We would like to place strictly necessary cookies and performance cookies on your computer to improve our website service.
To find out more about how we use cookies and how you can change your cookies settings, please read our  cookies statement.                
Otherwise, we'll assume you are OK to continue.   Please close this message

Is an electronic signature worth the paper it isn’t written on?

30 July 2014

In the European Union the validity of electronic signatures was first set out in Directive 1999/93/EC which has been implemented in varying ways across the EU Member States.

The Directive sets out the criteria that form the basis for legal recognition of electronic signatures by focusing on certification services. These comprise the following:

  • common obligations for certification service providers in order to secure transborder recognition of signatures and certificates throughout the European Community
  • common rules on liability to help build confidence among users, who rely on the certificates, and among service providers
  • cooperative mechanisms to facilitate transborder recognition of signatures and certificates with third countries (ie countries outside the Europe).

The scope of the Directive was defined as "to facilitate the use of electronic signatures and to contribute to their legal recognition". The last few years the European Commission has published a number of opinions on the need to have a more comprehensive legal framework at European level for electronic signatures and certification services.

On 4 June 2012, the European Commission adopted a proposal for a new regulation regarding electronic identification, signatures and trust services (the Proposed Regulation).

The key changes which would be introduced by the Proposed Regulation are as follows:

  • an upgrade to the legal framework of electronic signatures, replacing the existing e-Signature Directive. For instance, it would allow individuals to 'sign' with a mobile phone; it requires higher accountability for security; and it provides clear and stronger rules for the supervision of e-signature and related services
  • other trust services (ie services which create, verify and handle electronic signatures, seals, time stamps, delivery services, etc) are included for the first time, meaning that there will be a clear legal framework and more safeguards through strong supervision services of electronic seals, time stamping, electronic document acceptability, electronic delivery and website authentication.
  • Article 15 introduces an obligation for trust service providers to implement appropriate technical and organisational measures for the security of their activities. Furthermore, the competent supervisory bodies and other relevant authorities must be informed of any security breaches within 24 hours. If appropriate, they will inform other member states' supervisory bodies and the individuals affected.
  • Trust service providers will be required to employ staff trained in data protection law to ensure compliance with the Data Protection Directive.

In October 2012 the European Data Protection Supervisor published an Opinion in which he made a number of recommendations:

  • the data protection provisions should apply not only to trust service providers but to personal data in electronic identification schemes
  • there should be a common set of security requirements for trust service providers and electronic identification issuers
  • special attention should be given to biometric data
  • elements essential for interoperability of schemes should be harmonised in the Regulation
  • the obligations imposed on electronic trust service providers regarding data security and data breaches should be in line with current and proposed data protection law, and
  • there should be more precise time limits for data retention included in the Regulation.

A revised version of the Proposed Regulation was published on 23rd July 2014. It is expected that the Regulation will be in force during 2015.

This article was written by Robert Bond.

For more information contact Robert on +44 (0)20 7427 6660 or robert.bond@crsblaw.com