On November 21, 2025, the Act Amending the Electronic Identification and Trust Services Act (ZEISZ-A) came into force, introducing significant changes in electronic identification and the secure use of digital services. This act marks a step toward comprehensive legal regulation of national support for implementing the eIDAS 2.0 Regulation, planned for next year.
ZEISZ-A:
- strengthens the security of electronic identity use,
- regulates conditions for more reliable implementation of trust services,
- establishes clearer rules for electronic service providers,
- prepares the legal framework for the upcoming European digital wallet.
The amended ZEISZ raises standards of security and responsibility in the use of electronic identity by introducing stricter rules, penalties for violations, the elimination of risky practices, and strengthened supervisory mechanisms.
End of the So-Called "Server" E-Signature/E-Stamp
The revised Article 4 requires holders of e-identification means and qualified certificates to handle their means with care and prohibits the use of foreign electronic identification means or qualified certificates. Unlawful use of these means is sanctioned in Article 56, which stipulates:
(1) A fine between €500 and €1,000 shall be imposed on the holder of an electronic identification means if they do not use the means personally or do not store it with due care, or on an individual who uses the electronic identification means of another holder (first paragraph of Article 4 of this Act).
(2) A fine between €500 and €1,000 shall be imposed on an individual who is the holder of a qualified certificate if they do not use the data necessary for its use personally or do not store it with due care, or on an individual who uses the data to create an electronic signature or data for website authentication of another holder who is a natural person (second paragraph of Article 4 of this Act).
(3) A fine between €1,000 and €4,000 shall be imposed on a holder of a qualified certificate who is a legal person, a sole trader, or an individual who independently performs an activity, if they do not use or store the data necessary for its use with the diligence of a good manager, or on an individual who uses the data to create an electronic seal or data for website authentication of another holder who is a legal entity, a sole trader, or an individual who performs activities independently (third paragraph of Article 4 of this Act).
(4) A fine between €500 and €1,000 shall be imposed on the responsible person of a legal entity, the responsible person of a sole proprietor, or the responsible person of an individual who independently performs activities, if they commit the offense referred to in the previous paragraph.
In the explanatory memorandum to the amendment to Article 4, the proposers expressly prohibit the use of electronic identification means and data necessary for the use of a qualified certificate by persons who are not holders of the data or electronic identification means, as necessary to reduce the risk of abuse or unauthorized use of such data and means.
It follows from the above provisions of ZEISZ-A that the practices of so-called “server” e-signatures or e-seals have become unlawful, and that electronic signatures or electronic seals created in this way do not comply with the requirements of the eIDAS Regulation and ZEISZ.
