Electronic signatures and law

Worldwide, legislation concerning the effect and validity of electronic signatures, including, but not limited to, cryptographic digital signatures, includes:

Argentina

• Ley Nº 25.506 (B.O. 14/12/2001).
• Decreto Nº 2628/02 (B.O. 20/12/2002).
• Decreto N° 724/06 (B.O. 13/06/06).
• Decisión Administrativa N° 927/14 (B.O. 03/11/14).

Bermuda

• Electronic Transactions Act 1999^{[permanent dead link]}
• Certification Service Providers (Relevant Criteria and Security Guidelines) Regulations 2002^{[permanent dead link]}

Brazil

• Medida provisória 2.200-2 (Portuguese) - Brazilian law states that any digital document is valid for the law if it is certified by ICP-Brasil (the official Brazilian PKI) or if it is certified by other PKI and the concerned parties agree as to the validity of the document.

Canada

• PIPEDA - Canadian law distinguishes between the generic "electronic signature" and the "secure electronic signature". Federal secure electronic signature regulations make it clear that a secure electronic signature is a digital signature created and verified in a specific manner. Canada's Evidence Act contains evidentiary presumptions about both the integrity and validity of electronic documents with attached secure electronic signatures, and of the authenticity of the secure electronic signatures themselves.

China

• Electronic Signature Law of the People's Republic of China (Chinese/English) - The stated purposes include standardizing the conduct of electronic signatures, confirming the legal validity of electronic signatures and safeguarding the legal interests of parties involved in such matters. This law was revised on 23 April 2019 with immediate effect.^[1] The revision involves the deletion of the reference to land conveyancing transactions in Article 3, which provides for types of transaction exempted from the law. Accordingly, land conveyancing agreements can now be executed electronically.

Colombia

• LEY 527 DE 1999 (agosto 18) por medio de la cual se define y reglamenta el acceso y uso de los mensajes de datos, del comercio electrónico y de las firmas digitales, y se establecen las entidades de certificación y se dictan otras disposiciones.
• DECRETO 2364 DE 2012 (Noviembre 22) por medio del cual se reglamenta el artículo 7° de la Ley 527 de 1999, sobre la firma electrónica y se dictan otras disposiciones.
• Decree 333 of 2014, regulates accreditation procedures for Certification Entities, who certify digital signatures.

European Union and the European Economic Area

The eIDAS regulation.^[2][3][4]

In the EU, electronic signatures and related trust services are regulated by the Regulation (EU) N°910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation). This regulation was adopted by the Council of the European Union on 23 July 2014. It became effective on 1 July and repealed the Electronic Signatures Directive 1999/93/EC. At the same date, any laws of EU member states that were inconsistent with eIDAS were also automatically repealed, replaced or modified. In contract to the aforementioned directive (which allowed the EU member states to interpret it and transpose it to their own law) the eIDAS Regulation is directly effective in all member states.

Before eIDAS

European Union Directive establishing the framework for electronic signatures:

• Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. This Directive was repealed on 1 July 2016 and superseded by the eIDAS regulation (see its article 48).
• Commission Decision 2003/511/EC adopting three CEN Workshop Agreements as technical standards presumed to be in accordance with the Directive
• Implementing laws: Several countries have already implemented the Directive 1999/93/EC.
  • Austria
    • Signature Law, 2000
  • Belgium
    • Signature Law, 2001
  • Czech Republic
    • Act on Electronic Signatures, 227/2000
  • Denmark
    • Lov om elektroniske signaturer
  • England, Scotland and Wales
    • Electronic Communications Act, 2000
    • The Electronic Signatures Regulations 2002
  • Estonia
    • Digital signature in Estonia
    • Digital Signature Law, 2000 (in Estonian).
    • Digital Signatures Act (consolidated text Dec 2003)
  • Finland
    • Laki vahvasta sähköisestä tunnistamisesta ja sähköisistä allekirjoituksista, 2009 (in Finnish)
  • France
    • Articles 1363-1368 of the Civil Code (French)
  • Germany
    • German Signature Law of 2001, changed in 2005 Archived 2 September 2011 at the Wayback Machine
  • Greece
    • Presidential Decree 150/2001 (in Greek)
  • Hungary
    • Hungarian Act on Electronic Signatures 2001
  • Iceland
    • Lög um rafrænar undirskriftir nr. 28/2001
  • Ireland, Republic of
    • Irish Electronic Commerce Act, 2000
  • Italy
    • Decreto legislativo 7/3/2005, n. 82 (Codice dell'Amministrazione Digitale)
  • Latvia
    • Electronic Documents Law, 2002 Archived 31 May 2012 at the Wayback Machine
    • Electronic Documents Law, 2002 (in Latvian)
  • Lithuania
    • Law on electronic signature, 2014 (in Lithuanian)
    • Law on electronic signature, 2002 (in English, not relevant in law)
  • Luxembourg
    • Loi du 14 août 2000 relative au commerce électronique, 2000 Archived 14 September 2016 at the Wayback Machine (in French)
  • Malta
    • Maltese Electronic Commerce Act 2001, last amended 2005
  • Netherlands
    • article23 Archived 28 March 2015 at the Wayback Machine
  • Norway
    • Electronic Signature Act, 2001 (in Norwegian).
  • Poland
    • act_on_eSignature.pdf
  • Portugal
    • portugal_en.pdf
  • Romania
    • Legea semnăturii electronice, 455/2001 (in Romanian)
    • Law on the Electronic Signature, 455/2001 (unofficial translation) (in English)
  • Slovakia
    • Act no.215/2002 on electronic signature (in Slovak)^{[permanent dead link]}
  • Slovenia
    • Electronic Business and Electronic Signature Act (in Slovene) .
  • Spain
    • Ley 6/2020, de 11 de noviembre, reguladora de determinados aspectos de los servicios electrónicos de confianza (in Spanish).
  • Sweden
    • Qualified Electronic Signatures Act (SFS 2000:832) (in Swedish).
    • SFS 2000:832 in English translation Archived 26 August 2010 at the Wayback Machine

Ghana

• The Electronic Transactions Act of Ghana, Act 772 of 2008

Guatemala

• Ley para el Reconocimiento de las Comunicaciones y Firmas Electrónicas^{[permanent dead link]} (in Spanish)

India

• Information Technology Act, 2000

Indonesia

• Art. 12 Law No.11/2008 on Electronic Informations and Transactions (in Indonesian), for general purposes.
• Art. 97B Law No. 13/2022 in regards of Second Amendment of Law No. 12/2011 on Law Formulation (in Indonesian), for government purposes.

Israel

• Electronic Signature Law, 5761–2001

Japan

• Law Concerning Electronic Signatures and Certification Services, 2000 (in Japanese)

Korea

• Digital Signature Act, Act No. 17354, jun. 9, 2020 (in English) For reference only. No legal or official effect.
• Digital Signature Act (in Korean)

Malaysia

• Digital Signature Act (Act 562), 1997 (in Bahasa Malaysia).
• Digital Signature Act (Act 562), 1997 Archived 15 September 2007 at the Wayback Machine (in English).
• Digital Signature Regulations (P.U.(A) 359), 1998 (in Bahasa Malaysia).
• Digital Signature Regulations (P.U.(A) 359), 1998 Archived 27 September 2007 at the Wayback Machine (in English).

Maldives

• Electronic Transactions Act 2/2022 (in Dhivehi)

México

• Law of Electronic Signatures (LFEA), 2012 Archived 13 October 2017 at the Wayback Machine (in Spanish)

Moldova

• Lege cu privire la documentul electronic şi semnătura digitală, 15 July 2004 (in Romanian)
• Law about Electronic Document and Digital Signature (in Russian)

New Zealand

• Electronic Transactions Act 2002, sections 22-24

For an overview of the New Zealand law refer: - The Laws of New Zealand, Electronic Transactions, paras 16-18; or - Commercial Law, paras 8A.7.1-8A.7.4. (these sources are available on the LexisNexis subscription-only website)

Peru

• Ley Nº 27269. Ley de Firmas y Certificados Digitales (28MAY2000) (in Spanish)

Philippines

• Electronic Commerce Act of 2000

Russian Federation

• Federal Law of Russian Federation about Electronic Signature (06.04.2011)

Singapore

• Electronic Transactions Act

South Africa

• Electronic Communications and Transactions Act, 2002 (PDF)

Switzerland

• Federal Law on Certification Services Concerning the Electronic Signature, 2003

Ukraine

• Law On Electronic Digital Signature, 2003 (in Ukrainian), loss of validity on 7 November 2018.
• Law On Electronic Trust Services, 2017 (in Ukrainian), valid since 7 November 2018.

United Nations Commission on International Trade Law

• UNCITRAL Model Law on Electronic Signatures (2001), a strong influence in the field.

United States

• Uniform Electronic Transactions Act (UETA)
• Electronic Signatures in Global and National Commerce Act (E-SIGN), at 15 U.S.C. 7001 et seq. The law permits the use of electronic signatures in many situations, and preempts many state laws that would otherwise limit the use of electronic signatures.

Case law

Court decisions discussing the effect and validity of digital signatures or digital signature-related legislation:

• In re Piranha, Inc., 2003 WL 21468504 (N.D. Tex) (UETA does not preclude a person from contesting that he executed, adopted, or authorized an electronic signature that is purportedly his).
• Cloud Corp. v. Hasbro, 314 F.3d 289 (7th Cir., 2002) EMLF.org (E-SIGN does not apply retroactively to contracts formed before it took effect in 2000. Nevertheless, the statute of frauds was satisfied by the text of E-mail plus an (apparently) written notation.)
• Sea-Land Service, Inc. v. Lozen International, 285 F.3d 808 (9th Cir., 2002) Admiraltylawguide.com (Internal corporate E-mail with signature block, forwarded to a third party by another employee, was admissible over hearsay objection as a party-admission, where the statement was apparently within the scope of the author's and forwarder's employment.)

Uruguay

Uruguay laws include both, electronic and digital signatures:

• Concerning passwords or adequate information technology gestures
• Concerning electronic and digital signature and PKI

Turkey

Turkey has an Electronic Signature Law TBMM.gov.tr since 2004. This law is stated in European Union Directive 1999/93/EC. Turkey has a Government Certificate Authority - Kamu SM for all government agents for their internal use and three independent certificate authorities all of which are issuing qualified digital signatures.

• Kamu Sertifikasyon Merkezi (Governmental Certificate Authority) Kamusm.gov.tr (in Turkish)
• E-Güven (owned by Turkish Informatics Foundation) E-guven.com (in Turkish)
• Turktrust (owned by Turkish Military Force Solidarity Foundation) Turktrust.com.tr (in Turkish) ^[5][6][7][8]
• E-Tugra E-tugra.com (in Turkish)

References

1. http://www.npc.gov.cn/npc/xinwen/2019-05/07/content_2086835.htm 中华人民共和国电子签名法 (Chinese Only)
2. "Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC". EUR-Lex. 23 July 2014. Archived from the original on 15 January 2018. Retrieved 15 January 2018.
3. "Questions & Answers on Trust Services under eIDAS". Digital Single Market - News. European Commission. 29 February 2016. Archived from the original on 15 January 2018. Retrieved 16 January 2018.
4. Dan Puterbaugh (1 March 2016). "Understanding eIDAS – All you ever wanted to know about the new EU Electronic Signature Regulation". Legal IT Insider. Archived from the original on 17 January 2018. Retrieved 17 January 2018.
5. "Fatal error leads TURKTRUST to issue dangerous SSL certificates". The H. 4 January 2013. Archived from the original on 7 December 2013. Retrieved 22 September 2019.
6. "TURKTRUST Unauthorized CA Certificates | Entrust, Inc". Archived from the original on 2 February 2014. Retrieved 31 July 2013.
7. "IT news, careers, business technology, reviews".
8. "- SSL Secure Server Certificate - TURKTRUST". Archived from the original on 7 January 2013. Retrieved 11 January 2013.

• In re Piranha, Inc. WL 21468504 (N.D. Tex. 2003). Google Scholar.
• Cloud Corp. v. Hasbro, Inc. 314 F. 3d 289 (US: Court of Appeals, 7th Circuit, 2002). Google Scholar.
• Legal framework Archived 1 July 2013 at archive.today (France: Chambersign France).

Further reading

• Srivastava Aashish, Electronic Signatures for B2B Contracts: Evidence from Australia (Springer, 2013)
• Lorna Brazell, Electronic Signatures Law and Regulation, (Sweet & Maxwell, 2004)
• J. Buckley, J. Kromer, M. Tank, R. Whitaker, The Law of Electronic Signatures, 2014-2015 Edition (Thomson Reuters, 2014)
• Dennis Campbell, editor, E-Commerce and the Law of Digital Signatures (Oceana Publications, 2005)
• M. H. M Schellenkens, Electronic Signatures Authentication Technology from a Legal Perspective, (TMC Asser Press, 2004)