Legality of eSignatures in Cyprus

Background

Electronic signatures have revolutionized document authentication, simplifying signing agreements in Cyprus and beyond. These digital solutions enable quick, eco-friendly document execution, helping to cut down on paper use and expedite business transactions. However, it is crucial to understand the critical considerations when utilizing electronic signatures in Cyprus.

Users should select an electronic signature service that aligns with Cypriot legal framework, specifically adhering to Law No. 55 (1) 2018 and the Electronic Identification and Trust Services Regulation [eIDAS]¹, to guarantee that its legal standing is equivalent to traditional handwritten signatures. Still, it is important to note that specific documents require a physical signature, and legal stipulations differ locally.

The security of electronic signatures is of utmost importance. Choosing a provider with robust security features, such as encryption, user verification, and a comprehensive audit trail, is essential to prevent unauthorized access and maintain document authenticity. BoldSign offers these security features, aiding users in complying with legal and security requirements.

In conclusion, while electronic signatures offer significant benefits and are generally accepted, it is vital to comply with legal norms, prioritize security, and pick a user-friendly service to implement them effectively in Cyprus.

What is an eSignature

Under the regulations governing electronic signatures in Cyprus, an eSignature, defined as a digital signature composed of letters, characters, numbers, or symbols attached to an electronic document, is recognized as legally binding. To validate signatures on most documents, they must be verifiably connected to the signer and protected from tampering or fraud. The signer must also show clear intent to agree to the document’s terms. Meeting these criteria gives electronic signatures the same legal weight as handwritten ones.

Overview of eSignature regulations in Cyprus

Under Cypriot laws, electronic signatures are deemed valid when executing certain documents. Under Article 2 of the Evidence Law (CAP 9), the term “document” has been amended to comprise electronic documents as well as any documents containing electronic signatures, electronic seals, electronic time stamps, and similar electronic elements². Even more promising, the Companies Law (CAP 113), article 37A(1) provides that every document sent or delivered to the Registrar for filing or issued by the Companies’ Registrar can be esigned.

Operations entailing the use of electronic signatures in Cyprus are regulated by the:

Law No. 55 (1) 2018
Legal Framework for Electronic Signatures and Related Matters Law³
Electronic Identification and Trust Services Regulation [eIDAS]⁴

As a rule, the regulation deems electronic signatures legal in the completion of transactions. eSignatures under the regulation are categorized into:

Simple Electronic Signature
Advanced Electronic Signature
Qualified Electronic Signature

A standard electronic signature is an electronic data attached to or logically linked to an electronic document and ensures the authenticity of the electronic document and confirms the identity of the signatory.

An advanced electronic signature is an electronic signature meeting the requirements set out in Article 26⁵ of the eIDAS. It decrees that advanced electronic signatures must be:

Uniquely linked to the signer.
Capable of identifying the signatories.
Developed using means that the signatory can maintain his own control.
Linked to the data it relates to so that any subsequent change is detectable.

Uniquely linked to the signer

A secure electronic signature must be uniquely connected to the person using it. The signature must be uniquely made with methods that only the signer has access to, like a private key and confidential information, to verify their identity.

Use and incorporation remain in the signer's sole control

The person using the secure electronic signature must have sole control over the means of creating the signature. Typically, this requires managing a key pair or two-factor authentication, with the signer exclusively holding the private key to prevent signature forgery.

Identify the signatories

The process used to create the signature must be capable of identifying the person signing. This may include the use of a biometric signature, a Personal Identification Number (PIN), an email address, or even a company registration number.

Track down any alterations made after signing

It is essential to preserve the authenticity of the signed document. Modifications made to the document post-signature should be identifiable. This is commonly accomplished through an audit trail. Audit trails record the signer’s I.P. address, timestamps of key signing events, and location, providing proof of identity, timing, and place of signature.

A qualified electronic signature is an advanced electronic signature developed through a qualified electronic signature creation device with a qualified certificate for electronic signatures. Article 32⁶ sets out a validation criteria to be met by the one for a qualified eSignature. These are: transactions in the internal market and repealing Directive 1999/93/EC

Statutory compliant certificate at the time of signing.
A qualified trust service provider issued valid certificate at the time of signing,
Signature authentication data corresponds to the data provided to the relying party.
The unique data representing the signatory in the certificate was correctly provided to the relying party.
The use of any pseudonym is indicated to the relying signatory if a pseudonym was used at the time of signing.
The electronic signature is of a qualified electronic signature creation device.
The integrity of the signed document has not been compromised.
Meets validity standards of an advanced eSignature.

Summary

Under Law No. 55 (1) 2018 & Electronic Identification and Trust Services Regulation

Types of Signature	Unique features	Legal validity	Unique considerations on use
Simple Electronic Signature	No unique feature other than being data in electronic form.	Validity is dependent on evidentiary weight.	N/A
Advanced Electronic Signature	Uniquely linked to the signer./li> Capable of identifying the signatories. Developed using means that the signatory can maintain his own control. Linked to the data it relates to so that any subsequent change to the data is detectable.	Validity is dependent on evidentiary weight.	N/A
Qualified Electronic Signature	Certificate compliant with laws provided at signing. Trust service provider issued a valid certificate at signing. Signature validation matches the data given to the recipient. Signatory's unique data is accurately given to the recipient. Any pseudonym used is clearly disclosed to the recipient. Signature made with a qualified electronic signature device. Signed data integrity maintained. Meets all features of advanced eSignature.	Deemed valid in jurisdictions across E.U. Deemed valid in all others.	Used to sign proceedings before an administrative body, especially where the use of electronic signature is permissible.

Trust service providers and certification authority

JCC Payment Systems Ltd. serves as the chief provider of trust services in Cyprus⁷, while the Cyprus Stock Exchange functions as the Local Registration Authority responsible for enabling the distribution of qualified certificates for electronic signatures for individuals linked with corporate entities and certificates for digital seals intended for corporate entities⁸.

Stay updated with the list by frequently reviewing the active trust service providers for each country within the European Union (eIDAS Dashboard (europa.eu)).

Scope and limitations of eSignature transactions

The use of electronic signatures for concluding transactions is not uniformly recognized as legally valid. As a result, certain types of transactions and applications are appropriate for electronic signatures, while others are not. An analysis along with a concise table outlining the relevant transactions are presented below.

Documents that can be signed

Electronic signatures can be employed to affix signatures and provide countersignatures on an array of documents, such as:

Human resources
Procurement
Non-disclosure agreements (assuming they are contracts, not formal deeds)
Software license agreements
Public petitions
Insurance industry
Educational field, etc.

Cases where only qualified electronic signatures are necessary

Article 9 of the 2018 Electronic Identification Law (Law No. 55)⁹ and Article 4(1) of the Legal Framework for Electronic Signatures and Related Matters Law [2004]¹⁰ provides that a qualified electronic signature shall be recognized as legally equivalent to a handwritten signature. This was transposed from Article 25 of the eIDAS¹¹ , and as such the following (non-exhaustive list) can only be signed in either wet ink signature or qualified electronic signature:

All proceedings before an administrative body12

Applications for patent¹³
Applications for invalidation of a patent¹⁴
Registration of companies¹⁵
Trademark Registrations¹⁶

Exemptions

Even though the Cyprus legislation lacks an expressed provision on what constitutes the transactions that cannot be completed in electronic signatures, caution is to be taken when dealing with documents whose drawing up is spelled out in a given law, such as

Statutory declarations
Testamentary trust documents – wills, codicils
Nuptials
Notaries public and such documents

Summary scope of limitations

Permissible transactions	Transactions that may be exempted
Human Resources Procurement Non-disclosure agreements (assuming they are contracts, not formal deeds) Software license agreements Public petitions Insurance industry Educational field. etc.	Statutory declarations Testamentary trust documents – wills, codicils Nuptials Notaries public and such documents

To ensure the authenticity of an eSignature, it is advisable to follow these best practices in addition to complying with all applicable regulations:

Confirm the signer’s identity and, in situations involving business dealings, verify that the individual is duly authorized to act on behalf of the company in affixing their signature.
Secure explicit Agreement from the individual signing, which may be incorporated in the contract itself or in a separate accord, to signify their intention to use the specified electronic signature for the document in question.
Safeguard the document to prevent any modifications after the application of the signature.
Keep an exhaustive log of the signing procedure, recording each step the signer performs.

Notable case laws on eSignature validity in Cyprus

In the case, J 0005/23 on 04-09-2023¹⁷, the bench addressed the issue of the validity of electronic signatures in an assignment agreement. The decision indicates that the electronic signatures did not contain a “qualified certificate” as required by Regulation (E.U.) No. 910/2014, [eIDAS Regulation]. This was in line with the Notice from the European Patent Office (EPO) dated 22 October 2021, which would have guided the use of qualified electronic signatures in the context of submissions to the EPO.

By asking the applicant to resubmit the document with either “verifiable electronic signatures” or “handwritten signatures,” the bench emphasized the importance of adhering to the established legal requirements for signatures on official documents. This ensures the integrity and authenticity of such documents, which is crucial in legal and administrative proceedings.

The decision underscores the importance of parties understanding and complying with the specific legal requirements for electronic signatures, especially in cross-border or international contexts where regulations such as eIDAS can come into play. It also highlights the role of the EPO in enforcing these requirements to maintain trust and security in the patent application and assignment process.

How does BoldSign help

The following elements of compliance available within BoldSign can be used to comply with Cyprus eSignature laws:

Secure and unique signing link: A secure and unique link to sign a document is sent directly to the signer’s email address. This ensures that the document is only accessed by the intended signer and cannot be tampered with.
Password protection: Senders can specify a password that needs to be entered before viewing and signing a document. This adds another layer of security to the signing process.
Audit trail: The IP address of the signer and timestamps for all significant events in the signing process are recorded in an audit trail. This provides a record of who signed the document, when, and where.
Digital signature: The final document is digitally signed with an AATL-compliant certificate. This ensures that the document cannot be tampered with without invalidating the signature.
Consent: Signers are asked to confirm their intent to sign electronically and informed that they could opt out. This ensures that the signer is aware of the implications of signing electronically and has consented.
Custom terms: Get your signers to agree to a custom set of terms. This can be useful to ensure additional security or that the signer understands the terms of the document.
QES compliance: BoldSign offers fully compliant qualified electronic signatures (QES) that are simple, secure, and legally binding across the EU. QES guarantees that your essential documents are protected with the highest level of e-signature security, giving you peace of mind in your digital transactions. Using BoldSign, you can confidently manage your important documents while ensuring compliance with EU regulations.

Disclaimer: The information on this page is intended to help businesses understand the legal framework of electronic signatures for this particular country.

However, Syncfusion, its officers, directors, stockholders, affiliates, attorneys, accountants, employees, or agents cannot provide legal advice. You should consult your personal attorney regarding your specific legal questions. Laws and regulations change frequently, and this information may not be current or accurate. To the maximum extent permitted by law, Syncfusion provides this material on an “as-is” basis. Syncfusion disclaims and makes no representation or warranty of any kind with respect to this material, express, implied, or statutory, including representations, guarantees, or warranties of merchantability, fitness for a particular purpose, or accuracy.

Syncfusion makes no warranties of any kind, including but not limited to respect to the information or the product, whether express, implied, statutory, or otherwise. To the maximum extent permitted by law, Syncfusion disclaims all conditions, representations, and warranties, whether express, implied, or statutory, with respect to this information without limitation any implied warranty of merchantability, fitness for a particular purpose, accuracy, or currentness of this information.

Syncfusion nor their officers, directors, stockholders, employees, affiliates, attorneys, accountants, or agents shall be liable for indemnification, nor does this create an express or implied, contractual or statutory, equitable or otherwise, under this Agreement. The officers, directors, stockholders, affiliates, attorneys, accountants, or agents will not have any liability in any form.

¹ Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC [ http://data.europa.eu/eli/reg/2014/910/oj ]
² CyLAW, Evidence Law (CAP.9), Art. 2 ‘Ο περί Αποδείξεως Νόμος (ΚΕΦ.9)’ [ http://www.cylaw.org/nomoi/enop/non-ind/0_9/full.html] accessed 19th April 2024
³ Legal Framework for Electronic Signatures and Related Matters Law [2004][ https://sas-space.sas.ac.uk/5503/1/1756-2377-1-SM.pdf ]
⁴ Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC [ http://data.europa.eu/eli/reg/2014/910/oj ]
⁵Ibid
⁶ Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC
⁷ Republic of Cyprus – Department of Electronic Communications [ https://www.gov.cy/dmrid/en/department-of-electronic-communications-dec/] accessed 19th April 2024.
⁸ Cyprus Stock Exchange, ‘Electronic Signatures’ [http://www.cse.com.cy/en-GB/Electronic-Signatures/ ] accessed 19th April 2024.
⁹ Law No. 55/2018. S. 9 (3) [ Regulation (EU) No. 910/2014, on Electronic Identification and Trust Services for Electronic Transactions in the Internal Market, Law of 2018 – 55(I)/2018 – 9 – Legal effect of electronic signatures (cylaw.org) )]
¹⁰ the Legal Framework for Electronic Signatures and Related Matters Law [2004] Art. 4 (1) [ https://sas-space.sas.ac.uk/5503/1/1756-2377-1-SM.pdf ]
¹¹ Regulation (Eu) No 910/2014 of the European Parliament and of the Council, S. 4, Art. 25 [ https://eur-lex.europa.eu/eli/reg/2014/910/oj ]
¹² Law of 2018 (55(I)/2018) on Electronic Identification and Trust Services for Electronic Transactions in the Internal Market, S. 9 (4) , [Regulation (EU) No. 910/2014, on Electronic Identification and Trust Services for Electronic Transactions in the Internal Market, Law of 2018 – 55(I)/2018 – 9 – Legal effect of electronic signatures (cylaw.org) .]
¹³ The Patents Law Of 1998 S.9, 13 [ https://www.wipo.int/wipolex/en/text/126098 ]
¹⁴ The Patents Law Of 1998 S.58 [ https://www.wipo.int/wipolex/en/text/126098 ]
15 The Companies Law Cap 113 S. 14 [ cyprus-companies-law-cap-113.pdf (cypruscompany.net)]
¹⁶ Trademarks Law S. (4) [ https://www.wipo.int/wipolex/en/text/578188 ]
¹⁷ ECLI:EP:BA:2023:J000523.20230904 [ https://www.epo.org/boards-of-appeal/decisions/pdf/j230005eu1.pdf ]

Enterprise-Ready E-Signatures

Built to scale with your business

Close deals faster, cut costs, and stay compliant. From startups to global enterprises, thousands trust BoldSign to simplify document signing.

0 +

Years in business

0 +

Customers

0 +

Countries

0 +

Built-in features

Testimonials

Why our customers love us

The true measure of our impact lies in the stories shared by our valued partners.

Google Integration, 25 free sends, dashboard, Signature font options, App is very responsive / fast, Emails between sender and signer are good, Audit trail is very helpful, No account needed for signer is great, Mobile experience is good for signer.

Jeremy Kadlec

Edgewood Solutions

Switch to BoldSign already! It's intuitive to use and affordable for small businesses. I never have to worry about the status of a document because with BoldSign I know. Plus, they let you program the frequency of reminders signatories receive. I'm so glad to have found it!

Sarah Dillard

Kaleidoscope

We’re using BoldSign successfully in our b2b SaaS platform - as it’s embedded to allow seasonal farm workers and their agribusiness employers to e-sign their employment onboarding documents for the first time. It’s part of the total solution saving the workers and HR managers 50% more time compared to their traditional pen/paper manual process.

Scott Prince

Croft

Sign up for your free trial today!

30-day free trial
No credit card required

30-day free trial

No credit card required