The EU Regulation on Electronic Signatures is implemented in Cyprus
The EU Regulation 910/2014/EU on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (hereinafter the “Regulation) was incorporated into Cyprus law on 13 June 2018 by the Enforcement of Regulation (E.U.) no. 910/2014, in relation to Electronic Identification and Trust Services for Electronic Transaction in the Internal Market Law of 2018 (Law 55(I)/2018)) (hereinafter the “Law”).
The Regulation provides for three types of electronic signatures:
1. “electronic signature” i.e. data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign;
2. “advanced electronic signature” i.e. an electronic signature which is uniquely linked to the signatory, is capable of identifying the signatory, is created by using electronic signature creation data that the signatory can, with a high level of confidence, use under their sole control and is linked to the data therewith in such a way that any subsequent change in the data is detectable; and
3. “qualified electronic signature” i.e. an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures.
Admissibility and Legal Effect
Article 25 of the Regulation provides that an “electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic signatures” and also that a “qualified electronic signature shall have the equivalent legal effect of a handwritten signature.”
Furthermore, Article 9 of the Law in turn provides that, subject to the provision of the Evidence Law, an electronic signature, as defined in Article 3 of the Regulation, which may be in an electronic form or may not meet all the requirements of the qualified electronic signatures, may be admissible in any criminal or civil proceedings before the Cyprus courts.
Following from the above, other domestic statutes were amended to comply with Article 9 of the Law, namely:
- In the Evidence Law (CAP.9), the definition of “document” was amended to include electronic documents and any document bearing electronic signatures, electronic seals, electronic time stamps etc., as defined by the Regulation.
- In the Companies Law (CAP.113), Article 37A(1) states that every form, certificate, minutes or other document delivered, or sent, to the Registrar of Companies for filing, or is issued by the Registrar of Companies, as the case may be, which requires an affirmation, certification or signature, may be signed by an electronic method.
Recent Developments: How Electronic Identities Will Work
On 8 May 2020, the Deputy Ministry of Research, Innovation and Digital Policy of the Republic of Cyprus announced the implementation of the National Plan for Electronic Identities (the “Plan”), which aims to govern the issuance of electronic identities. An electronic identity is an official tool of the state for the identification of its citizens’ data and the conduct of electronic transactions that are secure and legally enforceable, without the need for the physical presence of the person signing.
The Plan shall consist of the use of the following two certificates:
- The qualified electronic signatures, which shall have the same legal force as handwritten signatures (available currently); and
- The electronic identification, for the purpose of accessing information systems (expected to be implemented in 2021).
Specifically with respect to the qualified electronic signatures:
1. What are these?
They are encrypted combination of numbers and letters, which are associated to holders of qualified certificates for electronic signature.
2. Where will these be used?
They are expected to be used by governmental authorities, as well as for banking, business and personal transactions, on all types of agreements, documents and applications.
3. What will be their validity period?
At the present stage, qualified certificates for electronic signature, which will be issued in 2020, will be valid for a period of one (1) year from their date of issuance.
However, after the implementation of the completed Plan in 2021, the qualified certificates for electronic signature will be valid for a period of three (3) years with a right of renewal.
4. Who will these be issued by?
They will be issued by banking institutions or by qualified trust service providers, which will be responsible for carrying out the identification procedure of the holders of qualified certificates for electronic signature.
5. How will these be inserted?
They will be inserted on electronic documents using computers/laptops, tablets and smartphones, by accessing various online platforms (e.g. signing portals, online applications) and uploading the documents that need to be signed.
The holder of a qualified electronic signature will need to approve, via a smartphone application, the placement of their signature on the relevant electronic document and once they have given their approval, they will have access to the signed electronic document.