Electronic Signatures and their legal effect under the eIDAS Regulation

Electronic signatures have become an essential tool for modern business, enabling fast, secure, and remote execution of documents. Within the European Union, the use and legal effect of electronic signatures are governed by Regulation (EU) No 910/2014 (as amended) (eIDAS) (the “Regulation”), which harmonises rules across Member States. Cyprus, as an EU Member State, fully implements and recognises the eIDAS framework. It has additionally enacted the Law on Electronic Identification and Trust Services for Electronic Transactions in the Internal Market 55(I)/2018 (the “Law”). Therefore, electronic signatures, whether simple, advanced, or qualified, can be legally relied upon, provided they meet the standards established under the Regulation and, where applicable, local practice. It is important to understand the distinction between the terms “electronic signatures” and “digital signatures”. Although these terms are being used interchangeably on a day-to-day basis, on a technical level, there are key differences between them. Electronic signatures is a general term which includes a broad range of methods for digitally signing documents. Specifically, the Regulation defines “electronic signature” as data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.  A technical definition of a digital signature, on the other hand, refers to a mathematical and cryptographic concept that is widely used to provide concrete and practical instances of electronic signature. The definition given by the European Telecommunications Standards Institute is that of data appended to, or a cryptographic transformation of a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery e.g. by the recipient. In other words, a digital signature is information added to a document, or a cryptographic change made to it, that allows the recipient to verify who sent it, confirm that it hasn’t been altered, and protect it from being forged. Thus, not all electronic signatures are necessarily digital signatures. Under the Regulation, there are three categories of electronic signatures, each offering different levels of security and evidentiary weight:

1. Simple Electronic Signature (SES)
2. Advanced Electronic Signature (AES)
3. Qualified Electronic Signature (QES)

  Simple Electronic Signature (SES) A SES includes any form of electronic data used to sign a document, such as:

• a scanned handwritten signature
• clicking “I agree” on a website
• typing a name at the end of an email

According to the Regulation, a SES shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic signatures. By extension, section 9 of the Law states that, subject to the provisions of the Cyprus Evidence Law, an electronic signature as defined in Article 3 of the Regulation, which may be in electronic form or may not meet all requirements for QES, is accepted as evidence in any criminal or civil proceeding conducted before a Court and in any administrative proceedings.   Advanced Electronic Signature (AES) An AES must meet all of the following criteria:

• it is uniquely linked to the signatory
• it is capable of identifying the signatory
• it is created using electronic signature creation data that the signatory can, with a high level of confidence, maintain under their sole control
• it is linked to the signed data so that any subsequent modification is detectable

AES often uses public key cryptography and is widely employed for business contracts, financial transactions, and regulatory filings. AES carries stronger evidentiary value and provides enhanced security compared to SES. It is accepted in most contractual and commercial contexts.   Qualified Electronic Signature (QES) A QES is a subset of AES, created by a qualified electronic signature creation device (QSCD) and based on a qualified certificate issued by a qualified trust service provider (QTSP) registered in the EU. QES benefit from the highest of evidentiary presumption. Under the Regulation, a QES:

• has the same legal effect as a handwritten signature
• must be recognised across all EU Member States

This makes QES particularly suitable for:

• high-value commercial agreements
• financial transactions
• cross-border legal processes

The Regulation provides a robust legal framework that ensures electronic signatures are both valid and enforceable across the European Union. While digital practices have evolved rapidly and electronic signatures are now commonplace, they must still be applied with care, especially where specific legal formalities apply to certain types of documents. By understanding the differences between SES, AES, and QES, organisations can choose the right level of electronic signature for each occasion —improving efficiency while ensuring full legal certainty under the Regulation.