A fundamental component of the EU digital single market and the facilitation of public services across borders is EU Regulation 910/2014 of 23 July 2014 on electronic IDentification, Authentication and trust Services, known as eIDAS.
eIDAS has been directly applicable in all EU member states since 1 July 2016. It aims to facilitate the development of a digital single market by establishing common standards for electronic identification and trust services for electronic transactions throughout the EU, providing an EU trust mark for qualified trust services. All organizations delivering public digital services in an EU member state must recognize electronic identification from all EU member states from 29 September 2018.
By simplifying and standardising systems for electronic exchanges and authentication, eIDAS makes it much easier for individuals, companies and public authorities to carry out secure digital transactions throughout the EU, without denying legal status to e-signatures and e-documents merely due to their electronic form.
Law 55(I) of 2018, which was promulgated in the Official Gazette on 13 June 2018, amends the existing national legislation regulating the use of e-documents, e-signatures, e-identification, e-seals, e-timestamp, e-delivery services, and website authentication in Cyprus to align it with eIDAS.
The main changes introduced by the new law are summarised below.
Definition of electronic trust service
The new law introduces a definition of an electronic trust service, which is an electronic service normally provided for remuneration consisting of:
- the creation, verification and validation of e- signatures, e- seals or e- time stamps, e- registered delivery services and certificates related to those services, or
- the creation, verification and validation of certificates for website authentication; or
- the preservation of e- signatures, seals or certificates related to those services.
Trust service providers and the national supervisory authority
A trust service provider is defined as "a natural or legal person who provides one or more trust services either as a qualified or as a non-qualified trust service provider". To be a qualified provider, whose verification of identity is recognised under eIDAS, the provider must be granted qualified status by the supervisory body established in Cyprus, which is the Department of Electronic Communications of the Ministry of Transport, Communications and Works.
An e-signature is a legal concept with the purpose to attest to the signer's will, in the same way as a written signature on paper. Under the new law, an e-signature may not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified e-signatures.
There are three levels of e-signatures with different levels of security, capacity to guarantee the integrity of the signed documents and the ability to identify the signer. These are defined as follows in the law:
- e-signature: data in electronic form which are attached to, or logically associated with, other electronic data, which are used by the signatory to sign. This is the simplest form of e-signature.
- Advanced e- signature: uniquely linked to the signatory, capable of identifying the signatory, and created using e-signature creation data that the signatory can, with a high level of confidence, use under his sole control. It is also admissible legal evidence as proof in court.
- Qualified e- signature: an advanced e-signature created by a qualified e-signature creation device. This type of e-signature has the equivalent legal effect of a handwritten signature and is based on a qualified certificate for e-signatures issued by a qualified trust service provider. Qualified e-signatures must be recognised in all EU member states. This tends to be limited to processes carried out with public administrations.
Similar levels and equivalent definitions are also introduced with regards to the three types of e- seals.
The new law is a major step towards implementing the EU digital single market in Cyprus. Itcreates greater confidence in cross-border online transactions considering that any subsequent change in the data of the document will be detectable. By simplifying the procedures for validating and signing a document it streamlines the process of doing business and reduces administrative costs, and provides financial institutions with a simpler way to meet their legal obligations regarding customer verification under anti-money laundering and other legislation such as the Payment Services Directive.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.