Articles

Electronic signatures. Can I sign and perform acts electronically?

by Lenka Katríková

The current situation caused by the spread of COVID 19 disease requires a quick and effective adaptation to the online environment, particularly in business. This fact has imposed the need to solve several practical situations, including the electronic signing of documents. Given the complexity of legislation, it is difficult to navigate this area, therefore we provide a set of simplified instructions on how to deal with this issue.

What is electronic signature?

Electronic signature as a legal concept, is regulated at a European level by the specific regulation eIDAS.[1]

Pursuant to this regulation, we recognize 3 levels of electronic signature, depending on how reliable it is to identify the signatory and to ensure the integrity (immutability) of the electronic content.

The first type of signature, is a standard electronic signature (SES), which can be best understood as a piece of data or group of data in electronic form that is attached or logically associated with other data in electronic form and which the signatory uses as a signature. A classic example would be the content of the email, ending with the name and surname of the person concerned, who confirms his / her identity in this way. Given the fact that it is very difficult to verify that a person who signed the e-mail is indeed the person whose identity is mentioned, it can be assumed that this source is trusted.

The second signature is the advanced electronic signature (AES), which already imposes greater requirements on the identity of the signatory. Such requirements shall include, in particular, the condition that the signature is uniquely linked to the signatory, as it allows the signatory to be identified, as well as the possibility to find out any subsequent change in data, etc. Currently, the AES is mainly used by various applications through which electronic documents can be signed and through which the signatory's identity can also be verified. Currently, several of them (e.g. DocuSign) use encryption and so-called Public Key Infrastructure (PKI), which simply works by giving the signatory a private key to sign the document, as well as verifying its identity and issuing a certificate confirming that identity. The certificate is subsequently attached to the signed document, containing, except for the data of the signatory, the public key. The addressee receiving the document is then able to verify, by means of the certificate and the public key to which he has access, whether the document has been signed by the signatory and whether it has been delivered in the unchanged form to the addressee. Depending on the nature of the application, the addressee needs to download the application to its device, register on a certain platform, perform another similar step, or be able to verify the electronic signature without fulfilling these conditions. This type of electronic signature ensures not only a higher degree of verification of the signatory's identity, but also the integrity of the document.

The third signature is the so-called qualified electronic signature (QES), which is the highest in the hierarchy of electronic signatures and is deemed to be the most trusted electronic signature. It is an advanced electronic signature which created by using a qualified electronic signature device and based on a qualified certificate for electronic signatures. The QES is created when you sign a document by your identity card (or other identity document) with an electronic chip (the eID card). In order to complete this, you need to have an eID card, which contains a set of "uploaded" cryptographic keys and a qualified certificate, chip card reader and last but not least, relevant computer software which can be downloaded- drivers for the card reader, which can be downloaded at www.slovakia.sk and the application for a qualified electronic signature, e.g. D.Signer/XAdES, Disig Desktop Signer, SignSign.sk, ZEP.disig.sk., QSign (QSign eSigner also offers the possibility of signing directly in the web browser environment without having to separately download the application to the device).

Qualified certificates can only be issued by a qualified trustee registered in the list kept by the National Security Authority (NSA) (in Slovakia, such as Disig, a.s. or First certification authority, a.s.). A complete list of these persons in Slovakia as well as in the other Member States can be found on the website of the European Commission.[2]

Should you also have a qualified electronic time stamp which is attached to a time stamp on your QES, the presumption of the correctness of the date and time will be indicated in the time stamp and will subsequently relate to the signature that applies.

How can I sign in Slovakia?

It is important to stress that the eIDAS Regulation does not affect the national law relating to the conclusion and validity of contracts or other legal or procedural obligations relating to its form. For this reason, it is always necessary to carry out an analysis in relation to the national legislation.

If we take into consideration the general Slovak legislation on the form of legal acts[3](3), we will find that a written legal act is valid if it is signed by the person acting (it is supposed to be a handwritten signature). At the same time, it is expressly stated that the written form of the legal act is preserved, even when made by electronic means which enable the content of the legal act to be captured and the person who performed the legal act to be identified. These conditions can also be met with the above-mentioned standard electronic signature (without the attribute), but if there is a dispute whether such a written legal act has been done by the signatory, it is likely that there won’t be sufficient evidence to prove the identity of the signatory (it could be argued that a particular person will argue that she/he did not write the email because another person acted on her behalf ). However, unless you assume that such a dispute could arise in the future, if you are respectively willing to undertake such a risk, it is possible to carry out the written action by a standard electronic signature (without the attribute). In this way, it is recommended to sign acts not legally requiring a written form of a legal act, but for the legal certainty you want to perform them in writing, e.g. purchase contracts for goods, contracts for provision of services, etc. Less risky situations where a subsequent or double check of such act is foresee could consist of examples such as confirmation by telephone number, or an e-mail receipt, followed by delivery of the goods and acceptance by the addressee etc. In order to increase legal certainty, it is recommended that the parties agree, as far as possible, on such electronic communication in advance and, for this purpose, indicate for example specific email address and confirmed that only the signatory has access to it, reducing the risk of a dispute in the future. At the same time, it should also be pointed out that, in general, the legal effect of such a standard electronic signature (without an attribute) and its eligibility as evidence in legal proceedings must not be refused solely on the sole ground that it is in electronic form or does not meet the conditions of qualified electronic signatures.

The second option is to use an advanced electronic signature, which already provides for a more trustworthy verification of the signatory's identity and, in the event of a dispute, may be a more effective means of proof of a specific act (e.g. to prove the signature of the contract by the relevant party). In principle, any document may be signed by this signature, except for those for which an officially certified signature is required (see below). If you use a commercial application for this purpose, we recommend verifying references of the entity running the application and using only known and verified applications for which you are certain of their security. The advantage over a qualified electronic signature is that the eID card and card reader are not usually required to create a signature, which is a simplification, but at the expense of the higher trustworthiness of a qualified electronic signature.

The safest alternative would be to sign the document with the QES, expressly applying the presumption of preservation of the written form of the act. This is also confirmed in the eIDAS Regulation itself, as it is stated that the QES has a legal effect equivalent to a handwritten signature.

The advantage of the QES is that if you attach a qualified electronic time stamp[4] to the QES, such a signature is in conjunction with the time stamp which replaces the official certificate of authenticity of the signature (by a notary or a registry office). In this case, there is no need to officially verify the signature, which is required for certain legal acts, e.g. concluding an agreement on the transfer of ownership interest, an agreement on the transfer of real estate, etc.

To sum up the above-mentioned, the usage of electronic signatures is not hindered by the Slovak nor European legislation. On the contrary, it has created a sufficient platform for improving the performance of legal acts in an online environment. In the current world of technology and innovation, it is reasonable to assume that electronic communication will progress significantly to a higher level (such as holographic communication, humanoids, a higher form of artificial intelligence etc.), which will undoubtedly pose another challenge for the legislator to deal with in terms of their legalities for the above examples.



[1] REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC.

[2] This is the main difference between the advanced electronic signature and the qualified electronic signature, since, in the advanced electronic signature, the electronic signature and the certificate are drawn up, validated and maintained by an entity that does not need to be entered in the list of qualified trusted persons (this is the so-called unqualified trust service provider), which in fact reduces the trustworthiness of such an electronic signature, as such an entity is not obliged to pass the NSA registration and to prove the conditions for granting qualified status.

[3] Section 40 of Act No. 40/1964 Coll. Civil Code, as amended.

[4] When creating a qualified electronic signature through the portal slovakia.sk in the so-called the message constructor (after confirming a successful signature in D.Signer/XAdES), the qualified time stamp is automatically appended to the signature. In other applications, e.g. a time stamp server configuration is required.

 

Career in law ?

BRATISLAVA

  • Mon - Fri
  • Hodžovo nám. 2A, 811 06 Bratislava
  • +421 2 3333 8888
  • office@stentors.eu
  • Slovak Republic

PRAGUE

  • Mon - Fri
  • Myšák Gallery Vodičkova 710/31, 110 00 Praha
  • +420 296 226 811
  • vlachova@advokatpraha.cz
  • Czech Republic
Stentors 2018 © All Rights Reserved