Legality of eSignatures in Spain

IN THIS PAGE

  • Background
  • What is an electronic signature
  • Overview of electronic signature regulatory framework in Spain
  • Validity standards of an advanced electronic signature
  • Summary analysis
  • The scope and limitations of eSignature transactions
  • Summary scope of limitation
  • How does BoldSign help
blogs-ads-banner-

Background

The integration of digital signatures in Spain has markedly enhanced the speed and effectiveness of verifying documents. These electronic solutions facilitate swift and environmentally friendly dealings, cutting down on paper consumption and expediting commercial contracts. It is essential to grasp critical factors when implementing electronic signatures in Spanish operations.

Selecting an eSignature provider that adheres to both Spanish laws (Law 6/2020 and Law 34/2002) and the EU’s regulations on electronic signatures1 (the eIDAS Regulation) is crucial. Compliance with these regulations ensures that digital signatures are legally equivalent to their handwritten counterparts. However, it’s important to note that some documents may still necessitate a physical signature, and legal intricacies can vary; hence, consulting with a legal expert is advisable.

Security remains a paramount concern. Providers of electronic signature services must offer robust security measures, including encryption, user authentication, and audit trails, to prevent unauthorized access and confirm the legitimacy of signed documents. BoldSign, for instance, provides these security features to meet both compliance and safety standards.

In conclusion, electronic signatures are incredibly advantageous and widely recognized in Spain. Nevertheless, adhering to legal requirements, ensuring security, and selecting a user-friendly service are vital to their successful application.

What is an electronic signature

According to Spanish law, an electronic signature is defined as any electronic information attached to or logically linked with other electronic data that the signer uses to execute the signing process. Such signatures are considered legally effective on most documents when they can be clearly linked to the signer and when there is evidence to verify their authenticity, thus maintaining the integrity of the document. Additionally, the signatory’s deliberate intent to agree to the document’s terms must be clear, indicating a conscious assent to the stipulated conditions. When these criteria are met, electronic signatures are afforded the same legal validity as traditional pen-and-ink signatures.

Overview of electronic signature regulatory framework in Spain

Electronic signatures are considered just as valid as traditional wet-ink signatures; however, their use is subject to specific regulations spelled out in:

  • Law 6/2020, regulating certain aspects of trusted electronic services2.
  • Law 34/2002 on information society services and e-commerce3.
  • Regulation (EU) No. 910/2014 of the European Parliament4.

The regulation categorizes the signatures into three categories (Law 6/2020 as read with article 3 of the EU Regulation No. 910/2014):

  • Standard Electronic Signatures
  • Advanced Electronic Signatures
  • Qualified Electronic Signatures

Standard Electronic Signature means data in electronic form attached to or logically associated with other data in electronic form that is used by the signatory to sign.

Advanced Electronic Signature means an electronic signature meeting the requirements set out in Article 265. It decrees that advanced electronic signatures must be:

  • Uniquely linked to the signers.
  • Capable of identifying the users.
  • Developed using means that allow the signatory to maintain control.
  • Linked to the data to which it relates so that any subsequent change to the data is detectable.

Qualified electronic signature

This is an advanced electronic signature generated using a certified device for creating electronic signatures and relies on an accredited certificate specific to electronic signatures. Article 32 of EU regulation sets out the validation requirements that need to be met for a qualified eSignature6. These are:

  • A statutory-compliant certificate that was qualified at the time of signing.
  • A qualified trust service provider issued a certificate that was valid when signing.
  • Signature validation data corresponds to the data provided to the relying party.
  • The unique set of data representing the signer in the certificate was correctly provided to the relying party.
  • The use of any pseudonym is clearly indicated to the relying party if a pseudonym was used at the time of signing.
  • The electronic signature is from a qualified electronic signature creation device.
  • The integrity of the signed document has not been breached.
  • It meets validity standards of an advanced eSignature.

Validity standards of an advanced electronic signature

Uniquely linked to the signer

A secure electronic signature must be uniquely connected to the person using it. The signature must be uniquely made with methods only the signer can access, like a private key and confidential info, to verify their identity.

Use and incorporation remain in the signatory's sole control

The person using the secure electronic signature must have sole control over the means of creating the signature. Typically, this requires managing a key pair or two-factor authentication, with the signer exclusively holding the private key to prevent signature forgery.

Ability to identify the signers

The process used to create the signature must be capable of identifying the person signing. This may include using a biometric signature, a personal identification number (PIN), an email address, or even a company registration number.

Ability to maintain the integrity of the document

It is essential to preserve the authenticity of the signed document. Modifications made to the document post-signature should be identifiable. This is commonly accomplished through an audit trail. Audit trails record the signer’s IP address, timestamps of key signing events, and location, providing proof of identity, timing, and signature place.

Summary analysis

Law 6/2020, regulating certain aspects of trusted electronic services, Law 34/2002 on information society services and e-commerce, and Regulation (EU) No. 910/2014 of the European Parliament.

  • Type of signature

  • Unique features

  • Legal validity

  • Standard Electronic Signature

    • No unique feature other than being data in electronic form.

  • Advanced Electronic Signature

    • Uniquely linked to the signer.
    • Capable of identifying the signatories.
    • Developed using means that allow the signatory to maintain control.
    • Linked to the data to which it relates so that any subsequent change to the data is detectable.
    • Validity is dependent on evidentiary weight across jurisdictions.
  • Qualified Electronic Signature
    • Certificate compliant with laws provided at signing.
    • Trust service provider issued a valid certificate at signing.
    • Signature validation matches the data given to the recipient.
    • The signatory's unique data is accurately given to the recipient.
    • Any pseudonym used is disclosed to the recipient.
    • Signature made with a qualified electronic signature device.
    • Signed data integrity maintained.
    • Has all features of an advanced eSignature.
    • Deemed valid in jurisdictions across the EU.
    • Type of SignatureUnique FeaturesLegal Validity
    Simple Electronic Signature
    • No unique feature other than being data in electronic form.
    Advanced Electronic Signature
    • Uniquely linked to the signer.
    • Capable of identifying the signatories.
    • Developed using means that allow the signatory to maintain control.
    • Linked to the data to which it relates so that any subsequent change to the data is detectable.
    		• Validity is dependent on evidentiary weight across jurisdictions.
    Qualified Electronic Signature
    • Certificate compliant with laws provided at signing.
    • Trust service provider issued a valid certificate at signing.
    • Signature validation matches the data given to the recipient.
    • The signatory's unique data is accurately given to the recipient.
    • Any pseudonym used is disclosed to the recipient.
    • Signature made with a qualified electronic signature device.
    • Signed data integrity maintained.
    • Has all features of an advanced eSignature.
    		• Deemed valid in jurisdictions across the EU.

    The scope and limitations of eSignature transactions

    The use of electronic signatures is not accepted on all documents. As a result, electronic signatures are appropriate for certain types of transactions and applications, while unsuitable for others. An examination of this issue is provided below, along with a concise chart detailing the transactions.

    Documents that can be signed

    Electronic signatures can be employed to affix signatures and provide countersignatures on a diverse array of documents, such as those for:

    • Human resources
    • Procurement
    • Non-disclosure agreements (assuming they are contracts, not formal deeds)
    • Software license agreements
    • Insurance industry
    • Invoicing (with consent)7
    • Educational fields

    Cases where only qualified eSignatures and wet-ink signatures are authentic

    Under Article 25 of the eIDAS8, qualified electronic signatures are deemed to bear the same legal validity granted to wet-ink signatures. As such, the following can only be signed with either a wet ink signature or a qualified electronic signature:

    • Credit agreements9
    • Administrative procedures10
    • Identification by public administrations11
    • Contractual documents in securities market12
    • Contracts under the Maritine Navigation Act13
    • Instructions for aggregation of share of the voting rights accruing to it from the shares it owns to the share that it manages on an individualized basis as a result of its providing a portfolio- management service14.
    • Acknowledgement of receipt of report evaluation of proposed acquisitions of qualifying shareholdings15.
    • Agency contracts16

    Exclusions

    Art. 5 of Law 34/2002 on information society services and electronic commerce [as amended in 2020] establishes limitations on the utilization of electronic signatures, indicating that their use is not allowed for the following purposes:

    • Contracts related to family law and inheritance, such as wills17, solemnization of marriage18, dissolution of marriages before notaries19, etc.
    • Contracts, businesses, or legal acts in which the law determines the public documentary form for its validity or for the production of certain effects.
    • Contracts that require by law the intervention of jurisdictional bodies, notaries, property, and commercial registrars or public authorities, such as refusal of an inheritance20, public deeds21, solemnization of marriage22, dissolution of marriages before notaries23, etc.

    Summary scope of limitation

  • Permissible transactions

  • Exempted transactions

    • Human resources
    • Procurement
    • Non-disclosure agreements (assuming they are contracts, not formal deeds)
    • Software license agreements
    • Insurance industry
    • Educational fields
    • Services from lawyers on their representation role in court.
    • Powers of attorney
    • Real property transfer
    • Notaries
    • Deeds
    • Contracts on family law:
      • Testamentary documents
      • Wills
      • Prenuptials
      • Assignment of inheritance
      • Codicils. Etc.
    • Transactions with public authorities, and property and commercial registrars.
    • Type of SignatureUnique FeaturesLegal Validity
    Simple Electronic Signature
    • No unique feature other than being data in electronic form.
    Advanced Electronic Signature
    • Uniquely linked to the signer.
    • Capable of identifying the signatories.
    • Developed using means that allow the signatory to maintain control.
    • Linked to the data to which it relates so that any subsequent change to the data is detectable.
    		• Validity is dependent on evidentiary weight across jurisdictions.
    Qualified Electronic Signature
    • Certificate compliant with laws provided at signing.
    • Trust service provider issued a valid certificate at signing.
    • Signature validation matches the data given to the recipient.
    • The signatory's unique data is accurately given to the recipient.
    • Any pseudonym used is disclosed to the recipient.
    • Signature made with a qualified electronic signature device.
    • Signed data integrity maintained.
    • Has all features of an advanced eSignature.
    		• Deemed valid in jurisdictions across the EU.

    To guarantee the authenticity of an electronic signature, it is advisable to follow these best practices while also ensuring compliance with all applicable legal requirements:

    • Confirm the identity of the individual applying their signature, and if a corporate entity is involved, verify that the individual has the authority to bind the company with their signature.
    • Acquire clear consent from the individual applying their signature, which can be integrated into the contract or obtained via a separate acknowledgement form, to affirm their intention to sign the document electronically by the selected method.
    • Protect the document from any modifications after the electronic signature has been applied.
    • Keep a comprehensive log of the signing process, noting each step taken by the individual who is completing the signature.

    How does BoldSign help

    The following elements of compliance available within BoldSign can be used to comply with Spanish eSignature laws:

    • Secure and unique signing link: A secure and unique link to sign a document is sent directly to the signer’s email address. This helps ensure that the document is only accessed by the intended signer and cannot be tampered with.
    • Password protection: Senders can specify a password that needs to be entered before viewing and signing a document. This adds a layer of security to the signing process.
    • Audit trail: The IP address of the signer and timestamps for all significant events in the signing process are recorded in an audit trail. This provides a record of who signed the document, when, and where.
    • Digital signature: The final document is digitally signed with an AATL-compliant certificate. This ensures that the document cannot be tampered with without invalidating the signature.
    • Consent: Signers are asked to confirm their intent to sign electronically and informed that they could opt out. This helps ensure that the signer is aware of the implications of signing electronically and has consented to do so.
    • Custom terms: Getting your signers to agree to a custom set of terms. This can be useful to ensure additional security or that the signer understands the terms of the document.
    • QES compliance: BoldSign offers fully compliant qualified electronic signatures (QES) that are simple, secure, and legally binding across the EU. QES guarantees that your essential documents are protected with the highest level of e-signature security, giving you peace of mind in your digital transactions. Using BoldSign, you can confidently manage your important documents while ensuring compliance with EU regulations.

    Disclaimer: The information on this page is intended to help businesses understand the legal framework of electronic signatures for this particular country.

    However, Syncfusion, its officers, directors, stockholders, affiliates, attorneys, accountants, employees, or agents cannot provide legal advice. You should consult your personal attorney regarding your specific legal questions. Laws and regulations change frequently, and this information may not be current or accurate. To the maximum extent permitted by law, Syncfusion provides this material on an “as-is” basis. Syncfusion disclaims and makes no representation or warranty of any kind with respect to this material, express, implied, or statutory, including representations, guarantees, or warranties of merchantability, fitness for a particular purpose, or accuracy.

    Syncfusion makes no warranties of any kind, including but not limited to respect to the information or the product, whether express, implied, statutory, or otherwise. To the maximum extent permitted by law, Syncfusion disclaims all conditions, representations, and warranties, whether express, implied, or statutory, with respect to this information without limitation any implied warranty of merchantability, fitness for a particular purpose, accuracy, or currentness of this information.

    Syncfusion nor their officers, directors, stockholders, employees, affiliates, attorneys, accountants, or agents shall be liable for indemnification, nor does this create an express or implied, contractual or statutory, equitable or otherwise, under this Agreement. The officers, directors, stockholders, affiliates, attorneys, accountants, or agents will not have any liability in any form.

    1 Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC. Art 22 [http://data.europa.eu/eli/reg/2014/910/oj]
    2 Law on certain Legal Aspects for Trust Services for Electronic Transaction No. 6 of 2002 [https://www.wipo.int/wipolex/en/legislation/details/20420]
    3 Law No. 34/2002 of July 11, 2002, on Information Society Services and Electronic Commerce (as amended up to Law No. 6/2020 of November 11, 2020), – [https://www.wipo.int/wipolex/en/legislation/details/20419]
    4 Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC. Art 22 [(http://data.europa.eu/eli/reg/2014/910/oj]
    5 Ibid Article 26
    6 Ibid. Article 3(12) and 32
    7 Royal Legislative Decree 1/2007,of 16 November, Approving the Consolidated Text of the General Consumer and User Protection Act and Other Complementary Laws. Art. 63 (3) [https://www.mjusticia.gob.es/es/AreaTematica/DocumentacionPublicaciones/Documents/Consolidated_text_of_the_general_consumer_and_user_Protection_Act_and_other_complementary_laws_%28Ley.PDF]
    8 Regulation (EU) No 910/2014 of the European Parliament and of the Council, S. 4, Art. 25 [ https://eur-lex.europa.eu/eli/reg/2014/910/oj ]
    9 Act 16/2011, of 24 June, on Consumer Credit Contracts. Art. 16 (1) [https://www.mjusticia.gob.es/es/AreaTematica/DocumentacionPublicaciones/Documents/Act%2016- 2011%2C%20of%2024%20June%2C%20on%20Consumer%20Credit%20Contracts.pdf]
    10 Law 39/2015, of October 1, of the Common Administrative Procedure of the Public Administrations. Art. 10 [https://afyonluoglu.org/PublicWebFiles/Reports/PDP/2015%20Spain-Law%2039-2015%20Common%20Administrative%20Procedure%20of%20PA.pdf ]
    11 Law 40/2015, of October 1, on the Legal Regime of the Public Sector.Art. 40(1) and 45 [https://www.wipo.int/wipolex/en/text/506843]
    12 Royal Legislative Decree 4/2015 of 23rd October approving the consolidated text of the Securities Market Act. Art. 214 (6) [https://www.cnmv.es/docportal/legislacion/realdecre/rld_4_en_rev.pdf]
    13 Act 14/2014, Dated 24th July, on Maritime Navigation, additional provision three [https://www.mjusticia.gob.es/es/AreaTematica/DocumentacionPublicaciones/Documents/Act_14_2014__dated_24th_july__ on_Maritime_Navigation_%28Ley_de_Navegacion_Maritima%29.PDF]
    14 Royal Decree 84/2015 of 13 February 2015 implementing Law 10/2014 of 26 June 2014 on the regulation, supervision and solvency of credit institutions. (Boletín Oficial del Estado of 14 February 2015). Art. 23 (4) (b) (2) [https://www.bde.es/f/webbde/INF/MenuHorizontal/Normativa/eng/RD.84.2015_en.pdf]
    15 Ibid. Art. 25 (3)
    16 Ibid. Art. 21(3)
    17 Civil Code. Art. 688, 707 [https://www.icj.org/wp-content/uploads/2013/05/Spain-Spanish-Civil-Code-2012-eng.pdf ]
    18 Ibid Art. 51
    19 Ibid Art. 81 & 82
    20 Civil Code. Art. 1008 [https://www.icj.org/wp-content/uploads/2013/05/Spain-Spanish-Civil-Code-2012-eng.pdf ]
    21 Ibid Art. 1216
    22 Ibid Art. 51
    23 lbid Art. 81 & 82

    Enterprise-Ready E-Signatures

    Built to scale with your business

    Close deals faster, cut costs, and stay compliant. From startups to global enterprises, thousands trust BoldSign to simplify document signing.

    0 +

    Years in business

    0 +

    Customers

    0 +

    Countries

    0 +

    Built-in features

    Testimonials

    Why our customers love us

    The true measure of our impact lies in the stories shared by our valued partners.

    Google Integration, 25 free sends, dashboard, Signature font options, App is very responsive / fast, Emails between sender and signer are good, Audit trail is very helpful, No account needed for signer is great, Mobile experience is good for signer.

    Jeremy Kadlec

    Edgewood Solutions

    jeremy-kadlec

    Switch to BoldSign already! It's intuitive to use and affordable for small businesses. I never have to worry about the status of a document because with BoldSign I know. Plus, they let you program the frequency of reminders signatories receive. I'm so glad to have found it!

    Sarah Dillard

    Kaleidoscope

    sarah-dillard

    We’re using BoldSign successfully in our b2b SaaS platform - as it’s embedded to allow seasonal farm workers and their agribusiness employers to e-sign their employment onboarding documents for the first time. It’s part of the total solution saving the workers and HR managers 50% more time compared to their traditional pen/paper manual process.

    Scott Prince

    Croft

    scott-prince

    Sign up for your free trial today!

    • tick-icon
      30-day free trial
    • tick-icon
      No credit card required
    • tick-icon
      30-day free trial
    • tick-icon
      No credit card required
    signup-banner