Electronic signatures are widely used throughout the European Union (EU). In the EU, the use of electronic signatures is regulated by Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS). The eIDAS Regulation is directly applicable throughout the EU although each member state may have additional laws that should to be considered.
The eIDAS Regulation makes a distinction between three different kinds of electronic signatures:
- An electronic signature (also referred to as a simple electronic signature) encompasses any data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign. When an electronic signature meets certain requirements, it can qualify as “advanced” or “qualified”;
- An advanced electronic signature (AdES) refers to an electronic signature that meets some additional requirements so that a higher level of trustworthiness can be met. These requirements are that the electronic signature is:
- uniquely linked to the signatory; and
- capable of identifying the signatory; and
- created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and
- linked to the data signed in such a way that any subsequent change in the data is detectable;
- A qualified electronic signature (QES) is an advanced electronic signature that is:
- created by a qualified electronic signature creation device; and
- based on a qualified certificate for electronic signatures
QES have the same legal effect as a handwritten signature, meaning that for all situations where a document is signed with a QES, and where the relevant national law allows the contract to be executed electronically, the QES will have the same presumption of enforceability/admissibility as a “wet” signature. However, it is for the Member States to decide what legal effect is given to a handwritten signature. Additionally, for those cases where a QES is required in the EU, a qualified trust services provider (QTSP) should be used. And, it is up to the Member States to decide the cases in which a QES is required and some Member States do require a QES to be used for specific documents.
There are also enforceability/admissibility differences between the three types of electronic signatures. A QES carries a presumption of integrity, accuracy and authenticity in legal proceedings and is given the equivalent legal effect as a handwritten signature. However, simple and advanced electronic signatures (non-qualified e-signatures) are only admissible as evidence in accordance with the non-discrimination principle. The non-discrimination principle essentially means that the legal effect and admissibility of non-qualified e-signatures will not be affected (or discriminated against) based solely on the fact that they are provided in electronic form or because they do not meet the requirements of a QES. Additionally, Member States can also decide which legal effects are given to a non-qualified electronic signature.
Under the eIDAS Regulation national Trusted Lists have a constitutive effect – these are commonly referred to as the EU Trust Lists or EUTLs. In other words, a trust service provider (TSP) and the trust services it provides will be qualified only if it appears in the EUTLs.
Member States also have the obligation to establish, maintain and publish trusted lists of Qualified Trust Service Providers (QTSPs) and the qualified trust services provided by them. A QTSP certified in any EU Member State will be recognized as a QTSP by all other Member States. Accordingly, no EU Member State may question the qualified status once a QTSP has been added to the trusted list by the supervisory authority of another Member State.
The eIDAS Regulation doesn’t make a general distinction between using electronic signatures in the context of natural persons, companies or governmental entities. However, when contracting with EU institutions, attention should be paid to any additional requirements that might be applicable.
The eIDAS Regulation does not require electronic signature data to be stored within the EU. However, Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) is applicable in the EU and should be respected when processing personal data. Accordingly, the rules on data transfers should be respected when storing and processing personal data outside of the European Economic Area.
National laws of the Member States
Although the eIDAS Regulation is directly applicable in every EU Member State, national laws need to be considered as well. For example, the Regulation does not deal with cases where a signature would be legally required, which is a prerogative of the Member States. However, if such a requirement is specified by national law, the Regulation sets out how this requirement can be met in practice when the activities are carried out in an electronic environment.
The Regulation also allows for the inclusion of specific features in qualified certificates at national level, provided that those specific features are not mandatory and do not hamper cross-border interoperability and recognition of qualified electronic signatures.
The eIDAS Regulation does not specify any documents or agreements that cannot be signed or executed electronically, neither does it specify any processes or workflows that cannot be replicated electronically. However, the E-Commerce Directive (Directive 2000/31) foresees the possibility for Member States to exclude the use of electronic signatures for the following categories:
- contracts that create or transfer rights in real estate, except for rental rights;
- contracts requiring by law the involvement of courts, public authorities or professions exercising public authority;
- contracts of suretyship granted and on collateral securities furnished by persons acting for purposes outside their trade, business or profession;
- contracts governed by family law or by the law of succession.
It is up to the Member States to specify any documents that are excluded from electronic signing and it is possible for Member States to enact national legislation that affects the applicability of the eIDAS Regulation. For further details on the validity and enforceability of electronic signatures in the relevant Member State, please refer to the individual Member State guides:
Disclaimer: Information on this page is intended to help businesses understand the legal framework of electronic signatures. However, Adobe cannot provide legal advice. You should consult an attorney regarding your specific legal questions. Laws and regulations change frequently, and this information may not be current or accurate. To the maximum extent permitted by law, Adobe provides this material on an "as-is" basis. Adobe disclaims and makes no representation or warranty of any kind with respect to this material, express, implied or statutory, including representations, guarantees or warranties of merchantability, fitness for a particular purpose, or accuracy.