One consequence of lockdown is that electronic contracts are the new normal It is likely that agreements will continue to complete at a distance for quite some time as organisations realise the practical and operational benefits of being able to contract electronically. However, certain aspects of electronic signatures are regulated by EU law. What will happen to that upon the expiry of the post-Brexit transition period?

The Electronic Identification, Authentication and Trust Services Regulation 910/2014 (eIDAS) sets out the framework for the legality of electronic signatures in the EU. In particular, eIDAS defines, and regulates the use of, qualified electronic signatures (QES) and provides a single set of rules across the EU. QES is the highest standard of electronic signature, providing the greatest level of assurance.

Under eIDAS, QES are only recognised where the electronic signature is an advanced electronic signature that has a certificate issued by a qualified trust service provider under eIDAS. The Commission maintains a list of registered trust service providers in each Member State.

Under Scots law, certain electronic documents are only valid if authenticated with a QES and a document signed with a QES is considered by law to be self-proving.

However, many of the qualified trust service providers that offer services in the UK are based in EU member states.

Will eIDAS continue to apply in the UK?

In short, yes.

eIDAS will become part of UK domestic law under the European Union (Withdrawal) Act 2018, subject to some amendments. However, UK law will not mirror eIDAS entirely – it amends or omits provisions that are no longer required, such as changes to terminology.

Will the UK continue to recognise QES issued by EU registered qualified trust service providers?

Yes.

UK law will continue to recognise EU registered qualified trust service providers, which means that UK organisations can continue to use EU based trust services. The approved trust providers that appear in the eIDAS trusted list immediately before the end of the transition period will be carried over .

After that, there will be a body appointed by the Secretary of State to be responsible for the maintenance and publication of the trusted list. The trusted list will contain information relating to qualified trust service providers and the qualified trust services provided by them.

What happens to UK registered qualified trust service providers?

UK registered qualified trust service providers that are on the eIDAS list will be carried over to the UK approved list.

The Secretary of State must provide for a body to be responsible for the maintenance and publication of the trusted list. The trusted list can include information relating to trust service providers established in the UK that do not have qualified status and the list must clearly indicate that they are not qualified. The ICO will continue to be the supervisory body for trust services in the UK.

However, the EU will cease to recognise UK-registered qualified trust service providers. This means that electronic signatures issued by those qualified trust service providers will not be treated as a QES under EU law. This may have consequences for the recognition of those electronic signatures and validity of documents in EU member states.

What about electronic identification schemes under eIDAS?

Provisions around the mutual recognition and interoperability between EU member states of electronic identity schemes are revoked. This means that the UK’s electronic identification scheme, Verify.gov.uk, will cease to be recognised by EU member states.

The Department for Digital, Culture, Media and Sport published a call for evidence last year on how the UK government can support improvements in identity verification, and the development and secure use of digital identities. The response was expected in Spring 2020, but is still awaited.

The practical impact on UK organisations' use of eSignature platforms is likely to be minimal as organisations can continue to these as normal, even where using QES to authenticate documents. This is the case even where using a QES issued by a qualified trust service provider in another EU member state.

However, there may be issues where a QES issued by a UK trust service provider is used on a document that needs to be recognised under another EU member state.

Following the end of transition, it will be up to the body chosen by the Secretary of State to review and approve any new qualified trust service providers and we may well see changes in the market as interest increases.