The present situation has made the relatively straightforward act of signing documents a more daunting proposition. Is it possible to validly execute documents by electronic signature in Poland today? Here are some practical issues to consider in this respect.
What is an electronic signature?
An e-signature is data in electronic form which is attached to, or logically associated with, other data in electronic form and which is used by the signatory to sign.
In Poland, the legal framework for electronic signatures is established under the Regulation (EU) No. 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (the ‘eIDAS Regulation’) and by the Act of 5 September 2016 on trust services and company identification. The eIDAS Regulation distinguishes three levels of electronic signatures: 1. electronic signature; 2. advanced electronic signature; and 3. qualified electronic signature.
Only the last electronic signature in the eIDAS Regulation typology (the qualified electronic signature) is recognised under Polish law as equal and tantamount to a physical, ‘wet-ink’ signature – that is “a qualified electronic signature shall have the same, equivalent legal effect as a signature written by the signatory’s own hand” (art. 781 § 2 of the Polish Civil Code; art. 25 of the eIDAS Regulation).
A qualified electronic signature based on a qualified certificate issued in one member state is recognised as a qualified electronic signature in all other member states. Therefore, a qualified electronic signature issued by a trust service provider from any of the EU countries is sufficient to comply with an electronic form requirement under Polish law.
Qualified certificates for electronic signatures can be obtained from (public and private) providers which have been granted a qualified status by a national competent authority as indicated in the national ‘trusted lists’; these can be accessed through the Trusted List Browser online (https://webgate.ec.europa.eu/tl-browser/#/). With the end of the Brexit transition period in mind, it’s worth noting that a qualified electronic signature which can be used in all EU countries may be obtained by non-EU citizens as well.
While different levels of electronic signatures may be appropriate in different contexts, only qualified electronic signatures are explicitly recognised as having the equivalent legal effect of hand-written signatures all over the EU.
When can I use an e-signature?
There are a number of occasions when an e-signature may be used under Polish law. These include:
Relations with the public administration:
Social Insurance Institution (Zakład Ubezpieczeń Społecznych) – a qualified electronic signature may be used to file an e-declaration to ZUS;
Customs Office (Urząd Celny) – it is possible to submit declarations and documents to the Customs Office using the e-Zefir app;
Tax Office (Urząd Skarbowy) – an electronic signature may be used to send tax declarations via the e-Declarations app or to share documents and data using the Standard Audit File for Tax (SAF-T, Jednolity Plik Kontrolny);
National Court Register (Krajowy Rejestr Sądowy) – filing applications to the register is possible using an electronic signature, required for registration in the e-KRS platform;
Personal Data Protection Office (Urząd Ochrony Danych Osobowych) – electronic communication with the President of the Personal Data Protection Office (Generalny Inspektor Ochrony Danych Osobowych) by signing application forms for the registration of personal data set generated in the e-GIODO platform;
Polish Agency for Enterprise Development (Polska Agencja Rozwoju Przedsiębiorczości) – applying for EU subsidies;
General Inspector for Financial Information (Generalny Inspektor Informacji Finansowej) – reporting transactions exceeding €15,000 via the dedicated internet platform;
National courts – filing pleadings in electronic writ proceeding before the e-court;
Tenders and auctions – under the Polish Public Procurement Law, it is possible to conduct tenders and auctions electronically; for the purpose of registration and identification of the participants, a qualified electronic signature can be used;
In business relations:
Remote execution of civil law contracts;
E-invoices – it is possible to issue electronic invoices; the reliability of the e-invoices can be confirmed with an e-signature;
Correspondence – the reliability of the electronic correspondence with clients can be confirmed with an e-signature.
Is it always appropriate for a document to be executed in electronic form only?
No – the appropriate method of execution of a document will depend on the circumstances of the specific case. Specific legal formalities may be required for signing a particular type of document under Polish law. For example, where a notarial deed or a notarially certified signature is required, the electronic signature cannot be used. There are certain legal acts which may be validly performed only in the specific form required by law, e.g. bills of exchange, cheques, drawing up a will or contracting a marriage.
Similarly, the parties to a civil law contract may stipulate the required form for their contractual dealings.
How do you obtain a qualified electronic signature in Poland?
A list of qualified trust service providers in Poland is published on the National Certification Centre’s website (https://www.nccert.pl/indexE.htm). These are:
Asseco Data Systems S.A. (https://www.certum.pl/pl/);
ENIGMA Systemy Ochrony Informacji Sp. z o.o. (https://www.cencert.pl/);
EuroCert Sp. z o.o. (https://eurocert.pl/);
Krajowa Izba Rozliczeniowa S.A. (https://www.kir.pl/); and
Polska Wytwórnia Papierów Wartościowych S.A. (https://sigillum.pl/).
An electronic signature may be ordered online. However, before you start using the e-signature, your identity must be verified. Verification methods vary depending on the provider. All of them require a personal appearance at the provider’s office or before a provider’s representative, or before a notary public, and presenting a valid identity document (ID card or passport). Each of the trust service providers has offices all around the country (e.g. ENIGMA Systemy Ochrony Informacji Sp. z o.o. itself has 177 offices), including the major Polish cities. Lists of these offices can be accessed via each trust service provider’s website. Many of them offer to attend at the customer`s location.
An electronic signature may include a PESEL number (national identification number), a NIP number (tax identification number) or an ID-card number.
Depending on the trust service provider, devices for attaching a qualified electronic signature vary. They usually comprise a qualified certificate (valid for one or two years), a cryptographic card (the size of a credit card or a mobile SIM card), a card reader (with a cable connecting it to the USB port or a USB token) and complimentary software, or an app, for signing and verifying e-documents/files. To sign a document using the qualified electronic signature, one needs to install the dedicated software/app, insert the card in the card reader and connect it to the USB port, choose the document to be signed and sign it, confirming with an individually set PIN code.
Any file can be signed with a qualified electronic signature – there are no restrictions as to the format, file structure or size. A file signed with a qualified electronic signature will usually contain a signature in a graphic form stipulating that the document has been signed, by whom (name and surname) and, if the time stamp was used, when (date and time). However, to ensure that the qualified electronic signature is correct and valid, verification must be completed. Depending on the format in which an e-signature was attached, this can be done using Adobe Acrobat Reader or dedicated software for signing and/or verifying electronic signature (available for download from each of the trust service provider’s websites).
Source: https://www.certum.pl/pl/cert_oferta_podpis_elektroniczny/. Excerpt translated by the author.
Qualified electronic signature vs. trusted profile
Both the qualified electronic signature and the trusted profile (e-Go) are signatures confirming their users’ identity. However, the trusted profile may only be used in dealings with public administration via its online platforms, such as ePUAP, obywatel.gov.pl, PUE ZUS, or praca.gov.pl. It does not constitute a qualified electronic signature and does not have an equivalent legal effect as a ‘wet-ink’ signature written in the signatory’s own hand. Therefore, a trusted profile cannot substitute a physical signature the way the qualified electronic signature does in business relations. What is more, the qualified electronic signature is recognised and effective across the EU.
A trusted profile may be set up online, through the dedicated website (https://pz.gov.pl/pz/registerMainPage). To file an application, it is necessary to have one of the following:
an account at a bank or a different identity provider authorised to confirm a trusted profile;
a qualified electronic signature;
an e-ID (new type of ID card issued in Poland since March 2019, containing an electronic layer and a NFC reader).
It is also possible to verify your identity through a video conference with an official as well as to file an application online and confirm it in person at one of the dedicated offices. Unlike the qualified electronic signature, a trusted profile can be obtained free of charge.
Non-Polish citizens may obtain a trusted profile, however, to do so, they are required to have a Polish PESEL number or a valid qualified electronic signature.
A trusted profile may be used when filling out document online via the public administration’s dedicated platforms such as ePUAP. After clicking the ‘sign with a trusted profile’ option, one is redirected to the trusted profile login page. Once logged in (authenticated) to the trusted profile, the user is redirected to the initial page to sign the document. After clicking the ‘signature with trusted profile’ button, the authorisation page for signing the document with a trusted profile is launched, and it is here that one should enter the authoristion code sent by the system to the authorisation channel indicated in the external profile (previously provided by ourselves) via SMS or e-mail.
It is possible to use a trusted profile on various occasions, for example in matters related to company’s registration (signing applications to KRS, CEIDG), in Social Insurance Institution (Zakład Ubezpieczeń Społecznych) and Tax Office (Urząd Skarbowy).
For signing, verifying signatures and opening documents signed in a .XML format, there is an app provided by the Ministry of Digital Affairs (the so-called ‘signer’) available at https://moj.gov.pl/uslugi/signer/upload?xFormsAppName=SIGNER may be used. A document signed with the trusted profile and opened in a legible format (such as .doc, .xls or .pdf) will usually contain the information that it was signed with the trusted profile, by whom and when (date and time). However, just as with the qualified electronic signature, the correctness and validity of the trusted profile signature must be verified using an appropriate tool such as the ‘signer’ tool mentioned above.