Luxembourg: Practical aspects of using e-signatures in a cross-border EU transaction
It is becoming increasingly evident that the Covid-19 pandemic is having a significant impact on cross-border activity. The EU framework for electronic signatures (e-signatures) and online authentication will play an essential role in facilitating EU cross-border transactions in the future.
Luxembourg law has recognised e-signatures since 2000 and the framework has been well-defined since the eIDAS Regulation which created a common, standardised legal framework across all EU Member States for e-signatures (and other trust services). Furthermore, the Luxembourg Civil Code recognises e-signatures, affording them the same legal and probative value as a handwritten signature, provided that the reliability and integrity of the e-signature, from the time of its creation, can be assured.
Generally, the eIDAS Regulation distinguishes between simple, advanced (AdES) and qualified (QES) e-signatures.
Simple signatures (which might, for example, take the form of a scanned image of a handwritten signature sent by email) provide the lowest level of confidence in their authenticity and can be easily forged or tampered with. In the event of litigation, these e-signatures may need to be supported by the original instrument with the original handwritten signature.
The AdES provides a higher degree of security and is uniquely linked to, and capable of identifying, the signatory. The signature is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his/her sole control. In addition, the signature is linked to the data that has been signed in such a way that any subsequent change to the data can be detected.
The QES provides the highest level of assurance. It has the same legal effect as a handwritten signature and benefits from EU-wide recognition. A QES is an AdES that fulfils two additional requirements, being:
- it is created by a qualified e-signature creation device, provided by a qualified trust services provider (TSP), and relies on a qualified certificate linked to the signatory’s identity
- the TSP identifies the signatory by face-to-face interaction (which can even be performed remotely), subject to strict conditions
Practical considerations in using e-signatures in cross-border EU transactions
From a practical perspective and focusing on the QES (as it offers the highest level of assurance, especially should ligation ensue), what should parties do if they wish to incorporate an e-signature process to facilitate the completion of an EU cross-border transaction?
Counterparties to a transaction would need to agree in advance to use a QES mechanism at completion and, amongst other things:
- check constitutional and other contractual documents to ensure that they do not contain restrictions on the manner in which documents can be signed
- identify the types of documents that will need to be signed to complete the transaction. Certain instruments (such as employment contracts) and documents required by law to take the form of a notarial deed, or requiring a legalisation process, may not be capable of being executed by e-signature. In addition, certain documents (such as share registers and share certificates) might only be available in hard copy format and arrangements would need to be made to ensure that this will not obstruct the “e-completion” of the transaction
- consider whether any instrument to be e-signed will need to be witnessed (and whether the witness will need to sign in the presence of the signatory) or authenticated by a notary for use in another jurisdiction and whether the notary will be able to legalise the e-signature. A related consideration is whether the instrument in question will require the “apostille” as this can frequently only be issued in paper format attached to an original hard copy document
- check that the documents to be e-signed will be recognised under any relevant or third-country laws
Registration with a qualified TSP
Once it is clear that e-signing is appropriate, all parties should agree upon and register with a TSP in an appropriate Member State before the completion date and ensure that they have access to the relevant mechanism to create the e-signature.
This could mean, for example, that a signatory might be equipped with a pair of cryptographic keys. One key is kept private in a protected ‘container’ which remains under the sole control of the signatory; the other key is public and can be shared with anyone.
The parties will also need to submit to a virtual (or in-person) identification process, including verifications of official documents with the chosen qualified TSP. The process will provide certainty as to the signatory’s identity and is one of the main advantages of e-signatures. The registration process will only need to be completed once.
The list of EU list of TSPs can be found here.
Drafting the documents
Legal practitioners then need to carefully consider the standard or “boilerplate” clauses in the agreements to ensure that they are fit for purpose and allow e-signature. They also need to consider whether any assumptions need to be made in any legal opinions to be given to other transaction parties as conditions to the completion of the transaction.
Clearly, the solutions offered by TSPs come at a cost. However, after a proper analysis it might well be concluded that this will be largely offset by the enhanced legal certainty obtained, as well as savings in time and money spent dealing with the execution of documents, which involves not only the cost of coordinating and ensuring the availability of signatories throughout the world, but also printing, collating, scanning and couriering documents. Depending upon the type of transaction (i.e. how many documents are involved), there could be significant cost reduction if e-signatures were used systematically, in addition to the reduced environmental impact of conducting transactions through a “paperless systems”.
Harneys Luxembourg can offer advice on when and how to use e-signatures. Please do not hesitate to contact us for such advice.
 Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC had direct effect in EU Member States since 1 July 2016.
 Article 1322-1 of the Luxembourg Civil Code.
 Article 1322-2 of the Luxembourg Civil Code.
 Software or hardware designed to generate advanced e-signatures within the meaning of the eIDAS Regulation.
 Published on an EU trusted list and subject to supervision by the designated Members States’ authority.