Category

Sin categoría

The EU improves the availability of cross-border e-Government services

By | Sin categoría | No Comments

(Link to the original piece of news: https://ec.europa.eu/digital-single-market/en/news/new-study-egovernment-services-europe-improving-cross-border-availability-services).

The last eGovernment benchmark 2017 report shows a significant improvement in the cross-border availability of digital public services and the accessibility of public websites from mobile devices in the EU Member States. This study also indicates a need for improvement in the transparency of the provision of public services and the use of support technology such as eID or eDocuments.

The countries that have obtained the highest scores have been Malta, Denmark, Sweden, Estonia and Norway. These countries lead the way towards the creation of a Digital Single Market.

 

Country performance: How do individual countries perform

 

Performance is measured as an average of scores for four top-level benchmarks:

  • User centricity (how fast and easy to use public information and services online),
  • Transparency (of government authorities’ operations, service delivery procedures and the level of control users have over their personal data),
  • Cross-border mobility (the extent to which people can use public services outside their country),
  • Key enablers (the availability of eID, eDocuments and Authentic Sources, etc).

Europe appears to be getting closer to the 100%-landmark with regard to user-centricity.  However, it scores less well on the other three benchmarks, especially in terms of exploiting the potential of Key Enablers  for public services.

User Centricity

This is the most advanced dimension of online public services in Europe in 2016, emphasising the focus of governments to bring more public information and services online. Europe records a 12 p.p. increase in online availability of services.  The gap between worst and best performing countries is also closing.

Transparency of government organizations

The transparency of government organizations’ service processes and citizens’ control of personal data averages at 59% for the EU in 2016. The study shows that the transparency of service delivery processes (e.g. informing users on how long the process will take, response times, etc.) is insufficient for 1 in 2 people.

Cross-border service delivery

This dimension is essential for the Digital Single Market and records solid improvements over the years (+25% since 2012). Information and even services are becoming increasingly available to EU citizens when starting up a business or studying in another country.

Key technological enablers

The study reveals that the deployment of key technological enablers  (i.e. eID, eDocuments and Authentic Sources) has the most room for improvement (at 52%; EU28+). The authentic sources indicator which facilitates pre-filling of online forms, progressed slower than other indicators, with only a 3% growth since 2012.

Degree of implementation of eIDAS within the EU

By | Sin categoría | No Comments

Regulation (EU) No. 910/2014 of the European Parliament and of the Council of July 23, 2014, on electronic identification and trust services in electronic transactions in the internal market, which entered into force on the 1st of July 2016, has experienced an uneven implementation in the countries of the European Union.

We analyze the degree of implementation in the main countries of the EU:

 

  • France:

There is not a national law yet but there are different procedures and requirements based on ETSI regulations.

Supervisory Body: ANSSI (Agence nationale de la sécurité des systèmes d’information).

Link: www.ssi.gouv.fr

 

  • Germany:

There is not a national law yet, but there are different procedures and requirements based on ETSI regulations.

Supervisory Body: BSI (Federal Office for Information Security).

Link: www.bsi.bund.de

 

  • Belgium:

The national law is applied, without connection with the ETSI or CEN norms.

The Conformity Assessment Bodies are accredited according to ISO / IEC 17065 + ETSI EN 319 403.

Supervisory Body: Service Publique fédéral Economie, PME, Moyennes Classes and Energie.

Link: economie.fgov.be/fr

 

  • Spain:

National Law 39/2015 applies. There are no specific procedures for Trust Service Providers.

Supervisory Body: Ministry of Energy, Tourism and Digital Agenda (MINETUR).

Link: https://sede.minetur.gob.es/

 

  • Italy:

There is no national law, but a national accreditation system, based on EN 319 403, administered by ACCREDIA (2 CAB accredited – VERITAS and CSQA).

Supervisory Body: Agenzia per l’Italia Digitale.

Link: www.agid.gov.it/

 

  • Netherlands

There is no national law, but national procedures for notifications of non-compliance and accreditation of the CAB.

Supervisory Body: Authority for Consumers and Markets and Agentschap Telecom.

Links: https://www.acm.nl/en and https://www.agentschaptelecom.nl/

 

  • United Kingdom:

The national law for the eIDAS application defines the applicable procedures for each type of trust service.

Supervisory body: The Information Commissioner.

Link: https://ico.org.uk/

 

The complete chart can be found in the following link:

https://ec.europa.eu/futurium/en/system/files/ged/eidas_european_comparison_chart_2017-04-25_0.pdf

EIDAS celebrates its first anniversary

By | Sin categoría | No Comments

Regulation (EU) No 910/2014 (eIDAS), which came into force in July 2016, has recently completed its first year of life.

We analyze the main keys of a regulation that has revolutionized electronic transactions in the European Union:

 

  • The main novelty of this new Regulation is the harmonization of the requirements for the mutual recognition of electronic identification at EU level (and therefore, the repealing of the previous Directive 1999/93/EC and the respective national laws).

In this way, the EU Trust Service Providers can offer their services in any other EU country, eliminating previous barriers. Therefore, this harmonization particularly contributes to the creation of the “digital single market” which, according to EU forecasts, must be fully operational by 2020.

 

  • The Regulation has created the “EU trust mark”, which clearly distinguishes qualified trust services from other trusted services.

 

  • The Regulation has introduced the concept of Qualified Trust Services Providers and Electronic Trust Services.

In particular, it has created the following qualified services (those that meet the requirements applicable in Regulation (EU) No 910/2014): electronic signatures and electronic stamps. Electronic signatures are intended for individuals and electronic stamps to legal entities. In addition, it regulates other trusted services such as electronic time stamps, electronic documents, electronic delivery services and website authentication.

Qualified Trusted Service Providers obtain this status through a Conformity Assessment Report and must be audited at least every 24 months by a Supervisory Body.

 

  • New levels of electronic identification, low and substantial,are specified, improving identification mechanisms for different business and technological contexts, such as handwritten signatures on mobile devices or cloud signature solutions.

 

  • The Regulation has introduced the concept of Electronic Signature in three different levels:

Electronic Signature: The definition of electronic signature is not modified under eIDAS. The electronic signature has legal effects and is admissible as evidence in legal proceedings.

Advanced Electronic Signature: It allows the unique identification and authentication of the signer of a document and allows checking the integrity of the signed document. Normally, this authentication is usually achieved with the issuance of a digital certificate by a Certification Authority (CA).

Qualified Electronic Signature: They are the electronic equivalent of handwritten signatures. They are based on Qualified Certificates, which can only be issued by a CA accredited by the EU Member States and must meet the requirements of eIDAS. These are the only signatures that ensure the mutual recognition of their validity by all EU Member States.

 

  • Recognition of electronic signatures as evidence at trial within the EU.

This concept is reflected on Article 25 of eIDAS, which provides that legal effects and admissibility as evidence in court proceedings are not denied to an electronic signature by the mere fact of being an electronic signature or because it does not meet the requirements of qualified electronic signature. In fact, a qualified electronic signature has a legal effect equivalent to that of a handwritten signature.

In addition, a qualified electronic signature based on a qualified certificate issued in one Member State shall be recognized as a qualified electronic signature in all other Member States.

 

  • The regulation recognizes admissibility as evidence in a trial and its legal effect for electronic signatures even though it only equates qualified electronic signatures with handwritten signatures and qualified electronic seals gives them the presumption of integrity and correctness of the origin of the data to the seal it is bound to.

 

  • The Regulation creates the EU Trusted Lists, which reflects the Qualified Electronic Trust Services Providers and the services they offer. The TSPs and its services will be qualified if they appear on these lists.

 

  • Qualified signature creation devices are regulated. They must meet the requirements listed in Annex II of Regulation (EU) 910/2014. The European Commission shall establish, publish and maintain a list of qualified electronic signature/stamp devices with the information provided by the Member States.

 

  • Remote identification for electronic signature is enabled and, therefore, the on-site identification is no longer needed. To ensure the safety of the process, other identification means such as prior on-site identification, qualified electronic seals or qualified electronic signature certificates are used.

 

  • The Regulation establishes that Trust Service Providers shall be audited every 24 months by a Conformity Assessment Body. The purpose of the audit is to confirm that both Qualified Trust Service Providers and the electronic trust services they provide meet the requirements of Regulation (EU) 910/2014.

 

The introduction of the eIDAS Regulation was a necessity at EU level, since prior to its entry into force the identity documents of citizens form one Member State were not valid in other EU Member States.

Therefore, eIDAS facilitates the provision of cross-border services and allows companies to operate outside their borders. Ultimately, it benefits citizens, businesses and Public Administrations in tasks such as paying taxes, public tenders, signing online contracts, economic transactions through electronic banking and online health services, among others.

 

Source: European Commission

 

Some keys to Regulation No 910/2014 (EIDAS)

By | Evaluación de conformidad, Sin categoría | No Comments

I.- Use of cross-border identification and signature systems

The transposition of Directive 1999/93 was uneven and it has never seemed clear enough that electronic signature and identification certificates issued by Certification Service Providers in one Member State had to be accepted by the rest of the Member States. States, in particular in its eGovernment services.

Since July 1st 2016, the direct application of EU Regulation 910/2014 definitely clarifies this concept. We will see how it is assumed in the implementations.

II.-CSPs (Certification Services Providers) will be called ETSPs (Electronic Trust Services Providers)

They are now called Trust Services Providers (TSPs). And they can issue qualified certificates (equivalent to recognized certificates of Law 59/2003) or non-qualified certificates.

The issuance of natural person certificates is an specific type of trust service (which is compatible with the service provided in Law 59/2003) and, among them, there are qualified certificates (in the aforementioned law they were called “recognized”). In order to issue this kind of certificates, a notification of its intention together with a Conformity Assessment Report issued by a Conformity Assessment Body (in Spain, Entidad Nacional de Acreditación (ENAC)) shall be submitted to the Supervisory Body (in Spain, the State Secretariat for Telecommunications and Information Society). If it is granted with the possibility of issuing qualified certificates, it will be placed in a trusted list (which each Member State publishes with information of all qualified providers of Trust Services) and may use the trust tag “EU” to indicate the services it provides.

It should be noted that the control mechanisms on all service providers are increased (whether they issue qualified certificates or not), which will be audited every 24 months to confirm that they comply with the provisions of the Regulation.

III.- Liability of Service Providers

They remain liable for the damages caused deliberately or negligently to any person due to any breach of the obligations established in the Regulation. However, the limitations on the liability of Article 23 of Law 59/2003 are removed, being the burden of proof (i) of the person claiming the damage, when the Provider issues non-qualified certificates, or (ii) a service provider issuing qualified certificates, who must prove that the damages occurred without intention or negligence on his part.

IV.- Legal Person Certificates

The Regulation does not foresee the issuance of electronic signature certificates in favor of legal persons or entities without legal personality. This type of entities only have electronic stamps, which allow to prove the authenticity of the origin and the integrity of the sealed document.

V.- New regulated services

Apart from the electronic signature (defined in Law 59/2003, in 3 types, electronic signature, advanced and qualified), the Regulation also regulates the electronic seal (there are also 3 kinds), electronic timestamp, certified electronic delivery service, electronic document and website authentication. Recital 55 of the Regulation also opens the possibility of generating qualified electronic signatures such as the mobile signature or the cloud signature, which can greatly boost the market for electronic signatures.

New taxonomy of digital trust electronic services after #eIdAS

By | Sin categoría | No Comments

Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trustworthy services in electronic transactions in the internal market and repealing Directive 1999 / / 93 / EC (EIDAS) is fully applicable from July 1, 2016.

The information displayed on the website of the Ministry of Industry, Energy and Tourism (MINETUR) on electronic certification service providers has been adapted to the new classification and categories of services provided in the aforementioned eIDAS Regulation.

Therefore, as of July 1, 2016, MINETUR publishes a new version of the service providers database with the following structure:

Qualified trust electronic services:

  • Qualified electronic certificate issuing service for electronic signature;
  • Qualified electronic certificate issuing service for qualified electronic certificates;
  • Qualified electronic certificate issuing service for website authentication;
  • Qualified electronic time stamps issuing service;
  • Qualified certified electronic delivery service;
  • Qualified electronic signatures validation service;
  • Qualified electronic seal validation service;
  • Qualified electronic signature preservation service;
  • Qualified electronic seal preservation service.

Unqualified trust electronic services:

  • Unqualified electronic certificate issuing service for electronic signature;
  • Unqualified electronic certificate issuing service for unqualified electronic seal;
  • Unqualified electronic certificate issuing service for website authentication;
  • Unqualified electronic time stamps issuing service;
  • Unqualified certified electronic delivery service;
  • Unqualified electronic signatures validation service;
  • Unqualified electronic seal validation service;
  • Unqualified electronic signature preservation service;
  • Unqualified electronic seal preservation service.

Other services:

Section in which services related to electronic signatures that do not have the condition of trustservice according to the eIDAS Regulation are published, but they could also remain within the framework of Law 59/2003, of December 19, of electronic signature, which includes the issuing services of electronic certificates of legal person or entity without legal personality, the issuance services of component certificates, publications certification services or electronic contracting services.

In addition, it provides the possibility of obtaining categorized information on electronic certificate issuing services used as identification and signature systems of Public Administrations (Law 11/2007, dated June 22, on electronic access of citizens to Public Services , Law 39/2015, of October 1, of the Common Administrative Procedure of the Public Administrations and Law 40/2015, of October 1, of the Legal Regime of the Public Sector):

  • Issuing service of electronic certificates of Public Administrations website;
  • Issuing service of electronic certificates of Public Administrations seal;
  • Issuing service of electronic certificate for public employees.

External expert report for the assessment of control measures for the prevention of money laundering

By | Sin categoría | No Comments

TCAB (Trust Conformity Assessment Body) will evaluate the control measures used in the “video onboarding”environments of financial institutions in the context of the recent regulation published for this purpose by SEBPLAC (Executive Service of the Commission for the Prevention of Money Laundering and Monetary Offenses).

The Commission for the Prevention of Money Laundering and Monetary Offenses, which reports to the Ministry of Economy and Business Support of the Ministry of Economy and Competitiveness, created by Law 19/1993 of December 28th, is a collegiate body composed by representatives of different ministerial departments and Agencies, the Public Prosecutor’s Office, as well as the Autonomous Communities. It is the maximum responsible for the development of the anti-money laundering policy in Spain. Currently it is regulated by Law 10/2010, of April 28th, on the prevention of money laundering and the financing of terrorism.

The Commission has the support of the Secretariat, currently held by the General Subdirectorate for the Inspection and Control of Capital Movements of the General Secretariat of the Treasury and Financial Policy and the Executive Service of the Commission for the Prevention of Money Laundering and Monetary Offenses (SEPBLAC).

SEPBLAC is the Spanish financial intelligence unit and performs actions aimed at preventing the use of the financial system or of companies or professionals of another nature for money laundering, as well as the functions of investigation and prevention of administrative infractions of capital movements and economic transactions with other countries legal regime.

Article 28 of Law 10/2010 stipulates that the internal control measures referred to in article 26 of the previously mentioned Law will be subject to annual review by an external expert and those who wish to act as such should report it to the Executive Service of the Commission before starting its activity and inform the latter half-yearly of the list of obligated subjetcs whose internal control measures have been examined. This management has already been done by TCAB.

It is the responsibility of the obligated subjects to select suitable professionals, as well as to verify that the external examination is carried out in the terms established in Order EHA / 2444/2007, of July 31.

TCAB is an evaluation entity for products and services related to computer security and, in particular, to Electronic Service Providers of Trust, within the framework of the #eIdAS standard. It is governed by ISO 17065 and by EN 319 403 in relation to the Trust Service Providers Assessment.

An external expert report of internal measures assessment to prevent money laundering and terrorist financing. In particular, in application of the AUTHORIZATION OF PROCEDURES OF NON-PRESENCE IDENTIFICATION BY VIDEOCONFERENCE  published by SEBPLAC.

The aforementioned authorization allows the use by the legally bound party of non-presence videoconference identification procedures.

Registered Electronic Trust Service Providers under #eIdAS

By | Sin categoría | No Comments

The name “Electronic Trust Service Provider”, created under the recently existing EU Regulation No. 910/2014, renders the previous designations obsolete:

The new Electronic Trust Service Providers are classified in three levels:

  1. Qualified Electronic Trust Services, registered in the SETSI registry for TSPs (there cannot be qualified electronic services that are not registered).
  2. Not qualified Electronic Trust Services, services, registered in the SETSI TSPs registry.
  3. Not qualified Electronic Trust Services and not registered in the SETSI TSPs registry

Qualified Electronic Trust Service Providers are supervised by the Supervisory Bodies. In Spain, the Supervisory Body is the Ministry of Telecommunications and Information Society (SETSI), that belongs to the Ministry of Industry, Energy and Tourism (Minetur).

Qualified Electronic Trust Service Providers must be audited, at least every 24 months, by a Conformity Assessment Body. The purpose of the audit is to confirm that both the Electronic Trust Service Providers and the Electronic Trust Services fulfill the the requirements of Regulation (EU) 910/2014.

Qualified Trust Service Providers must submit the corresponding Conformity Assessment Report to the supervisory body within three working days upon receipt.

The Registered Electronic Trust Service Providers are a special category in terms of supervision of the services by the SETSI, since they provide either services that do not have the status of qualified service, or services that do not fit in the Trust Service definition according to Regulation (EU) 910/2014.

Due to the condition of Notified services to SETSI (and therefore included in the Trust Service Providers Registry), its information is published on the Ministry of Industry, Energy and Tourism website, although the Ministry of Industry, Energy and Tourism does not check the alignment of the services to the applicable legislation on trust services prior to publication.

Registered Providers can receive warnings and information requests from SETSI, if the latter receives any kind of complaint from the involved trust services users.

Some services, such as Certified Digitization, are not usually notified to SETSI, so they could be considered as Non-Registered, and therefore, outside the scope of action of the Supervisory Body.

A major step in signature interoperability: Commission Implementing Decision (EU) 2015/1506 of 8 September 2015

By | Sin categoría | No Comments

Simplification in the management of electronic signatures is now a legal mandate in all countries of the European Union thanks to the Commission Implementation Decision (EU) 2015/1506 of 8 September 2015 which lays down the specifications concerning the formats of advanced electronic signatures and advanced seals that must recognized by Public Sector bodies in accordance with Articles 27 (5) and 37 (5) of Regulation (EU) No 910/2014 of the European Parliament and of the Council Electronic identification and trust services for electronic transactions in the internal market.

This standard will have a great impact on the development of the Public Administration and will force the revision of Law 11/2007, the RD 1671/2009 and the RD 4/2010, as well as the General Administration’s electronic signature policy and its certificates profile annex and one of the Technical Norms of Interoperability.

I include it below:

 

THE EUROPEAN COMMISSION,

Having regard to the Treaty on the Functioning of the European Union,

Having  regard to  Regulation (EU)  No  910/2014 of  the  European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (1), and in particular Article 27(5) and 37(5) thereof,

Whereas:

(1) Member States need to put in place the necessary technical means allowing them to process electronically signed documents that are required when using an online service offered by, or on behalf of, a public sector body.

(2) Regulation (EU) No 910/2014 obliges Member States requiring an advanced electronic signature or seal for  the use  of  an  online service  offered by,  or  on  behalf of,  a  public sector body,  to  recognise advanced electronic signatures and  seals,  advanced electronic signatures and  seals  based on  a  qualified  certificate  and  qualified electronic signatures and seals in specific formats, or alternative formats validated pursuant to specific reference methods.

(3) To define the specific formats and reference methods, existing practices, standards and Union legal acts should be taken into account.

(4) Commission Implementing Decision 2014/148/EU (2)  has  defined  a  number of  the  most  common advanced electronic signature formats  to  be  supported technically by  the  Member States,  where advanced electronic signatures are  required for  an  online administrative procedure. Establishing the  reference formats  aims at facilitating the cross-border validation of electronic signatures and at improving the cross-border interoperability of electronic procedures.

(5) The standards listed in the Annex to this Decision are the existing standards for formats of advanced electronic signatures. Due  to  the  ongoing revision by  the  standardisation bodies of  the  long  term  archival forms  of  the referenced formats, standards detailing long-term archiving are excluded from the scope of this Decision. When the new version of the referenced standards is available, references to the standards and the clauses on long term archiving will be revised.

(6) Advanced electronic signatures and  advanced electronic seals  are  similar from  the  technical point  of  view. Therefore, the standards for formats of advanced electronic signatures should apply mutatis mutandis to formats for advanced electronic seals.

(7) Where other electronic signature or seal formats than those commonly technically supported are used to sign or seal,  validation means that  allow  the  electronic signatures or  seals  to  be  verified  across borders should be provided.

In order  to allow the receiving Member States to be able to rely on those validation tools of another Member State, it is necessary to provide easily accessible information on those validation tools by including the information in the electronic documents, in

(8) Where electronic signature or  seal  validation possibilities suitable for  automated  processing are  available in  a Member State’s  public services,  such  validation possibilities should be  made available and  provided  to  the receiving Member State. Nonetheless, this Decision should not impede the application of Articles 27(1) and (2) and 37(1) and (2) of Regulation (EU) No 910/2014 when the automated processing of validation possibilities for alternative methods is not possible.

(9) In order to provide for comparable requirements for validation and to increase trust in the validation possibilities provided by Member States for other electronic signature or seal formats than those commonly supported, the requirements set out in this Decision for  the validation tools, draw from the requirements for  the validation of qualified electronic signatures and seals referred to in Articles 32 and 40 of Regulation (EU) No 910/2014.

(10) The measures provided for in this Decision are in accordance with the opinion of the Committee established by Article 48 of Regulation (EU) No 910/2014,

HAS ADOPTED THIS DECISION:

Article 1

Member States requiring an advanced electronic signature or an advanced electronic signature based on a qualified certificate as provided for in Article 27(1) and (2) of Regulation (EU) No 910/2014, shall recognise XML, CMS or PDF advanced electronic signature at conformance level B, T or LT level or using an associated signature container, where those signatures comply with the technical specifications listed in the Annex.

Article 2

  1. Member States requiring an advanced electronic signature or an advanced electronic signature based on a qualified certificate as provided for in Article 27(1) and (2) of Regulation (EU) No 910/2014, shall recognise other formats of electronic signatures than those referred to in Article 1 of this Decision, provided that the Member State where the trust service provider used by the signatory is established offers other Member States signature validation possibilities, suitable, where possible, for automated processing.
  2. The signature validation possibilities shall:

(a) allow other Member States to validate the received electronic signatures online, free of charge and in a way that is understandable for non-native speakers;

(b) be indicated in the signed document, in the electronic signature or in the electronic document container; and

(c) confirm the validity of an advanced electronic signature provided that:

(1) the certificate that supports the advanced electronic signature was valid at the time of signing, and when the advanced electronic signature is supported by a qualified certificate, the qualified certificate that supports the advanced electronic signature was, at the time of signing, a qualified certificate for electronic signature complying with Annex I of Regulation (EU) No 910/2014 and that it was issued by a qualified trust service provider;

(2) the signature validation data corresponds to the data provided to the relying party;

(3) the unique set of data representing the signatory is correctly provided to the relying party;

(4) the use of any pseudonym is clearly indicated to the relying party if a pseudonym was used at the time of signing;

(5) when the advanced electronic signature is created by a qualified electronic signature creation device, the use of any such device is clearly indicated to the relying party;

(6) the integrity of the signed data has not been compromised;

(7) the requirements provided for in Article 26 of Regulation (EU) No 910/2014 were met at the time of signing;

(8) the system used for validating the advanced electronic signature provides to the relying party the correct result of the validation process and allows the relying party to detect any security relevant issues.

Article 3

Member States requiring an advanced electronic seal or an advanced electronic seal  based on a  qualified certificate as provided  for  in  Article  37(1)  and  (2)  of  Regulation (EU)  No  910/2014, shall  recognise XML,  CMS  or  PDF  advanced electronic seal  at  conformance level  B,  T or  LT or  using  an  associated seal  container where those  comply  with  the technical specifications listed in the Annex.

Article 4

  1. Member States requiring an advanced electronic seal or an advanced electronic seal based on a qualified certificate as provided for  in  Article  37(1)  and  (2)  of  Regulation (EU)  No  910/2014, shall  recognise other  formats  of electronic seals  than  those  referred  to  in  Article  3  of  this  Decision, provided  that  the  Member State  where the  trust  service provider  used by the creator of  the seal is established offers other Member States seal validation possibilities, suitable, where possible, for automated processing.
  2. The seal validation possibilities shall:

(a) allow  other  Member States to  validate the  received electronic seals  online, free  of  charge  and  in  a  way  that  is understandable for non-native speakers;

(b) be indicated in the sealed document, in the electronic seal or in the electronic document container

(c) confirm the validity of an advanced electronic seal provided that:

(1) the certificate that supports the advanced electronic seal was valid at the time of sealing, and when the advanced electronic seal  is  supported  by  a  qualified certificate, the  qualified  certificate that  supports  the  advanced electronic seal was, at the time of sealing, a qualified certificate for electronic seal complying with Annex III of Regulation (EU) No 910/2014 and that it was issued by a qualified trust service provider;

(2) the seal validation data corresponds to the data provided to the relying party;

(3)  the unique set of data representing the creator of the seal is correctly provided to the relying party;

(4) the  use  of  any  pseudonym  is  clearly indicated to  the  relying party  if  a  pseudonym  was  used  at  the  time  of sealing;

(5) when the advanced electronic seal is created by a qualified electronic seal creation device, the use of any such device is clearly indicated to the relying party;

(6) the integrity of the sealed data has not been compromised;

(7) the requirements provided for in Article 36 of Regulation (EU) No 910/2014 were met at the time of sealing;

(8) the system used for validating the advanced electronic seal provides to the relying party the correct result of the validation process and allows the relying party to detect any security relevant issues.

Article 5

This Decision shall enter  into force on the twentieth day following  that of  its publication in the Official Journal of  the European Union.

This Decision shall be binding in all its elements and directly applicable in all Member States.

 

Done in Brussels, 8 September 2015.

For the Commission

The President

Jean-Claude JUNCKER

 

ANNEX

List of technical specifications for XML, CMS or PDF advanced electronic signatures and the associated signature container

Advanced electronic signatures mentioned in Article 1 of the Decision must comply with one of the following ETSI technical specifications with the exception of clause 9 thereof:

XAdES Baseline Profile – ETSI TS 103171 v.2.1.1.(1)

CAdES Baseline Profile – ETSI TS 103173 v.2.2.1.(2)

PAdES Baseline Profile – ETSI TS 103172 v.2.2.2.(3)

(1)http://www.etsi.org/deliver/etsi_ts/103100_103199/103171/02.01.01_60/ts_103171v020101p.pdf

(2)http://www.etsi.org/deliver/etsi_ts/103100_103199/103173/02.02.01_60/ts_103173v020201p.pdf

(3)http://www.etsi.org/deliver/etsi_ts/103100_103199/103172/02.02.02_60/ts_103172v020202p.pdf

Associated signature container mentioned in Article 1 of the Decision must comply with the following ETSI technical specifications:

Associated Signature Container Baseline Profile – ETSI TS 103174 v.2.2.1 (1)

(1)http://www.etsi.org/deliver/etsi_ts/103100_103199/103174/02.02.01_60/ts_103174v020201p.pdf

 

List of technical specifications for XML, CMS or PDF advanced electronic seals and the associated seal container

Advanced electronic seals mentioned in Article 3 of the Decision must comply with one of the following ETSI technical specifications, with the exception of clause 9 thereof:

XAdES Baseline Profile – ETSI TS 103171 v.2.1.1

CAdES Baseline Profile – ETSI TS 103173 v.2.2.1

PAdES Baseline Profile – ETSI TS 103172 v.2.2.2

Associated seal container mentioned in Article 3 of the Decision must comply with the following ETSI technical specifications:

Associated Seal Container Baseline Profile – ETSI TS 103174 v.2.2.1

 

AENOR publishes the UNE-EN 419 211 set of standards

By | Sin categoría | No Comments

The entry into force of the new #eIdAS Regulation has been parallel in time with the publication of different technical standards for the management of electronic signatures and other electronic trust services, especially in Europe.

The new European legal framework is homogeneous, but currently unstable while awaiting complementary legal standards and the publication of new nomenclature standards, often based on existing technical standards.

AENOR has recently published the series of standards UNE-EN 419211 “Protection profiles for secure signature creation devices”, which consists of 6 parts dealing with different types of qualified signature creation devices, specifies the operational and functional requirements and evaluation objects for the protection profiles of these devices.

In accordance with European Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation) and its development through the Implementing Decision (EU) 2016/650, these standards shall be used for the certification of qualified signature creation devices when the electronic signature creation data or the electronic stamp creation data are fully preserved, but not necessarily in an exclusive way, in a user-managed environment.

Public hearing of the preliminary draft law regulating certain aspects of electronic trust services

By | Sin categoría | No Comments

The Ministry of Energy, Tourism and Digital Agenda has published on its website new information on the evolution of the application of digital trust services.

In December 2016 MINETAD requested suggestions regarding the aspects that the new Law that will replace the Electronic Signature Law should cover and in this phase the processing of the new Law on certain aspects of electronic trust services continues.

The current Law 59/2003, of Electronic Signature, conflicts in several aspects with Regulation EU 910/2014 (EIDAS), so it is necessary to adapt the Spanish legal system to the provisions of Regulation.

Regulation (EU) 910/2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93 / EC is directly applicable in all European Union and national laws should only regulate aspects that are not included in the Regulation.

In this sense, and in accordance with article 26.6 of Law 50/1997, of November 27, of the government, MINETAD has invited several stakeholders to participate in the public hearing that can be found in the following link :

http://www.minetad.gob.es/telecomunicaciones/es-ES/Participacion/Paginas/Cerradas/servicios-electronicos-confianza.aspx

(It was http://www.minetad.gob.es/telecomunicaciones/es-ES/Participacion/Paginas/servicios-electronicos-confianza.aspx)

All contributions will help to ensure the correctness of the new standard, so all interested parties are encouraged to participate in this public hearing by sending to the mailbox [email protected] any comments they deem appropriate for the text of the draft bill

In accordance with article 26.6 of Law 50/1997, of November 27, of the Government, the preliminary draft public hearing of the Law regulating certain aspects of electronic trust services was substantiated. This law complements the Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trustworthy services for electronic transactions in the internal market and repealing Directive 1999/93 / EC.

Deadline for referral

Observations may be submitted until 30 April 30th, 2017.

How to submit remarks

Observations must be sent to the e-mail address: [email protected].

Annexes: