Lenka Gomez Tomčalová is an associate and partner at ZCH Legal. She specialises in legal advice, particularly in the field of labour law, including representation of clients in labour disputes and litigation. Together with Lenka, we focused on the area of electronic signing and asked her a few questions in this segment, which is becoming increasingly popular in companies.
Electronic signatures are the trend of today. What are their advantages?
The biggest advantage of electronic signatures is financial, time and logistical savings. Documents can be signed electronically from anywhere, which has proven particularly useful in times of pandemics and work-from-home regimes.
In the case of "higher" electronic signatures, another advantage is the assurance of maintaining the integrity and undeniability of the document thanks to the possibility of verifying that the document has not been changed since its signature, as well as ensuring the inimitability of the electronic signature, unlike the handwritten one.
The ecological aspect cannot be forgotten either - thanks to the use of electronic signatures we can avoid printing documents, thus saving resources again.
And the disadvantages?
The disadvantage for many people may be the necessity to establish a qualified certificate for electronic signatures (in the case of guaranteed and qualified signatures), the associated costs, the choice of a specific technical solution and also the limited validity of the certificate.
An exception is not made for situations where the other party to the contract is not satisfied with electronic signing or refuses it altogether due to lack of experience, lack of information or for any other reason.
There are different types of electronic signatures - simple, guaranteed and qualified. What is the difference between them?
Simple (plain) electronic signature
The basic type is a simple electronic signature, which can be used to replace a normal handwritten signature, for example, when concluding contracts between two private entities. It can take the form of inserting an image with a scan of the handwritten signature, a signature stamp or "drawing" the signature with a mouse.
Guaranteed electronic signature
With regard to the guaranteed electronic signature, Act No. 297/2016 Coll., on trust services for electronic transactions, does not define a guaranteed electronic signature, but a recognised electronic signature. It is a guaranteed electronic signature that is based on a qualified certificate. This means that it is confirmed by one of the certification service providers, which in the Czech Republic are Česká pošta, s.p., eIdentity a.s. and První certifikační autorita, a.s., who verify the identity of the signatory when issuing it.
This type of electronic signature can be used in the case of signing documents through which I legally act towards public law entities or other persons in connection with the exercise of their powers.
In accordance with the European eIDAS Regulation, such a signature is unambiguously linked to the signatory, enables his or her identification, is created using data for creating electronic signatures with a high level of trust (i.e. a qualified certificate) and is attached to the signed data in such a way that any subsequent change to the data can be detected.
Qualified electronic signature
The highest form of electronic signature is a qualified electronic signature. It is the most secure and safest way of electronic signing, because such a signature can only be created by means of a qualified means on a separate non-transferable medium, e.g. special USB tokens (also in this case, the identity of the signatory is verified by certification service providers when issuing the signature).
This type of electronic signature is required for public signatories, i.e., for example, in the case of the state or local self-government unit, and also for persons in the exercise of their powers. In the case of these persons, additional requirements are also given, such as the attachment of a qualified electronic seal and a qualified electronic stamp.
A qualified electronic signature fully replaces a handwritten signature in all EU Member States and guarantees an unambiguous link between the signature and the signatory. It can be used, among other things, when electronically filing tax returns or communicating with the Czech Social Security Administration, etc.
Electronic signatures save resources.
Not all types of documents can be signed electronically. What kind of documents are they?
In general, until recently, it was not possible to electronically sign documents that require a certified signature. However, as of 1 July this year, an amendment to the Digital Services Act introduced a new feature in this respect, so-called e-legalization. It is therefore now possible to replace the officially certified signature by legalization of the electronic signature in three possible ways - verification by a person authorised to legalize, verification by a public administration information system record and verification of a recognised electronic signature.
The first way means basically only an electronic form of standard signature verification, i.e. for example by a notary, attorney using an electronic verification clause or at Czech POINT. A simple electronic signature can also be legalized in this way. The other two methods imply remote verification, while the third method directly equates a recognised electronic signature with an officially certified signature, provided that it is possible to assign a qualified certificate for a recognised signature to the signatory with certainty.
And what about electronic signatures in the context of the HR agenda?
Focusing on the HR agenda and employment relations, it is important to take into account that employment law distinguishes a special category of documents for which the Labour Code requires that they be hand-delivered to the employee. These are documents relating to the creation, modification and termination of employment or agreements on work performed outside the employment relationship, the removal of a managerial employee, important documents relating to remuneration and a record of a breach of the temporary incapacity for work scheme of an insured person. These documents may be signed with a recognised electronic signature, i.e. a guaranteed signature based on a qualified certificate, or with a qualified signature.
It is now possible to replace an officially certified signature with a legalized electronic signature.
How to deliver such documents to the employee to comply with the requirements of the Labour Code?
In the case of documents in electronic form, only 2 types of delivery can be considered, namely (i) delivery via an electronic communications network or service (e.g. conventional e-mail) and (ii) delivery via a data box.
Successful delivery of a document by electronic communication service is subject to all of the following conditions (i) the employee's prior written consent to such delivery (ii) the employee provides the employer with an electronic address for delivery (iii) the employer signs the document with a recognised electronic signature (iv) the employee acknowledges receipt of the document by a data message and also attaches his or her recognised electronic signature.
A prerequisite for the successful delivery of a document via a data box is that the employee has given his or her written consent in advance to the delivery of employment documentation via a data box. In this case, the document does not have to bear a recognised electronic signature and the employee does not have to acknowledge its delivery, which is a consequence of the nature of the data box.
The letter is legally deemed to have been delivered when the employee logs into the data box. Even if he or she does not do so, the document shall be deemed to have been delivered on the 10th day after delivery to the data box.
From a legal point of view, is there any difference whether the employee electronically signs the document by clicking on the confirm button, clicking on the signature confirmation, where a sample of the employee's saved signature is then inserted into the document, or if the employee actually types his or her signature - for example, using a tablet?
Clicking on the "I agree", "I confirm", etc. button has the effect of a simple electronic signature. Dynamic biometric signature using a special tablet or other signature plate is a relatively widely used method of signing, as it is based on the fact that it captures the unique biometric data of the signatory and can therefore be identified on the basis of this data.
Although from this point of view it is a more secure linking of the signature to the person than in the case of a click on a button, this type of signature is also legally considered a simple electronic signature. A simple electronic signature cannot be used to validly sign documents which the Labour Code requires to be delivered to the employee by hand. Other documents, such as handover protocols or internal regulations, can be signed in this way.
How long do I need to keep an electronically signed document? Is it also necessary to archive such a document in hard copy? Or does it vary according to the type of document? Can you give examples?
The same time limits apply for the retention of electronic documents as for paper documents. It is therefore necessary to follow the legal time limits according to the applicable legislation and the nature of the document (e.g. according to the Accounting Act for accounting documents or the Value Added Tax Act for tax documents, etc.).
A distinction must be made as to whether the document is indeed an electronic document, i.e. a document that has been digitally created from the outset, has been signed with an electronic signature and will also be electronically archived.
When archiving these documents, it is essential to comply with the requirements of authenticity of origin, integrity of content and legibility. Any changes must be traceable and the documents must be stored in a repository that ensures these requirements.
Electronic documents for archiving purposes must contain a time stamp and an electronic seal and be stored in a format designed for archiving that ensures readability - for example PDF/A. These documents can only be stored electronically and do not need to be printed and stored in paper form in addition.
There are currently several different providers on the market offering software solutions for electronic archives, or solutions that guide the user through the entire life cycle of an electronic document, including archiving.
Another case, however, are documents that originated as deeds. These then need to be kept in their original form and it is not enough to, for example, scan them, put them on storage and shred them in the office. Such a method of archiving would be legally inadequate.
The same time limits apply for the retention of electronic documents as for paper documents.
Are there any sanctions in the area of electronic signing?
The Czech courts have dealt with the issue of simple electronic signatures many times. In practice, the courts have taken a relatively conservative approach to this type of signing, precisely because it is impossible to prove with certainty whether a document was signed by a given person and in such a way that any subsequent change of data could be detected.
Thus, for example, the courts held that, although the draft credit agreement was agreed to by a verification code after registration by entering personal data in the web interface, it could not be shown that these events actually occurred and that consent was actually given, and therefore the credit agreement was not concluded and no contractual rights or obligations arose from it. It is therefore clear from case law that it is often not advisable to rely on a simple electronic signature and that, in the case of an interest in electronic signatures, a certificate for a qualified or, where appropriate, at least recognised electronic signature should be established in order to ensure legal certainty and a better evidential position in any court proceedings.
It should also be taken into account that when using electronic signatures based on different personal and commercial certificates, some of these certificates may not guarantee the identity of the signatory. Therefore, even in such a case, the authorship of the signatory may be called into question in the event of litigation and it may be difficult to prove whether or not the document was actually signed by an authorised person.
Do you know of any case in practice where a company used electronic signatures incorrectly and was sanctioned for it?
The issue of dynamic biometric signatures, for example, is a relatively frequent subject of attention of the Office for Personal Data Protection in connection with the European Data Protection Regulation (GDPR). This type of signature captures the biometric trace of the signatory, which is considered personal data. If this signature is intended to uniquely identify a person, as is often the case with many financial institutions, it falls into the category of so-called special personal data under the GDPR. These are prohibited from being processed unless the subject has given explicit consent to processing for one or more specified purposes. Careful attention needs to be paid to this as the penalties imposed by the Data Protection Authority can be high.
If a company wants to start using electronic signatures, what must it do? What is needed?
I would suggest starting with an assessment of what kind of agenda I intend to sign via e-signature (business matters, HR agenda, etc.) and consider the limits set by the Labour Code in this respect, for example, in relation to the HR agenda, or which may be important for the preservation of the document as well as its evidentiary power in any court proceedings. Depending on this assessment, I will then choose the type of electronic signature.
If a company intends to use a guaranteed electronic signature, it must obtain a certificate from one of the certification service providers. The procedure for obtaining a certificate varies from one provider to another, so it is always advisable to rely on information about specific procedures, which are relatively clearly elaborated by the providers. Usually, however, it involves filling in an electronic application with personal data, then visiting a branch (in the case of the Czech Post it is Czech POINT) and then installing the certificate.
In order to obtain a qualified electronic signature, it will be necessary to install, for example, a USB token or a certified smart card including an electronic seal and stamp. The validity of the certificate is 12 months, after which it must be renewed, but there is no need to visit a branch for this purpose.
I would like to add that in addition to the three official certification authorities, there are also so-called external registration authorities that are their partners. These are, for example, elektronickypodpis.cz. This authority is a partner of the Czech Post and offers a complete installation of the certificate directly in the office of the interested party, including setting up everything necessary on the computer.
.png)
.png)
