Electronic transactions have virtually eliminated many of the barriers that once hampered international business and trade, which is one of the reasons why the European Union was so motivated to create its own set of guidelines and standards regarding the legality of electronic signatures and records.
In order for an e-signature to be valid within the EU, it has to pass a set of standards set forth in the Directive 1999/93/EC of the European Parliament and of the Council. The Directive was intended to “strike a balance between consumer and business needs,” by ensuring the security and legal integrity of communication that occurs online.
In the EU, e-signatures are largely governed by the Directive 1999/93/EC. Signed in 1999, the Directive went into effect in January of 2000 and created a legal framework to protect businesses and consumers that decide to complete transactions online. In order to be considered binding in EU courts, an e-signature must pass the tests set forth in the Directive. Once a signature has passed these tests and is viewed as a “Qualified Electronic Signature,” it is considered just as legally binding as a pen-and-paper signature.
Forms of Electronic Signatures
The European Directive ensured the validity of e-signatures so long as they fall into one of these three categories:
An electronic signature if defined as any type of electronic data that is “attached to or logically associated with” an electronic document.
Advanced Electronic Signatures
In order to be considered an advanced electronic signature, an e-signature must somehow be linked to and capable of identifying the signatory. It must also be created in a way that allows the signatory to retain control, and it must be linked to the document in a way that provides evidence if the data itself is tampered with or changed.
Qualified Electronic Signatures
Advanced electronic signatures that are “based on a qualified certificate” and created using a “secure-signature-creation device” that fits within the framework set forth in the Directive are considered qualified electronic signatures. These are the strongest forms of e-signatures in the EU.
The European Directive created a series of standard obligations that all certification service providers are required to meet – helping to ensure the security of e-signatures and electronic transactions for everyone involved. Service providers must be neutral entities or people who offer services related to e-signature technology, whereas electronic signature products are the actual hardware or software that is used by the certification service provider when creating a verified e-signature.
In order to be a certified service provider, a technology company must demonstrate reliability, security, and trustworthiness. The provider must be able to ensure that the timestamp on any electronic certificates is correct and take measures to prevent forgery. Included in the list of other requirements are the abilities to verify user identities and record certificate data for the purpose of legal proceedings.
The Directive explicitly states that technology companies must use “systems to store certificates in a verifiable form,” to prevent unauthorized users from making changes to entries. Documents and forms must be “publicly available for retrieval” when appropriate consent has been obtained, and they must be stored in a format that allows for periodic authenticity checks.
While the European Directive provides a number of protections for consumers and businesses with regard to online transactions, it does not cover any aspects having to do with the legal validity of contracts. Just because the e-signature on a contract is valid under the guidelines set forth in the Directive does not mean the contract itself is legal or the e-signature is admissible in court. A contract that does not meet the legal obligations based on the jurisdiction where it was created will not be considered valid whether it is signed electronically or with a pen.
For international businesses and people interesting in conducting transactions with consumers in the EU, the guidelines in the European Directive should provide some clarity as far as which types of technologies and signatures can be used to satisfy the EU’s legal requirements.