Electronic signatures and law

Worldwide, legislation concerning the effect and validity of electronic signatures, including, but not limited to, cryptographic digital signatures, includes:

Argentina

Ley Nº 25.506 (B.O. 14/12/2001).
Decreto Nº 2628/02 (B.O. 20/12/2002).
Decreto N° 724/06 (B.O. 13/06/06).
Decisión Administrativa N° 927/14 (B.O. 03/11/14).

Bermuda

Brazil

Medida provisória 2.200-2 (Portuguese) - Brazilian law states that any digital document is valid for the law if it is certified by ICP-Brasil (the official Brazilian PKI) or if it is certified by other PKI and the concerned parties agree as to the validity of the document.

Canada

PIPEDA - Canadian law distinguishes between the generic "electronic signature" and the "secure electronic signature". Federal secure electronic signature regulations make it clear that a secure electronic signature is a digital signature created and verified in a specific manner. Canada's Evidence Act contains evidentiary presumptions about both the integrity and validity of electronic documents with attached secure electronic signatures, and of the authenticity of the secure electronic signatures themselves.

China

Electronic Signature Law of the People's Republic of China (Chinese/English) - The stated purposes include standardizing the conduct of electronic signatures, confirming the legal validity of electronic signatures and safeguarding the legal interests of parties involved in such matters.

Colombia

European Union and the European Economic Area

The eIDAS regulation.^[1]^[2]^[3]

In the EU, electronic signatures and related trust services are regulated by the Regulation (EU) N°910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation). This regulation was adopted by the Council of the European Union on 23 July 2014. It became effective on 1 July and repealed the Electronic Signatures Directive 1999/93/EC. At the same date, any laws of EU member states that were inconsistent with eIDAS were also automatically repealed, replaced or modified. In contract to the aforementioned directive (which allowed the EU member states to interpret it and transpose it to their own law) the eIDAS Regulation is directly effective in all member states.

Before eIDAS

European Union Directive establishing the framework for electronic signatures:

Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. This Directive was repealed on 1 July 2016 and superseded by the eIDAS regulation (see its article 48).
Commission Decision 2003/511/EC adopting three CEN Workshop Agreements as technical standards presumed to be in accordance with the Directive
Implementing laws: Several countries have already implemented the Directive 1999/93/EC.
- Austria
  - Signature Law, 2000
- Belgium
  - Signature Law, 2001
- Czech Republic
  - Act on Electronic Signatures, 227/2000
- Denmark
  - Lov om elektroniske signaturer
- England, Scotland and Wales
  - Electronic Communications Act, 2000
  - The Electronic Signatures Regulations 2002
- Estonia
  - Digital Signature Law, 2000 (in Estonian).
  - Digital Signatures Act (consolidated text Dec 2003)
- Finland
  - Laki vahvasta sähköisestä tunnistamisesta ja sähköisistä allekirjoituksista, 2009 (in Finnish)
- France
  - Articles 1363-1368 of the Civil Code (French)
- Germany
  - German Signature Law of 2001, changed in 2005
- Greece
  - Presidential Decree 150/2001 (in Greek)
- Hungary
  - Hungarian Act on Electronic Signatures 2001
- Iceland
  - Lög um rafrænar undirskriftir nr. 28/2001
- Ireland, Republic of
  - Irish Electronic Commerce Act, 2000
- Italy
  - Decreto legislativo 7/3/2005, n. 82 (Codice dell'Amministrazione Digitale)
- Latvia
  - Electronic Documents Law, 2002
  - Electronic Documents Law, 2002 (in Latvian)
- Lithuania
  - Law on electronic signature, 2014 (in Lithuanian)
  - Law on electronic signature, 2002 (in English, not relevant in law)
- Luxembourg
  - Loi du 14 août 2000 relative au commerce électronique, 2000 (in French)
- Malta
  - Maltese Electronic Commerce Act 2001, last amended 2005
- Netherlands
  - article23
- Norway
  - Electronic Signature Act, 2001 (in Norwegian).
- Poland
  - act_on_eSignature.pdf
- Portugal
  - portugal_en.pdf
- Romania
  - Legea semnăturii electronice, 455/2001 (in Romanian)
  - Law on the Electronic Signature, 455/2001 (unofficial translation) (in English)
- Slovakia
  - Act no.215/2002 on electronic signature (in Slovak)
- Slovenia
  - Electronic Business and Electronic Signature Act (in Slovene) .
- Spain
  - Ley 59/2003 , de 19 de diciembre, de firma electrónica (in Spanish).
- Sweden
  - Qualified Electronic Signatures Act (SFS 2000:832) (in Swedish).
  - SFS 2000:832 in English translation

Ghana

The Electronic Transactions Act of Ghana, Act 772 of 2008

Guatemala

Ley para el Reconocimiento de las Comunicaciones y Firmas Electrónicas (in Spanish)

India

Information Technology Act, 2000

Indonesia

Pasal 12 Undang-undang No.11 Tahun 2008 Informasi dan Transaksi Elektronik (in Indonesian)

Japan

Law Concerning Electronic Signatures and Certification Services, 2000 (in Japanese)

Korea

Malaysia

Digital Signature Act (Act 562), 1997 (in Bahasa Malaysia).
Digital Signature Act (Act 562), 1997 (in English).
Digital Signature Regulations (P.U.(A) 359), 1998 (in Bahasa Malaysia).
Digital Signature Regulations (P.U.(A) 359), 1998 (in English).

México

Law of Electronic Signatures (LFEA), 2012 (in Spanish)

Moldova

Lege cu privire la documentul electronic şi semnătura digitală, July 15, 2004 (in Romanian)
Law about Electronic Document and Digital Signature (in Russian)

New Zealand

Electronic Transactions Act 2002, sections 22-24

For an overview of the New Zealand law refer: - The Laws of New Zealand, Electronic Transactions, paras 16-18; or - Commercial Law, paras 8A.7.1-8A.7.4. (these sources are available on the LexisNexis subscription-only website)

Peru

Ley Nº 27269. Ley de Firmas y Certificados Digitales (28MAY2000) (in Spanish)

Philippines

Electronic Commerce Act of 2000

Russian Federation

Federal Law of Russian Federation about Electronic Signature (06.04.2011)

Singapore

Electronic Transactions Act

South Africa

Electronic Communications and Transactions Act, 2002 (PDF)

Switzerland

Federal Law on Certification Services Concerning the Electronic Signature, 2003

United Nations Commission on International Trade Law

UNCITRAL Model Law on Electronic Signatures (2001), a strong influence in the field.

United States

Uniform Electronic Transactions Act (UETA)
Electronic Signatures in Global and National Commerce Act (E-SIGN), at 15 U.S.C. 7001 et seq. The law permits the use of electronic signatures in many situations, and preempts many state laws that would otherwise limit the use of electronic signatures.

Case law

Court decisions discussing the effect and validity of digital signatures or digital signature-related legislation:

In re Piranha, Inc., 2003 WL 21468504 (N.D. Tex) (UETA does not preclude a person from contesting that he executed, adopted, or authorized an electronic signature that is purportedly his).
Cloud Corp. v. Hasbro, 314 F.3d 289 (7th Cir., 2002) EMLF.org (E-SIGN does not apply retroactively to contracts formed before it took effect in 2000. Nevertheless, the statute of frauds was satisfied by the text of E-mail plus an (apparently) written notation.)
Sea-Land Service, Inc. v. Lozen International, 285 F.3d 808 (9th Cir., 2002) Admiraltylawguide.com (Internal corporate E-mail with signature block, forwarded to a third party by another employee, was admissible over hearsay objection as a party-admission, where the statement was apparently within the scope of the author's and forwarder's employment.)

Uruguay

Uruguay laws include both, electronic and digital signatures:

Turkey

Turkey has an Electronic Signature Law TBMM.gov.tr since 2004. This law is stated in European Union Directive 1999/93/EC. Turkey has a Government Certificate Authority - Kamu SM for all government agents for their internal use and three independent certificate authorities all of which are issuing qualified digital signatures.

Kamu Sertifikasyon Merkezi (Governmental Certificate Authority) Kamusm.gov.tr (in Turkish)
E-Güven (owned by Turkish Informatics Foundation) E-guven.com (in Turkish)
Turktrust (owned by Turkish Military Force Solidarity Foundation) Turktrust.com.tr (in Turkish) ^[4]^[5]^[6]^[7]
E-Tugra E-tugra.com (in Turkish)

References

↑ "Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC". EUR-Lex. 23 July 2014. Archived from the original on 2018-01-15. Retrieved 2018-01-15.
↑ "Questions & Answers on Trust Services under eIDAS". Digital Single Market - News. European Commission. 29 February 2016. Archived from the original on 2018-01-15. Retrieved 2018-01-16.
↑ Dan Puterbaugh (1 March 2016). "Understanding eIDAS – All you ever wanted to know about the new EU Electronic Signature Regulation". Legal IT Insider. Archived from the original on 2018-01-17. Retrieved 2018-01-17.
↑ https://web.archive.org/web/20131207201246/http://www.h-online.com/security/news/item/Fatal-error-leads-TURKTRUST-to-issue-dangerous-SSL-certificates-1777291.html
↑ https://www.entrust.com/turktrust-unauthorized-ca-certificates/
↑ http://www.techworld.com.au/article/445612/rogue_google_ssl_certificate_used_dishonest_purposes_turktrust_says/
↑ http://turktrust.com.tr/en/kamuoyu-aciklamasi-en.html

In re Piranha, Inc. WL 21468504 (N.D. Tex. 2003). Google Scholar.
Cloud Corp. v. Hasbro, Inc. 314 F. 3d 289 (US: Court of Appeals, 7th Circuit, 2002). Google Scholar.
Legal framework (France: Chambersign France).