E-signatures in finance and NPL transactions in Austria

There are only a few documents that cannot be signed or established electronically. These documents essentially concern last wills and a bill protest. All other types of documents can, in some form, be signed or created electronically.

Depending on the type of agreement, specific requirements for electronic signing or electronic creation may apply, e.g. documents where legally the written form is required. If the written form is required (see also 2. below), the electronic signature generally needs to be a QES. An AES will not suffice.

In addition, documents that require notarisation of the signatures or the creation of a notarial deed can be established electronically. Since early 2021, such documents can even be signed with notarised signatures or established in the form of notarial deed via means of distance communication, i.e. without physical presence before the notary being required. Before the electronic signing of such documents, the notary will set up an electronic data room and each participant will be required to follow a video identification of his/her identity via a tool like WebID. This is similar to electronic customer onboarding of, e.g. banks.

In the context of international finance transactions, the following documents that (a) require written or notarised form but (b) can be signed or created electronically are most relevant:

• agreements concerning Austrian real estate, e.g. mortgage agreements, sale and purchase agreements, powers of attorney concerning real estate agreements;
• certain documents concerning Austrian limited liability companies (Gesellschaften mit beschränkter Haftung – GmbH), e.g. while a share pledge agreement as such does not need to be notarised, ancillary documents such as powers of sale or voting proxies need to be signed with notarised signatures); 
• powers of attorney that relate to transactions with special-form requirements, e.g. sale of real estate, establishment of a GmbH, documents regarding a sale of a GmbH, powers of sale under real estate mortgages or under share pledge agreements, voting proxies under a share pledge agreement; and
• certain sureties and guarantees.

If the written form is required by law, the electronic signature needs to be a QES in order to have the same legal effects as a handwritten wet-ink signature. There is the possibility to achieve the same legal effects also with AES – if the AES is affirmed by a notary (see also 1 above) in which case the AES (that has been affirmed by the notary) has the same legal effects as a QES.

If the notarised form is required, the electronic signature of signatory does not strictly need to be a QES and an AES would suffice. This is because signing still takes place before the notary public (even if only via video conferencing) and hence the notary will certify the identity of the signatories. 

No. If the written form is required, the signature needs to be a QES to have the same legal effect.

If the notarised form is required, the documents can be signed or created electronically but the rules applicable to electronic notarisation/creation of electronic notarial deeds need to be followed. 

Under Austrian law, if no specific form requirement exists, the parties are generally free to decide themselves.

Ultimately, the questions involved come down to the level of evidence the parties wishes to meet:

As outlined above, only a QES has the legal effect of the written form under the Austrian Civil Code. In addition, only a QES will ensure that the signatory is correctly identified as the actual signing person. Moreover, pursuant to the eIDAS Regulation, only documents to which a qualified electronic seal is attached will benefit from the presumption that their contents are of integrity and correct origin.

The parties are, of course, free to use alternative means of signing documents/entering into legal agreements; however, in such case they will not benefit from the (privileged) legal presumptions mentioned above.

1. The most secure alternative way is to organise a physical signing by all parties. Each signatory would sign the transaction documents in person and each signatory would put his/her agraffe on every page of the document. The signed document would then be scanned and distributed to all parties as PDF copy. 
2. Most common in current international transactions is the exchange of signed signature pages in PDF form only. For this purpose, one party (often a law firm) sends out PDF execution copies to all parties and asks for scans of each signature page to be returned. This party then compiles a PDF copy containing scans of all of the signature pages.
3. Theoretically, an agreement governed by Austrian law—as long as no special statutory form requirements exist (such as is often the case with agreements involving real estate)—does not need to be signed at all; provided that the parties have otherwise agreed the terms of the document. Hence, if the parties reach a general consensus that an agreement is entered into orally only or by way of generally accepted indicators, from a purely legal perspective this would be possible.
4. Building on what is said in point c. above, the parties would be free to use, e.g. platform solutions where transaction documents (to the extent not subject to special statutory forms requirements) are “executed” by the parties ticking boxes or the like to prove their intent to be bound by the terms of a specific agreement or document. To give users sufficient comfort, such platform would need to ensure a consistent and transparent documentation of user registration and ensure that, when “executing” a document (or in fact, showing an intent to be bound by, e.g. ticking boxes) the identity of the person “clicking” (ticking the boxes) is verifiable and correct. Depending on the platform, there may be different layers or shades of grey to achieve this. From smsTAN and pushTAN to a mere entering of passwords, it essentially always comes down to the level of security users are seeking. While smsTAN and pushTAN can be linked to a specific person more closely than a true electronic signature, entering a mere password appears to be the more convenient choice.
5. For the sake of completeness, we should mention that alternatively to a QES, there is also the possibility to sign documents via an AES under the eIDAS Regulation. An AES is an electronic signature similar to a QES and fulfils certain criteria, but is not based on a qualified certificate for electronic signatures delivered by a qualified trust service provider. 

However, the signatory still needs to obtain a certificate for such AES from a service provider. Hence, the practical efforts of an AES are the same as with a QES. Additionally, the AES is subject to less strict requirements from a service provider’s point of view. This results in an AES not benefitting from the same legal assumptions as a QES.

An attorney countersigning is not a means of authenticating documents/contracts under Austrian law. The countersigning of documents by an attorney at law, on the basis of a power of attorney, is ruled by the general form requirements, as described above.

As mentioned above, since early 2021 there has been fully digital and remote electronic signing process applicable for notarial deeds and notarization of signatures:

• The notary public is entitled to authenticate the signer’s advanced or qualified electronic signature; the signer does not necessarily have to be physically present at the location of the notary but can sign the document remotely during a video call with an AES or QES before the notary public.
• The notary public is entitled to create a notarial deed in electronic form; the signer does not necessarily have to be physically present at the location of the notary, but can sign the document remotely on a video call with an AES or QES before the notary public.

Yes.

In the case of electronically issued documents that are transmitted electronically to the competent authority without media disruption, the data contained in the electronic signature or seal certificate can now be confirmed by means of electronic signature confirmation (apostille) if the technical and organisational requirements are met.

Electronic apostilles are equivalent to paper apostilles and are recognised by the contracting states of the “Hague Convention Abolishing the Requirement of Legalisation for Foreign Public Documents” (supplemented by the Austrian Apostille Act). The Austrian Apostille Act was amended in 2017 to allow for e-Apostilles. However, currently not all contracting states issue e-Apostilles. Before applying for an apostille, it is therefore advisable to ask the competent authority of the target state whether an electronically signed document bearing an e-Apostille will be recognised or whether the presentation of a document in paper form is mandatory due to local regulations.

Yes. Financial institutions are entitled to identify and verify their customers in an electronic way.

Option A – Video ID

The legal framework for digitised onboarding is set by the Austrian Financial Market Authority (“FMA”) in its Ordinance on Online Identification (“FMA Online Identification Ordinance”). Many banks use third-party providers to comply with the rather strict standards for online identification set out in the FMA Online Identification Ordinance by way of outsourcing. The strict standards comprise, e.g. that the conduct of the identification is done only by educated personnel in a separate room with access control and in live conditions. 

Such onboarding is most commonly conducted via videoconference (e.g. IDnow), where an operator verifies the identity of the customers in compliance with the FMA Online Identification Ordinance.

Option B – QES

Alternatively, the customer can submit a declaration signed by QES, provided that in addition:

1. regarding legal entities, the registered office is also the seat of the central administration, in respect of which the customer is required to make a written declaration;
2. a copy of the official photo identification of the customer or his/her legal representative or, in the case of legal entities, of the body authorised to represent the customer, is presented to the obliged entity before the time of conclusion of the contract, unless the legal transaction is concluded electronically by means of a QES; and
3. in the case of customers who have their registered office or place of residence in a third country, the obliged entity has received a written confirmation from another credit institution with which the customer has a permanent business relationship in which that credit institution confirms to the obliged entity that the identity of the customer has been established and verified and that the permanent business relationship is maintained. If the confirming credit institution has its registered office in a third country, this third country must fulfil the requirements pursuant to the 5AMLD. Instead of identification and confirmation by a credit institution, identification and written confirmation by the Austrian representative authority in the third country concerned or by a recognised certification office is also permissible.

Option C – Biometric identification procedures

Alternatively, online identification may also be carried out by means of appropriate biometric identification procedures, provided that this is permissible under Article 9(2)(a) of Regulation (EU) 2016/679.

This option does not require interference of an employee but can be conducted through an automated electronic procedure.

However, only photo IDs whose content has been electronically signed by the issuing authority may be used for biometric identification procedures. This requirement is currently not applied and will enter into force on 1 January 2023.

The biometric identification procedure must

• correspond to the current state of the art (to be updated on an ad hoc basis); and
• achieve a level of security that ensures at least equivalent compliance to online identification by employees.

The obligated party must take appropriate measures to ensure the integrity and security of the procedures used, including ongoing active monitoring measures to immediately detect and eliminate any problems.

The biometric identification procedure shall be documented by the obliged party in a comprehensible manner. The obligated party shall verify the actual participation of the potential customer or his authorised natural person in the online identification by means of suitable security measures, which shall in any case include verification by means of a video recording made during the online identification (presence verification).

The beneficiary owner declaration and PEP declaration can be signed with a QES.