Pursuant to Section 6 of Act No 297/2016 Coll., for the purposes of signing with an electronic signature, it is possible to avail of either advanced electronic signature based on a qualified certificate for electronic signature or qualified electronic signature (for definitions of both terms, please refer to Note* below). This means that a standard electronic signature may not be used for an electronic submission of a clinical trial application.
In practice, it is possible to use certificates of various certification authorities (e.g. Docusign) as long as they meet the standard of the advanced or qualified certificate as referred to under the eIDAS Regulation (rather than a standard one), as mentioned above. It is hence up to the user to ensure that the concerned electronic signature is of the standard required by the eIDAS Regulation.
For initial applications, it is not possible to accept merely scanned signed documents (Cover letter, CTA form); the document either has to be signed electronically, or sent via the data mailbox or via an electronically signed e-mail message.
For electronically signed powers of attorney, the same electronic signature requirements as specified above shall apply.
*Note:
The qualified electronic signature (QES), as known in the international law, is an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures issued by a qualified trust service provider (hereinafter referred to as the “certification authority”).
For the creation of such type of electronic signature, it is not only necessary for the natural person to have a qualified certificate issued for electronic signature, but it is also required that the associated private key used by the person for signing be created and stored on a certified device. For these certified devices, the eIDAS Regulation coins the term “qualified electronic signature creation devices” and it may be e.g. chip cards and USB tokens that have been appropriately certified (a list of these devices has been published by the European Commission on its website). A certified device is issued by a certification authority.
A qualified electronic signature is the highest form of electronic signature and, as implied by the eIDAS regulation, only a qualified electronic signature must be acknowledged in all Member States.
An advanced electronic signature must be issued by a qualified provider with a qualified certificate. Nevertheless, it does not have to be on a qualified device. For submissions made to a body governed by public law, it is necessary to use this type of electronic signature as minimum (or a “higher” one, i.e. qualified electronic signature).
To check the validity of qualified certificates issued by qualified providers, it is possible to avail of the Digital Signature Service (DSS) library; the European Commission runs a demo version of this library on its website (link available from: here) https://ec.europa.eu/cefdigital/DSS/webapp-demo/certificate-validation.
Marketing Authorisation Section
Department of Clinical Trials on Medicinal Products
12 January 2021
cz