General corporate matters: Commission proposes electronic signatures directive

United Kingdom

The Commission has proposed a Directive establishing a legal framework for the use of electronic signatures. The Directive sets out minimum rules concerning security and liability and aims to create a framework for the legal recognition of electronic signatures throughout the single market. This should ensure the free movement of electronic commerce services in the EU and stimulate investment in this field.

Electronic signatures allow someone receiving data over electronic networks to determine the 'identity' i.e. origin of the data and to verify its 'integrity' i.e. whether the data has been altered or not.

The main elements of the proposed Directive are the following:

  • The proposal would define essential requirements for electronic signature certificates and certification services so as to ensure minimum levels of security and allow their free movement throughout the single market.

  • The proposal would establish minimum liability rules for service providers, who would in particular be liable for the validity of a certificate's contents.

  • The proposal would stipulate that an electronic signature could not be legally discriminated against solely on the grounds that it is in electronic form. If a certificate and the service provider meet certain essential requirements, electronic signatures based on their service would benefit from an automatic assumption that they were legally recognised in the same manner as hand-written signatures. Furthermore, they could be used as evidence in legal proceedings.

  • The proposal provides for legal recognition of electronic signatures irrespective of the technology used in order that the pace of technological innovation does not hamper the legal recognition of electronic signatures.

  • The proposal concerns the supply of certificates to the public aimed at identifying the sender of an electronic message but does not apply to closed user groups such as banking systems, where a trust relationship already exists and where there is therefore no obvious need for regulation.

  • Certification services could, in principle, be offered without prior authorisation. Member States would be free to set up voluntary accreditation schemes for certification service providers in order to indicate special security measures or levels. Certification service providers would, however, have to fulfil certain essential requirements if the users of their certificates were to benefit from a legal recognition of signatures.

  • The proposal includes mechanisms for co-operation with third countries on mutual recognition of certificates on the basis of bilateral and multilateral agreements.

The Council of Ministers has already initially considered the proposal. Whilst many delegations reacted by welcoming it, the Council emphasised that it raises a number of issues which must be addressed in future discussions.