MayElectronicSignatures

29 August 2003

Arine van der Steur

On 21 May 2003 the Electronic Signature Act (the “Act”) came into force in the Netherlands, implementing the European Directive of 13 December 1999 on a Community framework for electronic signatures. [1]

The Act deals with, inter alia, the legal equivalency between electronic signatures and hand written signatures, the liability of certification service providers that provide qualified certificates, and the supervision of such certification service providers.

The Act is of particular interest to parties that do business via the Internet. However the scope of the Act is not only limited to electronic commerce. The Act states explicitly that the legal provisions relating to electronic signature are also valid outside the electronic commerce field if the nature of the legal act or the legal relationship does not oppose this. [2]

As from 21 May 2003, an electronic signature has the same legal effect as a hand written signature if the method that is used for authentication is sufficiently trustworthy. This is deemed to be the case in the event that the electronic signature meets the following requirements:

(i)it is uniquely linked to the signatory;
(ii)it is capable of identifying the signatory;
(iii)it is created using means that the signatory can maintain under his sole control;
(iv)it is linked to the data to which it relates in such a manner that any subsequent change of data is detectable;
(v)it is based on a qualified certificate (a digital file that meets certain statutory requirements and that has been issued by a certified service provider that also fulfils certain statutory requirements); and
(vi)it is created by a safe signature-creation device that issues the electronic signature.


The mere fact that an electronic signature does not meet these requirements does not mean that the electronic signature is unreliable or without legal effect. However, a signature (for example, a scanned signature of a paper carrier) will not benefit from the protection of the ‘advanced electronic signature’ as laid down in the Act.

The advanced electronic signature protection has three different levels. Firstly, the qualified certificate that is accompanying the advanced electronic signature enables a party to identify the electronic business partner. [3] This increases the legal certainty and trust in the business-deal.

Secondly, the Act prescribes that only certification-service-providers, (also called Trusted Third Parties (TTP’s)) may issue qualified certificates. [4]
These certification-service-providers have to ensure the correctness of the qualified electronic signature and in this way guarantee the identification of the electronic business partner. If they falsely create expectations with respect to the qualified electronic signature, the certification-service-providers can be held liable for damages, unless the certification-service-provider can prove that it did not act negligently.

Thirdly, in order to make it easy for the user of advanced electronic signatures to trace the certification-service-provider, the OPTA (The Independent Post and Telecommunications Authority) will register the certification-service-providers established in the Netherlands. The OPTA must also supervise whether these certification-service-providers meet with the legal requirements. [5] This registration will result in a public registrar that will soon be open for consultation (www.opta.nl).

In conclusion, the Act provides more clarity on the status of the electronic signature. As from 21 May 2003 the ‘qualified’ electronic signature has the same legal effect as the hand written signature. This does not mean that the ‘normal’ electronic signature does not have any legal effect. However, the ‘qualified’ electronic signature will increase the legal certainty as it enables a party to identify the electronic business partner and to hold the certification-service-provider liable for damages if this provider has created false expectations with respect to the qualified electronic signature. Therefore, it is expected that the qualified electronic signature will stimulate electronic commerce.

[1]Directive no. 1999/93/EC, PbEG L 13
[2]Section 5:15c Dutch Civil Code.
[3]Section 3:5a Dutch Civil Code.
[4]Section 1.1 Telecommunications Act.
[5]Section 2.1 Telecommunications Act.