Last Updated on March 7, 2022
The Malta Business Registry clarifies that the use of electronic signatures by the general public for the submission of documents to the Registrar is possible in accordance with EU legislation, specifically Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC ( ‘eIDAS’ ).
The eIDAS stipulates specific standards for electronic signatures, qualified electronic signature creation devices, qualified certificates for electronic signatures, electronic seals, electronic timestamps and other electronic authentication mechanisms that must be adhered to for recognition across all EU Member States.
Before submitting documents to the Registrar, signatories are to ascertain that the use of electronic signatures adheres to the provisions contained in the eIDAS. For an electronic signature to have the equivalent legal effect of a handwritten signature, it must be a qualified electronic signature, as provided by Article 25(2) of the eIDAS. Consequently, this type of electronic signature is the type duly recognised by the Registrar in terms of Article 82 of the Companies Act (Chapter 386 of the Laws of Malta). Under the eIDAS, a qualified electronic signature is an advanced electronic signature created by a qualified electronic signature creation device based on a qualified certificate for electronic signatures issued in an EU Member State. A qualified electronic signature based on a qualified certificate issued in one Member State shall be recognised as a qualified electronic signature in all other Member States. A qualified digital certificate for an electronic signature attests to the authenticity of a qualified electronic signature issued by a qualified trust service provider.
Qualified certificates for electronic signatures shall meet the requirements set out in Annex I of the eIDAS. The following notes provide a general overview of the requirements that a certificate should possess, for reference purposes only:
- An indication that the certificate issued would have been issued as a qualified certificate for electronic signature;
- A set of data unambiguously representing the qualified trust service provider issuing the qualified certificates;
- At least the name of the signatory or a pseudonym; if a pseudonym is used, this should be clearly indicated
- Electronic signature validation data that corresponds to the electronic signature creation data;
- Details of the beginning and end of the certificate’s period of validity;
- The certificate identity code (unique for the qualified trust service provider);
- The advanced electronic signature or advanced electronic seal of the issuing qualified trust service provider;
- The location where the certificate supporting the above advanced signature or seal is available free of charge;
- The location of the services which can be used to enquire about the validity status of the qualified certificate;
- An appropriate indication as to whether the electronic signature creation data related to the electronic signature validation data is located in the qualified electronic signature creation device.
The list of approved eIDAS Trust Service Providers in the European Union may be accessed on https://webgate.ec.europa.eu/tl-browser/#/
Anyone signing a document electronically is expected to verify the validity of a qualified electronic signature with all the corresponding technical and legal details prior to submitting documents to the Malta Business Registry (“MBR”), by uploading the electronically signed document/s on https://ec.europa.eu/cefdigital/DSS/webappdemo/validation
Kindly note that electronically signed documents uploaded via the MBR’s online system are accepted. It is the obligation, and sole responsibility, of the person submitting the document to ensure that the document is signed in accordance with the above specifications and that all verifications were made.
In the eventuality that electronically signed documents are not submitted via the MBR’s online portal, the company, or its representative, is required to submit the same electronically signed documents to the Registrar by sending all the documentation on email@example.com accompanied by the following:
- A declaration found in Annex I by the person filing the documents (company officers, company service provider or any subject person) attesting for the electronic signature utilised on the submitted document/s;
- The validity assurance report of the electronic signature generated from the above indicated link, i.e. https://ec.europa.eu/cefdigital/DSS/webappdemo/validation
The Registrar reserves the right to verify the validity of electronic signatures to ensure compliance with eIDAS requirements. If the electronic signature is not a qualified one and is found not to follow the above criteria, an officer from the MBR will revert the documents via email to the sender’s address. In this case, the respective documentation is deemed to be ‘not submitted’ to the Registrar, resulting in the corresponding imposition of statutory penalties.
Mr Joseph Farrugia
Registrar of Companies