On the possibility of electronic signing in Estonia

Triniti

Almost everyone in Estonia gives digital signatures on daily basis, for example when making payment orders in an internet bank, even though Estonian laws haven’t provided the definition of a digital signature for five years already. In Estonia, we are so used to having a strong digital signature that we are reluctant to recognise any “half-hearted” e-signatures. On the one hand, this is understandable, but sometimes it can be a problem. For example, if the foreign shareholders of an Estonian limited liability company have to participate in the decision-making process.

Electronic form of transactions and digital signature

Section 80 of the General Part of the Civil Code Act of 2002 defines the electronic form of a transaction, which is deemed to be the same as the written form, unless otherwise provided by law. In order to comply with the electronic form, the transaction must (1) be made in a form which can be reproduced in a durable form, (2) contain the names of the persons who made the transaction, and (3) be signed electronically by the persons who made the transaction, whereby the electronic signature must be given in a manner which allows the signature to be associated with the content of the transaction, the person who made the transaction and the time when the transaction was made. The procedure for attributing and signing an electronic signature to a person shall be laid down by law, and an electronic signature shall include a digital signature.

According to the Digital Signature Act in force from 2000 to 2016, a digital signature was “a set of data, formed by a system of technical and organisational means, used by the signatory to indicate his or her association with a document”. The Act also stipulated a few additional requirements for the digital signature[1].

E-signature or electronic signature

As of July 2016, Regulation (EU) 910/2014 on e-identification and trust services for electronic transactions in the internal market (the “eIDAS Regulation”), adopted in 2014, is directly applicable across the European Union and defines the e-signature and its two “stronger” sub-categories – the advanced electronic signature (AES) and the qualified electronic signature (QES). Under the Regulation, a qualified electronic signature is legally equivalent to a handwritten signature, and a qualified electronic signature based on a certificate issued in any Member State must be recognised as such in all other Member States. The Regulation also provides that such “weaker” e-signatures may not be declared legally invalid or inadmissible in legal proceedings simply because they are in electronic form or do not meet the requirements for a qualified e-signature.

According to the Regulation, a qualified e-signature is “an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures”. To understand the meaning of the terms in the Regulation, cross-references should be made to Articles 3 and 26 of the Regulation and Annexes I and II to the Regulation[2].

A digital signature is as good as, or better than, a handwritten signature.

On 26 October 2016, the e-Identification and Trusted e-Transaction Services Act (EUTS) entered into force and the DAS expired. With it, the legal definition of the digital signature also became history. True, according to § 24(1) of the EUTS, a digital signature is considered to be an e-signature that meets the requirements for a qualified e-signature set out in Article 3(12) of the eIDAS Regulation, but what this digital signature is, none of the (current) Estonian laws say. Nonetheless, five years later, 22 of the laws in force contain the words “with digital signature”, 15 the words “the digital signature” and 14 the words “digitally signed”.

It seems that we can safely say: the digital signature is as self-evident in Estonian legal practice as the handwritten signature – there is no separate definition for either in the law. Incidentally, the Estonian digital signature is sometimes even legally “stronger” than a handwritten signature. At least eight laws, including the Commercial Code, the Land Register Act and the Income Tax Act, consider a digitally signed document to be legally equivalent to a notarised document in certain cases.

As an EU Regulation, the eIDAS is of course directly applicable. However, as seen above, it contains no reference to a “digital signature”. This leads to frustrating and unnecessary confusion every time when Estonian and foreign entrepreneurs organise into an Estonian commercial entity and find themselves disputing the formalities with the registry department of Tartu County Court, or when, for example, Estonian and German persons want to enter into an agreement that must be made in written form under the law.

Private limited companies with foreign shareholders

Section 173 of the Commercial Code (CC) gives the shareholders of a private limited company the right to adopt resolutions without convening a shareholders’ meeting. To this end, the management board sends a draft resolution in a form that can be reproduced in writing to all shareholders and sets a deadline for them to state their position in the same form (silence is deemed to be a vote against). The board shall then draw up the voting record and send it to the shareholders without delay. If the company has only one shareholder, or if all the shareholders agree to the resolution and sign it, the voting record may be dispensed with. In such cases, the decision must be in writing and signed by the shareholders. If the decision of the shareholders is the basis for the election of a member of the board of directors, the voting record (or, if no voting record is drawn up, the decision) must be signed by the member of the management board whose name is entered in the commercial register or by the shareholder of the limited liability company, and if the signature is not a digital signature, it must be notarised.

The private limited companies of Estonia, the country sometimes called a “unicorn factory”, may also have foreign shareholders. Unfortunately, they may not have the capacity to issue qualified e-signatures, let alone Estonian digital signatures. However, the “weaker” e-signatures are essentially available to all, e.g., through DocuSign and similar services. Although eIDAS does not allow the non-recognition of an e-signature simply because it is in electronic form or does not meet the requirements for a qualified e-signature, the willingness of Estonian public authorities, including the registry departments of courts, to recognise e-signatures other than Estonian digital signatures is rather variable. If the shareholders of a limited liability company with foreign shareholders use DocuSign to sign their resolutions, it is quite possible that one application for registration will be accepted and the other will receive a deficiency order.

What to do in this situation?
  1. Shareholders who cannot provide an Estonian digital signature may sign the resolution manually, and have the transcript certified by a notary or an attorney. Other shareholders shall digitally sign the resolution. True, the actual probative value of a foreigner’s non-notarised signature is significantly less than that of almost any e-signature, but a written form is a written form and everything is legally correct.
  2. Shareholders unable to issue digital signatures may authorise someone else to digitally sign shareholders’ resolutions on their behalf. It should be noted that according to § 118 of the Civil Code, an authorisation can be granted in any form unless the law prescribes a specific form for the transaction, failure to comply with which renders the transaction void – the authorisation for such a transaction must be in the same form. However, the assistant judge dealing with the application for registration may consider that this authorisation should also be digitally signed.
  3. Instead of the procedure provided for in § 173 (7) of the Commercial Code (signing the resolution), the shareholders may use the procedure provided for in § 173 (2) and (3) of the Commercial Code (draft-positions-protocol). It should be recalled that, unless it concerns the election of a member of the management board, a resolution adopted in this way is valid even if it does not bear the signature of any shareholders or members of the management board.
  4. The petitioner waits for the order on entry denying the petition (because there is no right of appeal against a deficiency order), appeals against it and, hopefully, litigates to a victorious conclusion. As a rule, however, the petitioner will be in a hurry, and it will be easier and cheaper to resolve the matter in one of the ways listed above.

Of course, updating Estonian law or equipping all EU citizens (or at least the owners of Estonian companies or their legal representatives) with what Estonia considers to be sufficiently “strong” e-signature tools could also be considered, but these options may not be within the reach of the average Estonian private limited company.

Perhaps the Estonian legislator should also look in the mirror here. In a matter as elementary as the content of formal requirements, no normative confusion should be allowed – it is simply a waste of time for the judiciary and a wide range of private law subjects. At a more general level, it is a question of the quality of the business environment. And the idea that digital business should never cross the national borders sounds like the fairy tale of a digital tiger who lives all alone in the Far Faraway Forest and does not want to communicate with anyone else.

Should you need help with the form and/or content of your corporate documents or agreements, TRINITI lawyers are happy to be at your service.


[1] Additional requirements to the digital signature in the Act:
  • It is created by using data necessary for giving a signature contained in a secure signature creation device (hereinafter private key) to which the data needed for verification of the signature contained in a signature verification device (hereinafter public key) uniquely correspond.
  • Digital signature and the system of using it shall: “(1) enable unique identification of the person in whose name the signature is given; (2) enable determination of the time when the signature is given; and (3) link the digital signature to data in such a manner as to preclude the possibility of changing the data or the meaning thereof undetectably after the signature is given.”

[2] Definition tree for the qualified e-signature in eIDAS Regulation:
  • An advanced electronic signature is an electronic signature which meets the requirements set out in Article 26.
    • An electronic signature is data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.
    • Art 26: An advanced e-signature is (a) uniquely linked to the signatory, (b) capable of identifying the signatory, (c) created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control, and (d) linked to the data signed therewith in such a way that any subsequent change in the data is detectable.
      • Electronic signature creation data is unique data which is used by the signatory to create an electronic signature.
    • A qualified electronic signature creation device is an electronic signature creation device that meets the requirements laid down in Annex II to the Regulation.
      • An electronic signature creation device is configured software or hardware used to create an electronic signature.
    • A qualified certificate for electronic signature is a certificate for electronic signatures, that is issued by a qualified trust service provider and meets the requirements laid down in Annex I to the Regulation.
      • A certificate for electronic signature is an electronic attestation which links electronic signature validation data to a natural person and confirms at least the name or the pseudonym of that person.
        • Electronic signature validation data is data used to validate an e-signature.
          • Validation is the process of verifying and confirming that an electronic signature or a seal is valid.
        • A qualified trust service provider is a trust service provider who provides one or more qualified trust services and is granted the qualified status by the supervisory body.
          • A trust service provider is a natural or legal person who provides one or more trust services either as a qualified or non-qualified trust service provider.
            • A trust service is an electronic service normally provided for remuneration which consists of: (a) the creation, verification, and validation of electronic signatures /- – -/ and certificates related to those services, or /- – -/ (c) the preservation of electronic signatures, /- – -/ or certificates related to those services.
          • A qualified trust service is a trust service that meets the applicable requirements laid down in the Regulation.

Comments are closed.