What’s the impact of Brexit on the digital signature landscape?

Brexit impact on digital signatures

From now on, the 31st of January 2020 will be marked in the history books as Brexit Day: the day where the United Kingdom, after 47 years of membership, has officially left the European Union. What implications does this have on the digital signature landscape and your digital contracts? Let’s find out.

Transition period

Even though Brexit is a topic that has already been top of mind for quite a while it is obvious that, due the many possible changes on rules and regulations, the UK’s departure from the EU will not have immediate consequences on digital transactions. Now that the UK has a withdrawal agreement, it has agreed with the European Union to set up a transition period until the end of 2020 while both parties continue to negotiate on additional arrangements.

In short, the pre-Brexit rules on trade, travel and business will continue to apply during this transition period. What will happen after this period of transition depends on the result of negotiations made during the rest of 2020.

GDPR & eIDAS

The GDPR (General Data Protection Regulation) & eIDAS (Electronic Identification, Authentication and Trust Services) are both EU regulations. Will they still apply after the transition period? No…not entirely.

This does not mean that the way of doing business will have to change drastically. Companies with branches in the UK and the EU that use digital signatures & contracts will probably not have to make too many changes to their corporate business processes because of the preparations the UK has already made leading up to Brexit.

Even though GDPR is an EU regulation, every country is allowed to add local legislation to apply on top of the general laws & rules. In 2018, the UK has issued the Data Protection Act 2018 as a local supplement to GDPR within the UK. This act will continue to apply. Furthermore, the arrangements of GDPR will be incorporated directly into UK law after the transition period, to apply alongside the DPA 2018, as stated by the Information Commissioner’s Office (ICO).

The eIDAS regulation was brought to life to provide uniformity and security in electronic transactions across EU member states. It was activated on 01/07/2016 in the European Union. Since it is a European regulation, it had direct effect in UK law and automatically applied in the UK. Some specific additions on the effect, supervision and enforcement of eIDAS in the UK were issued as the Electronic Identification and Trust Services for Elecronic Transactions Regulations 2016, also referred to as “The UK eIDAS Regulations.”

These additions were laid before parliament on the 1st of July and came into effect on the 22nd of the same month. And to be clear, all of this was after the Brexit referendum was first issued. The fact that the UK approved and implemented an addition to an EU regulation after expressing their will to part from the European Union is a clear sign that they tend to agree with the contents and regulations of eIDAS.

Back to the future

The main question that everyone wants to know the answer to is: “What now?”

Well, we don’t know for sure. But we can make a reasoned guess.

Now that the Brexit process is complete, the UK would be allowed to review & change the regulations that apply.

However, it seems very unlikely they will do so. Of course, since they are no longer a member of the EU, they will need to issue new systems and regulations. But it is expected that those will be similar or closely linked to the current European regulations, to keep the uniformity on regulations concerning electronic signatures and identification. As stated in an FAQ-document issued by the ICO, “eIDAS will no longer apply, but the government intends to incorporate the eIDAS rules into UK law.” Not quite a certainty yet, but nevertheless it’s a very good sign. Since the exit date and during the transition period, the UK eIDAS applies until further notice.

Additionally, the UK government stated that transferring data from the UK to the EEA (European Economic Area) will not be restricted. On data coming from the EEA to the UK, GDPR transfer rules will apply after the end of the transition period. So companies that operate from within the UK will have to figure out which GDPR safeguards they have to actively set up to ensure a legal and steady data flow into the UK.

To conclude, we shouldn’t worry about this too much just yet. Nothing has been set in stone so far but a lot of elements indicate there is no reason to panic: the active transition period, the UK government’s positive attitude towards current EU rules & regulations concerning digital transactions and the willingness of both parties to continue conducting business. The future looks like it won’t change all that much…for now.

If you have any questions on digital signatures, the legal frameworks or data transfer, don’t hesitate to contact us! We will be more than happy to help you.