24.04.2020

The electronic signature: long-distance (commercial) relationships

*An article by Cezara Constantinescu, Senior Associate

The state of emergency has brought a series of changes in the life of each of us. Among these, the way we communicate, the way we conclude contracts, the way we carry out our interactions with the public authorities. All these must be made, in principle, from a distance.

In this context, the electronic signature takes on particular relevance. The electronic signature is an instrument which exists and has been used for years, which however becomes particularly relevant in the current context, especially since the presidential decrees[1] not only imply, but also expressly advise towards the use of electronic means of communication. Moreover, GEO 38/2020[2], in force as of 7 April 2020, grants an increased legal value to the advanced electronic signature, allowing the use of such signature by natural/ legal persons in their relations with public authorities and institutions.

In this article, we will present the types of electronic signatures, their specific effects, as well as the issue of the electronic signature originating from a non-EU country.

I. The types of electronic signatures. The national and EU regulation.

Two main pieces of legislation on electronic signature are applicable in Romania, namely:

Law no. 455/2001 on the electronic signature (”Law 455/2001”);

Regulation (EU) No. 910/2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC („eIDAS”).

Being an EU regulation, eIDAS is mandatory and directly applicable in the national legal system. eIDAS has priority over Law 455/2001, where it grants broader rights than the latter. In any case, eIDAS is based on the principle that the legal effect of electronic signatures is defined by national law, except for the requirement according to which a qualified electronic signature should have the equivalent legal effect of a handwritten signature (para. (49) eIDAS preamble).

On a basic level, the electronic signature is defined as data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign. Three types of electronic signatures are regulated:

1. The simple electronic signature – consists of data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.

For example, the signature used in an e-mail, or the signature given on certain digital signature pads.

2. The extended electronic signature, named advanced electronic signature (“AES”) in eIDAS – is that electronic signature which:

is uniquely linked to the signatory;

allows the identification of the signatory;

is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and

is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.

Examples: DocuSign[3], PandaDoc, etc.

3. The extended electronic signature based on a qualified certificate, named qualified electronic signature (“QES”) in eIDAS – is an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures;

Consequently, the main difference between an AES and a QES is that the latter is created by a qualified electronic signature creation device, and is based on a qualified certificate for electronic signatures. These additional elements of the QES generate the presumption that the identity of the signatory is the real one, the reason for which QES is the “safest” type of electronic signature, and has the highest legal value, as will be shown below.

Qualified trust service providers in Romania are listed in the Registry kept by the specialized public authority, which is currently, the Ministry of Transport, Infrastructure and Communications[4]: https://www.comunicatii.gov.ro/semnatura-electronica/ The Registry is updated by the authority as changes occur with respect to the providers.

At an EU level, the full list of trust service providers – including QES in the member states, as per eIDAS, is published at this address: https://webgate.ec.europa.eu/tl-browser.

There is an important aspect which we underline here, namely that, as per Art. 25 (3) eIDAS, a qualified electronic signature based on a qualified certificate issued in one EU member state is recognised as a qualified electronic signature in all other member states. Consequently, a QES based on a qualified certificate issued in another member state is recognized as QES in Romania and has the same legal effects as a QES issued by a local provider.

II. The legal effects of the three types of electronic signatures

Below we will present the legal effects of the three types of electronic signatures, starting with the one with the highest legal value – the qualified electronic signature (QES), and continuing with the other two types of electronic signatures – the advanced electronic signature (AES) and the simple electronic signature.

1. The qualified electronic signature (QES)

Both eIDAS and Law 455 provide that an electronic document signed with QES is assimilated, in what regards its conditions and effects, with an act under private signature. More specifically, the QES has the legal value of a handwritten signature.

At the same time, when the written form is legally requested as a condition of validity or proof of a legal act, an electronic document fulfils such condition if it is signed with a QES.

In this respect, we mention by way of example:

Legal acts for which the written form is a validity condition:

a court claim / a request for appeal;
 a company’s constitution, as per the Company Law no. 31/1990 (when the notarized form is not required);
 the individual employment contract;
 the personal guarantee;
 the mortgage on movable assets;
 the land lease agreement;
the vote expressed in a company’s shareholders’ assembly, when the voter is not physically present;
 the vote expressed in the creditors’ assembly/ committee of an insolvent company, when the voter is not physically present;
 tax declarations;
 the handwritten testament.

Legal acts for which the written form is a proof condition:

 the legal services agreement (as well as any power of attorney based on such agreement);
the transaction agreement;
the company agreement (for companies without legal personality);
the insurance contract;
 the storage contract.

These legal acts are valid or can be proven, respectively, if they are signed with a QES.

2. The advanced electronic signature (AES) and the simple electronic signature

2.1 The general situation

We have previously shown that both eIDAS and Law 45/2001 give the QES the legal value of a handwritten signature.

Nevertheless, by interpreting the relevant legal provisions, we appreciate that the documents signed with AES or simple electronic signature may also have the effects of an act under private signature, in certain situations and under certain circumstances:

 In the case of legal acts for which the written form is not legally required as a condition of validity or proof (see item II.1 above) if the parties agree to use such signature in their relationship.

We may include here: orders; invoices; certain sales agreements; distribution agreements; service agreements; consumer agreements.

 For any legal act, if the party to whom the signature is opposed recognizes the signature.

In this regard, Art. 6 of Law 455/2001 provides that the act in electronic form, to which an electronic signature has been incorporated, attached or logically associated, recognized by the party to which it is opposed, has the same effect as an authentic deed between its signatories and their representatives.

The disadvantage is that in order to be valid, such recognition must be made in the legal form requested for the validity of the act, or before the court – if it comes to litigation. This is why, in practice, the use of a QES from the beginning is preferred.

For any legal act signed with an AES, even in absence of any recognition by the party to which the signature is opposed, if the interested party manages to prove that the AES meets the four cumulative legal requirements (item I.2. above), namely that it:

is uniquely linked to the signatory;
allows the identification of the signatory;
is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and
is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.

In the case of QES, it is presumed that these requirements are met, until any proof to the contrary (Art. 9 of Law 455/2001).

Illustratively, in practice, we may think of situations like: (i) a party in a contract signed with an AES denies having signed the contract, and the other party wants to prove that the signature indeed belongs to the party that denies it; (ii) when the recipient of a unilateral legal act (e.g. a unilateral promise of sale) signed with an AES wants to exercise the rights granted by such act, but its author (signatory) denies the signature; (iii) when the author of a unilateral legal act signed with an AES wants to prove such act generated legal effects.

Of course, such proof may be difficult from a technical point of view, however not impossible.

In all cases, the interested party is entitled to challenge in court a certain signature, be it a QES, an AES or a simple electronic signature. In such a situation, the court may order a technical (IT) expertise, the objectives of which will be more or less complex, depending on what exactly is challenged.

2.2 The particular situation of GEO 38/2020 – the AES has the legal value of a handwritten signature for natural and legal persons in their relation with public authorities and institutions

The recent GEO 38/2020 – in force as of 7 April 2020, grants the AES the legal value of a handwritten signature, in the relation of natural and legal persons with public authorities and institutions, providing that:

 As of 7 April 2020, public authorities and institutions have an obligation of registering documents signed with the electronic signature;

The public authorities and institutions establish the type of electronic signature applicable for the use of a particular online service by the natural or legal persons, with the observance of eIDAS. GEO 38/2020 provides that within 15 days from its entry into force, the public authorities and institutions will issue the administrative regulations necessary for the implementation of this provision[5].

The documents signed with an AES, which are sent by the utilisation of authentication mechanisms of a substantial or high level, are assimilated – as regards the conditions and effects thereof, with acts under private signature.

III. The issue of the electronic signature originating from a non-EU country

We have shown above that a qualified electronic signature based on a qualified certificate issued in one EU member state is recognised as a qualified electronic signature in all other member states (Art. 25 (3) eIDAS).

But what legal effects does an electronic signature originating from a third country have? For example, a document signed with DocuSign (USA). This is one of the questions we can face in practice.

As regards the QES, Art. 40 of Law 455/2001 provides that the qualified certificate issued by a certification services provider headquartered in a third country is recognized as having equivalent legal effects with the qualified certificate issued by a certification services provider headquartered in Romania if:

 The certification services provider headquartered in a third country had been accredited in the conditions provided by Law 455/2001; or

An accredited certification services provider headquartered in Romania warrants for that certificate; or

 The certificate or the issuing certification services provider is recognized by way of a bilateral or multilateral agreement between Romania and other countries or international organizations, based on reciprocity.

This latter hypothesis overlaps with the eIDAS provision according to which trust services provided by trust service providers established in a third country shall be recognised as legally equivalent to qualified trust services provided by qualified trust service providers established in the EU, where the trust services originating from the third country are recognised under an agreement concluded between the EU and the third country in question or an international organisation (Art. 14 eIDAS).

On the other hand, Art. 25 (1) eIDAS provides that an electronic signature will not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic signatures.

We appreciate that our conclusions above (item II.2) on the legal effects of the AES and the simple electronic signature are relevant here. Accordingly, an electronic signature originating form a third country, that does not meet the requirements for being considered a QES, may have legal effects as an AES or a simple electronic signature, as follows:

 In the case of legal acts for which the written form is not legally required as a condition of validity or proof (see item II.1 above), if the parties agree to use such signature in their relationship.

 For any legal act, if the party to whom the signature is opposed recognizes the signature.

 For any legal act signed with an AES, even in absence of any recognition by the party to which the signature is opposed, if the interested party manages to prove that the AES meets the four cumulative legal requirements (item I.2. above).

Moreover, considering the provisions of GEO 38/2020, we conclude that an AES issued in a non-EU country can be used by natural/ legal persons in their relation with public authorities and institutions, having the legal value of a handwritten signature in the sense of the GEO.

Finally, we reiterate that a qualified electronic signature based on a qualified certificate issued in one EU member state is recognised as a qualified electronic signature in all other member states (Art. 25(3) eIDAS). Consequently, a QES based on a qualified certificate issued in another member state is recognized as QES in Romania and has the same legal effects as a QES issued by a local provider.

 

[1] Decree no.  195/2020 on the establishment of the state of emergency in Romania, issued by the President of Romania, in force as of 16 March 2020. Decree no. 240/2020 on the extension of the state of emergency in Romania, in force as of 15 April 2020.

[2] Government Emergency Ordinance no. 38/2020 on the use of documents in electronic form, at the level of public authorities and institutions, in force as of 7 April 2020.

[3] Except for DocuSign France, which is a QES provider according to the list of trust service providers in EU: https://webgate.ec.europa.eu/tl-browser/#/tl/FR/9

[4] Following the reorganization of the Ministry of Communications and Information Society (MCIS), on 19 February 2020. An update of the websites of the involved ministries was not done yet, therefore the Registry is still published on the (former) website of MCIS.

[5] At the date this article was written, no such administrative implementation acts had been issued.