The situation in our today’s society, largely influenced by the COVID-19 pandemic, compels us more than ever before to use the electronic means of communication to get our routine business done in order to minimise our social interactions and, at the same time, expedite the process of handling your matters. Yet, many transactions require that the parties’ identity be checked and their will verified through a unique signature footprint. The following article explains how electronic signatures can be used instead of handwritten ones to verify the identity of individuals.
Under the relevant provisions[1] of the Civil Code, a written expression of will (‘juridical act’) is valid if it is signed by the person expressing their will. A person’s will is deemed to have been expressed in writing also if made through electronic means and signed by a guaranteed electronic signature.[2]
The eIDAS Regulation[3] distinguishes three types of electronic signatures depending on the criteria applied to identify the signatory and the degree of integrity assurance, i.e., exclusion of interferences with the document signed:
- electronic signature;
- advanced electronic signature;
- qualified electronic signature.
These types of signatures are not explicitly regulated by Slovak law. Under eIDAS, only the ‘qualified electronic signature’ has the equivalent legal effect as a handwritten signature. Let’s take a closer look at the individual types of signatures:
Electronic signature
Under the eIDAS Regulation, the ‘electronic signature’ means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.[4] The simplest example of how an electronic signature can be used in practice is when someone needs to append their first and last name at the bottom of an e-mail message to identify the sender or append their first and last name at the end of an electronic document. In these situations, it is practically impossible to prove whether the person appearing as signed in the e-mail communication is in fact its author. Thus the trustworthiness of an electronic signature is fairly low.
Therefore, electronic signatures are typically used in routine e-mail communications. This form of signing is not excluded to effect ‘juridical transactions’, but if a legal dispute based on such communication ensues, it might be difficult to prove that the person whose signature appears at the end of an e-mail message had actually sent it and, as such, was indeed a party to the contract or was authorised to act on behalf of the legal person who was presumed to be a party to the contract. It may be thus difficult to verify the signatory’s identity in these situations.
Advanced electronic signature
The eIDAS Regulation defines the ‘advanced electronic signature’ as an electronic signature which:
- is uniquely linked to the signatory;
- is capable of identifying the signatory;
- is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and
- is linked to the data signed therewith in such a way that any subsequent change in the data is detectable.[5]
Documents can be signed by an advanced electronic signature and the signatory’s identity can be verified through various applications. An advanced electronic signature can be used to sign routine private-law documents as this type of signature provides for more reliable verification of the signatory’s identity and reduces the risk of the document’s integrity having been compromised by a third party.
The applications providing the advanced electronic signature functionality assign a private key that is used to sign a document. The private key is used to verify the signatory’s identity and the certificate issued confirms that person’s identity. The signatory will then attach the certificate to the already signed document, a part of which is the public key. The thus signed document, thanks to the attached certificate and public key, makes it possible to verify whether it has been signed by the person identified as its signatory and whether the integrity of the document has been compromised by a third party, or whether the document, as received, is the same as the originally signed document.
The advanced electronic signature, generated through commercial applications, provides a higher degree of trust compared to an ordinary electronic signature. This type of signature can be used to sign routine private-law documents, which then carry a higher degree of trustworthiness because the signature reduces the level of risk that the document has been tampered with by third parties and it also enables a much more definite identification of the signatory. Since the use of advanced electronic signatures in Slovakia is fairly limited, it is quite difficult to presume whether and to what extent this type of signature would be accepted by public authorities in the exercise of their powers or by the courts when dealing with lawsuits. In contrast, advanced electronic signatures are routinely used across the sphere of private law in Austria or the Czech Republic.
This being said, an advanced electronic signature does not replace a classical handwritten signature. When choosing the right application, you should thoroughly analyse its security features and base your decision on trusted recommendations and references.
Qualified electronic signature
The eIDAS Regulation defines the ‘qualified electronic signature’, which represents the highest level of electronic signatures, as an advanced electronic signature created by a qualified electronic signature creation device, which is based on a qualified certificate for electronic signatures.[6] The signing of documents by a qualified electronic signature is possible through the so-called eID cards, i.e., personal identity cards equipped with an electronic chip, which serve as proof of identity in the digital world for the users of e-Government services. A qualified electronic signature is a set of characters which, when a document is being signed, becomes an integral part of the document. Once attached, the signature ensures the integrity of the signed document by verifying its content and giving assurance of no third-party’s interference therewith.
In order to create a qualified electronic signature, you will need:
- a computer with a Windows, Mac or Linux operating system, equipped with a compatible chip-card reader (built-in or external),
- a personal identity card with an embedded electronic chip (when receiving your eID card, you will be asked to type in your BOK (Slovak acronym for Personal Security Code) to be used for logins; you must then ask to have your signature certificates loaded into your eID card chip; these certificates will enable you to generate your qualified electronic signature (Slovak acronym: KEP). The certificates can be obtained in person at the relevant Police District Directorate (go to the Documents Desk) or online;
- eID application; and
- Signature application (D.Suite/eIDAS for Windows users, or D.Launcher for Mac or Linux users). The necessary applications are available for download at the website of the Central Government Portal[7].
The qualified electronic signature is the safest option from among the electronic signatures laid down in the eIDAS Regulation as means for signing documents electronically. Under the Civil Code, if a juridical act (any expression of will or intent of a party) is effected electronically and signed by a qualified electronic signature, the authenticity of the signature no longer needs to be verified. Equally, the eIDAS Regulation puts a qualified electronic signature on par with a handwritten signature in terms of legal effect.
We believe you have found this information useful. Should you need a more detailed insight, please do not hesitate and contact us.
Marko Pachnik, Zuzana Krajčovičová
[1] Section 40(3) and (4) of Act No. 40/1964, the Civil Code, as amended
[2] Act No 272/2016 on Trust Services for Electronic Transactions in the Internal Market, amending and supplementing certain other Acts (Act on Trust Services), changed the term ‘guaranteed electronic signature’ into ‘qualified electronic signature’.
[3] Regulation (EU) No 910/2014 of the European Parliament and Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC
[4] Article 3(10) of the eIDAS Regulation
[5] Article 3(11) in conjunction with Article 26 of the eIDAS Regulation.
[6] Article 3(12) of the eIDAS Regulation.