In the case that notifications, submissions and information that are submitted to the Austrian Financial Market Authority (FMA) are subject to a signatory requirement (supplying a signature), then special statutory formal requirements must be taken into account regarding the use of electronic signatures.
With regard to electronic business the requirement to provide a handwritten signature may also be substituted by means of a qualified electronic signature, provided that legal formal requirements that take precedence or arrangements between the parties involved do not order to the contrary. The corresponding rules can be found in Article 886 of the General Civil Code (ABGB; Allgemeines bürgerliches Gesetzbuch) in conjunction with Article 4 para. 1 of the Signature and Trust Services Act (SVG; Signatur- und Vertrauensdienstegesetz). The SVG specifically determines that qualified electronic signatures fulfil the legal requirement of the written form as defined in Article 886 ABGB.
The European legal basis on electronic signatures is Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions, known as the eIDAS Regulation (Regulation on electronic IDentification, Authentication and Trust Services), which has been transposed into Austrian law by the SVG and the Signature and Trust Services Regulation (SVV; Signatur- und Vertrauensdiensteverordnung).
Pursuant to Article 3 point 12 of the eIDAS Regulation a qualified electronic signature constitutes an advanced electronic signature, that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures.
Qualified electronic signatures are characterised by the following features:
- The signature is uniquely linked to the person signing and allows the signatory to be identified.
- The signature is created by a qualified electronic signature creation device, i.e., configured software or hardware used to create an electronic signature pursuant to Article 3 no. 22 eIDAS Regulation, that meets the requirements set out in Annex II eIDAS Regulation.
- The signature is based on a qualified certificate for electronic signatures, i.e. a certificate issued by a qualified trust service provider that meets the requirements of Annex I of the eIDAS Regulation.
- The signature is created using electronic signature creation data, which the signatory may use with a high degree of trust under their exclusive control.
- The signature is therefore associated with the signed data in such a way, that any subsequent modification of data is able to be detected.
When providing an electronic signature towards the FMA, the following must be noted:
- Electronic signatures are allocated to different classes in terms of quality. Only qualified electronic signatures (QES) are permissible for submissions to the FMA. QESes as defined in Article 26 of the eIDAS Regulation are required to meet higher quality requirements than simple electronic signatures, to allow the authenticity of the signature and the identity of the signatory to be followed-up and checked.
- QESes are therefore only allowed to be issued and offered by providers of qualified trust services. A list of officially qualified trust service providers has been published on the eIDAS Dashboard at EU eIDAS Dashboard as well as on the Rundfunk und Telekom Regulierungs-GmbH (RTR-GmbH) website.
- The providing of simple electronic signatures in relation to submissions to the FMA, that are subject to a signature requirement is considered by the FMA as insufficiently qualified.
More detailed questions regarding electronic signatures should be referred to The Telekom Control Commission established pursuant to Article 17 of the eIDAS Regulation in conjunction with Article 12 SVG.