Electronic signatures have become commonplace for the execution of agreements across most commercial sectors in Cyprus. Not every electronic signature, however, carries the same legal weight. This guide sets out the framework governing electronic signatures in Cyprus, their legal effect and the key practical considerations for choosing between them.
1. The Original Legal Framework: eIDAS and Law 55(I)/2018
Cyprus’s regime for electronic signatures rests on two layers. The primary layer is Regulation (EU) No 910/2014, as amended (commonly called eIDAS), which established the tiered signature model described below and enabled the mutual recognition of qualified signatures across Member States. eIDAS applies directly in Cyprus since 1 July 2016.
The second layer is domestic: Law 55(I)/2018, which complements eIDAS by designating Cyprus’s national supervisory authority for trust service providers and setting out enforcement mechanisms and penalties.
2. The Three Categories of Electronic Signature
The eIDAS recognises three categories of electronic signature, distinguished by technical sophistication and identity assurance:
Simple (Standard) Electronic Signature (SES): electronic data attached to or logically associated with an electronic document and used to sign it. For example, a typed name, scanned wet-ink signature or a ticked “I agree” box (without any verification threshold applying).
Advanced Electronic Signature (AES): a signature uniquely linked to and capable of identifying the signatory, and is created using electronic signature creation data that the signatory solely controls with a high level of confidence. It is linked to the signed data so that any subsequent change in the data is detectable.
Qualified Electronic Signature (QES): an advanced signature that relies on a qualified certificate for electronic signatures (issued by a Qualified Trust Service Provider) and is generated using a qualified electronic signature creation device. The certificate must identify the signatory and provider and state its period of validity.
3. Legal Effect and Evidential Weight
Article 25(1) of eIDAS sets out a non-discrimination principle: an electronic signature may not be denied legal effect or admissibility as evidence solely because it is electronic, or because it falls short of the qualified standard. Section 9 of Law 55(I)/2018 confirms that all electronic signatures may be relied on as evidence in civil and criminal legal proceedings in Cyprus.
Article 25(2), however, goes further for QES alone: it shall have the equivalent legal effect of a handwritten signature, and benefits from a presumption of authenticity and integrity, recognised as such in every EU Member State.
In practice, this creates a spectrum. SES and AES cannot be denied legal effect merely for being electronic, but their evidential weight before a Cypriot court depends on the surrounding evidence of reliability, identity verification and audit trail. AES is considerably stronger than SES in this respect, given its built-in integrity and identification features – commonly achieved through public-key cryptography – and is widely used in commercial transactions. QES remains the only electronic signature automatically equivalent to a handwritten signature, carries a presumption of authenticity and integrity and is recognised EU-wide, making it the most suitable choice for high-value, high-risk or cross-border transactions.
4. Trust Service Providers in Cyprus
A trust service provider issues electronic certificates and facilitates the creation of secure electronic signatures. A Qualified Trust Service Provider (QTSP) is a TSP granted qualified status by a Member State’s competent supervisory body after demonstrating compliance with eIDAS’s security, reliability and identity-verification standards; only a QTSP may issue the qualified certificates underlying a QES.
Each Member State’s accredited providers appear on the European Commission’s EU Trusted List, and a person in Cyprus may use any provider on that list, regardless of which Member State it is based in. Currently, JCC Payment Systems Ltd is the only Cyprus-established QTSP, though EU Trusted List providers based elsewhere in the EU remain available as alternatives.
Within Cyprus, oversight of trust service providers falls to the Department of Electronic Communications.
5. The Updated Legal Framework: eIDAS 2.0 and the European Digital Identity Wallet
The original eIDAS Regulation succeeded in creating the EU’s first harmonised legal framework for electronic identification and trust services. A decade on, however, its limitations became apparent: inconsistent adoption across Member States, while national electronic identification schemes varied widely in security and interoperability, and the framework had not kept pace with the shift toward smartphone-based digital services.
To close these gaps, Regulation (EU) 2024/1183 (referred to as eIDAS 2.0) entered into force on 20 May 2024. It amends and extends rather than replaces the eIDAS. Its centrepiece is the new European Digital Identity Wallet (EUDI Wallet); a state-provided digital identity application that every Member State, including Cyprus, must make available to citizens, residents and businesses, expected to be rolled out by December 2026 (within 24 months of the adoption of the relevant Implementing Acts).
eIDAS 2.0 does not alter the three-tier signature hierarchy or QES’s equivalence to a handwritten signature. Rather, it makes QES more accessible. Once onboarded to their EUDI Wallet, a person will be able to generate a QES directly from their smartphone, free of charge for non-professional use, without separate signing hardware such as a smart card or USB token. The Regulation also introduces new qualified trust services — including electronic archiving, electronic ledgers and remote signature and seal creation device management — supporting the issuance, validation and long-term preservation of QES more broadly.
For Cyprus, this means the Department of Electronic Communications’ supervisory role, and the involvement of Cypriot or EU-recognised QTSPs, will in time need to accommodate wallet-based issuance of qualified certificates as an additional channel, alongside – not instead of – existing certification methods.
Effectively, this means that the three types of electronic signature introduced by the eIDAS (SES, AES and QES) remain valid, while the creation of QES through the EUDI Wallet is an additional capability introduced by the eIDAS 2.0.
6. Electronic Signatures and Contract Formation under Cyprus Law
Recognition of electronic signatures under eIDAS or eIDAS 2.0 does not, by itself, determine whether a contract has been validly formed; that remains governed by the Contract Law (Cap. 149), which requires an offer, acceptance, consideration and intention to create legal relations. Where these elements are present, electronic execution – by any tier of signature – does not itself prevent a binding contract from arising.
It is worth noting that the Evidence Law (Cap. 9) was amended so that the definition of “document” in Section 2 now expressly extends to electronic documents, including those bearing electronic signatures, seals and timestamps. This legislative development reinforces the electronic signature framework and indicates a direction towards broader adoption.
The more delicate question arises where a statute requires a contract to be made “in writing”, witnessed, or in a prescribed form. Whether an electronic signature satisfies such requirements has not yet been tested before the Cypriot courts. Parties negotiating higher-value or form-sensitive contracts should treat this as an open question and make a deliberate, risk-aware choice of signature method, rather than assume any electronic signature will suffice.
7. Transactions Where a Wet-Ink Signature Remains Advisable
Certain documents are, by nature or specific requirement, not suited to electronic execution or are customarily excluded from it in practice, including the following non-exhaustive list:
- Wills and testamentary instruments, subject to strict formality and attestation requirements;
- Documents requiring notarisation, swearing or apostille, where the act presupposes a physical signing before an authorised officer;
- Transfers and dealings involving immovable property and land registration, governed by the Department of Lands and Surveys’ specific procedures;
- Certain court documents and family law instruments (e.g. marriage, divorce, and adoption matters), where local practice or registry requirements may still call for wet-ink execution or physical witnessing; and
- Tenancy agreements exceeding 12 months, which carry a statutory witnessing requirement under Cypriot law.
8. Practical Considerations
- Match the signature type to the stakes. SES suits routine or low-value matters; higher-value, contested-risk or cross-border transactions warrant AES or QES.
- Consider cross-border recognition. A QES offers the most reliable path to guaranteed mutual recognition for cross-border transactions; SES and AES may attract greater scrutiny outside Cyprus.
- Preserve the audit trail. Clear evidence of identity, timestamp and intent to be bound strengthens any document’s evidential value if challenged.
- Check statutory form requirements. Before relying on e-signature for a document requiring “writing”, witnesses or notarisation, confirm whether that requirement has been tested and consider wet-ink execution if not.
- Verify the provider’s status — and its eIDAS 2.0 readiness. Confirm the certificate provider is current on the EU Trusted List, and check its eIDAS 2.0 compliance roadmap when updating service agreements.
- Prepare systems and budgets for eIDAS 2.0. Ensure document management and signature-verification systems can recognise EUDI Wallet-created qualified signatures, and allocate resources for the necessary system updates, staff training and integration work.
9. Conclusion
Cyprus, through the direct application of eIDAS (as amended by eIDAS 2.0) and the complementary Law 55(I)/2018, offers a mature, technology-neutral legal framework for electronic signatures. SES and AES cannot be dismissed merely for being electronic, while QES stands on equal footing with a handwritten signature when properly certified. What remains unresolved, absent Cypriot case law, is precisely how statutory “in writing” and witnessing requirements interact with electronic execution for particular contracts. Until that gap closes, the safest course is to select the signature method deliberately, calibrated to the value, form requirements and cross-border profile of the transaction at hand. By late 2026, the EUDI Wallet is expected to be available, with QES creation via smartphone becoming mainstream.
The information contained in this article is provided for informational purposes only and should not be relied upon or construed as legal advice on any matter. The information provided is valid as at the time of publishing and may not reflect the most current legal developments. Should you require legal advice, please contact us directly.