providers.

Article 25 of the Regulation keeps the principle that all electronic verification services shall be admissible as evidence in legal proceedings, including electronic signatures, seals, time stamps, registered delivery services and certificates for website authentication. It specifically provides that an electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the fact that it is in electronic form. However, these electronic verification services have to meet certain technical requirements to confirm the integrity and correctness of the data to which they are linked.

The Regulation includes a definition of trust services covering a wide range of electronic services, including electronic signatures, electronic time stamps and website authentication. It distinguishes between qualified and non-qualified trust services. The former will appear on a public register, and will have an EU trust mark and increased liability, with qualified trust providers facing a reverse burden of proof. The concept of qualified versus non-qualified trust services applies also in the current Directive. However, the new Regulation provides a clearer definition of trust services, their requirements and associated supervisory measures, applying under greater scrutiny to more electronic services than before. The main objective is to build public confidence in the security of digital transactions and to encourage more people to use electronic signatures, by demonstrating to individuals and businesses their advantage over handwritten signatures.

The new directly effective Regulation will ensure uniformity across the EU, and will address the existing problem of different national rules on electronic signatures, which is due to every member state implementing the law individually. The EU Commissioner Neelie Kroes justified the new Regulation as follows: "People and businesses should be able to transact within a borderless Digital Single Market, that is the value of the Internet. Legal certainty and trust is also essential, so a more comprehensive eSignatures and eIdentification Regulation is needed.”

Clients using electronic signatures to authenticate their transactions should be aware of these new provisions, including the unique electronic identification and the stricter supervisory measures which will apply to trust services. These rules will have a wider significance across the EU ensuring uniformity and increasing cross-border digital transactions between member states.