Subject | Promotion of electronic signatures on the level of the European Union |
---|---|
Date | 2009-05-18 |
Announcement Unit | Information Center, Ministry of the Interior |
Content |
Contents • Brief introduction of the EU Directive 1999/93/EC (Electronic Signatures Directive) • EU Action Plan on e-Signatures and e-Identification • Introduction of FESA (Forum of European Supervisory Authorities for Electronic Signatures) The Directive 1999/93/EC on a Community Framework for electronic signatures• Aim: To facilitate the cross-border use of electronic signatures with legal validity within the EU• Technology-neutral • Establishes a minimal framework for the acceptance of electronic signatures and signature certificates. • Also concerns the free movement of services and goods connected with electronic signatures • Key terms: – „Simple” electronic signature
– Advanced electronic signature (Art. 2.2) • Is uniquely linked to the signatory
• Is capable of identifying the signatory • Is created with means under the sole control of the signatory • Any subsequent change of the signed data is detectable • Legal validity: must not be denied admissibility as evidence solely because it is in electronic form and is not a qualified signature. – Qualified electronic signature (Art. 5.1)
• An advanced electronic signature that is based on a qualified certificate and
• Created with a Secure Signature Creation Device (SSCD) • Legal effect: Has the same legal effect as a handwritten signature on a paper document in all EU Member States – Basic requirements for qualified certificate and SSCD are included in the Annexes of the Directive.
– Services related to electronic signatures: • Issuing of signature certificates (CA services)
• Time-stamping services • Other services (electronic archival, consultancy etc.) – Electronic signature products
• Hardware or software or component intended to be used by a service provider for electronic signature services or intended to be used for the creation or verification of signatures.
• Market access:– No prior authorisation scheme is allowed for the start of service providers.
• Control measures for electronic signature services– Service providers established in an EU country may freely operate in the Internal Market. – Signature products (including SSCDs) may also circulate freely within the Internal Market. (Certifications for SSCDs are also valid in all EU Member States) – Member States must operate an effective system of supervision at least for CAs issuing qualified certificates to the public
• Equivalence of certificates issued in countries outside of the EU with qualified certificates issued in the EU:– The use of electronic signatures in the public sector (e-government) may be restricted by further requirements – Voluntary accreditation schemes – CA must fulfill the requirements of the Directive and be accredited under a voluntary accreditation scheme in a Member State
• Other measures:– Another CA established in a Member State and fulfilling the requirements guarantees the certificate – The certificate or its issuer is recognised under a bilateral or multilateral agreement between the EU and third countries or international organisations – Minimum liability rules for service providers issuing qualified certificates to the public
• Connection with technical standardisation– Data protection rules – Role of the EU Commission, Article 9 Committee – List of Generally Recognised Standards to ease interoperability – EESSI (initiative of EU Commission)
– ETSI (TC ESI) -> documents related to policy, operation of electronic signature services – CEN -> documents related to trustworthy systems – Common Criteria Protection Profiles for electronic signature products – ISO (documents pertaining to eg smart cards, information security management system) Action Plan of the EU Commission on e-Signatures and e-Identification• Adopted by the Commission on 28th November 2008.• Aim: To offer a framework for the cross-border use of electronic signatures and electronic identification in the EU • Motivation: – Services Directive (e-government services)
• Complements existing instruments (Electronic Signatures Directive, i2010 e-Government Action Plan)– Public Procurement (cross-border bidding) – Electronic Invoicing (financial information exchange) • Part of the Lisbon Strategy • Actions related to electronic signatures – Update of the list of „Generally Recognised Standards” (Commission Decision 2003/511/EC)
• Actions related to electronic signatures– Creation of Trusted Lists for easy and automated retrieval of information related to supervision systems, service providers and certificates (qualified certificates) – Adoption of guidelines to help implementation of qualified signatures and advanced signatures based on qualified certificates in an interoperable way. – Update of the country profiles on the use of electronic signatures in e-government applications
• Actions related to electronic identification– Feasibility study about a federated validation service for advanced electronic signatures not based on a qualified certificate. – Linking the results with tests of the validation service established in PEPPOL project (Public Procurement Online) – Update of country profiles about the use of e-ID in e-government applications
• Document is available (in English) on the Europa server:– Specific surveys about the use of e-ID in the Member States – Cooperation with the STORK Project (interoperability of e-identification for public services) – Possibility of further actions if needed. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2008:0798:FIN:EN:PDF Introduction of FESA• Founded in 2002• Membership: – Full members: Authorities responsible for supervision of electronic signature services and organisations responsible for voluntary accreditation schemes in EU Member States, Candidate Countries and EEA Member States
• Scope:– Associate members: Similar organisations from other countries that have an interest in discussing the matters within the scope of FESA – Facilitation of cooperation between members, harmonisation of their activities, adoption of common points of view in the dialog with other concerned institutions
• Meetings of the Assembly are held at least twice a year• Board of FESA: – Consists of three members (Chair and two Secretaries)
• Between meetings, work is conducted using the mailing lists and the website of the organisation.– Is elected by the Assembly for a period of two years (possibility of renewal) • No fixed seat or secretariat • Public information available at http://www.fesa.eu/ Thank you for your interest!
Dr. Szilveszter Ádám Acting Chair of FESA board@fesa.eu |
:::