Legal Effects
Impact
EC Directive 99/93 came into force in January 2000 and must be implemented by national legislators by July 19 2001. It marks the first step towards electronic certification as a prerequisite for reliable online contracting in Greece. The delay in Greek legislation is due to the limited number of transactions concluded on the Internet and to the legislator's reluctance to impose rules on a sector where regulations have not yet been tested on a global basis. However, an act is currently being drafted which will enforce the principals of the EC directive in Greece.
Electronic Signatures
The key issue and core of the EC directive is the exact definition of an 'electronic signature' and its legal validity in other member states. The relevant rules can be found in Articles 2 and 5.
An electronic signature is defined as data in electronic form "which is attached to or logically associated with other electronic data and which serves as a method of authentication". Although general, this statement refers not only to basic methods of encryption, based mainly on public keys, but also to a rather primitive security model. For example, a mere personal identification number entered for the use of a credit card satisfies the requirements of Article 2.1.
What is more important is the definition of the so-called 'advanced electronic signature' contained in Article 2.2. This reveals the legislator's intention to create two levels of digital signing with the emphasis on the second (advanced) one, which seems better suited to the additional needs of online contracting. The definition of an 'advanced electronic signature' is the innovative part of the directive. The legal effects come second and are easily predictable. The exact designation of an advanced encryption method, essentially the envisaged dominant e-commerce certification model, is the keystone of the directive.
An electronic signature is defined as 'advanced' if it has the following characteristics:
- It is uniquely linked to and capable of identifying the signatory;
- It is created through means that the signatory can maintain under his sole control; and
- It is linked to the data to which it relates in such a manner that any subsequent change can be identified.
A basic model for creating an advanced electronic signature might read as follows:
- The author writes his document and wishes to send it electronically to a recipient.
- He then loads an encryption program on his computer (or other type of hardware) which produces (through algorithmic conversion) a second document on the basis of the original. However, this second document cannot be viewed by a third person since it is locked.
- This second document is attached to the original.
- Both documents, merged in one file, are then sent to the recipient who needs a public key (eg, a personal eight-digit code that may be found in a public catalogue or even in the sent file as an attachment) to unlock the second document. The authenticity of the public key (ie, that the personal public key indeed belongs to the author of the document) is usually confirmed by a certification service provider. This will normally have the additional task of producing the public key at the author's request.
- The program on the recipient's personal computer (or other type of hardware) that performs the task of unlocking will also convert the original document by using the same algorithm.
- It will then compare the two converted documents and will inform the recipient whether they match. This enables the recipient to identify whether the sent document is genuine. Unless another person has a second private key, modification of the original document is impossible. The private key is produced by the certification service provider and is normally held only by the author.
This example, based on an asymmetric(1) double-key encryption method, seems to be the most commonly used, although the scope of the directive and the Greek act may well cover several other methods. This is because the legislator preferred to draft the advanced electronic signature requirements in a rather general and abstract manner instead of providing specific models.
The Greek act follows this drafting technique. Although the main rule is included in a general clause (Article 3), it imposes two further requirements. According to the draft act, an advanced electronic signature will only have full legal effect if it is based on a qualified certificate and created by signature creation data. While the latter is normally any private key, the former needs further definition, included in Annexes I and II of the directive and the Greek act.
Although the main effort of both the directive and the act are the definition and recognition of advanced electronic signatures, a (non-advanced) electronic signature is equally defined as any data in electronic form which is attached to or logically associated with other electronic data and which serves as a method of authentication. An uncertified scanned handwritten signature placed at the bottom of an electronic document would fall within this definition.(2) Non-advanced electronic signatures have legal effect, although this is recognized by means of a negative rule.
The directive adopts a regime of full recognition for advanced electronic signatures in that it equates them with handwritten signatures for the purposes of both substantive and procedural law.(3) The same wording is partly used by the Greek act.
Two provisions in Greek law were the main barriers to legal recognition of digital signatures. The first of these is Article 160 of the Civil Law, which reads as follows:
"If the law or the parties have prescribed the written form in respect of a legal act, the document shall bear the handwritten signature of the person who issued such document".
Secondly, Article 443 of the Civil Procedure Code states that for a private document to have evidential effect, a handwritten signature of the author or a similar mark must be placed on its body. Although the Greek legislator preferred not to amend or to supplement these sections of the codes, as happened in other jurisdictions, the legal consequences are still the same: advanced electronic signatures that fall within the scope of the directive will be legally equivalent to handwritten signatures.
Greek civil law, especially procedural law, does offer some legal paths for the partial recognition of digital documents, especially in the context of recognition of mechanical representations and photographs.(4) However, it does not compare to the complete recognition achieved by the regulations of the new European regime.
The directive's wording, which describes an advanced electronic signature as "admissible as evidence in legal proceedings", has been transformed in the Greek act to provide that the advanced electronic signature "is equated with a handwritten signature both in the field of substantive and procedural law". The draft Greek act favours a stricter wording that under a narrow interpretation could lead to the exclusion of legal proceedings other than those taking place before a court, such as before arbitration tribunals or other administration authorities. However, the European Court of Justice used its own criteria to determine which jurisdictional national bodies have the right to submit preliminary questions, thus disregarding designations given by national laws. The substantive character of a body, and not the designation given by a national act, will determine whether certain legal proceedings may take place before it. A strict interpretation of the term 'procedural law' would obviously be contrary to the scope of the directive.
As regards non-advanced electronic signatures the new regulations are rather tentative. Recognition is based on a negatively drafted rule:
"Member states shall ensure that…[a non-advanced] electronic signature…is not denied legal effectiveness and admissibility as evidence in legal proceedings solely on the grounds that it [does not conform with the characteristics of advanced signatures]".
A similar wording is used in the draft Greek act.
There is no doubt that the new regulation frame will result in a modification of a significant part of the law, especially procedural law. This change will further affect online contracting and create new types of services.
Apart from the above-mentioned basic legal barriers, several other provisions could decelerate digital signing and electronic contracting in general (5), including (i) the written confirmation of information that the supplier of most distance contracts must send to the consumer pursuant to Directive 97/7 and Greek Act 2251/1994, and (ii) Article 394.2 of the Civil Procedure Code, which provides that no contract may be subject to evidence by means of a witness if the value of its scope exceeds €1470. Further provisions require hand-signed documents for a number of contracts such as guarantees, assumptions of debt and arbitration agreements.
However, the most important effect of the new regulations will not be the modernization of the legal frame but the resultant positive effect on the e-commerce market. Recent research reveals that the low number of business-to-consumer transactions concluded online can be attributed to legal uncertainty on matters such as authentication, privacy, fraud, intellectual property and enforcement. The new regime will provide specific solutions to a significant number of the problems. However, one cannot ignore the need for additional measures on a pan-European, if not global, basis. The recent E-Commerce EC Directive 2000/31, which conforms with the Electronic Signatures Directive, will provide additional guidelines. Both directives will constitute the basis for a more solid legal frame in e-commerce.
For further information on this topic please contact Yiannis Economakis at Sarantitis & Partners by telephone (+30 1 429 0780) or by fax (+30 1 429 0791) or by e-mail ([email protected]).
Endnotes
(1) An encryption method is called 'asymmetric' when the encryption key is different from the decryption key, even though both are mathematically related.
(2) This method is widely used and usually creates the illusion of documents which are legally equal to hand-signed documents.
(3) This approach is obvious and has been widely adopted by both national and international regulations such as the United Nation Commission on International Trade Law Draft Uniform Rules on Electronic Signatures.
(4) Such an interpretation is not unanimously accepted since it is contended that an electronic document does not contain an objective mechanic representation such as a photograph, but a series of logical ideas which may well be subjective and untrue.
(5) On the other hand, specific provisions for promoting the exchange of electronic documents, such as Act 2672/1998 in respect of the communication between public authorities and the public by means of facsimile or e-mail messages, are not sufficient if they are not embodied in a general frame such as that stipulated by the new regime.
The materials contained on this web site are for general information purposes only and are subject to the disclaimer