Digital Aviation Document QAs

The official signature must have certain features that ensure the security of the signature or seal itself and the validity of the document when printed on paper. Section 19 of the E-Government Act states that, in addition to the figurative mark and information on the verifiability of the signature or seal, it must also contain an indication that the document has been officially signed.

The validity of the certificate can be checked on this website:https://www.rtr.at/TKP/was_wir_tun/vertrauensdienste/ Signatur/signaturpruefung/Pruefung.de.html.

Pursuant to Section 9(1) of the ECTA, documents may be signed electronically if a method is used to identify the signatory or indicate that the person intended to sign or otherwise adopt the information in the electronic communication . Section 9(3) of the ETCA provides that an electronic signature may be proved in any manner, including by showing that a procedure existed by which it is necessary for a party, in order to proceed further with a transaction , to have executed a symbol or security procedure for the purpose of verifying that electronic communication is that of such party.

Section 4 of the ECTA excludes the use of e-signatures for (among others) deeds. Provided that none of the types of documents referred to in question 1 are expressed to be a deed, the use of electronic signatures is permissible.

The BH E-Signature Law regulates only the qualified e-signature. It clearly provides that the qualified e-signatures are of the same legal force as handwritten signatures.

A qualified e-signature is a special type of advanced electronic signature that is linked to an electronic certificate issued by the competent authority. The only authorized provider of qualified e-signatures in BH is Halcom Ltd., with its headquarters in Sarajevo.

Nevertheless, the above does not mean that any e-signing in BH requires the existence of such qualified e-signatures. Such a requirement exists only for those types of documents, i.e., contracts, for which a written form is explicitly required by BH laws. In all other situations where the local laws do not require a written form, a qualified e-signature as such is not required.

The RAB only accepts documents in digital format certified with Brazilian Infrastructure of Public Keys – ‘ICP-Brazil’ and valid verified with the Brazilian National Institute of Information Technology (ITI).

In accordance with the previous point, it is not possible to execute aeronautical contracts using electronic signatures.

However, it is possible to execute acts and contracts of common civil legislation using electronic signatures. In this case, an advanced electronic signature should be used. The advanced electronic signature is granted by a local electronic signature provider accredited by the Ministry of Economy and certifies the identity of the signatory, also attesting to the date and time of the signature. Therefore, documents signed with advanced electronic signatures have the quality of a Public Instrument.

All Aviation Service Providers and Operators, TAR or OMA that wish to incorporate in their procedures the electronic signature for the management of their technical documents must include in their MGM /(MCM), MPI/ (MOM), MDI (MIP), MGO (MO), as applicable, electronic signature procedures and controls that guarantee that such signature is equivalent to that of the handwritten signature or any other form of signature currently accepted or approved in the corresponding legislation by the Colombian State. Therefore, digital and/or electronic signatures must meet the legal requirements so that the data message in which they are incorporated complies with the attributes of originality, integrity and evidentiary validity.

No, the Law does not regulate a specific technology. The regulation of the Law states that the digital certificate issued by the authorized certifier must comply with the INTE-ISO/IEC 17021 and INTE/ISO 21188 latest standards and the policies established by the Digital Signature Certifiers Directorate.

Pursuant to article 11 of the Law, the purpose of the digital signature is to warrant: a.) The legal link between a document, a digital signature, and a person; b.) The integrity, authenticity, and general non-alteration of the document, as well as the associated digital signature; and c.) The authentication or certification of the document and the associated digital signature only in the event of the exercise of public certifying powers. For that purpose, the Regulations to the Law state that the company in Costa Rica authorized as a certifier must, among others:

1. Use at least one face-to-face verification and registration process for its subscribers.
2. Keep a copy of the documentation used to verify the identity of the person.
3. Register biometrically (photograph, fingerprints, etc.) the subscriber to whom a certificate will be issued.
4. Require the use of secure signature creation modules,

with security certification indicated in accordance with international standards and the Policies established by the Digital Signature Certifiers Directorate.

5. Establish a subscription agreement detailing the level of service offered and the duties and responsibilities of the parties.
6. The Digital Signature Certifiers Directorate may establish any other requirement it deems pertinent as issuer and policy manager of the digital signature system.

The Law also allows the approval of foreign certificates, for which the following requirements must be met:

1. The certificate is endorsed by a certifier registered in the country.
2. It complies with the technical requirements established by the Directorate of Digital Signature Certifiers, and
3. That there is a reciprocal agreement between Costa Rica and the country of origin of the foreign certifier.

There is no requirement for qualified electronic signatures to be executed by use of a locally developed cryptographic platform.

However, in accordance with the eIDAS Regulation, all qualified electronic signatures must be a) uniquely linked to the signatory, b) capable of identifying the signatory, c) created using electronic signature creation data that the signatory can (with a high level of confidence) use under his sole discretion, and d) linked to the data signed therewith in such a way that any subsequent change in the data is detectable. Additionally, eIDAS Regulation prescribes in detail all technical requirements for qualified certificates and qualified trust service providers.

First of all, a specific “electronic data box” has been assigned to each legal entity and individual entrepreneur registered in the Czech Republic (others may use it voluntarily), and such entities and public authorities exchange communications (documents/ information) with each other principally only through this data box (public authorities are required to do so, while standard users can do so as an option only). All legal entities may also exchange communications with each other through the data box on an opt-in basis. Foreign-based entities may also voluntarily apply to get access to their own data box.

The access to the databox is unique and sufficiently protected (standard cryptographic solutions are used).

When a data box user acts through the data box, such act (message) is considered as signed by the user without the need to meet any further requirements. When the data box user decides to communicate without using the data box and the applicable law requires that the identity of the signatory must be verified, then the signatory must use the relevant form of electronic signature, which is either an advanced electronic signature, advanced electronic signature based on a qualified certificate for electronic signatures, or qualified electronic signature (QES), with the latter offering the highest standard of identification and protection. In practice, advanced electronic signatures based on a qualified certificate are widely used in the Czech Republic, while a QES is used rather exceptionally by private entities (unlike public authorities, which principally can only use a QES).

This is without prejudice to the fact that contractual and other documents are often also signed by “standard electronic signatures”, either by inserting the picture of the signature into a PDF version of the document or through more secure solutions offered by commercial providers, such as DocuSign.

As mentioned in the answer to question 1), digital signatures are valid as long as it is an electronic, encrypted stamp of authentication on digital information, which confirms its integrity. However, for use with government entities, including the Aviation Authority, an electronic signature issued by a duly licensed issuer in Ecuador is required.

No, the Law does not regulate a specific technology. The regulation to the Law states that the digital certificate issued by the authorized certifier must comply with the following regulations: CEN EN 419 221 related to security on cryptographic modules, ETSI EN 319 411 part 1 related to digital signature and infrastructure- policies of security to companies that issue certificates; ETSI EN 319 411-1 section 6.5.2 related to cryptographic modules; ETSI EN 319 412- 1 related to digital signature and structures of common data and FIPS 140-2 level 3 related to security requirements for cryptographic modules under the program of cryptographic module validation program.

Although there is no specific rule as to the use of electronically executed documents by the Aviation Authority, it should be noted that such documents are valid if a permissible identification procedure has been used, the signatories are properly identified, and the integrity of the document is guaranteed (articles 1366 and 1367 of the French civil code). The certification of the signatures must be provided by an eIDAS.

Not applicable; see statement to 1) above.

No, the Law does not regulate a specific technology. The applicable regulations state that the advanced electronic signature will always be of general application, proving the existence of obligations and giving access to the registration of these documents in the public registries. However, in order to promote digital transformation, the government may grant the equivalence of effects to the advanced electronic signature for certain cases to other types of signature or means of identification of persons, among others, as follows: 1) Hybrid technologies based on Public Key Infrastructure (PKI) and Biometric Signature or any other equivalent or substitute technology; 2) Cloud- based electronic signature systems; 3) Two-factor systems; 4) Biometric systems including photographic means; 5) Others that may be developed as technologies advance.

For an electronic signature to be considered reliable and presumptively valid under the IT Act:

• it must be unique to the signatory;
• at the time of signing, the signatory must have control over the data used to generate the electronic signature;
• any alteration to the affixed electronic signature or to the document to which the signature is affixed must be detectable;
• there should be an audit trail of steps taken during the signing process; and
• The signer certificates must be issued by a certifying authority recognized by the Controller of Certifying Authorities appointed under the IT Act.

In accordance with Article 1 of CAD, digital signatures qualify as “a particular type of qualified signature based on a system of cryptographic keys, one public and one private, related to each other, which allows the holder through the private key and a third party through the public key, respectively, to make manifest and to verify the origin and integrity of an electronic document or set of electronic documents. Therefore, the digital signature is a particular type of qualified electronic signature (regulated under the eIDAS Regulation), characterized by specific technologies that, by reversing the cryptographic signature procedure, allow parties to verify the integrity and security of an electronic document.

There is a variance in the requirements for a valid electronic signature under the different Kenyan statutes that recognise the use of electronic signatures. Under the KICA, there is a requirement that a “certificate” must be issued by an e-CSP to authenticate the digital signature. KICA defines a “certificate”, and the definition presumes that every time a digital signature is used, the signature must be authenticated by an e-CSP. However, there are no corresponding substantive provisions in the KICA requiring the authentication of electronic signatures. We also note that the term “digital signature,” which has been used in the definition of a certificate, is not defined under the KICA. The regulator, the Communications Authority of Kenya, has, however, indicated on its official website that the term “digital signature’’ refers to an advanced electronic signature (we note that the explanation on the website cannot be a substitute for a statutory authority).

Furthermore, the need for authentication through certificate issuance is not a requirement under any other statutes amended by the BLAA or the Companies Act. As mentioned above in question 1, the Companies Act and the BLAA do not outline any specific requirements regarding signatures, except for the Companies Act, which specifies the witnessing of a sole director’s signature.

N/A.

The execution of all documents (other than the IDERA, Deregistration power of attorney and the Maltese law mortgage) in electronic form is accepted in Malta. The eIDAS regulations (Regulation (EU) No 910/2014), which is an EU regulation on electronic identification and trust services whereby a legal framework for electronic signatures has been established, is automatically applicable in Malta and need not be transposed into Maltese law. To our knowledge, no specific cryptographic platforms have been developed by any local institute of technology for the aviation industry.

N/A.

The E-signature Law defines three types of e-signatures: (i) simple, (ii) advanced, and (iii) qualified electronic signature; however, only a qualified electronic signature ensures full equivalence in terms of validity and enforceability with that of a handwritten/wet ink signature. Depending on the type of signature and purpose for which it is used, different requirements are needed. In terms of e-signatures, specific requirements prescribed by law are only needed for qualified ones, as it provides the highest level of reliability and certainty.

Qualified electronic signatures issued by the authorized bodies in the countries with which Montenegro has entered into the relevant bilateral agreements should have the same legal effect as the qualified electronic signatures issued by the Montenegrin Authorized Bodies. However, at the moment, the bilateral agreements are only concluded with Serbia and Northern Macedonia.

Generally, the Evidence Act provides that an electronic signature satisfies the rule of law if it complies with a procedure in existence by which it is necessary for a person to proceed with a given transaction and complies with a security procedure, if any, for the purpose of verifying that the electronic signature was executed by such a person.

However, there is no specific requirement of completion with a cryptographic platform developed by any local institute of technology under Nigerian law. The Nigeria Civil Aviation Regulation provides that an electronic signature, or any other form of signature, should satisfy the requirement of being a unique identification used as a means of authenticating a record entry or record by an individual.

In addition, Section 84 () of the Evidence Act provides that for a statement in a computer-generated document to be admissible in court, the following conditions are required to be satisfied:

1. (a)  that the document containing the statement was produced by the computer during a period over which the computer was used regularly to store or process information for the purposes of any activities regularly carried on over that period, whether for profit or not by anybody, whether corporate or not, or by any individual;
2. (b)  that over that period, there was regularly supplied to the computer in the ordinary course of those activities information of the kind contained in the statement or of the kind from which the information so contained is derived;
3. (c)  that throughout the material part of that period, the computer was operating properly or, if not, that in any respect in which it was not operating properly or was out of operation during that part of that period was not such as to affect the production of the document or the accuracy of its contents; and
4. (d)  that the information contained in the statement reproduces or is derived from information supplied to the computer in the ordinary course of those activities.

N/A

Under the general rules of the Electronic Documents Law, a qualified electronic signature is the only equivalent to a handwritten signature. All qualified electronic signatures must be a) uniquely linked to the signatory, b) capable of identifying the signatory, c) created using electronic signature creation data that the signatory can (with a high level of confidence) use under his sole discretion, d) linked to the data signed therewith in such a way that any subsequent change in the data is detectable and e) created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures. Additionally, the Electronic Documents Law prescribes in detail all technical requirements for qualified certificates and qualified trust service providers.

In accordance with the previously mentioned, there are no legal obstacles to acceptance of an electronic signature, subject to the following important qualifications:

– the use of a qualified electronic signature would be required;

– there might be technical obstacles, as some public institutions might not have the technical means to accept an electronic signature;

– there is still a rather conservative market approach, and the use of electronic signatures is not widely accepted in practice.

The general rule established under the Ordinance is that “no document, record, information, communication, or transaction shall be denied legal recognition, admissibility, effect, validity, proof or enforceability on the ground that it is in electronic form and has not been attested by any witness.” Further, under Section 7 of the Ordinance, “the requirement under any law for the affixation of signatures shall be deemed satisfied where electronic signatures1 or advanced electronic signatures2 are applied”.

On this related note, Article 73 of the Order sets out the requirements for the admissibility of primary evidence in a court of law in Pakistan. The nature of primary evidence has been amended by the Ordinance to include an electronic Document3, first generated, sent, received or stored in electronic form, to which a security procedure4 was applied thereto at the time it was generated, sent, received or stored. Further, pursuant to Article 78-A of the Order, if a document is alleged to have been signed or have been generated wholly or in part by any person through the use of an information system5 and is denied as having been signed or generated as such, the application of a security procedure to the signature or the electronic document must be proved.

Notwithstanding the answer to the previous question, it should be pointed out that there are specific requirements for the validity of the electronic signature types which are indicated in Article 1-A of Supreme Decree No. 052-2008-PCM, “Regulations of the Law of Digital Signatures and Certificates”:

“TITLE I
GENERAL PROVISIONS

ARTICLE 1-A.- The following three (03) types of electronic signature are recognized:

1. a)  Simple Electronic Signature. It is a data in electronic format attached to other electronic data or logically associated with them, used by a signatory to sign.
2. b)  Advanced Electronic Signature. A simple electronic signature that meets the following characteristics: (i) it is uniquely linked to the signatory, (ii) it allows the identification of the signatory, (iii) it has been created using signature creation data that the signatory can use under its control, and (iv) it is linked to the signed data in such a way that any subsequent modification thereof is detectable.
3. c)  Qualified Electronic Signature. A qualified electronic signature or digital signature is an advanced electronic signature that complies with the provisions of Chapter II of these Regulations”.

Regarding the provisions of section c), Chapter II states that the qualified electronic signature must be provided by a provider entity that is duly registered /accredited at INDECOPI, and complies with all the characteristics and requirements established by law.

N/A

In general, no. Please note the comment to pt. 1) above.

However, there can be exceptions stemming from statutory or contractual requirements of form. In particular, if the law requires a written form for a document ‘under the pain of being void’, it could only be replaced by a document executed with a qualified electronic signature. Of course, if the governing law requires a special form for a given document (e.g., a notarial deed, notarization of signatures), it cannot be replaced by any electronic format.

Also, electronic filings made with administrative authorities (including CAA) have to be made in one of the formats provided for in art. 14 of the Code of Administrative Proceedings, including a QES or a specific Polish government digital platform. A simple e-mail or message using platforms such as WhatsApp, Messenger or Telegram will not be accepted as a formal filing in legal proceedings (e.g., for registration or license).

There are three different types of e-signatures:

• Standard (unsecured) Electronic Signature (SES) – means data in electronic form that is attached to or logically associated with other data in electronic form and which is used by the signatory to sign;
• Advanced Electronic Signature (AES) – means an electronic signature that is i) uniquely linked to the signatory; (ii) capable of identifying the signatory; (iii) created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and (iv) linked to the data signed therewith in such a way that any subsequent change in the data is detectable.
• Qualified Electronic Signature (QES) – means an advanced electronic signature that is created by a qualified electronic signature creation device and which is based on a qualified certificate for electronic signatures.

QES meets the highest standard of security and is the only signature type that has the same legal effect as a handwritten signature.

Portugal, as a member of the European Union, follows ETSI (European Telecommunications Standards Institute) standards to define the technical requirements for QES.

QES must originate from a Qualified Signature Creation Device (QSCD) and be issued from a Trust Service Provider (TSP) on Portugal’s list of TSP providers.

A QES is automatically granted, free of charge, by the Portuguese Government to each Portuguese citizen (attached to the Portuguese Identity Card) and said e-signature can be used for signing documents in a vast number of Public and Private Services.

There are no specific platform and/or technological requirements.

The extended electronic signature must fulfil the following cumulatively conditions: (i) is uniquely linked by the signatory, (ii) ensures the identification of the signatory, (iii) is created by means controlled exclusively by the signatory, and (iv) is linked by the data in electronic format in such a manner as to allow identification of any subsequent change.

Also, the extended electronic signature must be based on an unsuspended and unrevoked qualified certificate and must be generated with the help of a secured device for creating the electronic signature.

The secured device for creating the electronic signature is the configured software and/or hardware used to implement any data in electronic form with unique characters, such as private cryptographic codes or keys. Such secured device must meet the following cumulative conditions:

a) the signature creation data used in order for the signature to be generated must appear only once, and their confidentiality must be ensured;

b)  the signature creation data used in order for the signature to be generated must not be deduced;

c)  the signature must be protected against forgery by the technical means available at the time the signature is generated;

d)  thesignaturecreationdatamustbeeffectivelyprotectedby the signatory against their use by unauthorized persons;

e)  not to modify the data in electronic form, which must be signed, nor to prevent them from being presented to the signatory before the completion of the signing process.

Mention is made that the qualified certificate for the electronic signature must be issued by a specialized company authorized to this end in Romania and must fulfil certain conditions. If the issuer of the qualified certificate has the headquarters within another state, in order for such certificate to have the same effects as a Romanian one: (i) the supplier must be authorized, (ii) a Romanian-authorized supplier guarantees the certificate, (iii) the certificate or the supplier is recognized through a bilateral or multilateral agreement, based on reciprocity.

As mentioned, submission of specific documents mentioned in question 1) above in electronic form to the Directorate is not possible.

The qualified e-signature is the only substitute for a handwritten signature under the Law. Therefore, whenever it is specifically required that a document be signed in wet-ink (and there are no prohibitions for such document to be e-signed), the qualified e-signature is the only viable option for e-signing. A qualified e-signature is defined as an advanced e-signature that is: (i) created by a qualified electronic signature creation tool, (ii) based on a qualified electronic signature certificate, and (iii) issued by a competent certification authority, in accordance with the Law.

N/A. Please note that the eIDAS Regulation sets out the legal framework for electronic signatures and distinguishes between low, medium, and high levels of assurance. A process requiring a high level of assurance consequently requires a qualified electronic signature, which is also the only equivalent to a handwritten signature.

The Spanish Aviation Agency AESA has developed its own platform, which enables citizens to communicate with AESA and vice versa. This platform is used in connection with regulatory issues such as AESA inspections, fines, etc. and also for passenger claims. Documents relating to the registration of aircraft are also filed with the help of this platform. However, it does not allow for transaction closings.

Generally speaking, Regulation (EU) No. 910/2014 of 23 July 2014 on electronic identification and trust services for electronic transactions (“eIDAS Regulation”), which is in force for Spain, establishes the legal framework for electronic identification and trust services, including electronic signatures and the conditions for mutual recognition among EU Member States. The Regulation provides for a pan-European level public key infrastructure for the identification and authentication of electronic signatures in public services. The Spanish Act 6/2020 enacted certain detailed provisions of the eIDAS Regulation, providing for a legal framework in Spain for the use of electronic signatures and recognition of their legal validity.

Not applicable (see question 1 above).

The FAA requires that any electronic signature meets certain criteria to be considered valid and enforceable. Specifically, the FAA requires that electronic signatures be “digital signatures.” An acceptable digital signature will have, at minimum, the following components:

1)  Shows the name of the signer and is applied in a manner to execute or validate the document;

2)  Includes the typed or printed name of the signer below or adjacent to the signature when the signature uses a digitized or scanned version of the signer’s hand-scribed signature or the name is in a cursive font;

3)  Shows the signer’s corporate, managerial, or partnership title as part of or adjacent to the digital signature when the signer is signing on behalf of an organization or legal entity;

4) Shows evidence of authentication of the signer’s identity, such as the text “digitally signed by” along with the software provider’s seal /watermark, date and time of execution; or have an authentication code or key identifying the software provider; and

5) Has a font, size and color density that is clearly legible and reproducible when reviewed, copied and scanned into a black-on-white format.

The FAA does not specifically require the use of a cryptographic platform developed by a local institute of technology for electronic signatures in aviation-related documents. However, some organizations may choose to use cryptographic platforms or other technologies to ensure the security and authenticity of electronic signatures and records. While the FAA does not require the use of a specific cryptographic platform for electronic signatures, organizations should ensure that any technology used meets the FAA’s requirements for electronic signatures and records. Accordingly, we recommend consulting with legal and industry experts familiar with the specific requirements and best practices for executing and managing aviation documents in a digital format.