This article focuses on the importance of electronic identification, as well as the evolution of e-contracts, both of which are essential to the smooth running of the digital marketplace.
Electronic identification – legal requirements
Although the remote identification of customers is important for any type of e-commerce business, some market players are subject to specific legal requirements relating to electronic identification. In particular, most countries require specific customer due diligence from financial institutions (banks, money transmitters, insurance companies, etc.). Subject to certain exceptions, these institutions must identify their customers prior to establishing business relationships with them.
Through these requirements, national legislators are in line with the international standards promoted by the Financial Action Task Force (FATF) and the general legal framework adopted within the EU. Thus, when structuring remote identification schemes, financial institutions have to assess not only the commercial effectiveness of the respective schemes, but also their compliance to applicable legal requirements.
Commonly adopted approaches to e-identification
As a general rule, the level of customer due diligence depends on the level of risk of a particular transaction. Nevertheless, according to the commonly adopted approach, verification of the customer’s identity must be conducted on the basis of documents, data or information obtained from reliable and independent sources.
Under such circumstances, most jurisdictions do not consider popular mechanisms of electronic identification (e.g., obtaining a scan of the customer’s ID) as sufficient for the purposes of anti-money laundering due diligence. In the absence of a trusted third party, such approaches do not ensure the reliability of the data provided by the customer. Accordingly, any remote identification scheme must be carefully analyzed prior to being implemented.
The benefits of harmonization
The EU is already moving towards the harmonization of regulation for electronic identification within the Single Market. In particular, the European Commission has introduced Regulations on electronic identification (eIDAS) creating a legal framework for cross-border recognition of electronic identification for public and trust services across the EU. Electronic IDs issued in one EU country must be recognized in all others, provided they meet the regulation’s requirements and have been reported to the Commission.
Additionally, this document sets forth a common legal framework for qualified and non-qualified trust services including the creation, verification and validation of electronic signatures, electronic seals or electronic time stamps, and certificates related to those services. Therefore, the eIDAS framework is one of the cornerstones of the European Single Market covering all elements of electronic identification and authentication.
The European Commission is particularly focused on FinTech trends and on enabling banks to identify customers digitally in the future. At the same time, it wants to ensure that modern tools for remote identification are and secure, do not pose new risks for consumers or systems, and comply with EU data protection laws.
In order to define methods of remote identification that meet these requirements, at the end of 2017 the Commission created an expert group for electronic identification and remote KYC processes. The group is tasked with exploring issues relating to the use of remote identification schemes and whether or not they are notified under eIDAS. It is also looking into other innovative digital processes to comply with anti-money laundering rules. Where appropriate, the group will assist the Commission to prepare guidelines relating to digital identification.
The evolution of e-contracts
The concept of e-contracts is of paramount importance in driving and managing business in the digitally driven world of today. While e-contracts emerged in the 1980s, the widespread growth of the e-commerce sector began in the early 1990s. In response to this rapid growth, the European Union adopted the EU E-commerce Directive in 2000 to provide a legal framework to regulate the sector. The purpose of the Directive was to harmonize and clarify the rules applicable to internet business across the EU and safeguard consumer interests.
The current digital transformation – which is driven by more developed, more complex and wider reaching information technologies – represents a new legal challenge to both market participants and regulators. Therefore the EU is considering two special legislative proposals: a directive on contracts for online and distant sales of goods, and a directive on contracts for the supply of digital content. Both directives are presently at an advanced stage of consideration.
Legislating for the key issues
Historically, the key issues to be solved in relation to e-contracts were: identifying the contacting parties, proving a meeting of minds concerning a certain set of terms, and validating electronic signatures or other forms of acceptance. These have been settled with the development of both business and court practices.
In effort to harmonize the rules in this area, the EU recently adopted the Directive on Identification and Trust Services which took effect in July 2016. The Directive provides for three types of electronic signatures: basic, advanced and qualified electronic signatures, as well as electronic seals for legal entities.
Which laws apply?
Another major legal complication, which is inherent to Internet business, is determining what laws are applicable to a particular transaction and jurisdiction. Although this problem may be less acute within the EU than in other parts of the world due to the harmonization of legislation across member states, discrepancies between the laws of member states still exist, not to mention the lack of uniformity of the laws of other countries.
This complication requires e-businesses to pay special attention not only to the content of their website(s) or terms of sale and services, but also to the ways in which they advertise their business and organize their contracting infrastructure.
Next generation challenges and trends
With the digital transformation age, traditional e-commerce contract law is being challenged once again. Technologies such as SaaS, IoT, big data, cloud, AI, blockchain, augmented reality, and others are transforming both business and legal practice and require regulations to be adopted and adapted across a wide range of issues.
Not only is an e-contract different from the contract of a traditional business, but it could also be that a product or service that exists only in digital form, or indeed in blockchain, could have a contract performed and concluded without any human intervention. New forms of interaction such as Machine2Machine or Machine2Business were previously unheard of.
The latest trend of tokenizing assets and liabilities creates enormous opportunities to selling almost anything in digital form. However the creation and completion of digital contracts through automation requires more complex and instant document turnover involving advanced means of identification and signing, for example using smart phones and other devices.
Furthermore the automation of contracts brings to light the question of cybersecurity, adding a new dimension to such issues as contact interpretation and invalidity
- FATF (2012-2017), International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation, FATF, Paris, France.
- Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, amending Regulation (EU) No 648/2012 of the European Parliament and of the Council, and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC, OJ L 141, 5.6.2015, p. 73–117.
- Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/ EC, OJ L 257, 28.8.2014, p. 73–114.
- European Commission Decision of 14.12.2017 setting up the Commission expert group on electronic identification and remote Know-Your-Customer processes.