Now that we already know what an electronic signature is and their different typologies, let us dig a little deeper into the world of electronic signature. We will also talk about what a trusted service provider is, what the electronic signature certificate consists of and the validity of the signature.
Now, I will get to the point
The new concepts introduced in the definition of qualified electronic signature describe that: the electronic signature certificate is defined as that electronic declaration that links the validation data of a signature with a natural person and confirms, at least, the name or nickname of this person. In addition, mentions that this certificate must be “qualified”, issued by a qualified trust service provider and meeting the requirements of Annex I of the Regulations.
Let us go one step at a time
What are trusted service providers? All public institutions and companies that offer electronic signature services, to which a supervisory body has granted the qualification. Each member state maintains a public list of qualified providers. Click on this link to check the list of qualified providers in Spain. It is the Ministry of Economic Affairs and Digital Transformation, the competent supervisory body to grant the qualification. In addition, the list of qualified providers in Europe is maintained. You can find the legal effects of qualified electronic signature across Europe here.
What are the requirements laid down in Annex I of the European Regulation 210/2014, known as eIDAS Regulation? They are number of requirements on the minimum information that certificates must include. They would include such basic information as the name of the person or company, the location where it was issued, the provider who issued it, the period of validity, etc. That is, a whole series of data that allows obtaining information on the creation of the signature, but also that data that allows it to be validated.
It is important to say that the goal of electronic signature certificates is to validate and certify that an electronic signature is attributable to a specific person or entity. And it can do it because it contains the identifying data concerned.
Another new concept
The definition of qualified electronic signature refers to the qualified esignature creation device. It is described that the hardware or software used to create the signature must meet the requirements of Annex II of the eIDAS Regulation. The tools used are, for example, smart cards, USB tokens or security modules located in the cloud. They are elements that can contain cryptographic algorithms, key lengths, and adequate hash functions to guarantee full security, confidentiality, and reliability, and thus avoid counterfeiting. It should be added that technical regulations have been issued at European level in order to guarantee these requirements.
The validity of the signature
We have briefly commented in the previous sections that the Regulation recognizes legal effects as evidence in legal proceedings. This means you will need to go to each legal system and analyse the laws that regulate evidence (procedural laws) in order to review how this provision fits. This should be done by country, but considering the validity initially recognized
We have also raised the issue that only a qualified electronic signature will have the same effects as a handwritten signature. What does this statement mean? Before the arrival of electronic media, all signatures were executed on paper. Under civil law regulations, legal acts have been foreseen that are formalized with the signature as an expression of consent. And it allows a document, once signed, to display the legal effects that it seeks as a private document, according to procedural terminology. Therefore, it must be concluded that all the effects that have been foreseen by the handwritten signature are assimilated by the electronic signature. This does not mean that it is absolute. A signature on a paper is indisputable and if any, it must be demonstrated by means of relevant calligraphic expert evidence or an acknowledgement of the signatory or of its non-contradiction.
As a result, a curious note on this last issue is that in the qualified electronic signature, the signatory is already explicitly identified. Therefore, there is no need of any additional management to identify it.
To sum up
We have also commented in passing, the difference regarding the evidential validity between the electronic signature “without further ado” of the advanced electronic signature. Therefore, the answer is that, since the advanced signature requires higher demands (remember the 4 points of article 26), consequently, it would have more elements to build a more robust evidential framework to claim its validity and the identity of the signatory.
Finally, in the next and last post on the electronic signature, we will explain how Lleida.net Click & Sign tool offers solutions to individuals and companies in sending contracts or documents to sign digitally and with legal validity.
Chief Compliance Officer
Legal Practice Graduate at UAB Master in Law and New Technologies by ESADE and Law degree from the UAB. CESCOM® Compliance Certification.