In 2014, the European Union passed Regulation (EU) 910/2014, on electronic identification and trust services for electronic transactions in the internal market (eIDAS), to regulated and authorise electronic signatures across the European Union.
This regulation provides specific guidance on how and when an electronic signature may be used, by first differentiating between three different types of electronic signatures: simple, advanced and qualified, with the main difference between them being the level of security which is attached to each of them.
The simple electronic signature is the least secure of these three types of signatures. Examples of a simple e-signature are scanned signatures and a basic digital signature such as the one made on the terminal of a postman.
As the name suggests, the advanced electronic signature is the second most secure type of e-signature. It is usually recommended in cases of large financial transactions and business. Unlike the simple e-signature, the advanced e-signature has certain criteria which have to be met in order to be classified as such.
eIDAS states that an advanced electronic signature must follow these security measures:
- Be uniquely and clearly linked to the person signing,
- Enable the person to be formally identified,
- Be created by means under the sole control of the signer,
- Ensure that the document to which it relates cannot be amended.
The last and most secure type of e-signature is the qualified electronic signature. This is only used in very specific cases as it can be very complex. This type of e-signature has been defined precisely by the regulation and there are specific procedures on how the person signing is identified and how the signature is protected.
A qualified e-signature is the legal equivalent of a handwritten signature and as such it must comply with the same security measures over and above those of the advanced e-signature. In fact, the procedure for the creation of a qualified signature can only be done through a qualified digital certificate, which authenticates the signature, and it must be created using a qualified signature creation device.
A qualified certificate for electronic signatures must include an indication that it was created by a qualified trust service provider. This is an entity which is entrusted by a government body to create such certificates for the creation of a qualified signature. The EU maintains an EU Trust List of these entities and only those listed can provide qualified trust services.
As an EU Regulation, eIDAS has direct effect in all EU Member States, including Malta.
Electronic signatures have been regulated in Malta for quite some time through the Electronic Commerce Act, however, this Act was later repealed to bring Maltese law in line with eIDAS, and are now regulated by the E-Commerce Act, Chapter 426 of the Laws of Malta, allowing the use of programmes such as DocuSign and HelloSign, which provide both Advanced and Qualified e-signatures, to legally conclude (some) agreements.
The E-Commerce Act gives contracts concluded electronically the same force of law as ordinary contracts concluded by the parties in each other’s presence. Both advanced and qualified e-signatures are recognised in Malta and may be used to sign most documents, but not every document may be signed using e-signatures. These specific types of contracts, can be found in the Fifth Schedule of the Electronic Commerce Act and include:
- transactions related to tax
- agreements governed by competition law,
- rights over immoveable property,
- contracts of suretyships,
- information society services matters that are covered by data protection laws or that concern the activities of notaries, the representation of a client and defence of its interests before the courts and gambling activities,
- wills, trusts and power of attorneys,
- family law contracts,
- affidavits and solemn declarations,
- evidence in criminal proceedings, and
- court rules, practices and procedures.
The COVID-19 pandemic has changed the way in which we conduct transactions and sign agreements, with most professionals and people opting for e-signatures over wet ink signatures (for obvious reasons).
In line with the trend, the Malta Business Registry also started accepting documents signed by qualified e-signatures. Much like any regular signed document, in order to be valid, the e-signature must be compliant with the eIDAS and with Article 82 of the Companies Act which regulates the authentication of documents. Article 85 states that such documents can be authenticated by a director, the company secretary, an authorised officer of the company or by an individual specifically authorised by the memorandum, or through a resolution of the board of directors to do so.