What is an electronic signature and how to create one? Instructions for entrepreneurs

An electronic signature works like a digital ID card. It can verify your identity, ensure the legal validity of documents and protect digital documents from forgery. For businesses, it saves time, reduces costs and enables them to sign contracts from the other side of the world.

When do you need an electronic signature?

As an aspiring entrepreneur, you're probably wondering if you need an electronic signature at all. In most cases, you won't use it right from the start. For communication with the authorities, you only need a data box, which as an entrepreneur is legally obligatory and free of charge.

You will only appreciate an electronic signature when communicating with business partners, suppliers and customers. It is also suitable for international trade, because the data box works only in the Czech Republic. In addition, some companies may require you to provide an electronic signature directly.

In addition to business relationships, you will also need an electronic signature for specific official tasks that the data box cannot handle, for example:

• filing tax returns via the EPO portal;
• income and expenditure statements for self-employed persons;
• applications for sickness insurance;
• applications for EU subsidies;
• participation in public procurement.

Three levels of electronic signature

Czech legislation distinguishes three types of electronic signatures according to their level of security and associated legal force.

1/ Simple electronic signature

The simplest form of electronic signature does not require any special technical security. It can be a check of the "I agree" box on a website, a finger signature on a tablet or a scanned image of your handwriting. However, because of this simplicity, it has limited legal force and its authenticity is difficult to prove in court.

A simple electronic signature is suitable for:

• ordinary email communication;
• internal company documents;
• informal agreements with business partners.

2/ Guaranteed electronic signature

A secure electronic signature is a compromise between simplicity and security. It requires a qualified certificate from an accredited certification authority that uniquely identifies the signer and can detect any changes to the document after it has been signed.

Unlike a qualified signature, the private key is stored directly in the certificate store on the computer. The legal strength of a guaranteed signature is lower than that of a qualified signature, and its validity must still be proven in court, but it provides sufficient credibility for most business relationships.

A guaranteed electronic signature is suitable for:

• contracts with suppliers and customers;
• Business correspondence requiring a higher level of trust;
• invoices for larger clients;
• internal company directives and instructions.

3/ Qualified electronic signature

This is the highest level of electronic signature. It offers maximum security and is legally equivalent to a handwritten signature. It requires not only a qualified certificate from an accredited certification authority, but also a hardware means of storing the private key, such as a USB token or smart card (i.e. it is not stored on a computer). The qualified signature is also valid throughout the European Union via the eIDAS Regulation.

A qualified electronic signature is suitable for:

• filing tax returns via the EPO portal;
• income and expenditure statements of self-employed persons;
• applications for sickness insurance;
• communication with the state administration and authorities;
• applications for EU subsidies;
• contracts with high financial value;
• public contracts (but usually a guaranteed signature may be sufficient; the contracting authority usually specifies the level of electronic signature);
• international commercial contracts;
• documents for foreign partners.

How do you get an electronic signature?

Qualified certificates (through which you can obtain both a guaranteed and a qualified electronic signature) are issued by three authorities in the Czech Republic and it is up to you to choose which one:

Standard procedure for processing an electronic signature

This involves selecting an authority, completing an application, proving identity and installing the certificate on the organisation's device according to the instructions provided. The whole process usually takes a few days and requires a personal visit to the branch or the use of an eID card (or other digital identification method).

Providers currently charge the following amounts (including VAT) for setting up an electronic signature:

• First Certification Authority (I.CA): qualified certificate for eSignature CZK 725;
• PostSignum (Czech Post): qualified personal certificate CZK 440;
• eIdentity: qualified certificate for electronic signature CZK 477.95.

Simplified processing procedure (outsourcing)

Entrepreneurs who want to save time and avoid administration can use the service ElektronickyPodpis.cz. It specialises in assisted set-up and adjustment of the PostSignum certificate directly at the client's premises.

The service covers both the certificate setup itself, as well as its proper setup and basic training on its use. This delegates the technical issues and lets you focus on your own business.

How do I sign with a digital signature?

You can sign a document in seconds - see for yourself in the video tutorial.

Signing a document from the tutorial is done in PDF-XChange Editor; a low-cost advanced PDF software that can also handle conversions from any format to PDF and vice versa.

Practical tips on choosing and using electronic signatures