For many, the appearance of electronic signatures in legal practice, whether in judicial procedures or administrative procedures, represented a period of uncertainty.

No clear, evident, and authoritative sources on "ce sunt aceste semnaturi" inca face multi magistrati, avocati, si functionari publici, sa greseasca in interpretarea si utilizarea lor.

A brief history of electronic signatures

Electronic signatures have existed since the beginning of the internet and technology, providing in one form or another, security in accessing online sites, as well as security for members of transactions through computer means.

Since the development of the HTTPS protocol in 1994 by Netscape Communications, electronic signatures and encryption have become essential in our digital activities.

However, although these technologies have existed in technical practice for over 20 years, it took some time for the technology to mature and materialize into regulatory acts that govern these standards.

Directive 1999/93/EC was the first such directive, which also formed the basis Legii 455/2001, was the first law to introduce the concepts of computer law into Romanian legislation.

Thus, the first local providers appeared, who remained the market leaders in providing signatures to local consumers:

• S.C. Trans Sped S.R.L = Expired on 07/02/2017
• S.C. Digisign S.A. = Expired on 21.08.2020
• S.C. Certsign S.A. = Expires on 31.08.2023
• S.C. Alfatrust Certification S.A. = Expires on 10/28/2023
• S.C. Centrul de Calcul S.A. = Expired on 12.03.2018
• UM 0296 Bucharest (Military Unit 0296 Bucharest) = Expired on 12/19/2022
• Serviciul de Telecomunicații Speciale = Expires on 29.07.2023

Or, what is interesting to note from the list, is that many providers have expired authorizations, the reason being that they have, quite rationally, moved to the European-level accreditation, about which we will discuss infra.

Over time, the inefficiency of an ununified system was observed, in the context of the EU's goal of ensuring a single market, and eliminating the inefficient bureaucracy of an open market.

Thus, a new regulation appeared, through The regulation "eIDAS" (910/2014), which standardized types of signatures, and provided a framework for the standards under this regulation to subsequently standardize the types of standards accepted at the European level.

Tipurile de semnaturi electronice

The electronic signatures in Law 455/2001 followed 3 types, namely:

• Simple signatures (i.e., including the mere remembrance of the signer in the document)
• Advanced signatures (which directly and unequivocally identify the signer)
• Qualified advanced signatures (i.e., those that directly and unequivocally identify the signer and benefit from the presumption of correctness, being issued by trusted institutions)

Thus, accredited trusted providers have received the quality of a kind of "digital notary", whose trust allows them to offer signatures with the same legal value as qualified signatures.

Unlike advanced signatures, which can be issued by anyone, qualified electronic signatures are only issued by trusted persons, who assume, with civil, criminal, and administrative liability, the correctness of the signatures and the identity of the signatory.

Intermediary, there have also appeared advanced signatures created with qualified certificates, that is, advanced signatures that have been issued by a trusted provider, but which do not certify the identity of the signer, but only attribute a level of trust, the preliminary checks being made thoroughly and correctly.

With the appearance of the eIDAS regulation, these signatures, defined above, have been standardized at the European level, but without repealing local regulations, which are still applicable, but only oppose local institutions.

• SES Signatures (Simple signatures)
• Semnaturi AdES (Advanced signatures), uniquely identifying the signer, providing cryptographic evidence of their identification.
• Semnaturi AdES/QC (Advanced signatures created with a qualified certificate)
• Semnaturi QES (Advanced signatures created with a qualified signature creation device), in turn, advanced signatures, and equivalent to holographic signatures

In addition to these signatures, it is noteworthy that there are other means of providing trust, the legal quality of which is, however, poorly defined in the doctrine and jurisprudence:

Electronic signatures

The value of these, with regard to interpretation according to the civil code in Romania, is somewhat unclear, as they are not signatures, but an equivalent of the stamp, which we know that in the absence of the signature, do not have effect against third parties.

While the law eliminated the formality of the stamp, from many procedures, signatures enjoyed increasingly greater trust and power, which made economic seals become increasingly less used, in Romania.

Thus, these seals, which work on exactly the same principle as electronic signatures, identify the entity that signed the document, but not the signer, who is uncertain.

In our opinion, seals are the electronic equivalent of stamps, transposed in a verifiable way into the digital space. However, in Romania, these stamps are oricum ne-necesare, so the use of these seals is purely at the user's discretion and does not have any notable legal effect, except for certain exceptions where the law provides legal quality to stamped documents:

• Authorized translations, signed with a "stamp" via qualified electronic seal, can be verified as original and ascertainable without the need for signature legalization, this process being equivalent and assured by signing with an electronic signature and electronic seal.
• Construction permits, etc., where the stamp is necessary, providing information about permits, etc.
• Notarial stamps, which are thus replaced by an electronic verification means.

Thus, it is certain that these means of identification are much less relevant than signatures, but they raise questions in the context of the importance of the digitalization of the economy.

Marcajele Temporale

Desi legea nu le face in mod vadit si direct echivalente cu data certa, opinam urmatoarele:

• The time-stamping providers are assimilated civil servants, exercising an attribute of state power (being conferred the quality of trusted providers). Therefore, one could argue point 1 of the certain date definition.
• The display in a public register (the supplier's ledger) in point 3 could be argued, as they are public and allowing anyone to identify this document over time.
• Certainly, point 6 is applicable, the article of law in the eIDAS regulation providing these marks with the presumption of correctness, thus giving them the equivalence of the certain date provided by the public notary, where the form of contestation is by declaration of falsehood, similar to authentic acts.

So, starting from the premise that these timestamps give the certain date of the inscriptions, a lot of uses that can be applied to them appear.

Unlike qualified electronic signatures, which require prior verification of the party's identity, reliable data (through qualified timestamps) does not require such a formality, is easy to perform and has a reduced cost.

Thus, here is how a new form of providing precedence brings equivalence to an old concept, but extremely relevant in the world of law, and which we hope to make its appearance more and more in practice.

Other forms of "strange" electronic signatures

The eIDAS regulation does not itself provide for the form, or standard, of electronic signatures, but those opposed to public institutions are clarified by additional rules.

There are advanced signatures, according to European regulations:

• HTTPS certificates for websites
• The DKIM signatures of the emails sent with such a form of additional validation of the sender.
• The means of communication that use encryption, such as WhatsApp or Signal. Here is an interesting discussion about their use as probative evidence in criminal proceedings, with the argument brought in electronic signature, the messages being "signed" in a unique way that associates the participants in the conversation.

Aspects of practice and interpretation

The types of electronic signatures enforceable against public institutions

While the European regulation provides a legislative framework to protect in court the evidence signed with such documents, among public institutions, it is noteworthy that certain standards are accepted, which are defined by decision to implement this regulation. (2015/1506)

Thus, the following types of electronic signatures can be opposed to public institutions:

• With XAdES format = Adica, with an XML file that includes information about the signature, and which are clarified by the standard ETSI TS 103171 v.2.1.1.
• Cu format PAdES = Adica, introduse intr-un fisier PDF, permitand semnarea unei parti, sau a totalitatii documentului PDF, definite de standardul ETSI TS 103173 v.2.2.1
• The CAdES format = Adica, signatures through the CMS (Cryptographic Messaging System) format, previously used for signing documents, and commonly found, for example, on SEAP (Documents with the P7s, P7m extensions), and defined by ETSI TS 103174 v.2.2.1

In addition to these types of signature standards, which sign a particular file, we also have types of signatures that sign multiple files, thus providing the possibility of bundling several acts into a single "file" signed.

• With ASIC format = Adica, ZIP files that include an XAdES or CAdES file, which can be used for signing and merging multiple documents.
  
  This format is highly relevant for the purpose of transmitting evidence without alteration, and the practice of copying evidence by modifying the format and attaching it to a PDF is likely to alter the act.
  
  If a standard procedure at OUP level had been adopted, all problems could have been solved by adopting ASiC signatures, which allow the signing of absolutely any type of file, from PDF to Videos, photos (without altering the bits that can eliminate evidence or, on the contrary, create "false evidence").
  
  This format, unfortunately not often encountered in practice in Romania, is regulated by ETSI TS 103174 v.2.2.1

Standardele de conformitate pentru semnăturile electronice:

Even though electronic signatures enjoy a first set of formalities to be respected, which are applied in all standards, including these standards allow several types of signature, each with a different degree of authenticity and probative value.

Thus, we have the following types of "levels" of signatures:

• Conforming signatures B-Level (Basic): This represents the first, and weakest level of electronic signatures, even qualified. They guarantee the signing by the user, but The correct timing for the placement of documents is crucial, even if they have a background image indicating a time. In short, these signatures declare but do not certify the time of signing.
• Semnaturi conforme T-level (Cu certificare temporala): Unlike the conform B-level signatures, these signatures additionally provide a means of approximate verification of the date of signing the documents, guaranteeing a certain period from which the signature has existed unequivocally, and which enjoys a presumption of correctness. At the technical level, this is ensured by a token that can be validated in a database, certifying the existence of the signature at a certain point in time.
  Here again, a certain date could be mentioned.
  
  Borrow the formalities from B's signatures.
• Conforme signatures LT-Level (Long-term storage): These signatures are recommended for procedures that require archiving, due to the inclusion of all the material necessary for the validation of the signature in this.
  
  Borrowing the formalities from signatures B and T.
• Conforme LTA-Level (Long-term storage and archiving): Ideal for situations where documents need to retain their probative value over a very long period of time, ensuring the integrity and date of the document. They include a qualified seal and are used by us in our day-to-day activity (a Incorpo.ro)
• Conforming signatures with other levels: Desi regulamentele europene nu ofera prin acte normative putere altor tipuri de semnaturi, acestea sunt mentionate si au calitate de uzanta, in practica semnarii calificate, fiind variante actualizate ale standardelor mentionate expres de reglementarile europene, si care vor fi Most likely to be approved in the future.
  
  These compliance levels represent the set of information included in the signature header, which can be verified by the signature program or manually, knowing the protocol.

Electronic signature - Expression of will?

Another interesting aspect is the relationship between electronic signatures and proof of will, and the difference between these signatures and holographic signatures.

While holographic signatures are placed in a position on the sheet that unequivocally demonstrates a will agreement, but does not protect the document from subsequent alterations, the story is the reverse for electronic signatures.

Electronic signatures sign all the content of the document, but do not explicitly guarantee any will agreement.

Perhaps the signer intended to certify that it is in accordance with the original? Or maybe they simply signed to agree with the signature placed by someone else? Or to acknowledge receipt of the document? All are reasonable motives, but they have different implications when it comes to the consent provided.

Therefore, signature standards have included the possibility of signing the purpose of the signature, which can be used to clarify the purpose, and limit the agreement of will, in signing documents.

Thus, signature providers can use that field to clarify the purpose of the signature, and to detail the will offered, and its limits.

We can argue that compliance with the original does not give legal value to an act, just as the signature of receipt does not guarantee that the signatory is in agreement or even considers the received act to be authentic.

How can the signer's will be verified, then?

I believe that there is no single means of identification, but that the existence of intent should be analyzed in the context of the document. Was a document transmitted with the purpose of receiving approval? Did the receiving secretary sign before transmitting the document to the head? Was a registration number assigned and signed for compliance and to prevent alterations?

From the context, one can infer the existence (or not) of the signer's consent, especially in the context of the absence of such information in the signature box. We believe that in the absence of compliance with standards by all accredited signature providers, signatures should be analyzed with a certain degree of indulgence, even if contextual analysis is imperfect, opining that qualified signatures already provide a much higher level of validation than holographic signatures.

What's with the signature photo?

That seal, where data about the signer (name, first name, date, etc.) are transcribed, are just as valid as the will given through them. As I described and supra, the signatures in themselves do not say anything about the will of the signer, that box being optional, and rarely encountered in practice.

The house only has a title for orientation, bringing validitate subiectiva of the act, and over time they have become a form incorrect a identificarii semnaturii.

Even documents that are not altered by the application of such boxes can be electronically signed, the PadES standard (referring to PDF documents), having invisible signature boxes, the respective images being completely separate from the applicable signature standards.

Therefore, in the context of printing acts by conventional means, the method of validating the signature is lost, as printing does not preserve the information stored in the signature box, but only the image, which in itself has no legal value whatsoever. The information stored in the signature is completely discarded.

A somewhat worrying story

Hearing "about a story in practice", where the records of the courts, tribunals, courts of appeal, etc. print the acts, conform them as conforme with the original, and subsequently delete them (there being no space on the server disk), we opine that this means eliminates the legal validity of all evidence administered in this form.

The Civil Code clarifies that the probative force of copies, even if legalized, is limited by the content of the original act, the parties being able to request at any time the opposition with the original act. In the meantime.....sters and probably irreversibly destroyed by overwrite.

A "ups" heavy, which in certain exceptional situations can even lead to the acquittal due to lack of evidence (and the declaration as null of the beginning of the proof by legalized copies, the act being lost), of the persons accused of criminal offenses.

Even though we argue that the probability of the original existing in multiple copies (duplicates) through "copy+paste" to other parts (eg: to the prosecutor's office), problems arise regarding the obligation of the registry to take care of the received evidence, with care and diligence.

If, in a criminal case, where the criminal investigation does not depend on a prior complaint and the liability does not disappear through reconciliation, the victim receives a bribe from the perpetrator to delete from his own computer the evidence, which is unique only in the victim's computer and in the registry, which has deleted it in the meantime?

Frequently Asked Questions

Documente Utile