Electronic Signatures, Contracts, and Archiving in Hungary

Electronic Signatures, Contracts, and Archiving in Hungary

TMT Comparative Guide: 2022
Tools
Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

Contributed by Provaris.

1. Legal framework for writing and electronic contracts

a. What are the requirements in your jurisdiction to consider a document to be in writing? Are there any formal/technical requirements?

The Hungarian legal framework considers the formal requirements of documents crucial and as a validity requirement in certain cases, especially in civil law and in certain industries, business sectors (e.g., finance), for instance with documents concerning suretyships, contractual penalties, or with contracts such as the sale of real estate or pre-emption. The requirement for a document to be made in writing is a precaution to ensure that the content and party(ies) producing the document can be subsequently proven.

The requirements for a document to be in writing are established by Section 6:7 of the Hungarian Civil Code, which states that a document qualifies as written if at least its material content is put down in (hand)writing, and the party(ies) sign it. The material content of a document cannot be determined generally, considering that different types of documents (e.g., contracts of sale, wills, authorizations, etc.) require different essential elements to be valid. Under applicable Hungarian law practice, a document is signed when the party executes the document with a wet signature, which is capable to prove the identity of the party, and which also indicates that the party acknowledges the document as their own. Either the Civil Code or different legal acts may contain further requirements regarding special situations (e.g., public deeds or private deeds of full probative power), but these two conditions are considered by the Civil Code to be the most fundamental.

However, electronic documents must correspond to further requirements so that the law would consider them to have been made in writing. The Civil Code intends to secure that an electronic document is authentic and unadulterated, with regard to the content, time, and the party(ies), hence it requires that it is presented in a form that allows for the proper recall of the content of the document, and for the identification of the person who made the statement and the time the statement was made.

In line with European Union policy, the regulation of the validity of electronic documents is technology-neutral, thus it allows for the possibility that many solutions could provide valid electronic documents. Unfortunately, the requirements set by the aforementioned provisions of the Civil Code can only be satisfied by the use of digital signatures. Simple electronic documents cannot adequately prove the authenticity of either condition or they are generally not regarded to be in writing.

b. Are electronic documents [e.g., an email] per se considered to be in writing under your law?

Under applicable Hungarian court practice, decisions of the Budapest Regional Court of Appeal and the Szeged Regional Court of Appeal both categorically declined the notion to accept the “written” nature of simple emails. The former case is of particular interest: the plaintiff sent a properly written, signed, and stamped claim for press correction to the defendant in scanned format via email. The court held that this way the claim cannot be considered to have been made in writing – which is a pre-requirement for the procedure to initiate – because it was attached to an email that was not signed with an advanced electronic signature, and as such the scanned document cannot sufficiently satisfy the requirements to be authentic and unadulterated.

However, Hungarian labor courts hold a different opinion. While the Labor Code also states that a document must allow for the recall of the proper content, the identification of the person who made the statement, and the time of the statement, it does not require the document to be signed by the party. In an opinion, the Curia (the Hungarian supreme court) held that the validity of an electronic document not properly signed by the employer cannot be disputed by the employee if it is undoubtedly made by the employer and the authenticity of the document is not contested by the employee.

c. What probative power paper and/or electronic documents have that are to be considered in writing?

The Hungarian Code of Civil Procedure is based on the principle of free appraisal of evidence and the validity of a document made in writing does not automatically imply probative power to it. In this matter, Hungarian law does not differentiate between paper and electronic documents: if they do not qualify as a public deed or a private deed with full probative power, they are not given a statutory presumption, and the court will determine their probative value in accordance with the standard procedure.

On the other hand, electronic documents can qualify as both public deeds and private deeds with full probative power. Public deeds, issued by a court, a notary, or another authority or administrative organ, prove with full probative power that the issuing entity carried out a measure or adopted a decision and that the data and the facts included in the document are true, and the statement was made as that specific place and manner. The Hungarian Code of Civil Procedure also requires public deeds made in an electronic form to contain a qualified electronic signature or stamp, an advanced electronic signature or stamp based on a qualified certificate, and – if required by law – a timestamp. The advantage of making such documents (and private deeds with full probative power) is that, unlike a regular, unauthenticated private deed, the document, and its content shall be deemed original unless proven to the contrary.

The Code of Civil Procedure also offers a number of ways to perform an electronic private deed with full probative power: the document must be attached with a qualified electronic signature or an advanced electronic signature based on a qualified certificate, and it must be authorized using a Document Authentication Based on Identification service, or the document is attributed to the issuing person by a service provider via a specific authentication service specified by law.

d. What are the general rules and requirements to conclude a contract electronically?

With regard to the conclusion of contracts electronically, it must be noted that the EU E-Commerce Directive specifically obliges EU Member States to allow for and create the legal framework of electronic contracts.

The requirements for concluding a contract electronically do not substantially differ from those of a valid electronic document. To conclude a contract electronically, the parties need to have at least an advanced electronic signature, the use of which will enable them to create a valid electronic contract. The law does not stipulate that both parties must sign the contract electronically: it is perfectly acceptable that one party attaches their electronic signature with the contract while the other signs it traditionally. In fact, it is not necessary for the parties to sign the same copy of the contract if both the traditionally and electronically signed copies are available to both of them.

Furthermore, the use of electronic signatures to conclude the contract may prove beneficial to enterprises if they have qualified electronic signatures or advanced electronic signatures based on a qualified certificate. Concluding contracts with these two types of electronic signatures will render the contract into a private deed with full probative power which offers more security for the parties than signing a contract by hand.

By incorporating the provisions of the EU’s E-Commerce Directive, Sections 6:82-85 of the Civil Code also provide regulation for the conclusion of electronic contracts. These sections do not regulate the conclusion of contracts via email or any equivalent individual communication device, hence they only apply to contracts concluded via “clicks.”

The Civil Code provisions oblige the party to the contract who provides the electronic way of contract conclusion to offer adequate information on the process of the conclusion of the contract (e.g., technical steps, the language of the contract, consequences of technical failures), to ensure the continuous availability of its general terms and conditions, and to ensure that the other party is able to correct any mistakes it might have done while filling out the contract with the required information. Any juridical act done electronically becomes applicable only when it is available to the other party. The party who provides the electronic way must also confirm the arrival of the other party’s statements without delay.

It can be seen that these provisions of the Civil Code are mostly of a consumer protection nature, as they provide obligations for the party that provides the electronic way of contract conclusion which is usually the business offering its products or services. They also apply in B2B contracts, however, parties to B2B contracts may deviate from these provisions, while parties to B2C contracts are not allowed to do so.

e. Are there any sector-specific rules that define further requirements to conclude contracts electronically [e.g., contracting via an authenticated electronic channel, contracting via video chat, etc.]?

Besides the general provisions, there are some specific rules in Hungarian legislation for different sectors, such as e-commerce or consumer protection. Following EU legislation, Hungary has enacted Act no CVIII of 2001 on Electronic Commerce and on Information Society Services (E-Commerce Act), which in Sections 5 and 6 regulates the conclusion of electronic contracts in the case of information society services. The provisions of the E-Commerce Act do not apply solely to B2C contracts, but it does not apply to the conclusion of contracts via emails or equivalent individual communications. The act outlines the procedure of how to conclude contracts electronically, it establishes what information the service providers must supply to the recipients of the service, and it also requires the service provider to make available its terms and conditions of service in order to try and level the playing field.  As the content of these sections is also incorporated into the provisions of the Civil Code specified in Section 1(d), we do not deem it necessary to reiterate them.

Specific rules on the conclusion of contracts, including electronic contracts between businesses and consumers are found in Gov. Decree no 45/2014 (II. 26.). The provisions of the government decree mainly focus on the information the business must provide the consumer with, while also stipulating the procedure of cancellation and unilateral termination of the contract.

In 2021 the aforementioned Section 6:7 of the Civil Code was amended with paragraph (3a) which regulates the electronic conclusion of contracts regarding real estate, matters of succession, family, companies, and financial services. According to this paragraph, contracts concerning these fields of law that are concluded electronically shall only be considered valid if their content is recorded using characters and they comply with the legal provisions that regulate the creation of electronic documents. The purpose of the amendment was to guarantee the security of such contracts, by establishing the specific requirements they must adhere to in order to exclude the possibility of disputes in these matters that could arise from the insufficient formal requirements of the contracts.

Specific regulations for the electronic conclusion of contracts can also be found in Act no CCXXXVII of 2013 on Credit Institutions and Financial Undertakings (Hpt.), which regulates the activities of actors in the financial sector. Section 279 of the Hpt. expressly requires any contract concerning financial services offered by financial undertakings to be concluded in writing, for which there are some options on how to achieve this. Firstly, the application of advanced or qualified electronic signatures is the most generic solution, that fulfills the requirements, however, it is possible to conclude contracts via closed systems, the application of central administrative electronic identification service, or to make statements using biometric identification.

In order for any of these services to operate lawfully and to consider juridical acts and contracts made and concluded via using them valid, the Hungarian National Bank issued a circular that defines strict requirements that these services must adhere to, and financial undertakings must notify the Hungarian National Bank about their use of such systems and services.

Regarding the conclusion of contracts of financial nature, Act no XXV of 2005 on the Remote Sale of Financial Services prescribes a list of information that financial institutions must provide the consumer with when concluding contracts – among else – electronically.

When concluding a contract, financial institutions must ensure that the other party is not someone with whom they are forbidden to be contracted with under the rules of Act LIII of 2017 on the prevention and combating of money laundering and terrorism financing (Pmt). The Hungarian National Bank in its Decree no 26/2020 (VIII. 25.) allowed for the client screening procedure to be conducted via an audited electronic communications network, which must adhere to very strict requirements set by the National Bank.

A specific provision can be found in Act no XLVIII of 2008 on Advertisements, which in Section 5/B stipulates that contracts on the provision of advertisements must be concluded in writing, however, it also states that contracts concluded electronically are considered to be in writing even if they are not applied with electronic signatures.

2. Digital signatures

a. Are there any laws regulating the use of digital signatures in your jurisdiction?

As Hungary is an EU Member State, the EU Regulation 910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation) is applicable, which regulates the use of – among others – digital signatures in the entire European Union. The eIDAS Regulation is also incorporated in Act no CCXXII of 2015 on Electronic Administration and Trust Services (EATS Act), and the detailed provisions are provided in lower-level legislation, in government [Gov. Decrees nos 451/2016 (XII. 19.) and 137/2016 (VI. 13.)] and ministerial decrees [Interior Ministerial Decrees nos 24/2016 (VI. 30.) and 41/2016 (X. 13.)].

b. Is there any difference between the different types of digital signatures in your jurisdiction?

Based on the provisions of the eIDAS Regulation, there are three types of digital signatures currently acknowledged in Hungary:

(i) Simple electronic signatures, that are not subject to any specific requirements and as such do not hold any probative value either. The eIDAS Regulation defines it as data in electronic form which is attached to or logically associated with other data in electronic form, and which is used by the signatory to sign. Effectively, they are signatures drawn on the document using electronic means or scanned from handwritten signatures. These types of signatures are unable to adequately prove the identity of the signatory person and shall not be used when performing a contract to be in writing.

(ii) Advanced electronic signatures are the next level in terms of probative value and protection. According to the eIDAS Regulation, an advanced electronic signature shall be uniquely linked to the signatory, capable of identifying the signatory, created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control, and linked to the data signed therewith in such a way that any subsequent change in the data is detectable. This effectively means that the document that has been signed using advanced electronic signatures cannot be altered without the parties noticing it, and the document leaves no doubt about the identity of the signatory. Advanced electronic signatures are provided by so-called trust service providers who take responsibility for the identification of the signatories.

(iii) Qualified electronic signatures offer the highest level of authenticity when it comes to digital signatures and are defined by the eIDAS Regulation as advanced electronic signatures that are created by a qualified electronic signature creation device, and which are based on a qualified certificate for electronic signatures. They are issued by qualified trust service providers that must adhere to rigorous security requirements in order to ensure a high level of protection and trust in these services. Qualified electronic signatures are created using a special card or token, and/or software, which will allow the qualified trust service provider to issue a certificate that will become a part of the document and will ensure the identity of the signatory and the authenticity of the signature.

c. What probative power each type of digital signature has in your country?

The different types of digital signatures offer different levels of probative powers to the documents they are attached to. Simple and advanced electronic signatures do not provide any probative value to the documents they are attached to, they only differ in that documents applied with advanced electronic signatures are considered to be in writing, while simple electronic signatures do not have this result. Qualified electronic signatures, on the other hand, will result in the document it is attached to being a private deed with full probative power or – in case the document is issued or signed by the appropriate entities – a public deed.

d. Are there any specific groups of people that are required to have digital signatures [e.g., attorneys, notaries, government officials, etc.]?

With the spread of electronic administration in Hungary from the 2000s onwards, the use of digital signatures became mandatory or at least unavoidable in certain areas. The authenticity of documents and public trust in their services are especially important with notaries, which is why notaries are required to have digital signatures from 2007 onwards. Digital signatures are used to sign electronic public deeds and in certain other cases, such as data requests to ascertain the identity of the party.

Attorneys are not required to obtain a digital signature, however, in most cases, it is unavoidable for them to have one. The EATS Act stipulates that economic operators (e.g. companies, cooperatives, associations, etc.) are obliged to electronic administration in any criminal, misdemeanor, civil, administrative, and authority procedure they are party to, and as such, attorneys that represent economic operators cannot avoid the use of digital signatures. Moreover, in registration procedures, undertakings must submit all documentation in an electronic form to the company registration court, and since legal representation is mandatory in these procedures, attorneys representing the undertaking in the procedure must sign the necessary documents using their digital signature.

Independent court bailiffs are also required to have digital signatures, considering the fact that in recent years, many procedures they participate in have gone digital. Both notaries and court bailiffs receive their digital signatures from their respective chamber or association.

Obviously, since the EATS Act offers the possibility to, and in some cases prescribes the use of electronic administration, it is unavoidable that government officials, court officials, etc. who work as case administrators in such procedures also have their own digital signatures. Within electronic administrative procedures, parties have the possibility to verify the validity of any digital signature on a document using the Governmental Electronic Signature Verification Service, and moreover, parties without a digital signature – in some cases – have the possibility to authenticate their electronic documents using the Document Authentication Based on Identification service provided by the government.

e. Are non-personalized digital stamps recognized in your country with probative power [e.g., digital stamps used by companies, government, or administrative bodies]?

Apart from electronic signatures, the eIDAS Regulation also provides for the use of electronic seals that legal persons can use for electronic documents and administration. These electronic seals are subject to the same provisions as electronic signatures and have the same three types that offer different levels of authentication. Where electronic signatures are used to identify the individual who signed the document, an electronic seal can identify the legal person who issued the document. Qualified electronic seals, just like qualified electronic signatures can also be used to create private deeds with full probative power, which can be of great use to organizations.

3. Digital archiving

a. Are there any laws regulating digital archives and digital archiving in your jurisdiction?

Unlike digital signatures, digital archiving is not regulated at an EU level, and Hungarian legislation is thus independent of that of other European countries. Hungarian law regulates the matter on two levels: the E-Commerce Act regulated the matter first, establishing that if any act prescribes to preserve a document, it can be done so via digital archiving; meanwhile, the EATS Act created a general regulation of archiving services. The more comprehensive, detailed provisions of digital archiving can be found in a lower-level piece of legislation: Innovation and Technology Ministerial Decree no 1/2018 (VI. 29.) (ITM Decree) completes the framework of the two acts established.

b. What are the main legal and technical requirements to digitally archive documents?

The ITM Decree declares itself applicable whenever archiving a document is performed electronically. The primary requirement of the decree is to ensure the preservation of the document in a way that ensures the protection of the electronic document against deletion, deliberate or unintended destruction, retrospective modification, damage, and unauthorized access. It also establishes the obligation of the person obligated to preserve the document to ensure that it remains legible and understandable throughout the period of archiving. The preservation must be done in a way that reflects the type and authenticity of the document.

The decree offers a variety of ways through which the archiving obligation can be performed. If the document is provided with at least an advanced electronic signature, the obligated person has two choices: it can entrust a trust service provider with the digital archiving of the document, or it can perform the obligation itself, by verifying and maintaining the validity of the electronic signature on the document, and it must also comply with the obligation to preserve the software and hardware that allows for the subsequent restoration of the document. The obligation may also be performed using an electronic data interchange system, or, in the case of electronic invoices, it can be done so by creating a hash code of the electronic invoice, which hash code is then transmitted to the tax authority and is preserved together with the electronic invoice document.

A new possibility that was not available before the aforementioned ITM Decree was issued is to perform digital archiving using closed systems without having to approve the use of it by an authority or to have it certified by an accredited certification body. It only requires the developer of the software or IT solution to issue a statement in writing that the software or IT solution is completely compliant with the applicable legal requirements. It also needs to have documentation that offers a detailed overview of the processes of the software or IT solution, applied technologies and standards, the solutions that guarantee the closed system archiving, and the built-in and subsequent control mechanisms. The developer and the person obliged to perform the archiving are jointly and severally liable to ensure that the closed system archiving solution is compliant with the requirements of the decree.

While a progressive approach, the ITM Decree failed to define what exactly is a closed system archiving solution. Different pieces of legislation also use this or similar terms, but only one, namely Gov. Decree no 451/2016 (XII. 19.) defines a closed system, which is an electronic information system separated due to its function that exclusively serves the purposes of satisfying specific demands and the operation of the organization and the technology created explicitly to satisfy said demands and its operation is based on law or an agreement between specific parties without affecting a third party.

International best practice defines a closed system as a state that is capable to ensure the confidentiality, integrity, and availability of the data processed, and the system provides overall and continuous protection to the data that is proportional to the risks. As a combination of the different definitions, a software or IT solution capable to provide closed system archiving should be interpreted as a solution that satisfies the special demands and the operation of the organization and the technology created explicitly to satisfy said demands by ensuring the confidentiality, integrity, and availability of the archived electronic document in a continuous, comprehensive manner that is proportionate to the possible risks.

c. Is there any difference in your country’s regulations between the digital archiving of paper and electronic documents?

Digital archiving of paper documents is also allowed for by the Gov. Decree no 451/2016 (XII. 19.), both for administrative organizations and economic operators. When creating an electronic copy or a paper document, the operator must ensure that the content or the image of the electronic document is identical and authentic to that of the paper document. The operator must apply a clause to the document saying it is “identical to the original paper-based document,” must attach their electronic signature or seal to the document, and must apply a timestamp, if the time of the creation of the copy is important. Economic operators must create a copy of the document in a way that the electronic copy is identical in image.

The governmental decree establishes a requirement that makes the creation of original electronic documents more feasible than creating electronic copies of paper documents. The electronic signature or seal that must be applied to the electronic copy has to be a qualified electronic signature or qualified electronic seal in order to exclude fraud. Many economic operators do not have much need for a qualified electronic signature or seal other than the conversion of paper documents to electronic copies, so this provision of the regulation makes it much harder for economic operators to take advantage of this opportunity. However, it is beneficial to all organizations, that having an authentic electronic copy of the original paper-based document makes the paper document obsolete, and it can be destroyed.

d. Is any third party required to participate in the process of digital archiving in your country [e.g., a trusted service provider, government / administrative bodies, etc.]?

Another great advantage of closed-system archiving solutions is that it excludes the obligation to involve a third party in the process, which could save time and cost to the person obligated to preserve the documents. The further digital archiving possibilities stipulated by the ITM Decree almost all necessitate the involvement of a third party: the hash code of electronic invoices must be transmitted to the tax authority, while the use of an electronic data interchange system fundamentally requires the participation of another party.

The use of trust service providers as provided for by the eIDAS Regulation means that the person obligated to preserve the documents entrusts a trust service provider to archive the electronic document attached with an advanced electronic signature for them. Trust service providers must register themselves with the Hungarian National Media and Infocommunication Authority, which keeps a list of the current trust service providers and performs their monitoring as well.

The provision of trust services is also subject to regulations set by the Interior Ministerial Decree no 24/2016 (VI. 26.). This decree provides detailed regulation within the framework of the eIDAS Regulation on how the digital archiving process is performed. When receiving the document, the trust service provider must first verify the advanced electronic signature on the document and place its timestamp on it. The service provider must not access the content of the document without prior authorization by the principal and must continuously provide access to the document for the principal. Specific and detailed provisions are established for qualified trust service providers and their services.

e. Are there any sector-specific requirements and rules for digital archiving [e.g., archiving both the software and the related data to retrieve information in the financial sector]?

The ITM Decree excludes its applicability from digital archiving of governmental or local governmental bodies, and organizations performing public duties. With the Gov. Decree no 466/2017 (XII. 28.) the government established the Governmental Data Vault which archives data and documents that have been issued in connection with the provision of electronic administration by organizations that are required to allow for electronic administration. The purpose of archiving is to enable data processors (i.e., the organizations that are obliged to archive their data) to rebuild their information systems in case of operational disturbances and to prevent the loss of data.

Regarding the operation of businesses and organizations outside the governmental sphere, there are a number of different requirements for archiving (e.g., invoices, accounting documents, employment documents, financial documentations, etc.), however, specific requirements for digital archiving are rare to be found. The laws and regulations prescribing the retention obligations usually only stipulate the obligation itself, and the means of how to achieve it are left to the obliged person to ensure, who can carry out the digital archiving by adhering to the provisions of the EATS Act and the ITM Decree.

As an example, Section 78 of Act no CL of 2017 on the Rules of Taxation prescribes that the tax subject must preserve invoices for five years, but it does not stipulate that it must be done in paper form or electronically. The only requirement regarding digital archiving is that if the tax authority asks for invoices archived digitally, the tax subject must provide them to the authority in electronic form.

A very specific retention obligation is set by Act no CLV of 1997 on Consumer Protection, which establishes that any complaints made via telephone or electronic communications network must be attached with an individual ID number and must be retained for three years, or – in some cases – five years for complaints made via telephone. Again, the act does not define how exactly to archive the complaints, but it does require the business operating the customer service to store the electronic copy of the documents in a way that it could give it out to the consumer or demonstrate compliance with the consumer protection authority. Another example is that of accommodation services (hotels, apartments, etc.) that previously had to keep a record of their guests’ data, such as name, period of stay, and ID card number, on paper and provide it to the relevant authority by established periods. From 2021, all accommodation services in Hungary must record the necessary data on a digital platform provided by the touristic authority, to which access is available only to the accommodation service and the touristic authority. The accommodation service must use software to record the data provided and authorized by the touristic authority.

A more extensive data retention obligation is prescribed by Section 159/A of Act no C of 2003 on Electronic Communications for electronic communication operators (e.g., internet service providers), where such operators must preserve a large category of service data for one, or in some cases half a year for law enforcement, national security or national defense purposes, and must make such data available to the relevant authorities upon request. The use of data processors is subject to further regulations and the electronic communication operator must not use data processors or store the data outside the European Economic Area.