Better late than never – this is an apt description of the adoption of new legislation on electronic identification and authentication in the Czech Republic. Although the Regulation (EU) no. 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market, repealing Directive 1999/93/EC (the “Regulation”) came into force on 1 July 2016, the new Act on Trust Services for Electronic Transactions (the “Act”) only came into force in the Czech Republic on 19 September 2016. It repeals the previous Act on Electronic Signature which was incompatible with the Regulation. After 3 months with two parallel concepts, Czech law governing electronic signatures is finally in compliance with EU law again.
The Act follows the Regulation and recognises qualified electronic signatures which are secured in a way that guarantees the identity of a natural person through a qualified method (typically a special chip card or token). Legal persons cannot sign with their own electronic signature and must be represented by a natural person, just like with wet ink documents. However, a legal entity can attach its electronic seal to a document that was created by such legal entity. The qualified electronic seal shall enjoy the presumption of integrity of the data and of correctness of the origin of the data to which the qualified electronic seal is linked. The Czech Republic has negotiated an exception from EU law enabling individuals to choose between the new Qualified electronic signature that is accepted throughout the EU or the Acknowledged electronic signature that was introduced by the repealed Act on Electronic Signature. Public authorities may choose their electronic signature as well, however they are limited in that they can only do so during the period ending on 19 September 2018. After this date, only the Qualified signature will be available for public authorities.
Under the Act, private individuals interacting with public authorities may sign their documents either with the Acknowledged electronic signature based on a qualified certificate for electronic signature, or the (EU) Qualified electronic signature.
On the other hand, when two private individuals act with each other, a non-qualified electronic signature is also considered to be equal to a wet ink signature. This is a significant change from the previous law which set out stringent requirements for a certified electronic signature that were met by just three certification authorities in the country. Although the relaxed requirements could make conducting business easier and open the market to dynamic biometric signatures and other document signature platforms that were previously unrecognised, many warn of an increased risk of fraud. As the law does not further define an electronic signature, a simple email footer or a scanned image of a signature could be considered to be as binding as a wet ink signature despite the lack of protection against unauthorised use. The new freedom in private electronic execution lays more emphasis on security and verification procedures. In the case of a court dispute, those claiming that their counterparty entered into an agreement using an electronic signature would need to prove that the act was perfected and indeed made by the counterparty. Having considered the above, simple and informal electronic execution lacking any secured mechanism cannot be recommended despite the relaxed legal requirements.
It is worth mentioning that the aforementioned three certification authorities will not gain the authority to issue certificates for the qualified signature automatically. They will have the authority only until July 2017 and will need to undergo an audit as their ability to certify the qualified signature will be reviewed by the Czech Ministry of the Interior.