Loading...

Electronic signature

The legal framework is contained mainly in the Electronic Document and Electronic Trust Services Act (EDETSA), which many times refers to Regulation (EU) No. 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic registration and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (Regulation (EU) No. 910/2014).

According to EDETSA, an electronic statement is a verbal statement presented in digital form by a generally accepted transformation standard, reading and presentation of information. The electronic statement can also contain non-verbal information (Art. 2 EDETSA).

EDETSA regulates that an electronic document has the meaning according to the Art. 3, item 35 of Regulation (EU) № 910/2014, namely any content stored in electronic form, in particular text or audio, visual or audio-visual recording.

What is an electronic signature and what is it used for?

In general, the electronic signature is a tool used to sign documents in an electronic form. By virtue of the signing of the electronic document the signatory is identified and the information contained in the document is protected against subsequent changes.

According to the legal definition (Art. 13, para. 1 EDETSA), an electronic signature has the meaning according to Art. 3, point 10 of Regulation (EU) № 910/2014: “electronic signature” means data in electronic form which are added to or logically linked to other data in electronic form and which the electronic signature holder uses for to sign. An electronic signature may be issued both to natural persons and to legal entities (as a holder/signatory). There are electronic signatures that are intended for specific functions – protection of e-mails, encryption / decryption of information, etc.

What are the types of electronic signatures?

EDETSA differentiates the electronic signatures depending on the conditions they meet and their security: electronic signature, advanced electronic signature (AES) and qualified electronic signature (QES).

We have indicated above the legal definition of an electronic signature, according to EDETSA.

An advanced electronic signature is an electronic signature according to the meaning of Art. 3, item 11 of Regulation (EU) № 910/2014, which refers to Art. 26 of the same regulation. The advanced electronic signature must meet the following requirements:

  • It is uniquely linked to the signatory;
  • It is capable of indemnifying the signatory;
  • It is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and
  • It is linked to the data signed therewith, in such a way any subsequent change in the data is detectable.

A qualified electronic signature is an electronic signature within the meaning of Art. 3, item 12 of Regulation (EU) № 910/2014: Qualified electronic signature means an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures.The widest range of opportunities is offered by the so-called qualified electronic signature (QES), in which case the user receives a qualified certificate for qualified electronic signature (QCQES), which generally speaking, in practice, has the power of a handwritten signature in the relations with other persons. The QES is created using a special device and is connected to a specific tangible carrier (for example, smart-card and special reading device thereto), which prevents any possibility for a person other than the holder to sign with it.

The advanced electronic signatures meet certain security requirements, but there is no requirement to be created using a specific device from a provider of qualified certification services, and respectively, these signatures may be used with a lower degree of trust.

The legal significance of the electronic signature and the advanced electronic signature is equivalent to a handwritten signature. only when this is agreed to between the parties and the area of application of these two signatures is significantly narrower (art. 13, para 4 EDETSA).

What is the electronic signature used for?

The QCQES allows the use of a number of electronic services provided by the state administration. For example, with QCQES, many services are available of the National Revenue Agency, the Ministry of Finance, the Ministry of Economy, the Ministry of Environment and Water, the Ministry of Transport, Information Technology and Communications, the Ministry of Agriculture, Food and Forest, the Ministry of Interior, the Ministry of Defense, the Registry Agency, the General Labor Inspectorate, the Commission for Personal Data Protection, the Employment Agency, the National Social Security Institute, the National Statistics Institute, the National Health Insurance Fund, the Customs Agency and a number of others. The QCQES may be used for example for registration of a company, entry of amended circumstances concerning already established company, issuance of current status certificate of a company, filing of project proposal to apply for financial grants under operational programmes, issuance of certificate of criminal record, etc. Holders of such electronic signature can also use electronic banking by commercial banks, pay bills and taxes, etc.

An electronic signature may be used in the relations with other persons and organisations (for example, to conclude an agreement in electronic form, for the issuance of electronic invoice, etc.).

The use of electronic signature reduces the costs, as a number of bank commissions are significantly lower for transactions made electronically, and also a large number of state institutions offer their services free of charge when they are applied online. In addition, electronic signature holders save time.

The electronic signature may not be used:

EDETSA explicitly excludes from its scope the following hypotheses (Art. 1, para. 2):

  • In transactions in which the law requires a document in a special form (the so called qualified written form) – for example, when it is necessary the document to be notarized, to be in the form of notary deed, to be signed in hand by the parties, to be drawn up in the presence of witnesses or officials, etc.;
  • When the act of holding of the document or a copy thereof has legal significance (for example, “ securities, promissory note, etc.).

How can you get a qualified electronic signature?

In accordance to Art. 32 of EDETSA, the Communications Regulation Commission (CRC) creates, maintains and publishes the national trust list of the persons providing certification services and qualified certification services, according to the Art. 22 of Regulation (EU) No. 910/2014.

Qualified electronic signature may be issued only by a provider of qualified certification services. In order to get such a signature, you should select an appropriate provider from the Register, kept by the CRC. An agreement for rendering of certification services is signed with selected provider and after that the signature and the certificate for the qualified electronic signature are created for certain remuneration (QCQES).

Fee

The price for the creation of a QES varies depending on several factors – the provider of electronic certification services, the term for which the QES is issued and the person to whom the QES is issued. The issuance of a QES costs approximately BGN 25 – 40 for a term of one year, and approximately BGN 30 – 60 for a term of three years. In recent years, the price for issuing a qualified electronic signature to individuals has been declining. The issuance of a QES to a legal entity for a term of one year costs approximately BGN 75, and for a term of three years – approximately BGN 155 (the prices quoted are indicative and include the smart-card and the reader thereto).

When is the validity of a QES suspended and renewed?

Unless otherwise agreed the provider of certification services has the right to suspend the validity of an issued QES for a period of up to 48 hours, if there is reasonable doubt that the validity of the signature should be terminated.

According to art. 26, para 2 of the EDETSA, unless otherwise agreed, the provider of the certification services is obliged to suspend the validity of the qualified electronic signature issued by him for a term of up to 48 hours at the request of:

  • The holder/signatory;
  • A person who depending of the circumstances may obviously be aware of breaches to the security of the electronic signature (for example, representative, partner, officer, family member, etc.);
  • Communications Regulation Commission.

The provider of certification services is obliged to notify the holder of the signature forthwith as to the suspended validity.The suspension of the validity of the certificate shall be carried out by its temporary entry in the list of the terminated certificates (Art. 26, para 5 EDETSA).

In accordance with art. 26, para 6 of the EDETSA the validity of the signature is renewed:

  • Upon expiry of the suspension period;
  • Upon elimination of the grounds for the suspension or at the request of the holder, after the provider of certification services, respectively the Communications Regulation Commission, has satisfied themselves that they have found the reason for the suspension and that the request for the renewal was made as a consequence of such awareness.

When is the validity of the qualified electronic signature terminated?

The validity (effect) of the signature is terminated in the cases set out in art. 27 of the EDETSA:

  • Expiry of the term of validity of the signature;
  • Cases of death or placement under judicial incapacity of the holder – natural person;
  • Termination of the legal entity of the holder;
  • Termination of the legal entity of the provider of certification services, when its operations are not transferred to another provider of certification services; respectively in case of death or placement under judicial incapacity of the natural person – provider of certification services;

The provider of electronic certification services is obliged to terminate the effect of the signature at the request of its holder, after they verify the holder’s identity. The provider terminates the validity of the signature also when it is found that the signature was issued on the grounds of untrue data (art. 27, para 2 and para 3 EDETSA).

Important to know
Important to know

The use of electronic signature, other than QES, may bring about certain risks related to the reliability of the information contained in the signed electronic documents, use of the signature by other persons, etc.

It is good to know that the EDETSA makes difference between an author of an electronic statement and a signatory of such a statement (Art. 4 EDETSA). The author of an electronic statement is the individual indicated in the statement as its author. Signatory of an electronic statement is the person on whose behalf the electronic statement is made. The signatory may be both a natural person (individual) or a legal entity.

It should be pointed out that the person using the electronic signature (author) does not always coincide with the person on behalf of whom the statements in the electronic document are made (holder/signatory). For example, when a natural person (general manager or another representative of a company) signs a document with the electronic signature of the company, the author is the natural person /individual, but the holder/signatory of the statement is the company and all consequences from the statement contained in the signed document ensue for the company.

For more information
For more information

More information is available on the website of the Communications Regulation Commission.

Share