What does the law say?
What is a digital signature and how valid and recognized is it?
At Penneo, being compliant with legal rules is a must.
Digital signatures are of course as valid as traditional signatures set on paper. The EU E-Commerce Directive actually contains a decisive ban on discrimination against agreements concluded digitally. In other words, it is contrary to the law if you, as an enterprise or authority, refuse to accept or recognize contractual documents solely on the grounds that they are digitally signed. Most countries have had the freedom to do agreements with either mouth, hand or seal for centuries.
In practice, most lawyers will recommend that agreements are in writing. A written agreement can in principle consist of a simple mail correspondence. In practice, such agreements may be difficult to prove in case of a dispute. What is actually agreed? Who has signed? And when?
What do the authorities say?
To ensure clarity in the area, the former Ministry of Science has prepared a common public standard called OCES (Public Certificates for Electronic Service). The OCES certificate has created the necessary guarantee that all common transactions between authority and citizen can take place safely enough.
That is, the communicating parties can both be confident of each other's identity and that their messages can not be changed without it being possible to prove subsequently. If the messages are encrypted, the parties can be sure that messages can not be read by unauthorized people along the way. The certificate complies with the Personal Data Protection Requirements for the protection of personal data when these are simply transferred between two parties in encrypted form.
Security in NemID
The only technology in the Danish market that meets the OCES standard is NemID. The main difference between NemID and many other solutions is that NemID is based on two-factor security. NemID is something in your head and something you have in your hand: your password and your key card.
NemID The only option
In other words, it can be concluded that if you want to sign documents digitally and if you want this signature to meet the requirements of the authorities then the signature must be done using NemID. Alternatively, we are left with a traditional signature with a pen and paper as the only legally sound way of entering into written agreements.
The law behind Digital Signatures
The law about digital signatures and related announcements were repealed with effect from 1 July 2016. Today, electronic signatures are governed by the Electronic Identification and Reliance Services Regulation for Electronic Transactions in the Internal Market (eIDAS Regulation) . The Regulation must be read in conjunction with the Act on Additional Provisions to the eIDAS Regulation. OCES certificate policies still determine the requirements for certification centers.
That is, quality requirements for the issuers of digital signatures, including NemID. The requirements of the certificate policies were largely based on the previously applicable "Electronic Signatures Act", but is regularly updated, among other things. to take into account new standards and legal requirements. To ensure compliance with the requirements, the certification centers must conclude an agreement with the Digitalization Board, which is responsible for the further approval.
Statements from private and public government institutions
In addition to the fact that a digital signature is in court, many others have commented on the use of NemID within specific industry areas. Fortunately, they agree on the validity of a digital signature. The following public and private institutions have discussed digital signatures in Denmark:
- Former Ministerie for By, Bolig og Landdistrikter
- Folketinget (Retsplejeloven)
Signature of the Annual Report
Danish Business Authority has commented on the validity of digital signatures specifically on the annual report. Here they distinguish between the version of the annual report that is submitted to the Danish Enterprise Agency and the version to be kept in the company.
The version stored in the company must be signed with the responsible management members, any auditor and a conductor. In this context, the Danish Business Authority states that the signature can be digitally made.
The submitted annual report may be submitted without signature of any kind, as the person reporting the financial statements using the XBRL (eXtensible Business Reporting Language) agrees with his NemID for the validity of the submitted.
In addition, the Danish Business Authority has decided whether the storage requirement of 5 years can be met digitally. It goes without saying that a digitally signed document is not suitable for physical storage because it can not be printed with and therefore loses the ability to verify the validity of the signature.
However, the Danish Commerce Administration states that digital storage can completely replace physical storage as long as it lasts for a minimum of 5 years. This is why Penneo guarantees the retention of signed documents for just 5 years.
Erhvervsstyrelsen har desuden taget stilling til, hvorvidt årsrapporter kan underskrives med digital signatur uden anvendelse af eID, f.eks. ved brug af touchsignatur. Erhvervsstyrelsen vurderer, at denne form for underskrift ikke identificerer underskrivers identitet i tilstrækkelig grad, og anerkender derfor kun digital signatur med NemID.
Date of signatures
Digital signature has the built-in advantage that you can see exactly when each party has signed. However, it rises questions in accordance to the annual report, as the document itself must be signed by all parties on the approval date. However, this is not always practical, and this is why the Danish Business Authority has stated that signatures must only be submitted within a reasonable period of time after the approval of the financial statements as long as the document is locked for changes in the interim period. Therefore, annual reports signed with Penneo are accepted.
KYC with NemID
KYC Act Section 11, paragraph 1, stipulates that customers must be checked by name and CPR number or CVR number (or similar) when entering a business relationship. Finanstilsynet interprets this requirement such that validation with NemID and CPR number (such as Penneo CPR validation) can stand alone as a credential method in situations considered to be low risk of money laundering. In other cases, this form of legitimization may serve as a supplement to other credentials.
Real Estate and digital contracts
Deals and agreements generally follow the general contractual rules, and there is therefore no obstacle to the use of digital signatures. As real estate deals often involve the admission of loans with certainty in the relevant piece of property, it is also relevant to look at whether banks and other financial institutions accept digital purchase agreements and other documents signed with NemID. The banks' own interest organization Finans Danmark (formerly known as the Bankers Council) makes some demands for digital purchasing agreements, including the use of NemID. Penneo obviously respects all of them.
Enforcement and credit agreements
On June 11, 2014, the Code of Conduct was updated on a wide range of issues regarding the possibility of using digital signatures. Specifically, section 478 (enforcement order), as well as section 488 on the provision of documentation was extended to acknowledge digital signature. The Credit Contracts Act §36 (Enforcement) and §45 were also extended. There is thus no obstacle to using digital signatures on agreements that may potentially end in enforceability. If you have questions about the law, please contact Christian, our lawyer.