Introduction
For better or worse, throughout the last 5 years the already intense process of digitalization has become even more prevalent in the day-to-day life. The way society and the economy adapted to the forced isolation while the COVID-19 pandemic was still around disclosed that a rather serious number of daily tasks could be digitalized, hence leading to the use of much less resources. Fortunately, the pandemic is no longer here, but a lot of the “accomplishments” from the said time seem to be here to stay. That is the case with the so-called electronic signature, а phenomenon that has existed in Bulgaria for more than a quarter of a century (the currently applicable law was promulgated on 6th April 2001). Before 2020 the use of electronic signatures was more of an exotic, unpopular endeavor. An example would be the fact that almost all attorneys had an electronic signature, but they only used it for their work with the Commercial Register. Accountants were also actively communicating with the NRA electronically. There were also entrepreneurs and IT enthusiasts who persistently, but not very successfully, tried to bring their communication with institutions and business partners into the 21st century. The so-called lockdown, however, forced both narrow specialists and many more business representatives, as well as ordinary citizens, to start using this technology more intensively. To the surprise of many skeptics, even the state administration, albeit with variable and varying success between different units, showed will and efforts to adapt and adopt electronic document management.
But what exactly is the so-called electronic signature from the perspective of the law. What are the types of electronic signatures and what legal force do they possess – put into other words, does the law give you the right to argue with the administration’s employee (by the way not only in Bulgaria), who continues to live in the last century and insists on getting a document with a “wet” stamp?
Regulatory framework and definitions
Since 2014 the primary regulatory document in the sphere of electronic identification and in particular the electronic signature is the Regulation (eu) no 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market (hereinafter referred to as the “Regulation” for brevity).
According to the Regulation, the electronic signature is “data in electronic form which is attached to or logically associated with other data in electronic form, and which is used by the signatory to sign”. The electronic signature should be unique for each natural or legal person and should serve to authenticate his identity in the electronic environment – including for legally significant communication with legal and natural persons and state authorities. Specific examples of use are signing contracts, signing accounting records, applying for a document or providing an administration service. That is – in almost any situation where the law requires a handwritten signature, the citizen concerned could act with an electronic one. The qualification in “almost every” situation is necessary because Bulgarian law requires certain legal actions to be performed before a notary. For example, you cannot sign the deed for the purchase of your home with an electronic signature. But you can safely sign a preliminary contract for the purchase of a property with an electronic signature.
The current legislation distinguishes 3 types of electronic signatures and, contrary to popular opinion, each of the three types of signatures may have legal significance.
According to the said regulation, the types of electronic signatures are:
- 1. Ordinary Electronic Signature (OES), which the Regulation refers to simply as “electronic signature”, means data in electronic form that is added to or logically linked to other data in electronic form and that the holder of the electronic signature uses to sign;
- An advanced electronic signature (AES) meets the following requirements: it is uniquely linked to its holder whom it is capable of identifying, it is created using electronic signature creation data that the holder can use with a high degree of confidence and is solely under the control of the holder, and it is linked in such a way to the data signed by it that any subsequent change to it can be detected.
- Qualified Electronic Signature (QES) – this is an advanced electronic signature that is created by a qualified electronic signature creation device and is based on an electronic signature certificate that is issued by a qualified certification service provider and meets the requirements set out in the Regulation.
As you can see, the definitions of the types of electronic signatures are quite technical and complicated for a non-specialist, so perhaps illustrating with a few examples would bring more clarity.
An ordinary electronic signature is even the signature (text) you put at the end of each of your emails (Greetings, Ivan Ivanov). Although counterintuitive, we will explain below that even this most elementary electronic signature can have legal significance.
An advanced electronic signature involves integrating the identity of the holder in a significantly more sophisticated and secure way to the corresponding statement. Here we are most often talking about some form of algorithmic computer system which, as can be seen from the definition, allows for the detection of changes/manipulations to the document after it has been signed.
A qualified electronic signature provides the highest level of security. It builds on the advanced electronic signature, whereby the already mentioned algorithmic and more precisely cryptographic protection is provided by certified entities that have the technology, know-how and standards of operation recognised in the manner provided for in the Regulation. In Bulgaria, this type of qualified electronic signatures is issued by various companies: “Information Services” AD, ‘BORIKA’ AD, “Eurotrust”, etc.
Legal validity of the electronic signature
The legal validity of the electronic signature according to the Bulgarian law is regulated not only by the above mentioned Regulation, but also by the Electronic Document and Electronic Certification Services Act (EDESA).
An important indication on the legal significance of an electronic signature is provided by Article 25 of the Regulation: “The legal validity and admissibility of an electronic signature as evidence in legal proceedings may not be challenged solely on the grounds that it is in electronic form or that it does not meet the requirements for qualified electronic signatures.”
From this provision we draw the conclusion we mentioned above – that not only the qualified electronic signature can cause legal consequences. What makes a qualified electronic signature “better” for its holder is stated in paragraph 2 of the same article: “The legal effect of a qualified electronic signature shall be equivalent to that of a handwritten signature”. That is to say – without the need for additional agreements between the parties, the use of a qualified electronic signature will always be equivalent to a handwritten signature (i.e. a physical signature on a piece of paper – e.g. a contract, a power of attorney, etc.).
Article 13 of the EDESA goes even further in extending the legal meaning of electronic signatures: ‘The legal effect of an electronic signature and of an advanced electronic signature shall be equivalent to that of a handwritten signature where this has been agreed between the parties.’ This provision effectively means that, if both parties agree, even a simple electronic signature (the one in the email message – ‘Greetings, Ivan Ivanov’), which does not have any additional technological specifications, can be legally binding on them. In other words, it is highly recommended to use a qualified electronic signature, but with an ordinary or advanced electronic signature you can also digitize your legal relations with other entities.
Useful information
In conclusion, we will provide you with some practical tips when working with an electronic signature.
We recommend that you familiarize yourself with the Secure Electronic Delivery System (https://edelivery.egov.bg/). You could create an account in it – either with a qualified electronic signature or alternatively with a PIK issued by the NRA. In both cases you will have access to secure communication with multiple administrations – municipalities, state institutions, courts, etc. Through the system you will receive information when your message was opened by the administration (date and time). Note, however, that the administration will also be able to serve you documents!
With a qualified electronic signature, you can also access your Electronic Health Record (https://my.his.bg/login), where you will find a lot of information about your health status – referrals issued, findings of examinations carried out, results of blood tests, etc.
If you have received a document that claims to be electronically signed, you can easily check whether the signature is valid through this tool developed by the State Agency for Electronic Government: https://evalidation.egov.bg/Validation/DigitalSignature
Electronic signatures are becoming an increasingly common means of identification and securing document flow. In addition to economic efficiency, an electronic signature (in particular a qualified one) provides a very high level of security – it is more difficult (and perhaps impossible) to manipulate a qualified electronic signature, while, unfortunately, forgery of handwritten signatures happens on a daily basis. We hope this article has been helpful and will motivate you to try using an electronic signature if you haven’t already started doing so.
This article expresses a personal opinion of the author, which clarifies principle and hypothetical positions – i.e. the positions expressed should not be considered applicable in every particular case. Therefore, the text does not constitute and should not be construed as legal advice. If you require such advice, you may contact us at office@legaexpert.com.
