One consequence of lockdown is that electronic contracts are the new normal It is likely that agreements will continue to complete at a distance for quite some time as organisations realise the practical and operational benefits of being able to contract electronically. However, certain aspects of electronic signatures are regulated by EU law. What is the impact of Brexit on the use of electronic signatures in the UK?
The Electronic Identification, Authentication and Trust Services Regulation 910/2014 (eIDAS) sets out the framework for the legality of electronic signatures in the EU. In particular, eIDAS defines, and regulates the use of, qualified electronic signatures (QES) and provides a single set of rules across the EU. QES is the highest standard of electronic signature, providing the greatest level of assurance.
A QES is an advanced electronic signature that has been certified with a qualified certificate issued by a qualified trust service provider under eIDAS. The Commission maintains a central list of the trust service providers registered in each Member State.
Under Scots law, certain electronic documents need to be authenticated with a QES. A document signed with a QES is also considered by law to be self-proving (that is, presumed to have been signed by the granter).
However, many of the qualified trust service providers that offer services in the UK are based in EU member states.
Does eIDAS continue to apply in the UK?
In short, yes.
eIDAS became part of UK domestic law under the European Union (Withdrawal) Act 2018, subject to some amendments. However, UK law will not mirror eIDAS entirely – it amends or omits provisions that are no longer required, such as changes to terminology.
Does the UK continue to recognise QES issued by EU registered qualified trust service providers?
Yes.
UK law continues to recognise EU registered qualified trust service providers, which means that UK organisations can continue to use EU based trust services. The approved trust providers that appear in the eIDAS trusted list immediately before the end of the transition period will be carried over .
After that, there will be a body appointed by the Secretary of State to be responsible for the maintenance and publication of the trusted list. The trusted list will contain information relating to qualified trust service providers and the qualified trust services provided by them.
What happens to UK registered qualified trust service providers?
UK registered qualified trust service providers that are on the eIDAS list have been carried over to the UK approved list.
The Secretary of State must provide for a body to be responsible for the maintenance and publication of the trusted list. The trusted list can include information relating to trust service providers established in the UK that do not have qualified status and the list must clearly indicate that they are not qualified. The ICO will continue to be the supervisory body for trust services in the UK.
However, the EU no longer recognises UK-registered qualified trust service providers. This means that electronic signatures issued by those qualified trust service providers will not be treated as a QES under EU law. This may have consequences for the recognition of those electronic signatures and validity of documents in EU member states.
What about electronic identification schemes under eIDAS?
Provisions around the mutual recognition and interoperability between EU member states of electronic identity schemes are revoked. This means that the UK’s electronic identification scheme, Verify.gov.uk, is no longer recognised by EU member states.
The Department for Digital, Culture, Media and Sport published a call for evidence last year on how the UK government can support improvements in identity verification, and the development and secure use of digital identities. A draft digital identity and trust attributes framework was published for consultation in February 2021.
Comment
The practical impact on UK organisations' use of eSignature platforms is be minimal as organisations can continue to use these as normal. This is the case even where using a QES issued by a qualified trust service provider in another EU member state.
However, there may be issues where a QES issued by a UK trust service provider is used on a document that needs to be recognised under the laws of another EU member state.
The review and approval of new qualified trust service providers is subject to a new regime, and we may well see changes in the market as interest increases and the UK Government develops its approach to digital identity .
If you would like to discuss the use of electronic signatures or have any questions in relation to electronic signing, please contact Martin Sloan.
Contributor
Partner
