On 8th July 2024, Law No. 214/2024 regarding the use of electronic signatures, timestamps, and the provision of trust services based on them (the “New Law”) has been published in the Official Gazette of Romania, Part I, No. 647.
The New Law will enter into force three months after its publication in the Official Gazette of Romania, namely on 8th October 2024. On the same date, the technical and methodological norms for the application of the New Law will be established and elaborated.
With the entry into force of the New Law, Law No. 455/2001 on electronic signatures, republished in the Official Gazette of Romania, Part I, No. 316 of April 30, 2014, along with its subsequent amendments and completions (the “Former Law”), currently in force, will be repealed.
The New Law creates the national legal framework for the direct application of Regulation (EU) No. 910/2014 of the European Parliament and of the Council of July 23, 2014, on electronic identification and trust services for electronic transactions in the internal market (the “Regulation (EU) No. 910/2014”). The necessity of this is evident, especially since the Former Law was enacted before the Regulation (EU) No. 910/2014.
The New Law sets out the conditions for using electronic signatures and the documents to which an electronic signature has been applied, emphasizing the regulation of the general legal framework regarding the legal effects of electronic signatures, as well as provisions concerning trust service providers and the responsibilities of public authorities and institutions in the field.
The most important aspects to mention are:
A. GENERAL LEGAL EFFECTS OF ELECTRONIC SIGNATURES
- Electronic signatures provided for by the New Law and Regulation (EU) No. 910/2014 produce legal effects and can be used as evidence in court.
- Electronic legal deeds, signed with the type of electronic signature provided by the law or with a qualified electronic signature, produce the same legal effects as those same acts signed on paper.
- The expiration of the validity of the certificate used to apply the electronic signature does not lead to the ineffectiveness of the document, provided that at the time of signing the electronic document, it was valid.
B. SPECIAL LEGAL EFFECTS OF DIFFERENT TYPES OF ELECTRONIC SIGNATURES
An electronic document signed with a qualified electronic signature has the same legal effects as a document under private signature. However, if this signature is used by public authorities or institutions, the document has the legal value of an authentic document.
An electronic document signed with an advanced electronic signature has the same legal effects as a handwritten signature if the signature was created with a certificate for an electronic signature issued by a public authority or institution in Romania or by a qualified trust service provider. This is also the case if the document is recognized by the party against whom it is used or if the parties have expressly agreed to this effect in accordance with the law. Additionally, an electronic document signed with an advanced electronic signature by a private legal entity, used within a closed system, has the same effects as a document with a handwritten signature.
An electronic document signed with a simple electronic signature has the same legal effects as a document with a handwritten signature for patrimonial acts that can be evaluated in money with a value of less than half the gross minimum wage at the time of signing. This is valid if the document signed with a simple electronic signature is recognized by the party against whom it is used or if both parties are professionals and have expressly agreed in a document signed by hand or with a qualified electronic signature to confer this effect.
A document signed with a qualified or advanced electronic signature has the value of a document with a handwritten signature, thus meeting the requirement of written form ad validitatem.
A document signed with a qualified, advanced, or even simple electronic signature meets the requirement of written form ad probationem.
C. CONTESTATION OF ELECTRONICAL SIGNED DOCUMENTS
If one party does not recognize or disputes the qualified electronic signature or qualified electronic seal, the verification of its validity is carried out by the court, and the burden of proof falls on the party disputing or not recognizing the signature.
If one party does not recognize or disputes the simple electronic signature or advanced electronic seal, the validity verification is conducted through publicly available validation methods, validated by the Authority for Digitalization of Romania (the “ADR”), which acts as the supervisory and regulatory authority in the field, or by the issuer of the electronic signature, or through a specialized technical expertise, in accordance with the law. In these situations, the burden of proof falls on the person whose signature is disputed.
D. MISCELLANEOUS
D.1. TRUST SERVICE PROVIDERS IN ROMANIA AND FOREIGN TRUST SERVICE PROVIDERS
According to Regulation (EU) No. 910/2014, a “trust service provider” means a natural or legal person who provides one or more trust services either as a qualified or non-qualified trust service provider. A “trust service” means an electronic service normally provided for remuneration, consisting of: creating, verifying, and validating electronic signatures, electronic seals, or electronic time stamps, registered electronic delivery services, and the certificates related to these services; creating, verifying, and validating certificates for website authentication; or preserving electronic signatures, seals, or the certificates related to these services.
Qualified and non-qualified trust service providers can be legal entities that go through the procedure specified by the New Law to obtain their status by registering in the Register of Qualified and Non-Qualified Trust Service Providers, created, maintained, and updated by the ADR. The format of the documentation to be submitted for this purpose, the procedures for controlling and sanctioning trust service providers, the procedure for granting, suspending, and withdrawing the status of qualified trust service provider, as well as the approval norms for validation mechanisms will be approved by an order of the Minister of Research, Innovation, and Digitalization, which will be published in the Official Gazette of Romania, Part I.
Public authorities and institutions that issue digital certificates for creating advanced electronic signatures are required to undergo an audit procedure to verify compliance with all conditions provided by the New Law for issuing electronic signatures, with the audit procedure to be established by an order of the Minister of Research, Innovation, and Digitalization.
Trust service providers established in a Member State of the European Union and listed in at least one national list in accordance with Regulation (EU) No. 910/2014 may provide trust services in Romania without being subject to additional conditions or approval procedures.
D.2. LIABILITY OF TRUST SERVICE PROVIDERS
Trust service providers are liable for damages caused to any natural or legal person due to non-compliance with the provisions of Regulation (EU) No. 910/2014 and the New Law, by third-party identity verifiers who serve them.
Additionally, in cases expressly provided by the New Law, they can be subject to administrative fines ranging from RON 15,000 to RON 100,000, and may also face complementary sanctions such as the suspension of the trust service provider’s activity or the termination of the trust service provider’s activity and removal from the Register of Trust Service Providers.
A trust service provider that issues certificates for qualified electronic signatures or advanced electronic signatures or guarantees such certificates may be held liable for damages to any person who relies on the legal effects of those certificates with regard to:
- the accuracy, at the time of issuance of the certificate, of all the information contained therein;
- ensuring that, at the time of issuance of the certificate, the signatory identified in it held the data for creating the electronic signature corresponding to the data for verifying the electronic signature mentioned in the certificate;
- ensuring that the data for creating the electronic signature corresponds to the data for verifying the electronic signature, if the trust service provider generates both;
- suspension or revocation of the certificate, in the cases and under the conditions provided by Article 17 of the New law;
- fulfillment of the obligations provided in Articles 11 and 12 of the New law, except in cases where the trust service provider demonstrates that, despite exercising due diligence, it could not prevent the damage.