Are e-signatures legal, admissible, and enforceable in Germany?
- Regulation (EU) No 910/2014 'on electronic identification and trust services for electronic transactions in the internal market' (eIDAS).
Types of electronic signatures:
The eIDAS recognizes three types of electronic signature: (i) simple e-signature (SES), (ii) advanced e-signature (AES), and (iii) qualified e-signature (QES). SES can be any form of electronic message associated with a natural person (this can include typed signatures, e-mail blocks, etc.) AES is an electronic signature uniquely associated with an individual and linked to data, so that any subsequent change in the data is readily identifiable. QES is generated by a qualified electronic signature creation device (backed by a certificate issued by a qualified trust service provider) and has the same validity as a handwritten signature.
German statutory law provides that a written form requirement established by statutory law can be replaced by the "electronic form", unless stated otherwise (Sec. 126 para. 3 German Civil Code (BGB), see question 2 below for those instruments that cannot replace the written form of signatures with the electronic form).
Where the electronic form of signature is to replace a written form that is required by statutory law, the issuer of the declaration must add his/her name to it and provide the electronic document with a qualified electronic signature (as defined in Art. 3(12) of the eIDAS Regulation). In the case of a contract, each of the parties must electronically sign, using a qualified electronic signature.
- According to Sec. 127 para. 1 BGB, a written form requirement agreed upon by parties to a legal transaction may be replaced by the electronic form.
In the above case, and where an electronic form requirement has been agreed upon by parties to a legal transaction, an electronic signature other than a qualified electronic signature (such as SES or AES) also suffices, unless a different intention of the parties is demonstrated.
In the case of a contract, it is validly formed where there is an exchange of offer and acceptance that are each electronically signed. In this case, each party has the right to subsequently request qualified electronic signatures, or, where this is not possible for one of the parties, handwritten signatures.
- Preparatory pleadings, written submissions, and further documents can, in general, be submitted to the courts as electronic documents. In this case, the document must be electronically signed using a qualified electronic signature of the responsible person (see Sec. 130a Civil Procedure Code, Zivilprozessordnung, ZPO)
Are there certain documents that cannot be e-signed in Germany?
1. Declarations and contracts that require notarization cannot be e-signed. A notarization is required in, among others, the following cases:
- Contracts by which one party agrees to transfer or acquire ownership of a plot of land;
- Transfer of the ownership of a plot of land, the encumbrance of a plot of land with a right and the transfer or encumbrance of such a right; and
- Certain declarations and contracts under family law and under law of succession.
2. Declarations and contracts cannot be e-signed where this is expressly excluded by statutory law. This applies to the following cases:
- Termination of employment by notice of termination or separation agreement;
- Written reference letter upon the termination of a permanent service relationship;
- Declaration of suretyship;
- Promise to fulfil an obligation where the mere promise is intended to independently establish the obligation (Schuldversprechen); and
- Acknowledgement of a debt (Schuldanerkenntnis).
Does local regulation govern the use of digital IDs and/or certificates for e-signatures in Germany?
Yes, there are provisions in German national law related to digital IDs:
Every person 16 years and older may use his/her (electronic) German national ID (Personalausweis) to electronically prove his/her identity vis-à-vis public and non-public entities (Sec. 18 para. 1 Act on National ID (Personalausweisgesetz, PAuswG). Such electronic proof of identity is conducted through transmission of data from the electronic storage and processing medium of the national ID.
Data stored on the ID will only be transmitted if the service provider (i.e., the requesting party) transmits a valid authorization certificate to the holder of the ID and if he/she subsequently enters his/her PIN (Sec. 18 para. 4 PAuswG).
Also, electronic residence permits (Elektronischer Aufenthaltstitel) can similarly be used to electronically prove one's identity (Sec. 78 para. 5 Residence Act, Aufenthaltsgesetz).
Based on local counsel's experience, neither national IDs nor electronic residence permits can be used to create qualified electronic signatures. Even though these identification documents are technically prepared for this functionality, there is currently no provider offering signature certificates that could be used in conjunction with national IDs/electronic residence permits to create qualified electronic signatures.
Certificates for e-signatures
There are provisions in German national law related to certificates for e-signatures.
The eIDAS Regulation, which is directly applicable in Germany, provides for the general legal framework for qualified trust services. Among other things, the eIDAS Regulation governs the application procedure for trust service providers to obtain the status of a qualified trust service provider (Art. 22) and the requirements applicable to the same (Art. 24).
According to the eIDAS Regulation, qualified electronic signatures can only be created using “qualified certificates for electronic signatures” which again can only be issued by qualified trust service providers (Sec. 3 No. 12, 15, 17 eIDAS Regulation).
On the German national level, the Trust Services Act (Vertrauensdienstegesetz, VDG) governs responsibilities (see below at question 4) and details related to the implementation of the eIDAS.
Does local law provide certification bodies / trust services that users of e-signatures should be aware of in Germany?
According to Sec. 1 para. 1 No. 1 VDG, the Federal Network Agency (Bundesnetzagentur, BNetzA) is the designated supervisory body as required by Art. 17 eIDAS Regulation (except for matters related to website authentication and specified security breach reporting obligations).
In this capacity, BNetzA is responsible for, among other things, the supervision of qualified trust service providers, including the maintenance of "trusted lists" of qualified trust service providers (see Art. 22 eIDAS Regulation) and handling notification of the intention to obtain the status as a qualified trust service provider.
Further information can be found on BNetzA's website (in German).
*DISCLAIMER: The information contained in this guide is for information purposes only, provided as is as of the date of publication and should not be relied upon as legal advice or to determine how the law applies to your business or organization. It is recommended that you seek guidance from your legal counsel with regard to law applying specifically to your business or organization and how to ensure compliance. OneSpan does not accept liability for the contents of these materials or for third parties materials.
Last updated: November 2020