The electronic signature in Greek law
By virtue of Presidential Decree 150/2001, Directive 99/93/EC of the European Parliament and of the Council on a Community framework for electronic signatures was incorporated in the Greek law.
Pursuant to such framework, an electronic signature, namely data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication is regarded as legally equivalent to hand-written signatures both in substantive law and in civil procedure law only if the essential and formal requirements laid down below are fulfilled.
Essential requirements to be met so that the electronic signature is regarded as legally equivalent to hand-written signatures:
a) it is uniquely linked to the signatory;
b) it is capable of identifying the signatory;
c) it is created using means that the signatory can maintain under his sole control; and
d) it is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable.
According to law, an electronic signature that meets the essential requirements is designated “advanced electronic signature” or “digital signature”.
Formal requirements to be met so that the electronic signature is regarded as legally equivalent to hand-written signatures:
a) it is based upon a qualified certificate and
b) it is created by a secure-signature-creation device.
While the Presidential Decree defines the importance of these two formal requirements, it expressly stipulates that an electronic signature is not denied legal effectiveness and admissibility as evidence in legal proceedings solely on the grounds that the formal requirements are not met.
A “certificate” means an electronic attestation which links signature-verification data (such as codes or public cryptographic keys) to a person and confirms the identity of that person. A “qualified certificate” means a certificate which meets the requirements laid down in Annex I and is provided by a certification-service-provider who fulfils the requirements laid down in Annex II hereof (in this case, the numbering of Annexes follows the numbering of the Presidential Decree).
In addition, “secure-signature-creation device” means configured software or hardware used to implement the signature-creation-data which, by appropriate technical and procedural means, ensure the reliability of the electronic-signature creation and in particular, that the signature-creation-data used for signature generation (unique data such as codes or private cryptography keys):
a) can practically occur only once, and that their secrecy is reasonably assured;
b) cannot, with reasonable assurance, be derived and the signature is protected against forgery using currently available technology;
c) the signature-creation-data used for signature generation can be reliably protected by the legitimate signatory against the use of others.
Please note that secure-signature-creation devices must not alter the data to be signed or prevent such data from being presented to the signatory prior to the signature process.
The reliability of signature creation by the secure-signature-creation-devices as per above shall be assessed by the Hellenic Telecommunications and Post Commission (EETT) or by public or private bodies designated by it. EETT and these bodies are required to implement the minimum criteria set forth in the Commission Decision of 6.11.2000 (Ε(2000) 3179 final). The conformity of electronic signature products with recognised standards constitutes a presumption of compliance with the requirements laid down in Annex II, point (f) and that the reliability of signature creation as per above is ensured.
The provision of certification services within the Greek territory by certification-service-providers established on this territory shall be governed by the applicable Greek law. Electronic signature certification services originating in another Member State in the fields covered by the Community law entail the same legal effects as the respective certification services provided by a certification-service-provider established on the Greek territory.
Electronic-signature products which comply with the applicable Community law entail the same legal effects as the respective electronic-signature products originating in Greece.
A determination of conformity with the applicable Community legislation on requirements for secure-signature-creation-devices by the bodies designated by an EU Member State shall be recognised by Greece, too.
Certificates which are issued as qualified certificates to the public by a certification-service-provider established in a third country are recognised as legally equivalent to certificates issued by a certification-service-provider established within the Community if they meet certain requirements laid down in Presidential Decree. 150/2001.
In conclusion, the use of electronic/digital signatures instead of hand-written signatures has a legal effect in accordance with the applicable Greek law.
An electronic signature shall be regarded as legally equivalent to hand-written signatures with respect to both the substantive and the civil procedure law if the electronic signature meets the aforementioned essential and formal requirements.