On the one hand, eIDAS specifies the requirements for the qualified electronic signature certificate in terms of content and it lays down only the name or pseudonym of the private individual in terms of data referring to the user (the relevant legislation does not distinguish the case when a signature is used by a private individual on behalf of a legal person, just like in real life our signature does not look different when we make a statement on behalf of a legal person). On the other hand, eIDAS explicitly excludes the possibility of setting requirements exceeding the minimum content stipulated here (The reason for this exclusion is explained in Paragraph 54 of the eIDAS Preamble - “Cross-border interoperability and recognition of qualified certificates is a precondition for cross-border recognition of qualified electronic signatures. Therefore, qualified certificates should not be subject to any mandatory requirements exceeding the requirements laid down in this Regulation. However, at national level, the inclusion of specific attributes, such as unique identifiers, in qualified certificates should be allowed, provided that such specific attributes do not hamper cross-border interoperability and recognition of qualified certificates and electronic signatures.”).

In light of the above, our understanding is that the validity of a declaration made on behalf of a legal person cannot be refused on the grounds that the electronic document was signed exclusively by a person authorized to sign on behalf of the legal entity with a Qualified Electronic Signature (regardless of whether the electronic signature certificate has been registered in the company register) and that referring to the private individual, the certificate of the qualified electronic signature contains only their name, and referring to the legal entity, it does not contain any information.

REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Article 28

Qualified certificates for electronic signatures

(1) Qualified certificates for electronic signatures shall meet the requirements laid down in Annex I.

(2) Qualified certificates for electronic signatures shall not be subject to any mandatory requirement exceeding the requirements laid down in Annex I.

ANNEX I. - REQUIREMENTS FOR QUALIFIED CERTIFICATES FOR ELECTRONIC SIGNATURES

Qualified certificates for electronic signatures shall contain:

(a) an indication, at least in a form suitable for automated processing, that the certificate has been issued as a qualified certificate for electronic signature;

(b) a set of data unambiguously representing the qualified trust service provider issuing the qualified certificates including at least, the Member State in which that provider is established and:

— for a legal person: the name and, where applicable, registration number as stated in the official records,

— for a natural person: the person’s name;

(c) at least the name of the signatory, or a pseudonym; if a pseudonym is used, it shall be clearly indicated;

(d) electronic signature validation data that corresponds to the electronic signature creation data;

(e) details of the beginning and end of the certificate’s period of validity;

(f) the certificate identity code, which must be unique for the qualified trust service provider;

(g) the advanced electronic signature or advanced electronic seal of the issuing qualified trust service provider;

(h) the location where the certificate supporting the advanced electronic signature or advanced electronic seal referred to in point (g) is available free of charge;

(i) the location of the services that can be used to enquire about the validity status of the qualified certificate;

(j) where the electronic signature creation data related to the electronic signature validation data is located in a qualified electronic signature creation device, an appropriate indication of this, at least in a form suitable for automated processing.

Did this answer your question?