Faced with the coronavirus pandemic, companies have found themselves forced to introduce or expand teleworking for most or all of their employees, board members and other executives. As a result, innumerable contracts and other documents have had to be signed without exchanging physical copies with a wet-ink signature, leading to a growing interest in electronic signatures, or e-Signatures.

During these extraordinary times, our specialists have been called upon to help clients understand and implement e-Signature tools.

Legal background

In Luxembourg, the rules on e-Signatures and electronic agreements stem from Regulation (EU) No 910/2014 (the eIDAS Regulation), as well as from the Civil Code and the e-Commerce law of 14 August 2000, as amended.

The Civil Code sets out the general legal requirements for e-Signatures. An e-Signature must (i) allow for the identification of the signatory, (ii) serve as evidence that the signatory agrees to the contents of the document, (iii) take the form of data that are linked to the document and are inseparable from it and (iv) guarantee the document’s integrity.

There are three forms of e-Signature, but they are not all presumed to be equally trustworthy:

• A standard electronic signature (“SES”) is defined as “data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign” (a scan of a handwritten signature, the tick used to accept a website’s terms and conditions when logged in to a user account, etc.).
• An advanced electronic signature (“AES”) is an SES with additional guarantees that ensure it is unique to the signatory, can be used to identify the signatory, and is linked to the data in such a way that any subsequent change of the data can be detected.
• A qualified electronic signature (“QES”) is an AES generated by a QES creation device and based on a qualified certificate for electronic signatures. This certificate is issued by a qualified trust service provider (“QTSP”). It attests to the authenticity of the electronic signature and the identity of the signatory (e.g. a smart card, USB token or mobile app that creates a one-time passcode and meets the requirements listed in Annexes to the eIDAS Regulation).

A QES has the equivalent legal effect to a wet-ink signature and will be recognised as a QES in all EU Member States. The QTSPs accredited in Luxembourg can be found on the website of the Institut Luxembourgeois de la Normalisation, de l'Accréditation, de la Sécurité et qualité des produits et services (ILNAS)1. Luxembourg currently has two QTSPs.

In view of the technical complexity and expense associated with QES, companies often decide to use SES or AES instead. It is important to remember that such signatures do not enjoy the presumption of equivalence given to QES. However, the eIDAS Regulation does provide for a principle of non-discrimination: “an electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic signatures” (Art. 25).

Because a QES is presumed to be valid, in the event of a dispute, the reverse burden of proof principle applies. This means that it will be up to the person who questions the signature’s trustworthiness to prove that it is not valid.

By contrast, when the validity of an SES or AES is challenged, the burden of proof falls to the signatory. Note that among merchants (exclusively in commercial matters where there is no implication of non-merchant parties) any form of evidence may be used (as per Article 109 of the Commercial Code). In any case, SES or AES are only seen as prima facie written proof (commencement de preuve par écrit), meaning they will need to be supplemented by other means of evidence if their validity is challenged.

Practically speaking, the choice of e-Signature should depend on the document type, the importance of the transaction and the degree of trust the company has in its counterparty.

How can we help?

Our role as a law firm is to help companies execute their plans for digital transformation while remaining compliant with the laws and regulations that govern their business.

In response to the growing volume of requests in this area, Arendt Regulatory & Consulting implemented an e-Signature service supported by LuxTrust S.A. (one of the two QTSPs accredited in Luxembourg), giving clients access to an eIDAS-compliant QES platform that is flexible, robust and secure. The QES service can be used for single signing sessions, or within customised signing workflows created for the company.

Through this platform, Arendt Services has also integrated e-Signatures into its suite of Corporate Services. This ensures that client documents (including transactions) can always be signed in a suitable turnaround time. Finally, the Arendt Services team remains available to assist with new client onboarding using e-Signature technology.