30/2021
Issue
In light of this context, the article examines in which cases the e-seal of a legal entity could be equal in legal meaning to a hand-written signature or an e-signature of a natural person. Thus, the article addresses challenges visible in Estonian and EU-level legal acts that have left the legal meaning of the e-seal unclear. As some EU member states have declared a legal meaning for e-seals divergences among the regulatory approaches examined lead to issues that erode interoperability and the mutual recognition of e-seals in cross-border transactions, both of which would be expected from a genuine digital single market. From the examples of other Member States, a recommendation that the Estonian legislator amend the private-law acts is offered, with recommended wording that should eliminate the gaps in law.
In private-law transactions, non-compliance with the form requirements provided by law or agreed upon between the parties generally results in the nullity of the transaction. According to the law currently in force, failure to comply with a requirement for a hand written signature (written form) or with equivalent requirements connected with electronic form as provided for by law constitutes non-compliance with a formal requirement. Should the Estonian legislation be changed in accordance with the suggestions presented, paying attention to its level when using the e-seal remains crucial. At the same time, it is important to take into account the purpose of the formal requirement, the actual intention of the parties, and the principle of good faith when deciding on the consequences, whether of the current law or of potential changes. When one is using a tool other than the parties' agreement (be it an e-signature or an e-seal), it is important to consider the purpose of the agreement if wishing to determine the parties' actual intention and analyse the legal entity's behaviour and, hence, whether the transaction has been performed.
Keywords:
electronic seal; legal entity; declaration of intent; eIDAS Regulation
1. Introduction
Because the digital environment does not recognise national borders and with transactions increasingly taking place across borders, an electronic environment that affords interoperability is important for the competitiveness of the European Union. Debate about whether the identification of individuals in the digital environment should be a norm and an obligation or, instead, the digital environment should be available as a form of expression of our privacy and anonymity has not waned. Although legal entities act through natural persons, there are solutions available whereby in an electronic environment the e-signature of a natural person may be replaced by an electronic seal (hereinafter ‘e-seal’) of a legal entity.
The e-seal has been known in Estonian law since 12 January 2009 (with a legislative act being specified as valid upon application of a digital seal to it), when the Act Amending the Digital Signature Act and the Administrative Procedure Act *2 entered into force. The purpose of the latter legislation, which was based on a draft prepared already in 2007 *3 , was to amend the Digital Signature Act (hereinafter ‘DAS’) *4 such that companies, institutions, and natural persons all gain the opportunity to use a digital seal. It also laid down the conditions and requirements for the use of a digital seal and those related to the secure-seal-creation device used for affixing that digital seal. The use of such a seal was provided for in Section 4 of the DAS, according to which state and local government agencies, legal persons in public law, and private persons performing public functions are required to keep information available on the possibilities and procedure that exist for using digital signatures and digital seals in public data-communication networks with regard to communicating with individuals. In addition, the above-mentioned amendment to the law supplemented the provisions of the Administrative Procedure Act that pertain to digital signatures by providing for the possibility of adding a digital seal.
Although the general requirements associated with an e-seal were established in Estonian legislation already in 2009 and on EU level via the eIDAS Regulation in 2016, the legal meaning of an e-seal has remained unclear in most EU countries. Notwithstanding the direct applicability of the eIDAS Regulation, it is up to each national legislator to decide which transactions and applications are subject to which formal requirements and to specify the cases in which one may replace the e‑signature with an e-seal and thereby ensure legal certainty. Although e-seals are used for transactions, the formal requirements for this kind of use remain non-regulated and, thus far, no court practice has addressed the right of representation and the formal requirements connected with the transaction in question. The purpose of this article is to consider the cases in which the e-seal could have equivalent legal meaning to a hand-written signature or a corresponding e-signature. The article addresses challenges presented by Estonian and EU-level legal acts that have left the legal meaning of the e-seal unclear. As some of the EU’s member states have declared a legal meaning for e-seals, the discussion here takes these examples as a basis for making suggestions as to how the Estonian legislator may amend the corresponding private-law acts. This includes offering a proposed wording for amendments that eliminates the gaps in law, which is important since the degree of e-seals’ use in Estonia is relatively high.
2. The definition of an e-seal in Estonian and EU legislation
Article 21(1) of the DAS, which was in force until 2016, laid out a legal definition of a digital seal, according to which a digital seal is a set of data formed by a system of technical and organisational means used by a digital seal certificate’s holder to certify the integrity of a digital document. While Article 3(1) of the DAS provided for the legal meaning of a digital signature (equivalence with a hand-written signature), that legal meaning for a digital seal is limited: a digital seal associates the seal with a document and is a means of certifying the signatory's authority. In 2007, the e-Identity Working Party found that a digital seal neither takes the place of a digital signature nor has the same legal consequences. This is because it is primarily a security tool that ensures the integrity of the document and links the digital document to its issuer; i.e. it enables the recipient to verify that the document originates with the authority that allegedly issued it and that the document was transmitted unaltered. *5 Even the intervening time before the 2016 entry into force of the eIDAS Regulation did not bring legal clarity or understanding of the legal meaning of the digital seal. *6
According to the eIDAS Regulation, an e-seal is proof that the e-document has been issued by a legal entity and should provide certainty as to the origin and integrity of the document. *7 The eIDAS Regulation states that the issuer of the seal is a legal entity and that the e-seal is electronic data attached to or logically linked to other electronic data in such a manner as to guarantee the origin and integrity of the data. *8 Per Article 35 of the eIDAS Regulation, an e-seal has legal effect irrespective of its electronic form or correspondence with the characteristics of a qualified e-seal. This means that the data related to the e-seal must have a legal meaning. In the case of a qualified e-seal, the integrity of the data involved and the accuracy of the origin of that data are presumed (under Article 35, Section 2). Although, according to the eIDAS Regulation, an e-seal is proof that the e-document has been issued by a legal entity and is technically equivalent to an e‑signature, the e-seal does not have the same legal meaning as the latter. Rather, the purpose of its use is to ensure that the document is linked to the legal person and that the document’s content is exactly what the legal person intended to transmit.
Recital 60 of the eIDAS Regulation gives more thorough guidance for trust-service providers, since they should be able to establish the identity of the natural person representing the legal person to whom the qualified certificate for the e-seal is provided, when such identification is necessary at national level in the context of judicial or administrative proceedings. This leads to a traditional understanding of the legal entities who act through natural persons and is analysed further on. When a transaction requires a qualified e-seal from a legal person, a qualified e-signature from the authorised representative of the legal person should be equally acceptable *9 , and this indeed has been the direction taken by most EU countries where the transactions of legal entities in practice are conducted with an e-signature instead of an e-seal. In addition, it could be argued that the credibility of a legal person arises from other characteristics too (previous contact with the company, its reputation, etc.). *10 In addition to authenticating the document issued by the legal person, e-seals can be used to authenticate any digital asset of the legal person, such as software code or servers *11 ; this seems to be the most typical way of using e-seals in Estonia.
In conclusion, the usage and legal meaning of an e-seal specified in the eIDAS Regulation could be taken as guidance, but it does not bring any clarification to national law or make it binding for the national legislator to regulate the use and legal meaning of an e-seal. In the Estonian case, an explanation and meaning of the e-seal of the same kind is already covered. Therefore, the article compares other legislative frameworks across the EU to answer the question of whether there need to be amendments in Estonian legislation so as to establish a legally binding meaning for the e-seal.
3. Levels of e-seals used in the European Union and Estonia
3.1. Levels of e-seals to prove the intent of a legal person in the European Union
Compared to e-signatures, which already were defined in the e-Signatures Directive *12 , which entered into force in 1999, e‑seals are a new concept at the level of European Union law, for the e-Signatures Directive defined neither the e-seal nor the digital seal. The eIDAS Regulation establishes several levels of e-seal. Differentiation of levels for e-seals is a new concept, and the question arises of whether this affects also the legal consequences. If we start to differentiate among levels, will there be a linkage to a specific statement of intent affecting the legal consequence? If there is no question of validity, should we ask about the credibility of a statement or a transaction when it is handled with a lower level of e-seal than expected? What is more, there is a set of actions, documents, announcements, and statements that separately might not bring legal consequences but together constitute sufficient evidence of the intent behind the given transaction. Therefore, the application of e-seals and of different levels might be sufficient for a certain part of the transaction but, according to legislation, may not be sufficient for stating that the transaction is complete and meets the formal requirements.
As stated above, ‘e-seal’ is a general term that covers the various levels of e-seal set forth in the eIDAS Regulation. For choosing the most legally appropriate e-seal form, it is necessary to assess, analogously with an e-signature, whether the restrictions on use differ between levels. According to the eIDAS Regulation, the levels of e-seals are:
– a qualified e-seal *13 ;
– an advanced e-seal issued with a qualified certificate *14 ;
– an advanced e-seal *15 ; and
– any other e-seal, one that does not comply with the requirements of the eIDAS Regulation. *16
The term 'qualified e-seal' as used in the eIDAS Regulation has the same legal meaning as the Estonian legislation’s 'digital seal'. Consequently, the term ‘digital seal’ is applicable only for an e-seal that meets the requirements set for a qualified e-seal under the eIDAS Regulation.It is up to the Member State to decide what the formal requirement is for an electronic transaction or for application in a given situation. This means, for example, that if in one Member State an application can be filed with an advanced e-seal, in another Member State this may not be possible for a similar application if the legislation there requires the use of a qualified e-seal for such a filing. Also, there may be variations within a nation. Hence, while the eIDAS Regulation is directly applicable, it is up to each national legislator to decide which transactions and applications are subject to which formal requirements and specify the cases in which an e-signature may be replaced with an e-seal and which level is sufficient to ensure legal certainty. As a rule, the answers depend on the procedural requirements of the legislator for a particular transaction or application.
3.2. Levels of e-seals to prove the intent of a legal entity in Estonia
Prior to the entry into force of the eIDAS Regulation, e-seals were not differentiated by level in Estonian law, and the legislation predominantly used the term ‘digital seal’, for a concept corresponding to the qualified e-seal. The term 'qualified e-seal' itself, adopted in the eIDAS Regulation, had not been used before, so the legislator had to choose whether to change the term ‘digital stamp’, which had become established in Estonia, to ‘qualified e-stamp’ or, alternatively, create a link between the eIDAS Regulation’s definitions and the DAS definitions. Given that the concept is rooted in both legislation and ordinary operations of society, the Estonian legislator found it reasonable to continue the existing practice. To that end, the terms in paragraph 24 (2) of the Electronic Identification and Trust Services for Electronic Transactions Act (also known as EITSETA) *17 are given links in such a way that the term ‘qualified e-stamp’ used in the eIDAS Regulation is afforded the same meaning as ‘digital stamp’. In consequence, even where the term ‘digital stamp’ may be used in the legislation, it is not necessary to change the language used there, because Estonian legislation has linked the concepts expressed in the eIDAS Regulation and in the Estonian legal order. However, it should be borne in mind that when ‘e-stamp’ is used in a legal act, the term is a general one from the time when the eIDAS Regulation entered into force and, hence, covers all levels of e-stamp and may not be in line with the legislator’s true intention.
In that distinguishing among levels has not been commonplace at the level of legislation in the case of a e-signatures, even in the years since the eIDAS Regulation entered into force (because only a qualified e-signature has a legal meaning whereby it is equivalent to a hand-written signature), Estonian legislation addressing the case of an e-seal refers to both a qualified e-seal and a digital seal, while also making references to the general concept of e-seals, leaving it up to the user to choose the level. In the discussion that follows, the levels and content of the e-seals addressed in particular legal acts are analysed in pursuit of an answer to the question of whether e-seals of different levels could differ in their legal consequences in Estonian law.
Pursuant to Section 9 of the Government of the Republic regulation titled in English ‘Information System Data Exchange Layer’ *18 (hereinafter ‘the X-Road Regulation’), which entered into force on 30 September 2016, an obligation is imposed of using an e-seal to identify the connection between the messages exchanged and X-Road members *19 (public- and private‑sector entities). Under clause 2(15) of the X-Road Regulation, an e-seal within the meaning of the eIDAS Regulation consists of a qualified e-seal or an advanced e-seal with a qualified certificate. Accordingly, it is possible to use e-seals with different levels, although differentiating between levels does not lead to different legal consequences at least with regard to the X-Road Regulation. However, Section 9 of that regulation (in Subsection 2) does state a definition of validity for an e-seal formed by X-Road, according to which the e-seal formed by X-Road is valid if the time between the validity confirmation for the certificate employed and the timestamp is not more than eight hours. I conclude that, although such a restriction is technically justified, it is not legally possible to differentiate between e-seals offered by different service providers on the basis of the period of validity and the time seal, while one may do so by considering the levels specified for e-seals under the eIDAS Regulation and its implementing acts. This means that where service providers and their services meet the requirements of the eIDAS Regulation and are on the list of trustedentities *20 , the services provided by these service providers will be available both domestically and for cross-border utilisation, and the imposition of specific national requirements is not in line with the purpose of the eIDAS Regulation.
Other legislative acts tend to use the term ‘digital seal’; i.e. they specify that a qualified e-seal must be used. For example, Subsection 361 (11) of the Non-profit Associations Act *21 and Subsection 60 (11) of the Commercial Code *22 stipulate that a warning that the company has not submitted its annual report shall not be digitally signed by the registrar but digitally sealed by the Tartu County Court Registry. The Foundations Act *23 contains a similar provision. The functionality of the e‑seal allows documents to be sealed en masse, which is why the use of this mechanism is justified in cases wherein, while the document does not require an e-signature, it is still important to ensure the integrity of the document or information. Most of these cases involve e-seals of register extracts, certificates, academic transcripts *24 , or bank statements. *25 The possibility of using a digital seal is provided for also by the registry departments of courts. *26 In addition, the digital seal may be used for the electronic submission of documents to the registrar, where the requirement of a physical seal is replaced by one for the digital seal of the institution. *27
In the case of e-seals, it is important to specify in addition that the functionality of the e-seal also enables so-called mass sealing. That is, the user does not need to enter the PIN code *28 associated with the cryptographic token when signing each individual document; the machine does this on behalf of the user. Allowing the use of such tools raises questions in both private and public relations, which are discussed below. In addition, by proceeding from the principle of free movement of goods and services in the internal market, it is possible in Estonia to use e-seals issued by other service providers too. Legally, the various levels of e-seals seem not to differ in their consequences, but if the legislation states that a digital seal is to be used, a qualified e-seal must be applied. Also, a digital seal may be used by legal entities where the legislation does not provide guidance as to any certain level but the business processes of the company or institution dictate that it is expedient to issue documents that are sealed.
As of 24 September 2013, a digital seal has been added to legislation published in Riigi Teataja (the State Gazette). The introduction of this digital seal ensures even greater certainty as to the accuracy of the data, as the user of Riigi Teataja can check the correctness of a legal act against the legal act visible on the Web site where the digital seal is affixed, download it, and transmit it. *29 At the same time, the Riigi Teataja Act *30 does not provide for any obligation to digitally seal acts when publishing them, so this is to be regarded as a technological solution used to ensure integrity rather than fulfilment of a legal obligation to seal acts digitally.
In conclusion, multiple levels of e-seals are used in Estonia. At national level, when it is stipulated that only a qualified e‑seal is to be accepted, the main challenge for the parties is that of knowing whether the tool they are using is appropriate, in accordance with a legal obligation or merely a matter of agreement between the parties. It is important to raise awareness and clarify the differences among the various levels, which is why it is certainly important that service providers comply with the obligation to provide information on the content of the service involved. This allows a more informed decision on the use of a certain level of e-seal, in accordance with the relevant formal requirements where the level for the e-seal is dictated. With the next section, I analyse the legal meaning of the e-seal and the legal consequences of using particular types of e-seals in a transaction.
4. Legal consequences of e-seals’ use in transactions by legal entities
The main question considered in this section is whether e-seals could be of the same function as e-signatures and replace them in transactions by legal entities. Recital 58 of the eIDAS Regulation refers to some connection but renders the two equal in the opposite manner, meaning that the e-stamp could be replaced with an e-signature. If service providers act in accordance with Recital 60 of the eIDAS Regulation and implement the measures necessary for an ability to establish the identity of the natural person representing the legal person to whom the qualified certificate for the electronic seal is provided, the use of an e-seal when such identification is necessary at national level in the context of judicial or administrative proceedings could be justified and applicable in a broader sense. Nevertheless, it can be concluded that the eIDAS Regulation does not resolve the issue. Hence, since the framework around transactions is not harmonised at European Union level, this section examines what could be allowed in a legal framework if one is to participate in transactions as a legal entity by using an e-seal and how the Estonian legislative framework currently covers this area, alongside what analogues may be found in the legislative framework for e-signatures. I am of the opinion that rendering an e-seal equal to an e-signature does not guarantee that either the other party to the transaction or a third party understands who is behind the device; however, said party has an opportunity to find this out. In the event of a dispute, the requirement of identifying the certificate-owners involved would aid in resolving the case, and in most cases there is no need to understand who acted as the representative, since it is the legal entity that is the party.
According to the General Part of the Civil Code Act, a legal person is a private legal entity established on the basis of law, which entity enters into transactions pursuant to the law itself or by power of attorney granted to a natural person by authorisation. *31 A legal entity may be either private or public. Every legal person has legal personality, and the purpose for recognising certain persons or groups of assets as legal persons is to enable them to take part in civil proceedings independently in their own name. *32 Estonian private law does not recognise expression of the intention of a legal person as an institution in itself, so transactions are concluded through natural persons, by either analogue or digital means. It is important to note at the same time that the legal personality of a legal person must be distinguished from the legal personality of natural or other legal persons ‘behind’ it. *33 Pursuant to Section 24 of the GPCCA *34 , a legal person is a legal entity in private or public law established on the basis of law. If we regard ‘person’ to refer to a natural person, in the case of a legal person that natural person is replaced by a combination of other persons and/or assets. For identifying a natural person in transactions, various methods are used, in physical and electronic communication, to make sure of the party to a transaction. The same applies to transactions between or with legal persons, for purposes of identifying who they are and whether the purported legal entity exists. Although legal persons enter into transactions by virtue of the law or by exercising the right of representation granted to a natural person, there are characteristics unique to a legal person (as opposed to natural ones) taking part in a transaction. The e-seal is proof that the e-document in question has been issued by a legal entity and should provide certainty as to the origin and integrity of the document. *35 Technically, the e-signature of a natural person and the e-seal of a legal person are similar. *36 In practice, problems might arise with using an e-seal in a transaction in that the identification of a legal person might not be sufficient for declaring intent and concluding a contract, because the natural person ‘behind’ the legal one forms the most integral part of the contract.
In the interests of legal clarity and rationality, the legislator has accorded the legal status of legal representative of a given legal person to the management body of that legal person. If the management board is a collective body in the internal relations of the legal person (especially as a shaper of intention), every member of the management board has a right to represent the legal person. *37 Article 14 (d) of Directive (EU) 2017/1132 of the European Parliament and of the Council on certain aspects of company law *38 requires the member states to ensure that, for each company, the persons entitled to manage and represent it are disclosed in the commercial register, with indication of whether those persons have the right to represent the company on their own or instead may do so only jointly. The Supreme Court of Estonia stated in its relevant judgement of 18 December 2015 that the purpose of Section 34 of the GPCCA and Subsection 181(1) of the Commercial Code is to ensure that transactions entered into by persons entitled to represent a company remain valid with respect to third parties notwithstanding the restrictions to the company's internal relations and arrangements. *39 Restrictions arising from an internal relationship are divided into those for which an entry can versus cannot be made in the commercial register. It is legally questionable whether restrictions to the right of representation that cannot be entered in the commercial register may have an effect on the validity of a transaction entered into by a legal representative. Directive 2009/101/EC of the European Parliament and of the Council of 16 September 2009 *40 requires the member states to ensure that all transactions performed by the board member are valid. *41 Representation presupposes a declaration of intent, entry into them on behalf of a legal person, and action within the limits of the right of representation. *42 A distinction is made here between a legal representative of a legal person and a commercial representative (i.e. the authorised representative). The right of a legal representative of a legal person to transfer rights to a third party for the conclusion of a specific transaction or certain types of transactions arises from Subsection 119(2) of the GPCCA. *43 As the information about, in contrast, the authorised representative (proceeding from power of attorney) is not available in the Business Register, I am of the opinion that it should not be in cases of an e-seal either and that, rather, there should be a solution for checking the Business Registry to ascertain whether the company has an e-seal, to enable safe reliance on this. The actual natural persons using the seal (or even machines, in cases of ‘mass e-sealing’) is not important for the third party.
The purpose of a qualified e-seal or digital seal is to confirm the connection of the certificate-holder (legal entity) with the document. Although it is technically in use in Estonia (e.g. in the banking sector, as described above), the provisions for representation set out in the GPCCA still seem to allow only natural persons to express declarations of intent. In other words, a declaration of intent is associated with a natural person who exercises his or her right of representation. The use of the e-seal at European Union level, however, is largely dependent on the concept of the legal person applied, which is not harmonised. Recital 68 of the eIDAS Regulation states that the concept of the legal person under the provisions of the Treaty on the Functioning of the European Union (TFEU) for freedom of establishment leaves undertakings to decide in on the legal form they deem appropriate for carrying on their activities and therefore on what constitutes legal persons within the meaning of the TFEU, under the law of a Member State or governed by the law of a Member State, whatever their legal form. Therefore, it is up to the member states to define the legal entities and the roles they take when acting in a business environment and declaring intent.
Whereas one can conclude that the participation of a legal person in a transaction in Estonia is limited by a declaration of intent made by a natural person on the basis of applicable law, there are countries where the particular natural person through whom the transaction is conducted does not matter and the legal person's electronic means of concluding a transaction is an e-seal. The following discussion examines in which countries this obtains, how these norms have developed, and how a similar approach could be applied in Estonian law.
While there are some countries in the European Union where e-sealing and its use are rather novel (Italy, France, and Germany), in others – Belgium and Spain, for example – there are sector-specific rules for the use of e-seals or legal entities have the option of using e-seals in circulation. *44 The eIDAS Regulation explicitly permits an approach in which the member states maintain or introduce national rules on trust services in conformity with Union law, provided that the services in question are not fully harmonised by said regulation. *45 Hence, the member states have the right to add legal meaning to an e-seal, such as treating the e-seal as a signature of a legal entity (i.e. as a mean of ensuring the authenticity and integrity of the document), as a declaration of intent, or as a transaction. *46
Because Estonia, Latvia, and Lithuania share the same general principles of electronic identity and e-signature, *47 I have also analysed the status of an e-seal across the Baltic States. It is worth pointing out that Chapter III of the Law of the Republic of Lithuania on Electronic Identification and Trust Services for Electronic Transactions *48 defines the legal effect of the e-signature, electronic seal, and timestamp. Its Article 5(1) stipulates that an e-signature that does not meet the requirements for a qualified e-signature provided for by the eIDAS Regulation shall have a legal effect equivalent to that of a hand-written signature, where the users of that e-signature agree, in writing, in advance and where it is possible to store that agreement on a durable medium, and the same applies for electronic seals. In consequence, mostly qualified services are used and parties should agree separately if other levels of services are being used. A qualified e-signature of a representative of a legal person shall have a legal effect equivalent to that of a qualified e-seal of a legal person. It is important to note that the requirement to conclude a transaction by using an e-seal should be established either in a special law or during the establishment of the legal entity *49 (e.g. in the articles of association).
There are countries where the regulation of legal-entity representation has remained unchanged since the entry into force of the eIDAS Regulation. For example, while Italy has not changed its provisions for representation, it has given the e-signature a broader meaning; i.e. Italy does not necessarily link it only to a natural person. *50 Belgium, in contrast, enacted an amendment in 2001 whereby it stated that a qualified certificate is based on advanced means of e-signature or handled via an e-seal, which is created by a secure means regarded as equivalent to a hand-written signature, whether the procedure is carried out by a natural person or a legal person (a personne morale). *51 We can see, therefore, that it made no difference whether the document is signed by a natural person or, instead, by a natural person representing a legal person (the latter not being visible to third parties, though). However, when the eIDAS Regulation entered into force, the principle was changed: a personne morale is to use only an e-seal, which, when certain requirements are met, is equivalent to the hand-written signature of a legal person's representative and is binding on third parties. The rule applies only to transactions carried out by legal persons in Belgium or by persons established in Belgium. It is important to note that this does not mean that the provisions for representation change. *52 Thus it becomes clear that there are countries in the European Union with a cultural and legal background wherein the involvement of a particular natural person in a legal person’s transaction is not relevant and whose systems hence may, inter alia, infringe on the privacy of individuals. The use of the e-seal makes it possible to issue a declaration of intent on behalf of a legal entity with that declaration being binding on third parties.
Although some European legal literature expresses views that the national use of the e-seal is not possible without changes to the provisions for representation *53 , I would argue that the substantive law on representation of a legal person that is valid in Estonia does not need to be changed with regard to a situation wherein an e-seal is issued to a legal person, although I do assert that some legal amendments should be made, which are described in the next session. For useful understanding of who has been behind the device involved in electronic transactions of a legal person using an e‑seal, however, reference should be made here to Recital 60 of the eIDAS Regulation, according to which trust-service providers issuing e-seals with qualified certificates should take the necessary measures to identify the natural person representing the legal entity to whom the certificate is issued, if such identification is necessary in national law. Therefore, I hold the opinion that qualified e-seals should be used in Estonia; i.e. the choice should be to employ digital seals, which in the event of a dispute would enable identifying the person to whom the e-seal was issued. The right of representation or the absence thereof is a matter of the internal relationships of the relevant legal person, and third parties must retain the possibility of relying on a document or register extract certified by an e-seal.
5. Recommendations for amendments to Estonian legislation
At the same time, the question arises as to whether the Estonian legal space today allows a legal person in private-law transactions to use the e-seal when expressing the declaration of intent for the transaction, and whether the existing substantive law would need to be amended. In Estonian private law, the general principle of freedom of format for transactions is set forth in the GPCCA (§ 77) with the right to determine the mandatory form by law or via an agreement between the parties. *54 Although the law does not define the form, the form is in all cases the external manifestation of the transaction – i.e. the external manifestation aimed at achieving a legal effect. *55 The main purpose of any transaction’s form is to express the content of the transaction in such a way that the parties to the transaction and third parties can perceive the exchange of statements of intent. *56 Pursuant to the Law of Obligations Act (LOA *57 )’s Section 11, Subsection 1, a contract may be entered into orally, in writing, or in any other form if no required format is specified for the contract by law. Consequently, in private-law relations, it is possible to use the e-seal and its various levels in exchanging declarations of intent.
Pursuant to Subsection 67(2) of the GPCCA, a transaction may be unilateral or multilateral. A unilateral transaction is a transaction for which a declaration of intent by one person is required. In the case of unilateral transactions by a legal entity, the use of e-seals should be encouraged, as it also speeds up processes for the legal entity. A distinction must be drawn here between a declaration of intent and an act, which might not have a legal effect. Nonetheless, acts may have consequences for the assessment of the body of facts as a whole and are certainly digital evidence in court proceedings. The most commonly cited example of acts that generally have no legal effect is digitally sealed bank statements, but also invoices, payment orders, confirmations, certificates, and statements may be e-sealed. In the case of an e-seal, the link between the content to be sealed and the sealer might be not through a natural person but through a machine, since it is a security tool that ensures the integrity of the document and links the digital document to its issuer; i.e. it enables the recipient to verify its alleged issuance and that the document was transmitted unchanged. In the case of digital sealing, the so-called mass sealing mentioned above – i.e. sealing of multiple documents or information entities that is performed by means of a machine – can be tolerated, as its main function is to ensure integrity, a purpose for which an automated process is allowed.
Although the law does not regulate the use of the e-seal as a formal requirement for private transactions of a legal person, the transaction may, by agreement of the parties to it, be entered into in any form; if interpreted broadly, this would allow legal persons to use the e-seal. The choice of level for the e-seal should depend on the level of certainty the parties to the transaction want, with particular regard to the functions of the distinct levels of seal and the strength of the probative value. Since, in accordance with Article 35 of the eIDAS Regulation (per Section 2), a qualified e-seal presupposes the integrity of the data involved and accuracy as to the origin of said data, it is appropriate to use a qualified e-seal or digital seal for transactions requiring higher reliability.
However, with use of an e-seal, a question arises as to fulfilling the requirement of written form or an equivalent electronic‑form requirement. In its Section 78, the GPCCA states that, to comply with the requirement for written form, a document must contain the hand-written signatures of the parties, and Subsection 80(1) specifies that written form is considered equivalent to electronic form, with the next subsection requiring the transaction to be carried out in a manner that enables permanent reproduction, to consist of the names of the individuals performing the transaction, and to be electronically signed against by the persons involved. In the case of an e-seal, the first condition is certainly met; i.e. the procedure is performed in a way that allows permanent reproduction. The second condition too is met in the case of an e‑seal issued by a legal entity, as the requirements for the e-seal specify inclusion of the identification of the issuer of the seal (the name and registry code of the legal entity could be in the metadata of the e-seal). According to Article 36 of the eIDAS Regulation, an enhanced e-seal must meet the requirements that:
– it be related only to the issuer of the seal;
– it make it possible to identify the issuer of the seal;
– it be provided by means of the data necessary for the creation of the e-seal, which can be used by the issuer of the seal to create the e-seal at a high security level; and
– it be related to the data pertaining to it in such a way that any subsequent changes to the data can be identified.
Consequently, amendment would be needed to the GPCCA’s Section 80, specifically Subsection 2, point 3, according to which the document must be electronically signed by the persons carrying out the transaction. As the eIDAS Regulation distinguishes the e-signature of a natural person from the e-seal of a legal person, the GPCCA’s point 3 here should be aligned with the eIDAS Regulation and provide thus: ‘3) be electronically signed or sealed electronically by the persons entering into the transaction.’ This would render it possible also to equate a legal entity’s e-sealed document with electronic form. Today, this solution is used in practice, but legally it is not a process equivalent to electronic form.
In my opinion, amendment of Subsection 80(3) of the GPCCA should be considered also, in such a way that the e‑seal too would be covered, as this subsection supplements the provisions of subsection 2 of the same section of law. Therefore, I propose amending the wording to read as follows: ‘(3) An electronic signature or electronic seal must be provided in a manner that allows the signature or seal to be linked to the content of the transaction, the person who entered into the transaction, and the time of the transaction. The procedure for assigning an electronic signature or electronic seal to a person and issuing the signature or seal shall be provided by law. (4) An electronic signature is also a digital signature. An electronic seal is also a digital seal.’
However, even in this case a certain contradiction remains between the GPCCA’s sections 78 and 80. Since it is seemingly possible to use lower-level e-signatures in the case of electronic form, the document need only be signed by hand in order to fulfil the written-form requirement. However, a qualified e-seal of a legal person cannot be considered equivalent to a hand-written signature. By analogy, one could reason that in the case of a lower-level e-seal, the requirement of a form that can be reproduced in writing is met, in which case, according to the GPCCA’s Section 79, a transaction must be conducted in a manner that allows written reproduction and include the names of the persons conducting the transaction, but it need not be signed by hand. However, the last part does not convey any additional information and could be left open for the use of the e-seal. Although the interpretation may be left to case law, I would suggest that, for legal clarity, Section 79 of the GPCCA could be amended and thereby phrased as follows: ‘If the law provides for a form that allows written reproduction of a transaction, the transaction must be entered into in a permanent written manner and include the names of the persons entering into the transaction.’ In such a case, the use of an e-seal of any level would ensure that a suitable means of complying with the formal requirements for written reproduction has been employed. However, in light of the revision to the legal system, there needs to be assessment of whether, in addition to lower-level e-signatures, also a lower-level e-stamp fulfils the requirements for electronic form – on the basis of the eIDAS Regulation and the GPCCA commentary, the answer should be ‘yes’, but a grammatical interpretation of the GPCCA’s sections 78 and 80 as they exist today would yield the answer ‘no’.
If one wishes to analyse the legal consequences of the use of e-seals in private transactions, it is necessary to look at the consequences of the current law connected with the use of an e-seal and compare them with what would follow in a scenario wherein the use of e-seals is regulated in light of the suggestions made above. In private transactions, the legal consequence of non-compliance with the formal requirements for the transaction is nullity of the transaction. According to the GPCCA (Section 83, Subsection 1), a transaction is void upon failure to comply with the form specified for a transaction by law. Likewise, a transaction is void if the form agreed upon between the parties is not followed. According to the GPCCA’s Section 84, Subsection 1, such a transaction shall have no legal consequences from the beginning, and, since this is an imperative provision, it does not allow for arrangements between the parties whereby they choose not to follow the form arising from the law. In addition, the provisions made by the LOA (Section 11, Subsection 2) must be taken into account here; according to these, if, pursuant to law or an agreement, contracts must be entered into in a certain form, a contract shall not be deemed concluded until it has been given the prescribed form.
According to the case law of the Supreme Court, the formal requirement is of primarily probative function, but the purpose encompasses also a warning function, an advisory function or a wish to protect the person performing the transaction from ill-considered activities. *58 There is no case law in Estonia to inform analysis of whether the use of a tool other than that provided by law – i.e. an e-seal – realises the purpose of the formal requirement and speaks to the circumstances of the transaction. Since there are very few private transactions that have a mandatory form (in accordance with the principle of freedom of form), whether non-compliance with the rigours of contractual formality may lead to nullity is important. In the case of an e-seal, the opinion of the authors of the GPCCA commentary could be relied on by analogy. Namely, their comments on the GPCCA clarify that the purpose of the agreed form should be taken into account in deciding on the consequences of a breach of formality, and in cases wherein it serves only a probative function, non‑compliance with the formality does not always lead to nullity of the transaction. *59 If, however, the purpose for the formal requirement is to ascertain and confirm the true intention of the persons, the lower-level e-seal may not be a form of e-seal that expresses it; neither can it be expressed through automatic sealing. Because a legal entity expresses its intention through its representatives, a qualified e-seal should be used in this case; that is, the suitable choice is a digital seal with the certificate having been issued to a specific natural person. However, the use of an e-seal instead of an e‑signature or the use of a lower-level e-seal in today’s legal space should not lead to nullity of the transaction without there having been an assessment of the circumstances of the transaction as a whole. If the parties do not dispute the fact of concluding a transaction and have already fulfilled their commitments, it is evident that they have expressed their will and the protective purposes of the GPCCA’s Section 83 or behind Subsection 1 of the LOA’s Section 11 have not been contravened. As the document-verification function has been fulfilled in the case of an e-seal, it can be concluded that non-compliance with the formal requirement does not have to lead to nullity in the case of an e-sealed document.
6. Conclusion
Although the general requirements related to e-seals were established in Estonian legislation already in 2009 and on EU level with the eIDAS Regulation in 2016, the legal meaning of an e-seal has remained unclear in most EU countries, even including Estonia, where the uptake of such a solution is widespread. In this context, this article has examined in which cases the e-seal of a legal entity could be equal in legal meaning to a hand-written signature or an e-signature of a natural person. Thus, the article addresses challenges visible in Estonian and EU-level legal acts that have left the legal meaning of the e-seal unclear. As some of the EU’s member states have declared a legal meaning for e-seals (e.g. Belgium, Spain, and Lithuania), the divergences among the regulatory approaches examined lead to issues that erode interoperability and the mutual recognition of e-seals in cross-border transactions, both of which would be expected from a genuine digital single market. Proceeding from the examples of other member states, I have proposed that the Estonian legislator amend the private-law acts and given recommendations for wording that should eliminate the gaps in law.
In private-law transactions, non-compliance with the form requirements provided by law or agreed upon between the parties generally results in the nullity of the transaction. According to the law currently in force, failure to comply with a requirement for a hand‑written signature (written form) or with equivalent requirements connected with electronic form as provided for by law – in this context, the use of an e-seal – constitutes non-compliance with a formal requirement. If the GPCCA is changed in accordance with the suggestions presented here, paying attention to its level when using the e-seal it remains crucial. At the same time, it is important to take into account the purpose of the formal requirement, the actual intention of the parties, and the principle of good faith when deciding on the consequences, whether of the current law or of potential changes. When one is using a tool other than the parties’ agreement (be it an e-signature or an e-seal), it is important to consider the purpose of the agreement if wishing to determine the parties’ actual intention and analyse the legal entity's behaviour and, hence, whether the transaction has been performed.
pp.59-70