On joining the EU, Cyprus implemented Directive 1999/93/EC on a Community framework for electronic signatures. The main purpose of the Directive is to facilitate the free flow of electronic signature products and services across borders, and to ensure the recognition of electronic signatures. Cyprus incorporated the Directive into its domestic law by Law 188 (Ι)/2004 on the Legal Framework of E-signature and relevant issues of 2004 ("the Law").
The Three Types Of E-Signature
The Law recognizes three different types of E-signature:
1. The electronic signature
This is the simplified form with the widest application, defined as "the data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication";
2. The advanced electronic signature
This is based on the public key infrastructure ("PKI") (technologically speaking this involves the use of encryption technology to sign data, and requires a public and a private key) and is defined as "an electronic signature which meets the following requirements: (a) it is uniquely linked to the signatory; (b) it is capable of identifying the signatory; (c) it is created using means that the signatory can maintain under his sole control; and (d) it is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable";
3. The qualified electronic signature (QES)
The QES is not defined in the Directive but is the generally accepted term for an advanced electronic signature which is created within a secure signature creation device (SSCD) and authenticated through a Qualified Certificate (QC). In legal terms, all electronic signatures may have a legal value but QESs are automatically considered to be equivalent to holograph signatures under the Directive.
The Scope And Purpose Of The Law
The Law aims to facilitate the creation of a Common Market within the EU as envisaged by the Directive and to harmonize Cyprus’s e-legislation with that of other member states. Complete harmonization cannot be achieved for every type of contract since (as the EU report stressed), this legal framework "does not address the conclusion and validity of contracts or other legal obligations prescribed by national or Community law regarding the form of contracts. Neither does it affect rules and limitations relating to the use of documents, provided in national or Community law".
As a result, any provisions of domestic Cyprus laws requiring the use of paper for certain types of documents are unaffected by the Law despite the fact that in another EU country the same provision might be affected. For example, the Law does not apply to contracts for the sale of land, which Cyprus law requires to be on paper, even though in another EU country the same contract might be concluded on line and signed by e-signature.
Supervisory Authority
The Ministry of Commerce Industry and Tourism ("MCIT’) is responsible for supervising and monitoring compliance with the Law and may impose fines in the event of an infringement of the Law. MCIT examines the compliance of e-signatures with the technological and legal requirements and supervises the certification-service-provider (entity or a legal or natural person who issues certificates or provides other services related to electronic signatures).
Legal Effect Of Electronic Signature
In line with article 2 of the Directive the Law provides (in article 4) that an electronic signature "is not denied legal effectiveness and admissibility as evidence in legal proceedings solely on the grounds that it is: — in electronic form, or — not based upon a qualified certificate, or — not based upon a qualified certificate issued by an accredited certification-service-provider, or — not created by a secure signature-creation device".
On the contrary, a qualified electronic signature is equivalent to a holograph signature; it has the same legal effect and the same admissibility as evidence in legal proceedings.
Liability
A certification service- provider that offers a qualified certificate to the public or guarantees such a certificate to the public is liable for any damages that any entity or legal or natural person who reasonably relies on that certificate may suffer as a result of relying on a certificate that proves to be invalid. In particular, any certification-service-provider who issues a certificate as a qualified certificate to the public is liable to anyone who reasonably relies on the certificate for failure to register revocation of the certificate unless the certification-service-provider proves that he has not acted negligently. If a limit is imposed on the certificate (e.g. on the value of transaction) and these limits are exceeded the certification service- provider is not liable.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
