Electronic signatures and law
Worldwide, legislation concerning the effect and validity of electronic signatures, including, but not limited to, cryptographic digital signatures, includes:
Argentina
- Ley Nº 25.506 (B.O. 14/12/2001).
- Decreto Nº 2628/02 (B.O. 20/12/2002).
- Decreto N° 724/06 (B.O. 13/06/06).
- Decisión Administrativa N° 927/14 (B.O. 03/11/14).
Bermuda
Brazil
- Medida provisória 2.200-2 (Portuguese) - Brazilian law states that any digital document is valid for the law if it is certified by ICP-Brasil (the official Brazilian PKI) or if it is certified by other PKI and the concerned parties agree as to the validity of the document.
Canada
- PIPEDA - Canadian law distinguishes between the generic "electronic signature" and the "secure electronic signature". Federal secure electronic signature regulations make it clear that a secure electronic signature is a digital signature created and verified in a specific manner. Canada's Evidence Act contains evidentiary presumptions about both the integrity and validity of electronic documents with attached secure electronic signatures, and of the authenticity of the secure electronic signatures themselves.
China
- Electronic Signature Law of the People's Republic of China (Chinese/English) - The stated purposes include standardizing the conduct of electronic signatures, confirming the legal validity of electronic signatures and safeguarding the legal interests of parties involved in such matters. This law was revised on 23 April 2019 with immediate effect.[1] The revision involves the deletion of the reference to land conveyancing transactions in Article 3, which provides for types of transaction exempted from the law. Accordingly, land conveyancing agreements can now be executed electronically.
Colombia
- LEY 527 DE 1999 (agosto 18) por medio de la cual se define y reglamenta el acceso y uso de los mensajes de datos, del comercio electrónico y de las firmas digitales, y se establecen las entidades de certificación y se dictan otras disposiciones.
- DECRETO 2364 DE 2012 (Noviembre 22) por medio del cual se reglamenta el artículo 7° de la Ley 527 de 1999, sobre la firma electrónica y se dictan otras disposiciones.
- Decree 333 of 2014, regulates accreditation procedures for Certification Entities, who certify digital signatures.
European Union and the European Economic Area
In the EU, electronic signatures and related trust services are regulated by the Regulation (EU) N°910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation). This regulation was adopted by the Council of the European Union on 23 July 2014. It became effective on 1 July and repealed the Electronic Signatures Directive 1999/93/EC. At the same date, any laws of EU member states that were inconsistent with eIDAS were also automatically repealed, replaced or modified. In contract to the aforementioned directive (which allowed the EU member states to interpret it and transpose it to their own law) the eIDAS Regulation is directly effective in all member states.
Before eIDAS
European Union Directive establishing the framework for electronic signatures:
- Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. This Directive was repealed on 1 July 2016 and superseded by the eIDAS regulation (see its article 48).
- Commission Decision 2003/511/EC adopting three CEN Workshop Agreements as technical standards presumed to be in accordance with the Directive
- Implementing laws: Several countries have already implemented the Directive 1999/93/EC.
- Austria
- Belgium
- Czech Republic
- Denmark
- England, Scotland and Wales
- Estonia
- Finland
- France
- Articles 1363-1368 of the Civil Code (French)
- Germany
- Greece
- Presidential Decree 150/2001 (in Greek)
- Hungary
- Iceland
- Ireland, Republic of
- Italy
- Latvia
- Lithuania
- Luxembourg
- Malta
- Netherlands
- Norway
- Electronic Signature Act, 2001 (in Norwegian).
- Poland
- Portugal
- Romania
- Legea semnăturii electronice, 455/2001 (in Romanian)
- Law on the Electronic Signature, 455/2001 (unofficial translation) (in English)
- Slovakia
- Slovenia
- Spain
- Sweden
Guatemala
India
- Information Technology Act, 2000
Indonesia
Malaysia
- Digital Signature Act (Act 562), 1997 (in Bahasa Malaysia).
- Digital Signature Act (Act 562), 1997 (in English).
- Digital Signature Regulations (P.U.(A) 359), 1998 (in Bahasa Malaysia).
- Digital Signature Regulations (P.U.(A) 359), 1998 (in English).
México
- Law of Electronic Signatures (LFEA), 2012 (in Spanish)
Moldova
New Zealand
For an overview of the New Zealand law refer: - The Laws of New Zealand, Electronic Transactions, paras 16-18; or - Commercial Law, paras 8A.7.1-8A.7.4. (these sources are available on the LexisNexis subscription-only website)
Peru
Philippines
Russian Federation
Singapore
South Africa
Ukraine
- Law On Electronic Digital Signature, 2003 (in Ukrainian), loss of validity on 7 November 2018.
- Law On Electronic Trust Services, 2017 (in Ukrainian), valid since 7 November 2018.
United Nations Commission on International Trade Law
United States
- Uniform Electronic Transactions Act (UETA)
- Electronic Signatures in Global and National Commerce Act (E-SIGN), at 15 U.S.C. 7001 et seq. The law permits the use of electronic signatures in many situations, and preempts many state laws that would otherwise limit the use of electronic signatures.
Case law
Court decisions discussing the effect and validity of digital signatures or digital signature-related legislation:
- In re Piranha, Inc., 2003 WL 21468504 (N.D. Tex) (UETA does not preclude a person from contesting that he executed, adopted, or authorized an electronic signature that is purportedly his).
- Cloud Corp. v. Hasbro, 314 F.3d 289 (7th Cir., 2002) EMLF.org (E-SIGN does not apply retroactively to contracts formed before it took effect in 2000. Nevertheless, the statute of frauds was satisfied by the text of E-mail plus an (apparently) written notation.)
- Sea-Land Service, Inc. v. Lozen International, 285 F.3d 808 (9th Cir., 2002) Admiraltylawguide.com (Internal corporate E-mail with signature block, forwarded to a third party by another employee, was admissible over hearsay objection as a party-admission, where the statement was apparently within the scope of the author's and forwarder's employment.)
Uruguay
Uruguay laws include both, electronic and digital signatures:
Turkey
Turkey has an Electronic Signature Law TBMM.gov.tr since 2004. This law is stated in European Union Directive 1999/93/EC. Turkey has a Government Certificate Authority - Kamu SM for all government agents for their internal use and three independent certificate authorities all of which are issuing qualified digital signatures.
- Kamu Sertifikasyon Merkezi (Governmental Certificate Authority) Kamusm.gov.tr (in Turkish)
- E-Güven (owned by Turkish Informatics Foundation) E-guven.com (in Turkish)
- Turktrust (owned by Turkish Military Force Solidarity Foundation) Turktrust.com.tr (in Turkish) [5][6][7][8]
- E-Tugra E-tugra.com (in Turkish)
References
- http://www.npc.gov.cn/npc/xinwen/2019-05/07/content_2086835.htm 中华人民共和国电子签名法 (Chinese Only)
- "Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC". EUR-Lex. 23 July 2014. Archived from the original on 15 January 2018. Retrieved 15 January 2018.
- "Questions & Answers on Trust Services under eIDAS". Digital Single Market - News. European Commission. 29 February 2016. Archived from the original on 15 January 2018. Retrieved 16 January 2018.
- Dan Puterbaugh (1 March 2016). "Understanding eIDAS – All you ever wanted to know about the new EU Electronic Signature Regulation". Legal IT Insider. Archived from the original on 17 January 2018. Retrieved 17 January 2018.
- "Fatal error leads TURKTRUST to issue dangerous SSL certificates". The H. 4 January 2013. Archived from the original on 7 December 2013. Retrieved 22 September 2019.
- https://www.entrust.com/turktrust-unauthorized-ca-certificates/
- http://www.techworld.com.au/article/445612/rogue_google_ssl_certificate_used_dishonest_purposes_turktrust_says/
- "Archived copy". Archived from the original on 7 January 2013. Retrieved 11 January 2013.CS1 maint: archived copy as title (link)
- In re Piranha, Inc. WL 21468504 (N.D. Tex. 2003). Google Scholar.
- Cloud Corp. v. Hasbro, Inc. 314 F. 3d 289 (US: Court of Appeals, 7th Circuit, 2002). Google Scholar.
- Legal framework (France: Chambersign France).
Further reading
- Srivastava Aashish, Electronic Signatures for B2B Contracts: Evidence from Australia (Springer, 2013).
- Lorna Brazell, Electronic Signatures Law and Regulation, (Sweet & Maxwell, 2004).
- J. Buckley, J. Kromer, M. Tank, R. Whitaker, The Law of Electronic Signatures, 2014-2015 Edition (Thomson Reuters, 2014).* Dennis Campbell, editor, E-Commerce and the Law of Digital Signatures (Oceana Publications, 2005).
- Stephen Mason (2016). Electronic Signatures in Law (4th ed.). Institute of Advanced Legal Studies for the SAS Humanities Digital Library, School of Advanced Study, University of London. Free PDF download.
- M. H. M Schellenkens, Electronic Signatures Authentication Technology from a Legal Perspective, (TMC Asser Press, 2004).