Your Guide to European Electronic Signature Laws
In contract law, if there is ever any question about an agreement, the first thing courts look for is the signature: who agreed to what, when. And while electronic signatures have largely become established worldwide as binding and legal, most governments have written their own electronic signature laws and regulations that have slight differences between them. In legal proceedings, an electronic signature’s evidential value depends largely on how the data was generated, communicated, and if it was retained in a secure manner.
Are electronic signatures recognized internationally?
For the most part, yes. The guiding light of electronic signatures is a 1996 United Nations publication, UNCITRAL Model Law on Electronic Commerce, that lays the foundation of conducting business electronically. One main principle was non-descrimination, that a document “would not be denied legal effect, validity or enforceability solely on the grounds that it is in electronic form.”
The U.N. also aimed for technological neutrality. When considering how rapidly technology advances, they concluded availability should be universal and not tied to a specific product, which would, as a bonus, not require any more legislative work on the matter as tech advances.
Electronic signature laws in Europe
In 2000, the US passed the ESIGN law, which generally accepts electronic signatures as valid as a wet signed paper document along the lines of UNCITRAL, but still requires a wet signature in the case of wills, divorce, and court documents.
Sixteen years later, the European Union passed the eIDAS Regulation, short for “electronic identification and trust services.” The regulation established a 3-tiered signature rating and created a service to verify authenticity of individuals and businesses in regard to electronic documents. To do business in or with the European Union, one must work within these three types of signatures:
Standard Electronic Signature (SES)
As the name implies, standard signatures are acceptable for many common agreements to ease cross-border business in the EU. The SES is the bulk of electronic signatures transactions, but is considered a low bar for personal identification and security. An SES is accepted in B2B, B2C, and C2C situations.
Advanced Electronic Signature (AES)
This adds identity proofing and security. Both Advanced and QES (below) are accepted for most court briefs, consumer credit loan agreements, and residential and commercial leases.
Qualified Electronic Signatures (QES)
These are required for certain transactions such as those approved by the government, and necessitates the services of a Qualified Trust Service Provider (QTSP), a business that performs much like a notary public. This is the only electronic signature considered on par with a wet signature in Euro countries following eIDAS standards.
The QTSP business model relies on Secure Signature Creation Devices (SSCD) to issue digital certificates in either of two forms, local or remote.
A local SSCD is a smart card or USB thumb drive that the signer maintains control of, but a difference between the two is what’s considered device-neutral or not. A USB drive is considered universal as nearly all electronic devices have this connection, while a smart card system requires smart card readers, which is tied to a specific device and specific companies that make card readers.
A remote SSCD is a software solution that can be run from any device, PC or phone, paired with strong authentication. A focus is on audit trails, how the information is stored, its portability, and security of the data.
To achieve this level of security, three standards have to be met:
- The signatory must be uniquely identified to the signature
- The data used to create the signature must be under the sole control of the signatory
- There must be an ability to identify if the data has been tampered with after the document was signed
The future of global contracting is video conferencing, considered a remote SSCD. Recent tech advances have made online conferencing commonplace, reliable and safely encrypted.
Choose a contract management tool for international business
If your business serves international customers, the bulk of your electronic signature transactions are likely enforceable with a standard electronic signature. Your focus is well aimed at choosing contract lifecycle management software able to facilitate not only electronic signature delivery, but a data repository that securely stores your files for easy retrieval, management, and reporting insights.
Note: Ironclad does not provide legal advice. This article provides educational guidelines that can help inform software and technology decisions.