Are eSeals compliant to eCMR Protocol?

Everyone signs it, few fully appreciate it – yet a signature on the CMR consignment note unlocks some of the Convention’s most important legal effects. As most of the international transport by road is accompanied by a CMR-consignment note, it is important to have a closer look at the elements that are crucial to the validity of the document. This article seeks to explain the signature requirement and transfers it to the digital world.

This year marks the 70th anniversary of the Convention on the Contract for the International Carriage of Goods by Road (CMR). Not only has the CMR unified the applicable private law for road transport in Europe, Western Asia and even parts of Northern Africa but also serves as the legal basis for the CMR-consignment note (often referred to simply as the “CMR”). While the CMR states clearly that the absence, irregularity or loss of the consignment note shall not affect the existence or validity of the contract of carriage, still numerous provisions of the CMR require a valid consignment note such as the presumption of proof set out in Article 9 CMR.

A key requirement of a valid consignment note is the signature of the sender and the carrier. A consignment note that is not signed by both parties of the contract cannot be qualified as consignment note according to the CMR and is therefore unable to evoke the legal consequences that are stipulated in the CMR. Nevertheless, the invalid consignment note may still be considered as mere evidence within the framework of the free evaluation of evidence under the applicable national law. Under the CMR, the original copies of the consignment note shall be signed by the sender and the carrier. Signature by a representative is permissible; its validity is to be assessed under the applicable national law. [1]

According to Article 5(1) CMR, the signatures may be printed or replaced by stamps of the sender and the carrier if the law of the country in which the consignment note has been made out so permits, which is the case in the Netherlands (Article 1119 BW 8). More specifically, in Austria and Germany a company stamp is not regarded as sufficient, whereas the signature can be replaced by a facsimile stamp. [2] 

The CMR itself is based on a paper-based understanding and was therefore considered incompatible with electronic consignment notes. Consequently, the eCMR Protocol has been adopted in 2008 to enable the use of electronic consignment notes under the CMR. The Netherlands have ratified the eCMR Protocol in 2009. Basically, the eCMR Protocol implies that an electronic consignment note has the same evidentiary value and produces the same effects as the paper-based consignment note of the CMR, if it complies with the provisions of the eCMR Protocol (Article 2(2) eCMR Protocol). Whereas a paper-based CMR is signed by the parties of the contract, the counterpart for the eCMR is the authentication according to Article 3 eCMR Protocol.

Electronic signatures are the backbone of digitalisation. When properly implemented using cryptographic methods, they ensure both the authenticity and the integrity of data. In the context of eIDAS, authenticity refers to the ability to attribute electronic data to a specific signatory, while integrity ensures that any subsequent alteration of the data is detectable.

Technically, this is achieved through asymmetric cryptography. A key pair – comprising a private key and a public key – is generated. The signatory uses the private key to create the signature, while the corresponding public key allows any relying party to verify that the signature matches the data. Any modification of the signed data invalidates this match and is immediately detectable. In this way, the signature simultaneously enables identification of the signatory and protects the integrity of the data.

Trust in the attribution of the public key is established through certificates issued by a trusted third party, typically a certification authority (CA). These certificates bind the public key to the identity of the holder and may include additional attributes. In line with the eIDAS framework, such attributes can extend beyond mere identification – for example, by indicating a person’s legal role or representation capacity. This significantly enhances evidentiary value compared to traditional handwritten signatures, as relevant information can be verified directly without reliance on manual comparison.

Under eIDAS Regulation, electronic signatures are harmonised across the EU and structured in three tiers: electronic signatures, advanced electronic signatures, and qualified electronic signatures. The same categorisation applies to electronic seals, which serve legal persons rather than natural persons but are otherwise technically equivalent.

An “electronic signature” within the meaning of Article 3(10) eIDAS is any “data in electronic form attached to or logically associated with other electronic data and used by the signatory to sign.” This basic form provides no inherent guarantees of authenticity or integrity.

Only advanced electronic signatures within the meaning of Article 3(11) in conjunction with Article 26 eIDAS ensure these properties. They must be uniquely linked to the signatory, capable of identifying the signatory, using signature creation data under the signatory’s sole control and be linked to the signed data in such a way that any subsequent change is detectable.

Qualified electronic signatures (Article 3(12) eIDAS) build on this by requiring the use of a qualified signature creation device and a qualified certificate issued by a qualified trust service provider, thereby meeting the highest assurance level under eIDAS.

Electronic seals follow the same technical principles as electronic signatures but are attributed to legal persons. Under Article 3(25) of the eIDAS Regulation, an electronic seal serves to ensure the origin and integrity of electronic data.

The eIDAS framework distinguishes between electronic, advanced, and qualified electronic seals. Advanced electronic seals (Article 3(26) in conjunction with Article 36 eIDAS) ensure that the data can be attributed to the issuing entity and that any subsequent modification is detectable.

Qualified electronic seals (Article 3(27) eIDAS) are based on a qualified certificate and benefit, pursuant to Article 35(2) eIDAS, from a legal presumption of data integrity and correct origin.

Although seals are attributed to legal persons, the underlying certificate may include attributes identifying a natural person acting on their behalf, without altering the legal attribution of the seal to the entity.

According to Article 3 eCMR Protocol “the electronic consignment note shall be authenticated by the parties to the contract of carriage by means of reliable electronic signature that ensures its link with the electronic consignment note.” Reliabiality of an electronic signature method is presumed, if various criteria apply cumulatively. “The electronic signature (a) is uniquely linked to the signatory; (b) is capable of identifying the signatory; (c) is created using means that the signatory can maintain under his sole control; and (d) is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable.” This wording originates from the previous Electronic Signatures Directive 1999/93/EC, which has been replaced by eIDAS Regulation. Nevertheless, it is assumed despite the wording, that has been slightly changed in the eIDAS Regulation, an advanced electronic signature meets the criteria for presumption of reliability.

However, the academic literature is silent on the point whether an eSeal can be classified as reliable method under Article 3 eCMR Protocol as well. Whereas the criteria of (c) sole control of the signatory and (d) detectability of changes appear evident, the two other criteria for presuming the reliability of the signature shall be explained in more detail. The use of the word “signature” cannot be understood as an argument to allow electronic signatures only, as the Signature Directive did not even mention eSeals back then. To find out, whether eSeals can be used alike, one needs to take on step behind and have a look at the paper-based version. There, the main function of the signature is to validate the content of the consignment note to treat it as privileged evidence and document the contractual declarations of the shipper and the carrier. This confirmation should be provided either by a signature or a stamp, where permitted under national law. The possibility to replace the signature is one of the arguments, why an eSeal is sufficient for an eCMR. However, apart from individualised facsimile stamps, company stamps are in principle not considered as sufficient method. The rationale behind this restrictive treatment of stamps in the paper-based environment is that a stamp, as such, does not reveal which natural person actually applied it. Only facsimiles of handwritten signatures are accepted, as they allow the signatory to be identified as a specific natural person. Accordingly, Article 3(1) of the eCMR Protocol refers to the “signatory”, who must be identifiable.

Against this background, an electronic seal is a reliable method within the meaning of Article 3 eCMR Protocol. The electronic seal is uniquely linked to the signatory (Article 3(1)(a) eCMR Protocol) as the users need to be authorised to use the seal. Even when used in parallel by several authorised persons, the seal is still linked to the company on whose behalf it is used.

It addresses the very concern that led to the restrictive treatment of stamps in the paper-based environment. While a traditional company stamp does not reveal which natural person applied it, an eSeal allows the acting individual to be identified through the certificate metadata. The person acting on behalf of the organisation therefore remains traceable and the requirement of an identifiable signatory under Article 3(1)(b) is met.

This traceability can be further reinforced by indicating the name of the acting individual directly in the rendering of the seal on the eCMR. Such an approach is in line with national rules on representation, which require clarity as to the natural person acting for a legal entity.

In addition, eSeals allow for technical permission management. Access to the seal can be restricted to authorised personnel and its use can be monitored over time. The ability to apply the eSeal therefore provides a strong indication of representative authority. This level of control is not present in paper-based processes, where company stamps can be used without comparable safeguards.

In functional terms, an eSeal corresponds to a company stamp that is combined with the attributable act of a specific individual. It preserves the organisational attribution of the stamp while ensuring personal traceability and therefore fulfils all criteria for presumption of reliability of the signature according to Article 3 eCMR Protocol.[3]

To answer the question posed in the title: yes, eSeals are compliant with the eCMR Protocol. They are particularly suited for operational environments such as eCMR, where large volumes of transport data must be handled efficiently. They are managed at company level, allowing organisations to deploy a single, consistent mechanism across multiple users and transactions. This significantly reduces administrative overhead, as individual signature credentials do not need to be issued and maintained for each employee.

Functionally, an electronic seal operates like a company stamp combined with an individual signature. It represents the legal entity and can be used by any authorised employee acting on its behalf. This reflects established commercial practice: the relevant legal attribution lies with the organisation, not with a specific individual user.

At the same time, electronic seals fully meet the requirements for authenticity and integrity. In eCMR implementations, advanced electronic seals are cryptographically linked to the underlying transport data. Any subsequent modification is immediately detectable, ensuring a high level of data security—exceeding that of paper-based documents. [4] 

The use of a shared organisational credential does not exclude individual accountability. Access to the seal is typically governed through internal identity and access management systems. These ensure that only authorised personnel can apply the seal and allow the organisation to trace its use where necessary.

Although their primary purpose is to be used between the parties involved in the transport (B2B), consignment notes are also regularly used to fulfil reporting requirements to public authorities (B2G).[5] 

In that use-case, major changes are ahead, as from 9 July 2027 onwards, competent authorities throughout Europe are obliged to accept freight transport information in an electronic format laid down in the eFTI Regulation 2020/1056 and its delegated and implementing acts. [6] It is assumed that making available the data on eFTI platforms is sufficient and therefore replaces the signature on a document. Authenticity and integrity are guaranteed both by the login of the user on the platform and his user rights as well as the security measures on the platform. However, when issuing an eCMR, the requirements of the eCMR Protocol remain the relevant source of law.