The concept of electronic signature (electronic signature is defined by the e-signature Directive in art. 1 as “data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication”) has been introduced in order to establish legal and market security of the internet communications and commercial relations and specific liability has been linked to the entities offering certification services.
The e-signature Directive also contains the concept of qualified electronic signature which is an advanced e-signature based on qualified certificate issued by a Certification Service Provider (an entity or a legal or natural person who issues certificates or provides other services related to electronic signatures) who fulfills the requirements of Annex II of the Directive.
The legal effects of using a qualified electronic signature are equal to and linked to the legal consequences of a paper-based document signed with a handwritten signature and can be used as an evidence in court proceedings. The requirements as to the signature (e.g. the usage of Secure Signature Creation Device – SSCD) and to the Certification Service Providers (CSP) are expected to create trust and reliability in the electronic communication and to promote further market and social relations. However, the specific liability regime regarding CSPs in fact proves to actually shift away from the idea of reliability and ease.
Qualified signature – challenging CSP`s liability
According to the Directive the CSP is liable: for the accuracy and completeness of the data in the qualified certificate; for the identity of the signatory of signature-creation data corresponding to the signature-verification data given or identified in the certificate; for assurance that the signature-creation data and the signature-verification data can be used in a complementary manner in cases where the certification-service-provider generates them both and for failure to register revocation of the certificate for damage caused to any entity or legal or natural person who reasonably relies on the certificate. The specific regime is only applicable to CSPs issuing qualified e-signature certificates. The Directive introduces specific liability rules as to the CSPs and a reversed burden of proof, which is mostly an exemption in civil law. The strong liability measures have as their main goal the protection of the social interest in transactions involving e-signatures and to build trust in internet communications and transactions.
However, the linkage of the qualified electronic signature to the handwritten signature in paper-based documents creates specific uncertainty regarding its future application and reference point due to the fast pace of technology development, thus leading to questioning the CSP liability. Currently the legal meaning and effect of the qualified e-signature is dependent on the legal effect of the handwritten signature. It has to be noted that this link is inconsistent with some countries` general law which attaches no legal consequences to the handwritten signatures as a tool for authentication (for example the U.K.). With the current technological boom, it is expected that many paper based transaction will disappear in the future and they will be replaced only by electronic ones. Since the handwritten signature might lose its value as an authentication tool, the e-signature will lose its reference point and legal effects. Thus, the specific liability of the CSPs, related to the certification services for qualified electronic signatures, might also turn out to be useless.
Additionally, the technology for creation of e-signatures (the SSCD,) introduced by the Directive, is expected to be replaced in the future by more advanced ones, such as biometrical signature creation for example. Since the idea of a Directive is to establish rules that once transposed in the national legislation of the member states, will provide long term regulation of the social relations they cover, the establishment of liability based on technology and connected to services that might soon disappear, is not justified.
Another specific, regarding the qualified signatures concept, is that their usage is currently naturally limited by the market needs to the electronic banking services (not covered by the Directive) and the e-government services. The request for qualified electronic signatures is somehow currently limited outside the abovementioned areas of application and it needs a further legislation boost in order to become higher. This is certainly not achieved by introducing specific, stricter, liability rules for Certification Service Providers and is another reason why the specific liability rules set out in art. 6 of the Directive need to be revised.
As briefly outlined above, the e-signature Directive establishes specific liability rules with regards to the certification services of the CSPs issuing qualified certificates for electronic signatures in an undeveloped market that is the qualified e-signatures market. Those rules involve a level of regulation that goes beyond the national legislation rules in this matter. The specific legal effects of the qualified e-signature being linked to the legal value of the handwritten signature introduces a high level of insecurity and unreliability to the concept due to the fast technological development that will eventually lead to the obsolesce of the paper based documents and the handwritten signature. By losing its reference point, the qualified e-signature will lead to the lack of necessity of the specific liability rules as to the CSPs. This tendency is further fortified by the development of new technologies for e-signing that might replace the currents SSCDs proposed by the Directive. All of the above leads to the idea that the whole qualified e-signature and the specific liability of CSP for qualified certificates should be carefully revised.
References:
- Dumortier, J. (2004) The European Regulatory Framework for Electronic Signatures: A Critical Evaluation at Nielsen, R., Jacobsen, S., Trzaskowski, J. (editors), EU Electronic Commerce Law, Djøf Publishing
- Dumortier, J., Kelm, S., Nilsson, H., Skouma, G., Van Eecke, P. (2003) The Legal and Market Aspects of Electronic Signatures in Europe, Study for the European Commission within the eEurope 2005 framework, available at: http://ec.europa.eu/information_society/eeurope/2005/all_about/security/index_en.htm
- Dimitrov, G. (2008) Liability of Certification Service Providers. VDM Verlag Dr. Mueller, Saarbruecken, 2008.
- DIRECTIVE 1999/93/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 13 December 1999 on a Community framework for electronic signatures