Undoubtedly and unsurprisingly, the COVID-19 pandemic has affected businesses and individuals in a variety of ways. One aspect, which has been discussed to a great extent, is the use of electronic signatures in Cyprus and the legal implications of their use.
The Regulation (EU) N 910/2014
In an aim to improve trust in EU-wide electronic transactions and to increase the effectiveness of public and private online services and e-commerce, Regulation (EU) N 910/2014 on electronic identification and trust services for electronic transactions in the internal market (the “eIDAS Regulation”) created a new system for secure electronic interactions across the EU between businesses, citizens and public authorities, setting out the conditions under which Member States recognize electronic identification means of natural and legal persons falling under a notified electronic identification scheme of another Member State, rules for trust services (for the verification of the identity of individuals and businesses online, as well as authenticity of documents) and establishing a legal framework for electronic signatures, seals, time stamps, documents, registered delivery services and certificate services for website authentication.
The Cyprus Law 55(I)/2018
The eIDAS Regulation has been incorporated into Cyprus law in 2018 through Law 55(I)/2018 (the “Law”).
The three types of electronic signatures
Three types of electronic signatures, each with different judicial value, are distinguished by the Regulation, as follows:
1. an “electronic signature” is defined by the Regulation as “data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign”;
2. an “advanced electronic signature” is “an electronic signature which is uniquely linked to the signatory, is capable of identifying the signatory, is created by using electronic signature creation data that the signatory can, with a high level of confidence, use under their sole control and is linked to the data therewith in such a way that any subsequent change in the data is detectable”; and
3. a “qualified electronic signature”, which is an advanced electronic signature created by a qualified electronic signature creation device having the added comfort of being based on a qualified certificate for electronic signatures.
Admissibility and legal validity of electronic signatures
The Regulation specifies that an electronic signature cannot be denied legal effect or be deemed inadmissible as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic signatures. However, it grants the “qualified electronic signature” the most significant judicial value deeming that it shall be equivalent to a handwritten signature.
Obtaining a qualified electronic signature
The procedure of obtaining a qualified electronic signature under Cyprus law was announced in May, amidst the COVD-19 pandemic, by the Deputy Ministry of Research, Innovation and Digital Policy of Cyprus. The Cyprus Stock Exchange has been authorised as a Certification Service Provider to issue qualified certificates on electronic signatures, though the government has already signed a Memorandum of Understanding with commercial banks that will enable and promote electronic signatures in the banking sector.
The validity period of such qualified e-signatures is currently set at one year from the date of issuance of the qualified certificate.
The sole Qualified Trust Service Provider (QTSP) currently registered in Cyprus is JCC Payment Services Ltd and, there are just two other Greek Companies, registered in Europe, carrying out activities in Cyprus: Byte Computer ΑΕ and ADACOM S.A. However, with the passing of the new legislation it is likely that these companies will face competition.
Difficulties and complications
While electronic signatures and even advanced electronic signatures were occasionally used prior to the COVID-19 pandemic, an increase in their use was noticed under the current circumstances. Such increased use of digital signatures has highlighted certain issues with their applicability and implementation. One such problem arises with documents that require witnessing. Common law provisions, applicable in Cyprus, require the physical presence of witnesses in the same location as the signatory. Therefore, a witnessing and attestation requirement is only satisfied in the case of an electronically executed document where the witness is physically present in the same location as the signatory. While the witness can still attest the document via a digital signature from the same location as the signatory, “remote” witnessing (e.g. by video link) is not permitted.
However, it is worth mentioning that certain, if not all, local authorities and institutions are still reluctant in accepting the digital signatures. In addition, it is evident that there are still no judicial decisions in relation to the use and implementation of electronic signatures, in order to see how the Cypriot courts would interpret and apply the relevant regulatory and legal provisions.
Last but not least is the fact that heavy dependence on electronic means will bring a higher demand for cyber security which may include a requirement for the use of electronic passports. Steps such as the creation of an electronic passport are likely to meet with resistance from some sectors of society, since, whilst they are superficially equivalent to a biometric identity card, they include continuously updated real data about an individual.