1 / 23

Introduction to the European model of regulation for electronic signatures

Introduction to the European model of regulation for electronic signatures. Dr. Szilveszter Ádám Chair of FESA. Contents. Brief introduction of the EU Directive 1999/93/EC (Electronic Signatures Directive) EU Action Plan on e-Signatures and e-Identification

price-mclaughlin
Download Presentation

Introduction to the European model of regulation for electronic signatures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction to the European model of regulation for electronic signatures Dr. Szilveszter Ádám Chair of FESA Tirana, Albania

  2. Contents • Brief introduction of the EU Directive 1999/93/EC (Electronic Signatures Directive) • EU Action Plan on e-Signatures and e-Identification • Introduction of FESA (Forum of European Supervisory Authorities for Electronic Signatures) Tirana, Albania

  3. The Directive 1999/93/EC on a Community Framework for electronic signatures • Aim: To facilitate the cross-border use of electronic signatures with legal validity within the EU • Technology-neutral • Establishes a minimal framework for the acceptance of electronic signatures and signature certificates. • Also concerns the free movement of services and goods connected with electronic signatures Tirana, Albania

  4. The Directive 1999/93/EC on a Community Framework for electronic signatures • Key terms: • „Simple” electronic signature • Advanced electronic signature (Art. 2.2) • Is uniquely linked to the signatory • Is capable of identifying the signatory • Is created with means under the sole control of the signatory • Any subsequent change of the signed data is detectable • Legal validity: must not be denied admissibility as evidence solely because it is in electronic form and is not a qualified signature. Tirana, Albania

  5. The Directive 1999/93/EC on a Community Framework for electronic signatures • Key terms: • Qualified electronic signature (Art. 5.1) • An advanced electronic signature that is based on a qualified certificate and • Created with a Secure Signature Creation Device (SSCD) • Legal effect: Has the same legal effect as a handwritten signature on a paper document in all EU Member States • Basic requirements for qualified certificate and SSCD are included in the Annexes of the Directive. Tirana, Albania

  6. The Directive 1999/93/EC on a Community Framework for electronic signatures • Key terms: • Services related to electronic signatures: • Issuing of signature certificates (CA services) • Time-stamping services • Other services (electronic archival, consultancy etc.) • Electronic signature products • Hardware or software or component intended to be used by a service provider for electronic signature services or intended to be used for the creation or verification of signatures. Tirana, Albania

  7. The Directive 1999/93/EC on a Community Framework for electronic signatures • Market access: • No prior authorisation scheme is allowed for the start of service providers. • Service providers established in an EU country may freely operate in the Internal Market. • Signature products (including SSCDs) may also circulate freely within the Internal Market. (Certifications for SSCDs are also valid in all EU Member States) Tirana, Albania

  8. The Directive 1999/93/EC on a Community Framework for electronic signatures • Control measures for electronic signature services • Member States must operate an effective system of supervision at least for CAs issuing qualified certificates to the public • The use of electronic signatures in the public sector (e-government) may be restricted by further requirements • Voluntary accreditation schemes Tirana, Albania

  9. The Directive 1999/93/EC on a Community Framework for electronic signatures • Equivalence of certificates issued in countries outside of the EU with qualified certificates issued in the EU: • CA must fulfill the requirements of the Directive and be accredited under a voluntary accreditation scheme in a Member State • Another CA established in a Member State and fulfilling the requirements guarantees the certificate • The certificate or its issuer is recognised under a bilateral or multilateral agreement between the EU and third countries or international organisations Tirana, Albania

  10. The Directive 1999/93/EC on a Community Framework for electronic signatures • Other measures: • Minimum liability rules for service providers issuing qualified certificates to the public • Data protection rules • Role of the EU Commission, Article 9 Committee • List of Generally Recognised Standards to ease interoperability Tirana, Albania

  11. The Directive 1999/93/EC on a Community Framework for electronic signatures • Connection with technical standardisation • EESSI (initiative of EU Commission) • ETSI (TC ESI) -> documents related to policy, operation of electronic signature services • CEN -> documents related to trustworthy systems • Common Criteria Protection Profiles for electronic signature products • ISO (documents pertaining to eg smart cards, information security management system) Tirana, Albania

  12. Operation of PKI hierarchies for electronic signatures in practice • The Directive only regulates the most important aspects, the rest is left to the Member States • There is no unified European PKI hierarchy, and no European Root CA. • Each country has its own model: • National Root CA: Germany, Austria • Special Purpose Root CA: Hungary • Signed list of CAs: Italy Tirana, Albania

  13. Practical example: Hungary • PKI hierarchy: • No national Root CA • Public Administration Root CA: • At the peak of the hierarchy for certificates that may be used with e-government services (issued to authorities and to citizens) • Each CA has its own root (in one case, several roots) • System of supervision: • Extends to all CAs issuing certificates to the public • Also to time-stamping and archival services • Operated by the National Communications Authority Tirana, Albania

  14. Action Plan of the EU Commission on e-Signatures and e-Identification • Adopted by the Commission on 28th November 2008. • Aim: To offer a framework for the cross-border use of electronic signatures and electronic identification in the EU • Motivation: • Services Directive (e-government services) • Public Procurement (cross-border bidding) • Electronic Invoicing (financial information exchange) Tirana, Albania

  15. Action Plan of the EU Commission on e-Signatures and e-Identification • Complements existing instruments (Electronic Signatures Directive, i2010 e-Government Action Plan) • Part of the Lisbon Strategy Tirana, Albania

  16. Action Plan of the EU Commission on e-Signatures and e-Identification • Actions related to electronic signatures • Update of the list of „Generally Recognised Standards” (Commission Decision 2003/511/EC) • Creation of Trusted Lists for easy and automated retrieval of information related to supervision systems, service providers and certificates (qualified certificates) • Adoption of guidelines to help implementation of qualified signatures and advanced signatures based on qualified certificates in an interoperable way. Tirana, Albania

  17. Action Plan of the EU Commission on e-Signatures and e-Identification • Actions related to electronic signatures • Update of the country profiles on the use of electronic signatures in e-government applications • Feasibility study about a federated validation service for advanced electronic signatures not based on a qualified certificate. • Linking the results with tests of the validation service established in PEPPOL project (Public Procurement Online) Tirana, Albania

  18. Action Plan of the EU Commission on e-Signatures and e-Identification • Actions related to electronic identification • Update of country profiles about the use of e-ID in e-government applications • Specific surveys about the use of e-ID in the Member States • Cooperation with the STORK Project (interoperability of e-identification for public services) • Possibility of further actions if needed. Tirana, Albania

  19. Action Plan of the EU Commission on e-Signatures and e-Identification • Document is available (in English) on the Europa server: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2008:0798:FIN:EN:PDF Tirana, Albania

  20. Recent developments • Digital Agenda for Europe adopted in May 2010 • Key Action 3: Revision of the e-Signatures Directive to provide interoperability and cross-border recognition to secure e-Authentication systems. • The document is available here: http://ec.europa.eu/information_society/digital-agenda/index_en.htm Tirana, Albania

  21. Introduction of FESA • Founded in 2002 • Membership: • Full members: Authorities responsible for supervision of electronic signature services and organisations responsible for voluntary accreditation schemes in EU Member States, Candidate Countries and EEA Member States • Associate members: Similar organisations from other countries that have an interest in discussing the matters within the scope of FESA • Scope: • Facilitation of cooperation between members, harmonisation of their activities, adoption of common points of view in the dialog with other concerned institutions Tirana, Albania

  22. Introduction of FESA • Meetings of the Assembly are held at least twice a year • Board of FESA: • Consists of three members (Chair and two Secretaries) • Is elected by the Assembly for a period of two years (possibility of renewal) • Between meetings, work is conducted using the mailing lists and the website of the organisation. • No fixed seat or secretariat • Public information available at http://www.fesa.eu/ Tirana, Albania

  23. Thank you for your interest! board@fesa.eu Tirana, Albania

More Related