Key points on the legal framework guiding the validity of electronic signatures in Cyprus. The (digital) silver lining of COVID-19.

It is widely expected that the COVID-19 (widely referred to as the coronavirus) epidemic will cause unprecedented disruption to the global economy and inevitably eventually reshape the way we conduct business. It has become evident that whilst the disruption in certain industries is widespread and chaotic, in other industries the effects can be mitigated through the use of technology.

As a silver lining of the COVID-19 (Coronavirus) epidemic, businesses in Cyprus and abroad are increasingly using technology to keep operations and services active and connected. This applies to both the private sector as well as, although in limited form, the public sector. The use of once coveted original documents or signatures is in many cases no longer a pre-requisite for the provision of certain services or the completion of agreements.

Although this overnight transformation is welcomed by all and is likely to improve business efficiency in the long-run, from a legal perspective we would like to provide some insight on the key legal aspects of electronic documents and the validity of electronic signatures under Cyprus Law. How are e-signatures treated by the law and the Courts should their authenticity and/or validity be challenged?

Within the EU, Regulation 910/2014/EU (hereinafter the "Regulation") established a comprehensive legal framework for e-signatures, e-seals, e-documents and in general all forms of electronic communications with direct effect on all member states. We need to clarify that EU Regulations are directly applicable in Cyprus, without the need to implement local legislation.

Cyprus, however has incorporated the provisions of the Regulation in the local legislation with the Law 55(I)/2018 "Providing for a legal framework for electronic identification and related issues" (hereinafter the "Law"). The Law establishes the legal framework governing electronic signatures and some certification services aiming at facilitating their use and legal recognition.

As per article 25 of the Regulation, an electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it was made in electronic form.

The Regulation provides three types of electronic signatures, each bearing different juridical value.

Article 3.10 of the Regulation defines the electronic signature as data in electronic form which is attached to, or logically associated with, other electronic data and which is used by the signatory sign (i.e. "Electronic Signature").

Pursuant to article 3.11 of the Regulation an advanced electronic signature (i.e. "Advanced Electronic Signature") is a signature that meets the following essential requirements:

  1. it is uniquely linked to the signatory;
  2. it is capable of identifying the signatory;
  3. it is created using means that the signatory can maintain under his sole control; and
  4. it is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable.

In addition, an Advanced Electronic Signature based on a qualified certificate issued by a QTSP (Qualified Trust Service Provider), and created by a qualified electronic signature creation device (i.e. a "Qualified Electronic Signature") has the most significant judicial value as it has the added comfort of being certified by a QTSP and can also be used for sensitive interactions with public authorities.

We should stress that even though an electronic signature cannot be denied legal effect, solely on the ground that it is in an electronic form, or for not meeting the requirements of a qualified electronic signature, as per the Law and the Regulation, only a qualified electronic signature has equal legal effect to that of a handwritten signature, bearing the elements one would have in any eventual legal action.

The bodies responsible for the certification of qualified electronic signature creation devices must meet the standards and technical specifications set out by the European Commission, as drawn up by the European and international standardisation organisations and bodies.

The Department of Electronic Communications of the Ministry of Communications and Works of Cyprus has been designated as the competent authority for the implementation of the legislative framework for electronic signatures in Cyprus including the monitoring and control of all QTSP, which are to provide high-level security trust services and products under the Law.

In addition, section 9 of the Law provides that even if the Electronic Signature does not meet the conditions of a qualified signature, it may still be considered as admissible evidence in legal proceedings in Cyprus. However, in case of the latter, the court must exercise its discretion on whether to accept such electronic signatures as admissible based on the circumstances of the case.

It should, however, be noted that due to the recent enactment of the Law, there have been no substantial judicial disputes and judgments so far with respect to the implementation of the Law in Cyprus. Therefore, there is no guidance yet as to the manner in which electronic signatures will be treated by the courts or as to the manner the relevant provisions will be interpreted and applied.

We should also highlight that any e-signatures executed in other jurisdictions outside the EU and/or governed by any jurisdiction outside the EU, will need to follow local legislation and/or formalities depending on the nature of the document. Hence it is recommended that local legal advice should be sought when dealing with jurisdictions outside the EU.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.