Introduction to the european model of regulation for electronic signatures
This presentation is the property of its rightful owner.
Sponsored Links
1 / 23

Introduction to the European model of regulation for electronic signatures PowerPoint PPT Presentation


  • 61 Views
  • Uploaded on
  • Presentation posted in: General

Introduction to the European model of regulation for electronic signatures. Dr. Szilveszter Ádám Chair of FESA. Contents. Brief introduction of the EU Directive 1999/93/EC (Electronic Signatures Directive) EU Action Plan on e-Signatures and e-Identification

Download Presentation

Introduction to the European model of regulation for electronic signatures

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Introduction to the European model of regulation for electronic signatures

Dr. Szilveszter Ádám

Chair of FESA

Tirana, Albania


Contents

  • Brief introduction of the EU Directive 1999/93/EC (Electronic Signatures Directive)

  • EU Action Plan on e-Signatures and e-Identification

  • Introduction of FESA (Forum of European Supervisory Authorities for Electronic Signatures)

Tirana, Albania


The Directive 1999/93/EC on a Community Framework for electronic signatures

  • Aim: To facilitate the cross-border use of electronic signatures with legal validity within the EU

  • Technology-neutral

  • Establishes a minimal framework for the acceptance of electronic signatures and signature certificates.

  • Also concerns the free movement of services and goods connected with electronic signatures

Tirana, Albania


The Directive 1999/93/EC on a Community Framework for electronic signatures

  • Key terms:

    • „Simple” electronic signature

    • Advanced electronic signature (Art. 2.2)

      • Is uniquely linked to the signatory

      • Is capable of identifying the signatory

      • Is created with means under the sole control of the signatory

      • Any subsequent change of the signed data is detectable

      • Legal validity: must not be denied admissibility as evidence solely because it is in electronic form and is not a qualified signature.

Tirana, Albania


The Directive 1999/93/EC on a Community Framework for electronic signatures

  • Key terms:

    • Qualified electronic signature (Art. 5.1)

      • An advanced electronic signature that is based on a qualified certificate and

      • Created with a Secure Signature Creation Device (SSCD)

      • Legal effect: Has the same legal effect as a handwritten signature on a paper document in all EU Member States

    • Basic requirements for qualified certificate and SSCD are included in the Annexes of the Directive.

Tirana, Albania


The Directive 1999/93/EC on a Community Framework for electronic signatures

  • Key terms:

    • Services related to electronic signatures:

      • Issuing of signature certificates (CA services)

      • Time-stamping services

      • Other services (electronic archival, consultancy etc.)

    • Electronic signature products

      • Hardware or software or component intended to be used by a service provider for electronic signature services or intended to be used for the creation or verification of signatures.

Tirana, Albania


The Directive 1999/93/EC on a Community Framework for electronic signatures

  • Market access:

    • No prior authorisation scheme is allowed for the start of service providers.

    • Service providers established in an EU country may freely operate in the Internal Market.

    • Signature products (including SSCDs) may also circulate freely within the Internal Market. (Certifications for SSCDs are also valid in all EU Member States)

Tirana, Albania


The Directive 1999/93/EC on a Community Framework for electronic signatures

  • Control measures for electronic signature services

    • Member States must operate an effective system of supervision at least for CAs issuing qualified certificates to the public

    • The use of electronic signatures in the public sector (e-government) may be restricted by further requirements

    • Voluntary accreditation schemes

Tirana, Albania


The Directive 1999/93/EC on a Community Framework for electronic signatures

  • Equivalence of certificates issued in countries outside of the EU with qualified certificates issued in the EU:

    • CA must fulfill the requirements of the Directive and be accredited under a voluntary accreditation scheme in a Member State

    • Another CA established in a Member State and fulfilling the requirements guarantees the certificate

    • The certificate or its issuer is recognised under a bilateral or multilateral agreement between the EU and third countries or international organisations

Tirana, Albania


The Directive 1999/93/EC on a Community Framework for electronic signatures

  • Other measures:

    • Minimum liability rules for service providers issuing qualified certificates to the public

    • Data protection rules

    • Role of the EU Commission, Article 9 Committee

    • List of Generally Recognised Standards to ease interoperability

Tirana, Albania


The Directive 1999/93/EC on a Community Framework for electronic signatures

  • Connection with technical standardisation

    • EESSI (initiative of EU Commission)

    • ETSI (TC ESI) -> documents related to policy, operation of electronic signature services

    • CEN -> documents related to trustworthy systems

    • Common Criteria Protection Profiles for electronic signature products

    • ISO (documents pertaining to eg smart cards, information security management system)

Tirana, Albania


Operation of PKI hierarchies for electronic signatures in practice

  • The Directive only regulates the most important aspects, the rest is left to the Member States

  • There is no unified European PKI hierarchy, and no European Root CA.

  • Each country has its own model:

    • National Root CA: Germany, Austria

    • Special Purpose Root CA: Hungary

    • Signed list of CAs: Italy

Tirana, Albania


Practical example: Hungary

  • PKI hierarchy:

    • No national Root CA

    • Public Administration Root CA:

      • At the peak of the hierarchy for certificates that may be used with e-government services (issued to authorities and to citizens)

    • Each CA has its own root (in one case, several roots)

  • System of supervision:

    • Extends to all CAs issuing certificates to the public

    • Also to time-stamping and archival services

    • Operated by the National Communications Authority

Tirana, Albania


Action Plan of the EU Commission on e-Signatures and e-Identification

  • Adopted by the Commission on 28th November 2008.

  • Aim: To offer a framework for the cross-border use of electronic signatures and electronic identification in the EU

  • Motivation:

    • Services Directive (e-government services)

    • Public Procurement (cross-border bidding)

    • Electronic Invoicing (financial information exchange)

Tirana, Albania


Action Plan of the EU Commission on e-Signatures and e-Identification

  • Complements existing instruments (Electronic Signatures Directive, i2010 e-Government Action Plan)

  • Part of the Lisbon Strategy

Tirana, Albania


Action Plan of the EU Commission on e-Signatures and e-Identification

  • Actions related to electronic signatures

    • Update of the list of „Generally Recognised Standards” (Commission Decision 2003/511/EC)

    • Creation of Trusted Lists for easy and automated retrieval of information related to supervision systems, service providers and certificates (qualified certificates)

    • Adoption of guidelines to help implementation of qualified signatures and advanced signatures based on qualified certificates in an interoperable way.

Tirana, Albania


Action Plan of the EU Commission on e-Signatures and e-Identification

  • Actions related to electronic signatures

    • Update of the country profiles on the use of electronic signatures in e-government applications

    • Feasibility study about a federated validation service for advanced electronic signatures not based on a qualified certificate.

    • Linking the results with tests of the validation service established in PEPPOL project (Public Procurement Online)

Tirana, Albania


Action Plan of the EU Commission on e-Signatures and e-Identification

  • Actions related to electronic identification

    • Update of country profiles about the use of e-ID in e-government applications

    • Specific surveys about the use of e-ID in the Member States

    • Cooperation with the STORK Project (interoperability of e-identification for public services)

    • Possibility of further actions if needed.

Tirana, Albania


Action Plan of the EU Commission on e-Signatures and e-Identification

  • Document is available (in English) on the Europa server:

    http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2008:0798:FIN:EN:PDF

Tirana, Albania


Recent developments

  • Digital Agenda for Europe adopted in May 2010

    • Key Action 3: Revision of the e-Signatures Directive to provide interoperability and cross-border recognition to secure e-Authentication systems.

    • The document is available here:

      http://ec.europa.eu/information_society/digital-agenda/index_en.htm

Tirana, Albania


Introduction of FESA

  • Founded in 2002

  • Membership:

    • Full members: Authorities responsible for supervision of electronic signature services and organisations responsible for voluntary accreditation schemes in EU Member States, Candidate Countries and EEA Member States

    • Associate members: Similar organisations from other countries that have an interest in discussing the matters within the scope of FESA

  • Scope:

    • Facilitation of cooperation between members, harmonisation of their activities, adoption of common points of view in the dialog with other concerned institutions

Tirana, Albania


Introduction of FESA

  • Meetings of the Assembly are held at least twice a year

  • Board of FESA:

    • Consists of three members (Chair and two Secretaries)

    • Is elected by the Assembly for a period of two years (possibility of renewal)

  • Between meetings, work is conducted using the mailing lists and the website of the organisation.

  • No fixed seat or secretariat

  • Public information available at http://www.fesa.eu/

Tirana, Albania


Thank you for your interest!

[email protected]

Tirana, Albania


  • Login