Table of contents
Is the electronic signature legal? This is the first question that many people ask us when we explain that at Signaturit we have developed an electronic signature solution.
The resounding answer is yes. The electronic signature is legal throughout the European Union and in many other countries, including the United States.
It is common that there are still doubts about the electronic signature, and reluctance to use it due to lack of information. But the reality is that, in a very short time, this technology is going to completely replace the traditional way of signing documents – on paper and with a pen -, a fact that has already occurred in many companies.
This is not only because the latter option is less secure than the electronic signature, but also because it usually requires the presence of the signer, something that is becoming less and less conceived given the ubiquity of the digital world.
Next, we are going to review the European and Spanish legislation that establishes the legal validity of electronic signatures, we will also detail the types of electronic signatures that exist and we will explain how the advanced electronic signature differs from the qualified one.
1. What laws establish and regulate it?
Yes, electronic signatures are legal and recognized as valid in Regulation No. 910/2014, known as eIDAS, which came into force throughout Europe on July 1, 2016.
By the fact of being a regulation, and not a directive, eIDAS is directly applicable in all member states. This overcomes the margin of interpretation that the previous European standard on electronic signature – Directive 1999/93/EC, repealed by eIDAS – allowed each state, thereby complicating the validity and recognition of electronic signatures between the different EU countries, and therefore hindering the full realization of the single internal market for electronic commerce.
What does the electronic signature law say?
Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 – on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC
(2) “This Regulation seeks to enhance trust in electronic transactions in the internal market by providing a common foundation for secure electronic interaction between citizens, businesses and public authorities, thereby increasing the effectiveness of public and private online services, electronic business and electronic commerce in the Union”.
In this way, the European regulation establishes a legal framework for electronic identification systems and trust services applicable throughout Europe. This legal framework includes and contemplates electronic signatures, electronic seals and time stamps, electronic documents and electronic delivery services or certified electronic mail, and certification services for website authentication.
What legal validity does the electronic signature have?
In Spain, the law that regulates the electronic signature is Law 6/2020 regulating certain aspects of electronic trust services that entered into force on November 13, 2020.
This law regulates trust services and their legal effectiveness at the national level as a complement to the provisions of the eIDAS Regulation, the latter being the main regulation on the matter both in Spain and in the rest of the European Union.
Regarding the Civil Procedure Law, joint mention must be made with article 326, which establishes the probative force of private documents, to article 299.2 of the same law, which stipulates that “the means of reproduction of the word, sound and image will also be admitted, in accordance with the provisions of this Law, as well as the instruments that allow archiving and knowing or reproducing words, data, figures and mathematical operations carried out for accounting or other purposes, relevant to the process”.
For its part, the LSSI in its article 23 establishes that “contracts concluded electronically will produce all the effects provided for by the legal system, when the consent and other requirements necessary for their validity concur”.
In addition, “for the valid conclusion of contracts by electronic means, the prior agreement of the parties on the use of electronic means will not be necessary”, therefore, they will be valid as long as the parties freely give their consent to the conclusion of contracts for a lawful purpose and cause.
Finally, it is important to fully cite article 24 of the LSSI which stipulates the following: ” 1. The proof of the conclusion of a contract by electronic means and that of the obligations that have their origin in it will be subject to the general rules of the legal system. When contracts concluded electronically are electronically signed, the provisions of article 3 of Law 59/2003, of December 19, on electronic signature will apply. In any case, the electronic support on which a contract concluded electronically is recorded will be admissible in court as documentary evidence.”
Therefore, contracts concluded by electronic means will be valid in Spain as long as the parties freely give their consent to the conclusion of contracts for a lawful purpose and cause.
The electronic signature in Spain can be used for the signing of all those agreements that are not subject to form restrictions that prevent it.
2. What types of electronic signatures exist?
Article 3 of Regulation 910/2014 of the European Union contains the following definitions:
Electronic signature: “data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign”.
Advanced electronic signature: “an electronic signature which meets the following requirements:
it is uniquely linked to the signatory;
it is capable of identifying the signatory;
it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and
it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.”
Qualified electronic signature: “an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures.”
“An electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic signatures.”
– Article 25, Legal effects of electronic signatures, Regulation 910/2014
3. What is the main difference between the advanced and qualified electronic signature?
Considering the definitions of the eIDAS regulation, the main difference between the advanced and qualified electronic signature are actually two:
The qualified electronic signature must be created with a qualified electronic signature creation device.
The qualified electronic signature must be based on a qualified certificate for electronic signatures.
What is a qualified electronic signature creation device?
Qualified electronic signature creation devices must meet the requirements set out in Annex II of Regulation 910/2014.
For practical purposes, a qualified device is an apparatus (hardware) that must be able to guarantee that the electronic signatures made with said device are secure and protected against possible forgeries. To do this, these devices must be able to resort to cryptographic algorithms, key lengths and adequate hash functions.
Because these characteristics have not been agreed upon at the European level, the EU has established a series of technical standards to assess the security of qualified electronic signature and seal creation devices. The list of standards are set out in Commission Implementing Decision (EU) 2016/650 of 25 April 2016 and are in force.
In Spain, the Spanish Association for Standardization and Certification (AENOR) adopted the standards established by the EU to Spanish regulations. Devices that comply with these standards will be presumed to comply with the requirements established by Regulation 910/2014 of the European Union.
What is a qualified certificate for electronic signatures?
A qualified certificate for electronic signatures, as defined in Regulation 910/2014, is a certificate issued by a qualified trust service provider, and which meets the requirements set out in Annex I of Regulation 910/2014.
The purpose of electronic certificates is to validate and certify that an electronic signature corresponds to a specific person or entity, and it can do so because it contains the data of the individual or entity in question: name, tax ID number, signature algorithm and keys, expiration date and issuing body.
At Signaturit we offer our IvSign tool where, in addition to issuing and using your digital certificates in the cloud, you can sign with the highest legal guarantees from anywhere and any device when you need it.
4. What are the advantages of the advanced and qualified electronic signature?
In a more practical way we can see what are the main advantages of the advanced and qualified electronic signature:
Qualified electronic signature
The qualified electronic signature is the type of signature with the greatest legal robustness that provides us with greater security in case of conflict. As we have already mentioned, it must meet three essential requirements:
The signatory must be uniquely linked and identified to the signature.
The data used to create the signature must be under the exclusive control of the signatory.
It must have the ability to guarantee that the data has not been modified after signing.
For its part, the digital certificate is defined as “an electronic signature certificate that has been issued by a qualified trust service provider”. The certificate must be issued by a Certification Authority, an officially recognized entity that supports the identity of the signatory.
Advanced electronic signature
On the other hand, our advanced electronic signature solution is also very easy to use from any device – computer, tablet or mobile – and is a highly valued tool by digital consumers, as it allows them to complete any procedure when and where it is most convenient for them, in a matter of seconds.
Signaturit’s electronic signature solution complies with both the eIDAS Regulation and the electronic signature laws in force in the United States, eSign and UETA Acts – so that:
It allows the signatory to be identified, since we collect a series of data that is unequivocally associated with the signatory during the signing process: email, geolocation, and the biometric data of the graph when the device allows it, among other data.
It is possible to detect any change made to the signed document, thanks to the fact that we use a public/private key system for both the signed document and the evidentiary document, which allows us to encrypt all the generated documentation and this guarantees the integrity of the data at all times.
It links the generated documentation to the signatory and their data, providing a hash system and unique key that is directly related to the signatory.
It is created by means that are under the control of the signatory: the signature is generated directly from the signatory’s device and can only be accessed by accessing the signatory’s private accounts.
If you want to try our advanced electronic signature solution, you can do it today. You just have to register here and you will have access to all the functionalities that we offer for free for 7 days.
If you need more information about the electronic signature or about how our solution works, do not hesitate to contact us by sending an email to [email protected].