Cyprus: The Validity Of Electronic Signatures

1 Introduction

1.1 EU Regulation 910/2014/EU (the "EU Regulation"), establishes the legal framework for electronic signatures and seeks to enhance trust in electronic transactions in the internal market by providing a common foundation for secure electronic interaction between citizens, businesses and public authorities, thereby increasing the effectiveness of public and private online services, electronic business and electronic commerce in the Union.

1.2 Cyprus, being part of the EU, has also enacted Cypriot Law 55(I)/2018 for e-signatures which is a local legislation that is very much in line with the relevant EU Regulation.

2 Types of electronic signature

2.1 Under the relevant Cyprus Law and EU Regulation, there are three types of electronic signatures and a summary for each type is set out below:

A. Electronic signature

2.2 An electronic signature means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.¹

2.3 This is the simplest form of e-signature which would typically involve typing the signatory's name or their initials onto a document. However, it is known to be the least secure of the three types of e-signature as there is no evident strong link between the signature and the identity of the person signing. Therefore, it would be prudent to only use this type of e-signature when a wet-ink signature or a qualified electronic signature are not possible. Examples of this would include low-risk routine agreements instead of high value or highly regulated transactions.

B. Advanced electronic signature(AES)

2.4 Advanced electronic signature means an electronic signature which meets the requirements set out in article 26 of the EU Regulation, which are as follows²:

2.5 Generally, an AES represents a more secure level of electronic signing in comparison to the simple electronic signature type, as it involves an additional layer of security such as biometric identification or a unique access code after the signing process. This ensures that the relevant signature cannot be copied or falsified. Therefore, an AES reliably identifies the signatory of a document and establishes a unique link between the relevant signature and the signatory.

C. Qualified electronic signature(QES)

2.6 Even though this type of electronic signature shares the same features as an AES, unlike an AES, a QES additionally also has to be based on a qualified certificate(the "Certificate")issued by a Qualified Trust Service Provider ("QTSP") and created by a qualified electronic signature creation device. This additional feature establishes a more rigorous authentication process via the issuance of the Certificate, which indicates that identity verification has been completed face to face and also offers comfort to the contracting parties who can rest assured that the QTSP is regulator approved.

2.7 Given the above, a QES is undoubtedly the strongest and most secure form of electronic signature, which is very commonly used between contracting parties for highly regulated, high-risk or highly valued transactions. Its legal effect and validity pursuant to the Regulation and the relevant Cyprus Law, are further analysed below.

3 Legal effect and validity

3.1 According to article 25 of the Regulation, as well as section 9 of the relevant Cyprus law, only a 'qualified electronic signature' shall have the equivalent legal effect and judicial value of a handwritten signature. Therefore, a qualified electronic signature is the strongest and most secure from of e-signature with the highest judicial value.

3.2 However, article 25 of the Regulation also states that an electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for 'qualified electronic signatures'. In addition, section 9 of the relevant Cyprus law also provides that (subject to the provisions of the Cyprus Evidence Law), an electronic signature which does not meet the requirements for a qualified electronic signature can still be considered as admissible evidence in legal proceedings in Cyprus.

3.3 Nevertheless, we cannot exclude the possibility that a court, for the purpose of serving justice, may reject the electronically signed document (not by a qualified electronic signature) as admissible evidence. Therefore, given the above risk and noting the absence of judicial guidance in Cyprus on the matter, it is advisable (if possible) to opt for exchange of wet ink signatures via pdf documents, or to use a "qualified e-signature" service for executing the document.

4 Conclusion

4.1 Taking into account all of the above, the availability of digital signatures amongst the ever-growing technological advancements in today's digital society offer a convenient, secure, environmentally friendly and easy execution process between contracting parties. Perhaps to the point where one could suggest that a qualified electronic signature could be even more reliable than a signature witnessed in an unsupervised environment, where human errors could easily take place.

Footnotes

^{1 Article 3 of EU Regulation 910/2014/EU}

^{2 Article 26 of EU}

^{3 'Electronic signature creation data' means unique data which is used by the signatory to create an electronic signature –Article 3 of EU Regulation 910/2014/EU.}

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.