|
äÕæÕ ÇáÊÔÑíÚÇÊ ãÍá ÇáÏÑÇÓÉ
United Nations A/RES/56/80
General Assembly
Distr.: General
24 January 2002
Fifty-sixth session
Agenda item 161
01 49026
Resolution adopted by the General Assembly
[on the report of the Sixth Committee (A/56/588 and Corr.1)]
56/80. Model Law on Electronic Signatures of the United
Nations Commission on International Trade Law
The General Assembly,
Recalling its resolution 2205 (XXI) of 17 December 1966, by which it
established the United Nations Commission on International Trade Law, with a
mandate to further the progressive harmonization and unification of the law of
international trade and in that respect to bear in mind the interests of all peoples,
particularly those of developing countries, in the extensive development of
international trade,
Noting that an increasing number of transactions in international trade are
carried out by means of communication commonly referred to as electronic
commerce, which involves the use of alternatives to paper-based forms of
communication, storage and authentication of information,
Recalling the recommendation on the legal value of computer records adopted
by the Commission at its eighteenth session, in 1985, and paragraph 5 (b) of General
Assembly resolution 40/71 of 11 December 1985, in which the Assembly called
upon Governments and international organizations to take action, where appropriate,
in conformity with the recommendation of the Commission,
1
so as to ensure legal
security in the context of the widest possible use of automated data processing in
international trade,
Recalling also that the Model Law on Electronic Commerce was adopted by
the Commission at its twenty-ninth session, in 1996,
2
and complemented by an
additional article, 5 bis, adopted by the Commission at its thirty-first session, in
1998,
3
and recalling paragraph 2 of General Assembly resolution 51/162 of
16 December 1996, in which the Assembly recommended that all States should give
favourable consideration to the Model Law when enacting or revising their laws, in
view of the need for uniformity of the law applicable to alternatives to paper-based
methods of communication and storage of information,
_______________
1
See Official Records of the General Assembly, Fortieth Session, Supplement No. 17 (A/40/17), chap. VI,
sect. B.
2
Ibid., Fifty-first Session, Supplement No. 17 (A/51/17), chap. III, sect. F, para. 209.
3
Ibid., Fifty-third Session, Supplement No. 17 (A/53/17), chap. III, sect. B.
A/RES/56/80
2
Convinced that the Model Law on Electronic Commerce is of significant
assistance to States in enabling or facilitating the use of electronic commerce, as
demonstrated by the enactment of the Model Law in a number of countries and its
universal recognition as an essential reference in the field of electronic commerce
legislation,
Mindful of the great utility of new technologies used for personal identification
in electronic commerce and commonly referred to as electronic signatures,
Desiring to build on the fundamental principles underlying article 7 of the
Model Law on Electronic Commerce
4
with respect to the fulfilment of the signature
function in an electronic environment, with a view to promoting reliance on
electronic signatures for producing legal effect where such electronic signatures are
functionally equivalent to handwritten signatures,
Convinced that legal certainty in electronic commerce will be enhanced by the
harmonization of certain rules on the legal recognition of electronic signatures on a
technologically neutral basis and by the establishment of a method to assess in a
technologically neutral manner the practical reliability and the commercial
adequacy of electronic signature techniques,
Believing that the Model Law on Electronic Signatures will constitute a useful
addition to the Model Law on Electronic Commerce and significantly assist States in
enhancing their legislation governing the use of modern authentication techniques
and in formulating such legislation where none currently exists,
Being of the opinion that the establishment of model legislation to facilitate the
use of electronic signatures in a manner acceptable to States with different legal,
social and economic systems could contribute to the development of harmonious
international economic relations,
1. Expresses its appreciation to the United Nations Commission on
International Trade Law for completing and adopting the Model Law on Electronic
Signatures contained in the annex to the present resolution, and for preparing the
Guide to Enactment of the Model Law;
2. Recommends that all States give favourable consideration to the Model
Law on Electronic Signatures, together with the Model Law on Electronic
Commerce adopted in 1996 and complemented in 1998, when they enact or revise
their laws, in view of the need for uniformity of the law applicable to alternatives to
paper-based forms of communication, storage and authentication of information;
3. Recommends also that all efforts be made to ensure that the Model Law
on Electronic Commerce and the Model Law on Electronic Signatures, together with
their respective Guides to Enactment, become generally known and available.
85th plenary meeting
12 December 2001
_______________
4
Resolution 51/162, annex.
A/RES/56/80
3
Annex
Model Law on Electronic Signatures of the United Nations Commission on
International Trade Law
Article 1
Sphere of application
This Law applies where electronic signatures are used in the context
5
of
commercial
6
activities. It does not override any rule of law intended for the
protection of consumers.
Article 2
Definitions
For the purposes of this Law:
(a) “Electronic signature” means data in electronic form in, affixed to or
logically associated with, a data message, which may be used to identify the
signatory in relation to the data message and to indicate the signatory's approval of
the information contained in the data message;
(b) “Certificate” means a data message or other record confirming the link
between a signatory and signature creation data;
(c) “Data message” means information generated, sent, received or stored by
electronic, optical or similar means including, but not limited to, electronic data
interchange (EDI), electronic mail, telegram, telex or telecopy;
(d) “Signatory” means a person that holds signature creation data and acts
either on its own behalf or on behalf of the person it represents;
(e) “Certification service provider” means a person that issues certificates
and may provide other services related to electronic signatures;
(f) “Relying party” means a person that may act on the basis of a certificate
or an electronic signature.
Article 3
Equal treatment of signature technologies
Nothing in this Law, except article 5, shall be applied so as to exclude, restrict
or deprive of legal effect any method of creating an electronic signature that
satisfies the requirements referred to in article 6, paragraph 1, or otherwise meets
the requirements of applicable law.
_______________
5
The Commission suggests the following text for States that might wish to extend the applicability of this
Law:
“This Law applies where electronic signatures are used, except in the following
situations: [...].”
6
The term “commercial” should be given a wide interpretation so as to cover matters arising
from all relationships of a commercial nature, whether contractual or not. Relationships of a commercial
nature include, but are not limited to, the following transactions: any trade transaction for the supply or
exchange of goods or services; distribution agreement; commercial representation or agency; factoring;
leasing; construction of works; consulting; engineering; licensing; investment; financing; banking;
insurance; exploitation agreement or concession; joint venture and other forms of industrial or business
cooperation; carriage of goods or passengers by air, sea, rail or road.
A/RES/56/80
4
Article 4
Interpretation
1. In the interpretation of this Law, regard is to be had to its international
origin and to the need to promote uniformity in its application and the observance of
good faith.
2. Questions concerning matters governed by this Law which are not
expressly settled in it are to be settled in conformity with the general principles on
which this Law is based.
Article 5
Variation by agreement
The provisions of this Law may be derogated from or their effect may be
varied by agreement, unless that agreement would not be valid or effective under
applicable law.
Article 6
Compliance with a requirement for a signature
1. Where the law requires a signature of a person, that requirement is met in
relation to a data message if an electronic signature is used that is as reliable as was
appropriate for the purpose for which the data message was generated or
communicated, in the light of all the circumstances, including any relevant
agreement.
2. Paragraph 1 applies whether the requirement referred to therein is in the
form of an obligation or whether the law simply provides consequences for the
absence of a signature.
3. An electronic signature is considered to be reliable for the purpose of
satisfying the requirement referred to in paragraph 1 if:
(a) The signature creation data are, within the context in which they are
used, linked to the signatory and to no other person;
(b) The signature creation data were, at the time of signing, under the control
of the signatory and of no other person;
(c) Any alteration to the electronic signature, made after the time of signing,
is detectable; and
(d) Where a purpose of the legal requirement for a signature is to provide
assurance as to the integrity of the information to which it relates, any alteration
made to that information after the time of signing is detectable.
4. Paragraph 3 does not limit the ability of any person:
(a) To establish in any other way, for the purpose of satisfying the
requirement referred to in paragraph 1, the reliability of an electronic signature; or
(b) To adduce evidence of the non-reliability of an electronic signature.
5. The provisions of this article do not apply to the following: [...].
A/RES/56/80
5
Article 7
Satisfaction of article 6
1. [Any person, organ or authority, whether public or private, specified by
the enacting State as competent] may determine which electronic signatures satisfy
the provisions of article 6 of this Law.
2. Any determination made under paragraph 1 shall be consistent with
recognized international standards.
3. Nothing in this article affects the operation of the rules of private
international law.
Article 8
Conduct of the signatory
1. Where signature creation data can be used to create a signature that has
legal effect, each signatory shall:
(a) Exercise reasonable care to avoid unauthorized use of its signature
creation data;
(b) Without undue delay, utilize means made available by the certification
service provider pursuant to article 9 of this Law, or otherwise use reasonable
efforts, to notify any person that may reasonably be expected by the signatory to
rely on or to provide services in support of the electronic signature if:
(i) The signatory knows that the signature creation data have been
compromised; or
(ii) The circumstances known to the signatory give rise to a substantial risk
that the signature creation data may have been compromised;
(c) Where a certificate is used to support the electronic signature, exercise
reasonable care to ensure the accuracy and completeness of all material
representations made by the signatory that are relevant to the certificate throughout
its life cycle or that are to be included in the certificate.
2. A signatory shall bear the legal consequences of its failure to satisfy the
requirements of paragraph 1.
Article 9
Conduct of the certification service provider
1. Where a certification service provider provides services to support an
electronic signature that may be used for legal effect as a signature, that certification
service provider shall:
(a) Act in accordance with representations made by it with respect to its
policies and practices;
(b) Exercise reasonable care to ensure the accuracy and completeness of all
material representations made by it that are relevant to the certificate throughout its
life cycle or that are included in the certificate;
(c) Provide reasonably accessible means that enable a relying party to
ascertain from the certificate:
(i) The identity of the certification service provider;
A/RES/56/80
6
(ii) That the signatory that is identified in the certificate had control of the
signature creation data at the time when the certificate was issued;
(iii) That signature creation data were valid at or before the time when the
certificate was issued;
(d) Provide reasonably accessible means that enable a relying party to
ascertain, where relevant, from the certificate or otherwise:
(i) The method used to identify the signatory;
(ii) Any limitation on the purpose or value for which the signature creation
data or the certificate may be used;
(iii) That the signature creation data are valid and have not been
compromised;
(iv) Any limitation on the scope or extent of liability stipulated by the
certification service provider;
(v) Whether means exist for the signatory to give notice pursuant to article 8,
paragraph 1 (b), of this Law;
(vi) Whether a timely revocation service is offered;
(e) Where services under subparagraph (d) (v) are offered, provide a means
for a signatory to give notice pursuant to article 8, paragraph 1 (b), of this Law and,
where services under subparagraph (d) (vi) are offered, ensure the availability of a
timely revocation service;
(f) Utilize trustworthy systems, procedures and human resources in
performing its services.
2. A certification service provider shall bear the legal consequences of its
failure to satisfy the requirements of paragraph 1.
Article 10
Trustworthiness
For the purposes of article 9, paragraph 1 (f), of this Law in determining
whether, or to what extent, any systems, procedures and human resources utilized by
a certification service provider are trustworthy, regard may be had to the following
factors:
(a) Financial and human resources, including existence of assets;
(b) Quality of hardware and software systems;
(c) Procedures for processing of certificates and applications for certificates
and retention of records;
(d) Availability of information to signatories identified in certificates and to
potential relying parties;
(e) Regularity and extent of audit by an independent body;
(f) The existence of a declaration by the State, an accreditation body or the
certification service provider regarding compliance with or existence of the
foregoing; or
(g) Any other relevant factor.
A/RES/56/80
7
Article 11
Conduct of the relying party
A relying party shall bear the legal consequences of its failure:
(a) To take reasonable steps to verify the reliability of an electronic
signature; or
(b) Where an electronic signature is supported by a certificate, to take
reasonable steps:
(i) To verify the validity, suspension or revocation of the certificate; and
(ii) To observe any limitation with respect to the certificate.
Article 12
Recognition of foreign certificates and electronic signatures
1. In determining whether, or to what extent, a certificate or an electronic
signature is legally effective, no regard shall be had:
(a) To the geographic location where the certificate is issued or the
electronic signature created or used; or
(b) To the geographic location of the place of business of the issuer or
signatory.
2. A certificate issued outside [the enacting State] shall have the same legal
effect in [the enacting State] as a certificate issued in [the enacting State] if it offers
a substantially equivalent level of reliability.
3. An electronic signature created or used outside [the enacting State] shall
have the same legal effect in [the enacting State] as an electronic signature created
or used in [the enacting State] if it offers a substantially equivalent level of reliability.
4. In determining whether a certificate or an electronic signature offers a
substantially equivalent level of reliability for the purposes of paragraph 2 or 3,
regard shall be had to recognized international standards and to any other relevant
factors.
5. Where, notwithstanding paragraphs 2, 3 and 4, parties agree, as between
themselves, to the use of certain types of electronic signatures or certificates, that
agreement shall be recognized as sufficient for the purposes of cross-border
recognition, unless that agreement would not be valid or effective under applicable law.
1- Unite states of America
S.761
Electronic Signatures in Global and National Commerce Act (Enrolled as Agreed to or Passed by Both House and Senate)
________________________________________
--S.761--
S.761
One Hundred Sixth Congress
of the
United States of America
AT THE SECOND SESSION
Begun and held at the City of Washington on Monday,
the twenty-fourth day of January, two thousand
An Act
To facilitate the use of electronic records and signatures in interstate or foreign commerce.
Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the `Electronic Signatures in Global and National Commerce Act'.
TITLE I--ELECTRONIC RECORDS AND SIGNATURES IN COMMERCE
SEC. 101. GENERAL RULE OF VALIDITY.
(a) IN GENERAL- Notwithstanding any statute, regulation, or other rule of law (other than this title and title II), with respect to any transaction in or affecting interstate or foreign commerce--
(1) a signature, contract, or other record relating to such transaction may not be denied legal effect, validity, or enforceability solely because it is in electronic form; and
(2) a contract relating to such transaction may not be denied legal effect, validity, or enforceability solely because an electronic signature or electronic record was used in its formation.
(b) PRESERVATION OF RIGHTS AND OBLIGATIONS- This title does not--
(1) limit, alter, or otherwise affect any requirement imposed by a statute, regulation, or rule of law relating to the rights and obligations of persons under such statute, regulation, or rule of law other than a requirement that contracts or other records be written, signed, or in non electronic form; or
(2) require any person to agree to use or accept electronic records or electronic signatures, other than a governmental agency with respect to a record other than a contract to which it is a party.
(c) CONSUMER DISCLOSURES-
(1) CONSENT TO ELECTRONIC RECORDS- Notwithstanding subsection (a), if a statute, regulation, or other rule of law requires that information relating to a transaction or transactions in or affecting interstate or foreign commerce be provided or made available to a consumer in writing, the use of an electronic record to provide or make available (whichever is required) such information satisfies the requirement that such information be in writing if--
(A) the consumer has affirmatively consented to such use and has not withdrawn such consent;
(B) the consumer, prior to consenting, is provided with a clear and conspicuous statement--
(i) informing the consumer of (I) any right or option of the consumer to have the record provided or made available on paper or in nonelectronic form, and (II) the right of the consumer to withdraw the consent to have the record provided or made available in an electronic form and of any conditions, consequences (which may include termination of the parties' relationship), or fees in the event of such withdrawal;
(ii) informing the consumer of whether the consent applies (I) only to the particular transaction which gave rise to the obligation to provide the record, or (II) to identified categories of records that may be provided or made available during the course of the parties' relationship;
(iii) describing the procedures the consumer must use to withdraw consent as provided in clause (i) and to update information needed to contact the consumer electronically; and
(iv) informing the consumer (I) how, after the consent, the consumer may, upon request, obtain a paper copy of an electronic record, and (II) whether any fee will be charged for such copy;
(C) the consumer--
(i) prior to consenting, is provided with a statement of the hardware and software requirements for access to and retention of the electronic records; and
(ii) consents electronically, or confirms his or her consent electronically, in a manner that reasonably demonstrates that the consumer can access information in the electronic form that will be used to provide the information that is the subject of the consent; and
(D) after the consent of a consumer in accordance with subparagraph (A), if a change in the hardware or software requirements needed to access or retain electronic records creates a material risk that the consumer will not be able to access or retain a subsequent electronic record that was the subject of the consent, the person providing the electronic record--
(i) provides the consumer with a statement of (I) the revised hardware and software requirements for access to and retention of the electronic records, and (II) the right to withdraw consent without the imposition of any fees for such withdrawal and without the imposition of any condition or consequence that was not disclosed under subparagraph (B)(i); and
(ii) again complies with subparagraph (C).
(2) OTHER RIGHTS-
(A) PRESERVATION OF CONSUMER PROTECTIONS- Nothing in this title affects the content or timing of any disclosure or other record required to be provided or made available to any consumer under any statute, regulation, or other rule of law.
(B) VERIFICATION OR ACKNOWLEDGMENT- If a law that was enacted prior to this Act expressly requires a record to be provided or made available by a specified method that requires verification or acknowledgment of receipt, the record may be provided or made available electronically only if the method used provides verification or acknowledgment of receipt (whichever is required).
(3) EFFECT OF FAILURE TO OBTAIN ELECTRONIC CONSENT OR CONFIRMATION OF CONSENT- The legal effectiveness, validity, or enforceability of any contract executed by a consumer shall not be denied solely because of the failure to obtain electronic consent or confirmation of consent by that consumer in accordance with paragraph (1)(C)(ii).
(4) PROSPECTIVE EFFECT- Withdrawal of consent by a consumer shall not affect the legal effectiveness, validity, or enforceability of electronic records provided or made available to that consumer in accordance with paragraph (1) prior to implementation of the consumer's withdrawal of consent. A consumer's withdrawal of consent shall be effective within a reasonable period of time after receipt of the withdrawal by the provider of the record. Failure to comply with paragraph (1)(D) may, at the election of the consumer, be treated as a withdrawal of consent for purposes of this paragraph.
(5) PRIOR CONSENT- This subsection does not apply to any records that are provided or made available to a consumer who has consented prior to the effective date of this title to receive such records in electronic form as permitted by any statute, regulation, or other rule of law.
(6) ORAL COMMUNICATIONS- An oral communication or a recording of an oral communication shall not qualify as an electronic record for purposes of this subsection except as otherwise provided under applicable law.
(d) RETENTION OF CONTRACTS AND RECORDS-
(1) ACCURACY AND ACCESSIBILITY- If a statute, regulation, or other rule of law requires that a contract or other record relating to a transaction in or affecting interstate or foreign commerce be retained, that requirement is met by retaining an electronic record of the information in the contract or other record that--
(A) accurately reflects the information set forth in the contract or other record; and
(B) remains accessible to all persons who are entitled to access by statute, regulation, or rule of law, for the period required by such statute, regulation, or rule of law, in a form that is capable of being accurately reproduced for later reference, whether by transmission, printing, or otherwise.
(2) EXCEPTION- A requirement to retain a contract or other record in accordance with paragraph (1) does not apply to any information whose sole purpose is to enable the contract or other record to be sent, communicated, or received.
(3) ORIGINALS- If a statute, regulation, or other rule of law requires a contract or other record relating to a transaction in or affecting interstate or foreign commerce to be provided, available, or retained in its original form, or provides consequences if the contract or other record is not provided, available, or retained in its original form, that statute, regulation, or rule of law is satisfied by an electronic record that complies with paragraph (1).
(4) CHECKS- If a statute, regulation, or other rule of law requires the retention of a check, that requirement is satisfied by retention of an electronic record of the information on the front and back of the check in accordance with paragraph (1).
(e) ACCURACY AND ABILITY TO RETAIN CONTRACTS AND OTHER RECORDS- Notwithstanding subsection (a), if a statute, regulation, or other rule of law requires that a contract or other record relating to a transaction in or affecting interstate or foreign commerce be in writing, the legal effect, validity, or enforceability of an electronic record of such contract or other record may be denied if such electronic record is not in a form that is capable of being retained and accurately reproduced for later reference by all parties or persons who are entitled to retain the contract or other record.
(f) PROXIMITY- Nothing in this title affects the proximity required by any statute, regulation, or other rule of law with respect to any warning, notice, disclosure, or other record required to be posted, displayed, or publicly affixed.
(g) NOTARIZATION AND ACKNOWLEDGMENT- If a statute, regulation, or other rule of law requires a signature or record relating to a transaction in or affecting interstate or foreign commerce to be notarized, acknowledged, verified, or made under oath, that requirement is satisfied if the electronic signature of the person authorized to perform those acts, together with all other information required to be included by other applicable statute, regulation, or rule of law, is attached to or logically associated with the signature or record.
(h) ELECTRONIC AGENTS- A contract or other record relating to a transaction in or affecting interstate or foreign commerce may not be denied legal effect, validity, or enforceability solely because its formation, creation, or delivery involved the action of one or more electronic agents so long as the action of any such electronic agent is legally attributable to the person to be bound.
(i) INSURANCE- It is the specific intent of the Congress that this title and title II apply to the business of insurance.
(j) INSURANCE AGENTS AND BROKERS- An insurance agent or broker acting under the direction of a party that enters into a contract by means of an electronic record or electronic signature may not be held liable for any deficiency in the electronic procedures agreed to by the parties under that contract if--
(1) the agent or broker has not engaged in negligent, reckless, or intentional tortious conduct;
(2) the agent or broker was not involved in the development or establishment of such electronic procedures; and
(3) the agent or broker did not deviate from such procedures.
SEC. 102. EXEMPTION TO PREEMPTION.
(a) IN GENERAL- A State statute, regulation, or other rule of law may modify, limit, or supersede the provisions of section 101 with respect to State law only if such statute, regulation, or rule of law--
(1) constitutes an enactment or adoption of the Uniform Electronic Transactions Act as approved and recommended for enactment in all the States by the National Conference of Commissioners on Uniform State Laws in 1999, except that any exception to the scope of such Act enacted by a State under section 3(b)(4) of such Act shall be preempted to the extent such exception is inconsistent with this title or title II, or would not be permitted under paragraph (2)(A)(ii) of this subsection; or
(2)(A) specifies the alternative procedures or requirements for the use or acceptance (or both) of electronic records or electronic signatures to establish the legal effect, validity, or enforceability of contracts or other records, if--
(i) such alternative procedures or requirements are consistent with this title and title II; and
(ii) such alternative procedures or requirements do not require, or accord greater legal status or effect to, the implementation or application of a specific technology or technical specification for performing the functions of creating, storing, generating, receiving, communicating, or authenticating electronic records or electronic signatures; and
(B) if enacted or adopted after the date of the enactment of this Act, makes specific reference to this Act.
(b) EXCEPTIONS FOR ACTIONS BY STATES AS MARKET PARTICIPANTS- Subsection (a)(2)(A)(ii) shall not apply to the statutes, regulations, or other rules of law governing procurement by any State, or any agency or instrumentality thereof.
(c) PREVENTION OF CIRCUMVENTION- Subsection (a) does not permit a State to circumvent this title or title II through the imposition of nonelectronic delivery methods under section 8(b)(2) of the Uniform Electronic Transactions Act.
SEC. 103. SPECIFIC EXCEPTIONS.
(a) EXCEPTED REQUIREMENTS- The provisions of section 101 shall not apply to a contract or other record to the extent it is governed by--
(1) a statute, regulation, or other rule of law governing the creation and execution of wills, codicils, or testamentary trusts;
(2) a State statute, regulation, or other rule of law governing adoption, divorce, or other matters of family law; or
(3) the Uniform Commercial Code, as in effect in any State, other than sections 1-107 and 1-206 and Articles 2 and 2A.
(b) ADDITIONAL EXCEPTIONS- The provisions of section 101 shall not apply to--
(1) court orders or notices, or official court documents (including briefs, pleadings, and other writings) required to be executed in connection with court proceedings;
(2) any notice of--
(A) the cancellation or termination of utility services (including water, heat, and power);
(B) default, acceleration, repossession, foreclosure, or eviction, or the right to cure, under a credit agreement secured by, or a rental agreement for, a primary residence of an individual;
(C) the cancellation or termination of health insurance or benefits or life insurance benefits (excluding annuities); or
(D) recall of a product, or material failure of a product, that risks endangering health or safety; or
(3) any document required to accompany any transportation or handling of hazardous materials, pesticides, or other toxic or dangerous materials.
(c) REVIEW OF EXCEPTIONS-
(1) EVALUATION REQUIRED- The Secretary of Commerce, acting through the Assistant Secretary for Communications and Information, shall review the operation of the exceptions in subsections (a) and (b) to evaluate, over a period of 3 years, whether such exceptions continue to be necessary for the protection of consumers. Within 3 years after the date of enactment of this Act, the Assistant Secretary shall submit a report to the Congress on the results of such evaluation.
(2) DETERMINATIONS- If a Federal regulatory agency, with respect to matter within its jurisdiction, determines after notice and an opportunity for public comment, and publishes a finding, that one or more such exceptions are no longer necessary for the protection of consumers and eliminating such exceptions will not increase the material risk of harm to consumers, such agency may extend the application of section 101 to the exceptions identified in such finding.
SEC. 104. APPLICABILITY TO FEDERAL AND STATE GOVERNMENTS.
(a) FILING AND ACCESS REQUIREMENTS- Subject to subsection (c)(2), nothing in this title limits or supersedes any requirement by a Federal regulatory agency, self-regulatory organization, or State regulatory agency that records be filed with such agency or organization in accordance with specified standards or formats.
(b) PRESERVATION OF EXISTING RULEMAKING AUTHORITY-
(1) USE OF AUTHORITY TO INTERPRET- Subject to paragraph (2) and subsection (c), a Federal regulatory agency or State regulatory agency that is responsible for rulemaking under any other statute may interpret section 101 with respect to such statute through--
(A) the issuance of regulations pursuant to a statute; or
(B) to the extent such agency is authorized by statute to issue orders or guidance, the issuance of orders or guidance of general applicability that are publicly available and published (in the Federal Register in the case of an order or guidance issued by a Federal regulatory agency).
This paragraph does not grant any Federal regulatory agency or State regulatory agency authority to issue regulations, orders, or guidance pursuant to any statute that does not authorize such issuance.
(2) LIMITATIONS ON INTERPRETATION AUTHORITY- Notwithstanding paragraph (1), a Federal regulatory agency shall not adopt any regulation, order, or guidance described in paragraph (1), and a State regulatory agency is preempted by section 101 from adopting any regulation, order, or guidance described in paragraph (1), unless--
(A) such regulation, order, or guidance is consistent with section 101;
(B) such regulation, order, or guidance does not add to the requirements of such section; and
(C) such agency finds, in connection with the issuance of such regulation, order, or guidance, that--
(i) there is a substantial justification for the regulation, order, or guidance;
(ii) the methods selected to carry out that purpose--
(I) are substantially equivalent to the requirements imposed on records that are not electronic records; and
(II) will not impose unreasonable costs on the acceptance and use of electronic records; and
(iii) the methods selected to carry out that purpose do not require, or accord greater legal status or effect to, the implementation or application of a specific technology or technical specification for performing the functions of creating, storing, generating, receiving, communicating, or authenticating electronic records or electronic signatures.
(3) PERFORMANCE STANDARDS-
(A) ACCURACY, RECORD INTEGRITY, ACCESSIBILITY- Notwithstanding paragraph (2)(C)(iii), a Federal regulatory agency or State regulatory agency may interpret section 101(d) to specify performance standards to assure accuracy, record integrity, and accessibility of records that are required to be retained.
________________________________________
THIS SEARCH THIS DOCUMENT GO TO
________________________________________
________________________________________
________________________________________
S.761
Electronic Signatures in Global and National Commerce Act (Enrolled as Agreed to or Passed by Both House and Senate)
________________________________________
SEC. 105. STUDIES.
(a) DELIVERY- Within 12 months after the date of the enactment of this Act, the Secretary of Commerce shall conduct an inquiry regarding the effectiveness of the delivery of electronic records to consumers using electronic mail as compared with delivery of written records via the United States Postal Service and private express mail services. The Secretary shall submit a report to the Congress regarding the results of such inquiry by the conclusion of such 12-month period.
(b) STUDY OF ELECTRONIC CONSENT- Within 12 months after the date of the enactment of this Act, the Secretary of Commerce and the Federal Trade Commission shall submit a report to the Congress evaluating any benefits provided to consumers by the procedure required by section 101(c)(1)(C)(ii); any burdens imposed on electronic commerce by that provision; whether the benefits outweigh the burdens; whether the absence of the procedure required by section 101(c)(1)(C)(ii) would increase the incidence of fraud directed against consumers; and suggesting any revisions to the provision deemed appropriate by the Secretary and the Commission. In conducting this evaluation, the Secretary and the Commission shall solicit comment from the general public, consumer representatives, and electronic commerce businesses.
SEC. 106. DEFINITIONS.
For purposes of this title:
(1) CONSUMER- The term `consumer' means an individual who obtains, through a transaction, products or services which are used primarily for personal, family, or household purposes, and also means the legal representative of such an individual.
(2) ELECTRONIC- The term `electronic' means relating to technology having electrical, digital, magnetic, wireless, optical, electromagnetic, or similar capabilities.
(3) ELECTRONIC AGENT- The term `electronic agent' means a computer program or an electronic or other automated means used independently to initiate an action or respond to electronic records or performances in whole or in part without review or action by an individual at the time of the action or response.
(4) ELECTRONIC RECORD- The term `electronic record' means a contract or other record created, generated, sent, communicated, received, or stored by electronic means.
(5) ELECTRONIC SIGNATURE- The term `electronic signature' means an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.
(6) FEDERAL REGULATORY AGENCY- The term `Federal regulatory agency' means an agency, as that term is defined in section 552(f) of title 5, United States Code.
(7) INFORMATION- The term `information' means data, text, images, sounds, codes, computer programs, software, databases, or the like.
(8) PERSON- The term `person' means an individual, corporation, business trust, estate, trust, partnership, limited liability company, association, joint venture, governmental agency, public corporation, or any other legal or commercial entity.
(9) RECORD- The term `record' means information that is inscribed on a tangible medium or that is stored in an electronic or other medium and is retrievable in perceivable form.
(10) REQUIREMENT- The term `requirement' includes a prohibition.
(11) SELF-REGULATORY ORGANIZATION- The term `self-regulatory organization' means an organization or entity that is not a Federal regulatory agency or a State, but that is under the supervision of a Federal regulatory agency and is authorized under Federal law to adopt and administer rules applicable to its members that are enforced by such organization or entity, by a Federal regulatory agency, or by another self-regulatory organization.
(12) STATE- The term `State' includes the District of Columbia and the territories and possessions of the United States.
(13) TRANSACTION- The term `transaction' means an action or set of actions relating to the conduct of business, consumer, or commercial affairs between two or more persons, including any of the following types of conduct--
(A) the sale, lease, exchange, licensing, or other disposition of (i) personal property, including goods and intangibles, (ii) services, and (iii) any combination thereof; and
(B) the sale, lease, exchange, or other disposition of any interest in real property, or any combination thereof.
SEC. 107. EFFECTIVE DATE.
(a) IN GENERAL- Except as provided in subsection (b), this title shall be effective on October 1, 2000.
(b) EXCEPTIONS-
(1) RECORD RETENTION-
(A) IN GENERAL- Subject to subparagraph (B), this title shall be effective on March 1, 2001, with respect to a requirement that a record be retained imposed by--
(i) a Federal statute, regulation, or other rule of law, or
(ii) a State statute, regulation, or other rule of law administered or promulgated by a State regulatory agency.
(B) DELAYED EFFECT FOR PENDING RULEMAKINGS- If on March 1, 2001, a Federal regulatory agency or State regulatory agency has announced, proposed, or initiated, but not completed, a rulemaking proceeding to prescribe a regulation under section 104(b)(3) with respect to a requirement described in subparagraph (A), this title shall be effective on June 1, 2001, with respect to such requirement.
(2) CERTAIN GUARANTEED AND INSURED LOANS- With regard to any transaction involving a loan guarantee or loan guarantee commitment (as those terms are defined in section 502 of the Federal Credit Reform Act of 1990), or involving a program listed in the Federal Credit Supplement, Budget of the United States, FY 2001, this title applies only to such transactions entered into, and to any loan or mortgage made, insured, or guaranteed by the United States Government thereunder, on and after one year after the date of enactment of this Act.
(3) STUDENT LOANS- With respect to any records that are provided or made available to a consumer pursuant to an application for a loan, or a loan made, pursuant to title IV of the Higher Education Act of 1965, section 101(c) of this Act shall not apply until the earlier of--
(A) such time as the Secretary of Education publishes revised promissory notes under section 432(m) of the Higher Education Act of 1965; or
(B) one year after the date of enactment of this Act.
TITLE II--TRANSFERABLE RECORDS
SEC. 201. TRANSFERABLE RECORDS.
(a) DEFINITIONS- For purposes of this section:
(1) TRANSFERABLE RECORD- The term `transferable record' means an electronic record that--
(A) would be a note under Article 3 of the Uniform Commercial Code if the electronic record were in writing;
(B) the issuer of the electronic record expressly has agreed is a transferable record; and
(C) relates to a loan secured by real property.
A transferable record may be executed using an electronic signature.
(2) OTHER DEFINITIONS- The terms `electronic record', `electronic signature', and `person' have the same meanings provided in section 106 of this Act.
(b) CONTROL- A person has control of a transferable record if a system employed for evidencing the transfer of interests in the transferable record reliably establishes that person as the person to which the transferable record was issued or transferred.
(c) CONDITIONS- A system satisfies subsection (b), and a person is deemed to have control of a transferable record, if the transferable record is created, stored, and assigned in such a manner that--
(1) a single authoritative copy of the transferable record exists which is unique, identifiable, and, except as otherwise provided in paragraphs (4), (5), and (6), unalterable;
(2) the authoritative copy identifies the person asserting control as--
(A) the person to which the transferable record was issued; or
(B) if the authoritative copy indicates that the transferable record has been transferred, the person to which the transferable record was most recently transferred;
(3) the authoritative copy is communicated to and maintained by the person asserting control or its designated custodian;
(4) copies or revisions that add or change an identified assignee of the authoritative copy can be made only with the consent of the person asserting control;
(5) each copy of the authoritative copy and any copy of a copy is readily identifiable as a copy that is not the authoritative copy; and
(6) any revision of the authoritative copy is readily identifiable as authorized or unauthorized.
(d) STATUS AS HOLDER- Except as otherwise agreed, a person having control of a transferable record is the holder, as defined in section 1-201(20) of the Uniform Commercial Code, of the transferable record and has the same rights and defenses as a holder of an equivalent record or writing under the Uniform Commercial Code, including, if the applicable statutory requirements under section 3-302(a), 9-308, or revised section 9-330 of the Uniform Commercial Code are satisfied, the rights and defenses of a holder in due course or a purchaser, respectively. Delivery, possession, and endorsement are not required to obtain or exercise any of the rights under this subsection.
(e) OBLIGOR RIGHTS- Except as otherwise agreed, an obligor under a transferable record has the same rights and defenses as an equivalent obligor under equivalent records or writings under the Uniform Commercial Code.
(f) PROOF OF CONTROL- If requested by a person against which enforcement is sought, the person seeking to enforce the transferable record shall provide reasonable proof that the person is in control of the transferable record. Proof may include access to the authoritative copy of the transferable record and related business records sufficient to review the terms of the transferable record and to establish the identity of the person having control of the transferable record.
(g) UCC REFERENCES- For purposes of this subsection, all references to the Uniform Commercial Code are to the Uniform Commercial Code as in effect in the jurisdiction the law of which governs the transferable record.
SEC. 202. EFFECTIVE DATE.
This title shall be effective 90 days after the date of enactment of this Act.
TITLE III--PROMOTION OF INTERNATIONAL ELECTRONIC COMMERCE
SEC. 301. PRINCIPLES GOVERNING THE USE OF ELECTRONIC SIGNATURES IN INTERNATIONAL TRANSACTIONS.
(a) PROMOTION OF ELECTRONIC SIGNATURES-
(1) REQUIRED ACTIONS- The Secretary of Commerce shall promote the acceptance and use, on an international basis, of electronic signatures in accordance with the principles specified in paragraph (2) and in a manner consistent with section 101 of this Act. The Secretary of Commerce shall take all actions necessary in a manner consistent with such principles to eliminate or reduce, to the maximum extent possible, the impediments to commerce in electronic signatures, for the purpose of facilitating the development of interstate and foreign commerce.
(2) PRINCIPLES- The principles specified in this paragraph are the following:
(A) Remove paper-based obstacles to electronic transactions by adopting relevant principles from the Model Law on Electronic Commerce adopted in 1996 by the United Nations Commission on International Trade Law.
(B) Permit parties to a transaction to determine the appropriate authentication technologies and implementation models for their transactions, with assurance that those technologies and implementation models will be recognized and enforced.
(C) Permit parties to a transaction to have the opportunity to prove in court or other proceedings that their authentication approaches and their transactions are valid.
(D) Take a nondiscriminatory approach to electronic signatures and authentication methods from other jurisdictions.
(b) CONSULTATION- In conducting the activities required by this section, the Secretary shall consult with users and providers of electronic signature products and services and other interested persons.
(c) DEFINITIONS- As used in this section, the terms `electronic record' and `electronic signature' have the same meanings provided in section 106 of this Act.
TITLE IV--COMMISSION ON ONLINE CHILD PROTECTION
SEC. 401. AUTHORITY TO ACCEPT GIFTS.
Section 1405 of the Child Online Protection Act (47 U.S.C. 231 note) is amended by inserting after subsection (g) the following new subsection:
`(h) GIFTS, BEQUESTS, AND DEVISES- The Commission may accept, use, and dispose of gifts, bequests, or devises of services or property, both real (including the use of office space) and personal, for the purpose of aiding or facilitating the work of the Commission. Gifts or grants not used at the termination of the Commission shall be returned to the donor or grantee.'.
2- The European union.
L 13/12 EN Official Journal of the European Communities 19. 1. 2000
DIRECTIVE 1999/93/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 13 December 1999 on a Community framework for electronic signatures
THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE
EUROPEAN UNION,
Article 1:Scope .Article 2:Definitions.Article 3:Market access.Article 4:Internal market principles.Article 5:Legal effects of electronic signatures.Article 6:Liability.Article 7:International aspects.:Article 8:Data protection .Article :Committee.Article 10:Tasks of the committee.Article 1:Notification.Article 12:Review
Article 13:Implementation.Article 14:Entry into force.Article 15.Addressees.
Having regard to the Treaty establishing the European
Community, and in particular Articles 47(2), 55 and 95
thereof,
Having regard to the proposal from the Commission (1),
Having regard to the opinion of the Economic and Social
Committee (2),
Having regard to the opinion of the Committee of the Regions (3), Acting in accordance with the procedure laid down in Article 251 of the Treaty (4),
Whereas:
(1) On 16 April 1997 the Commission presented to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions a Communication on a European Initiative in Electronic Commerce;
(2) On 8 October 1997 the Commission presented to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions a Communication on ensuring security and trust in electronic communication — towards a European framework
for digital signatures and encryption;
(3) On 1 December 1997 the Council invited the Commission to submit as soon as possible a proposal for a Directive of the European Parliament and of the Council
on digital signatures;
(4) Electronic communication and commerce necessitate ' electronic signatures' and related services allowing data authentication; divergent rules with respect to legal recognition of electronic signatures and the accreditation of certification-service providers in the Member States may create a significant barrier to the use of electronic communications and electronic commerce; on the other
hand, a clear Community framework regarding the conditions applying to electronic signatures will
strengthen confidence in, and general acceptance of, the new technologies; legislation in the Member States should not hinder the free movement of goods and services in the internal market;
(5) The interoperability of electronic-signature products should be promoted; in accordance with Article 14 of the Treaty, the internal market comprises an area without internal frontiers in which the free movement of goods is ensured; essential requirements specific to electronic-
signature products must be met in order to ensure free movement within the internal market and to build trust in electronic signatures, without prejudice to Council Regulation (EC) No 3381/94 of 19 December 1994 setting up a Community regime for the control of exports of dual-use goods (5) and Council Decision 94/ 942/CFSP of 19 December 1994 on the joint action adopted by the Council concerning the control of exports of dual-use goods (6);
(6) This Directive does not harmonize the provision of services with respect to the confidentiality of information where they are covered by national provisions concerned with public policy or public security;
(7) The internal market ensures the free movement of persons, as a result of which citizens and residents of the European Union increasingly need to deal with authorities in Member States other than the one in which they reside; the availability of electronic communication
could be of great service in this respect;
(8) Rapid technological development and the global character of the Internet necessitate an approach which is open to various technologies and services capable of authenticating data electronically;
(9) Electronic signatures will be used in a large variety of circumstances and applications, resulting in a wide range of new services and products related to or using electronic signatures; the definition of such products and services should not be limited to the issuance and management of certificates, but should also encompass any other service and product using, or ancillary to, electronic signatures, such as registration services, time stamping services, directory services, computing services
or consultancy services related to electronic signatures;
(10) The internal market enables certification-service providersto develop their cross-order activities with a view to increasing their competitiveness, and thus to offer consumers and businesses new opportunities to exchange information and trade electronically in a secure way, regardless of frontiers; in order to stimulate
the Community-wide provision of certification services over open networks, certification-service-providers should be free to provide their services without prior authorization; prior authorization means not only any
(1) OJ C 325, 23.10.1998, p. 5.
(2) OJ C 40, 15.2.1999, p. 29.
(3) OJ C 93, 6.4.1999, p. 33.
(4) Opinion of the European Parliament of 13 January 1999 (OJ C
104, 14.4.1999, p. 49), Council Common Position of 28 June 1999
(OJ C 243, 27.8.1999, p. 33) and Decision of the European Parliament
of 27 October 1999 (not yet published in the Official
Journal). Council Decision of 30 November 1999.
(5) OJ L 367, 31.12.1994, p. 1. Regulation as amended by Regulation
(EC) No 837/95 (OJ L 90, 21.4.1995, p. 1).
(6) OJ L 367, 31.12.1994, p. 8. Decision as last amended by Decision
99/193/CFSP (OJ L 73, 19.3.1999, p. 1).
19. 1. 2000 EN Official Journal of the European Communities L 13/13
Permission whereby the certification-service-provider concerned has to obtain a decision by national authorities before being allowed to provide its certification
services, but also any other measures having the same effect;
(11) Voluntary accreditation schemes aiming at an enhanced level of service-provision may offer certification-serviceproviders the appropriate framework for developing further their services towards the levels of trust, security
and quality demanded by the evolving market; such schemes should encourage the development of best practice among certification-service-providers; certification-
service-providers should be left free to adhere to and benefit from such accreditation schemes;
(12) Certification services can be offered either by a public entity or a legal or natural person, when it is established in accordance with the national law; whereas Member
States should not prohibit certification-service-providers from operating outside voluntary accreditation schemes; it should be ensured that such accreditation schemes do not reduce competition for certification services;
(13) Member States may decide how they ensure the supervision of compliance with the provisions laid down in thisDirective; this Directive does not preclude the establishment of private-sector-based supervision systems; this Directive does not oblige certification-service-providers to apply to be supervised under any applicable accreditation scheme;
(14) It is important to strike a balance between consumer and business needs;
(15) Annex III covers requirements for secure signature-creation devices to ensure the functionality of advanced electronic signatures; it does not cover the entire system
environment in which such devices operate; the functioning of the internal market requires the Commission and the Member States to act swiftly to enable the
bodies charged with the conformity assessment of secure signature devices with Annex III to be designated; in order to meet market needs conformity assessment must be timely and efficient;
(16) This Directive contributes to the use and legal recognition of electronic signatures within the Community; a regulatory framework is not needed for electronic signatures exclusively used within systems, which are based on voluntary agreements under private law between a specified number of participants; the freedom of parties
to agree among themselves the terms and conditions under which they accept electronically signed data should be respected to the extent allowed by national
law; the legal effectiveness of electronic signatures used in such systems and their admissibility as evidence in legal proceedings should be recognized;
(17) This Directive does not seek to harmonize national rules concerning contract law, particularly the formation and performance of contracts, or other formalities of a non contractual nature concerning signatures; for this reason the provisions concerning the legal effect of electronic signatures should be without prejudice to requirements
regarding form laid down in national law with regard to the conclusion of contracts or the rules determining where a contract is concluded;
(18) The storage and copying of signature-creation data could cause a threat to the legal validity of electronic signatures;
(19) Electronic signatures will be used in the public sectorwithin national and community administrations and in communications between such administrations and with citizens and economic operators, for example in the public procurement, taxation, social security, health and justice systems;
(20) Harmonised criteria relating to the legal effects of electronic signatures will preserve a coherent legal framework across the Community; national law lays down
different requirements for the legal validity of handwritten signatures; whereas certificates can be used to confirm the identity of a person signing electronically;
advanced electronic signatures based on qualified certificates aim at a higher level of security; advanced electronic signatures which are based on a qualified certificate
and which are created by a secure-signature-creation device can be regarded as legally equivalent to handwritten signatures only if the requirements for handwritten
signatures are fulfilled;
(21) In order to contribute to the general acceptance of electronic authentication methods it has to be ensured that
electronic signatures can be used as evidence in legal
proceedings in all Member States; the legal recognition
of electronic signatures should be based upon objective
criteria and not be linked to authorization of the certification-
service-provider involved; national law governs
the legal spheres in which electronic documents and
electronic signatures may be used; this Directive is
without prejudice to the power of a national court to
make a ruling regarding conformity with the requirements
of this Directive and does not affect national rules
regarding the unfettered judicial consideration of
evidence;
(22) Certification-service-providers providing certification services
to the public are subject to national rules
regarding liability;
(23) The development of international electronic commerce
requires cross-border arrangements involving third
countries; in order to ensure interoperability at a global
level, agreements on multilateral rules with third countries
on mutual recognition of certification services
could be beneficial;
L 13/14 EN Official Journal of the European Communities 19. 1. 2000
(24) In order to increase user confidence in electronic
communication and electronic commerce, certification service-
providers must observe data protection legislation
and individual privacy;
(25) Provisions on the use of pseudonyms in certificates
should not prevent Member States from requiring identification
of persons pursuant to Community or national
law;
(26) The measures necessary for the implementation of this
Directive are to be adopted in accordance with Council
Decision 1999/468/EC of 28 June 1999 laying down
the procedures for the exercise of implementing powers
conferred on the Commission (1);
(27) Two years after its implementation the Commission will
carry out a review of this Directive so as, inter alia, to
ensure that the advance of technology or changes in the
legal environment have not created barriers to achieving
the aims stated in this Directive; it should examine the
implications of associated technical areas and submit a
report to the European Parliament and the Council on
this subject;
(28) In accordance with the principles of subsidiarity and
proportionality as set out in Article 5 of the Treaty, the
objective of creating a harmonized legal framework for
the provision of electronic signatures and related
services cannot be sufficiently achieved by the Member
States and can therefore be better achieved by the
Community; this Directive does not go beyond what is
necessary to achieve that objective,
HAVE ADOPTED THIS DIRECTIVE:
Article 1
Scope
The purpose of this Directive is to facilitate the use of electronic signatures and to contribute to their legal recognition. It establishes a legal framework for electronic signatures and certain certification-services in order to ensure the proper functioning of the internal market. It does not cover aspects related to the conclusion and validity of contracts or other legal obligations where there are requirements as regards form prescribed by national or Community law nor does it affect rules and limits, contained in national or Community law, governing the use of documents.
Article 2
Definitions
For the purpose of this Directive:
1. 'electronic signature' means data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication;
2. 'advanced electronic signature' means an electronic signature which meets the following requirements:
(a) it is uniquely linked to the signatory;
(b) it is capable of identifying the signatory;
(c) it is created using means that the signatory can maintain
under his sole control; and
(d) it is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable;
3. 'signatory' means a person who holds a signature-creation device and acts either on his own behalf or on behalf of the natural or legal person or entity he represents;
4. 'signature-creation data' means unique data, such as codes or private cryptographic keys, which are used by the signatory to create an electronic signature;
5. 'signature-creation device' means configured software or hardware used to implement the signature-creation data;
6. 'secure-signature-creation device' means a signature-creation
device which meets the requirements laid down inAnnex III;
7. 'signature-verification-data' means data, such as codes or public cryptographic keys, which are used for the purpose of verifying an electronic signature; 8. 'signature-verification device' means configured software or hardware used to implement the signature-verification data ; 9. 'certificate' means an electronic attestation which links signature-verification data to a person and confirms the
identity of that person;
10. 'qualified certificate' means a certificate which meets the requirements laid down in Annex I and is provided by a certification-service-provider who fulfils the requirements
laid down in Annex II;
11. 'certification-service-provider' means an entity or a legal or natural person who issues certificates or provides other services related to electronic signatures;
12. 'electronic-signature product' means hardware or software,
or relevant components thereof, which are intended to be used by a certification-service-provider for the provision of electronic-signature services or are intended to be used for the creation or verification of electronic signatures;
13. 'voluntary accreditation' means any permission, setting out rights and obligations specific to the provision of certification services, to be granted upon request by the certification- service-provider concerned, by the public or private body charged with the elaboration of, and supervision
of compliance with, such rights and obligations, where the certification-service-provider is not entitled to exercise the rights stemming from the permission until it (1) OJ L 184, 17.7.1999, p. 23. has received the decision by the body.
19. 1. 2000 EN Official Journal of the European Communities L 13/15
Article 3
Market access
1. Member States shall not make the provision of certification services subject to prior authorization.
2. Without prejudice to the provisions of paragraph 1,
Member States may introduce or maintain voluntary accreditation schemes aiming at enhanced levels of certification-service provision. All conditions related to such schemes must be
objective, transparent, proportionate and non-discriminatory. Member States may not limit the number of accredited certification- service-providers for reasons which fall within the
scope of this Directive.
3. Each Member State shall ensure the establishment of an appropriate system that allows for supervision of certificationservice- providers which are established on its territory and
issue qualified certificates to the public.
4. The conformity of secure signature-creation-devices with the requirements laid down in Annex III shall be determined by appropriate public or private bodies designated by Member States. The Commission shall, pursuant to the procedure laid down in Article 9, establish criteria for Member States to determine whether a body should be designated. A determination of conformity with the requirements laid down in Annex III made by the bodies referred to in the first subparagraph shall be recognised by all Member States.
5. The Commission may, in accordance with the procedure laid down in Article 9, establish and publish reference numbers of generally recognised standards for electronic-signature products
in the Official Journal of the European Communities. Member States shall presume that there is compliance with the requirements laid down in Annex II, point (f), and Annex III when an
electronic signature product meets those standards.
6. Member States and the Commission shall work together to promote the development and use of signature-verification devices in the light of the recommendations for secure signature-
verification laid down in Annex IV and in the interests of the consumer.
7. Member States may make the use of electronic signatures in the public sector subject to possible additional requirements. Such requirements shall be objective, transparent, proportionate
and non-discriminatory and shall relate only to the specific characteristics of the application concerned. Such requirements may not constitute an obstacle to cross-border services for citizens.
Article 4
Internal market principles
1. Each Member State shall apply the national provisions which it adopts pursuant to this Directive to certification service- providers established on its territory and to the services which they provide. Member States may not restrict the provision of certification-services originating in another Member State in the fields covered by this Directive.
2. Member States shall ensure that electronic-signature products which comply with this Directive are permitted to circulate freely in the internal market.
Article 5
Legal effects of electronic signatures
1. Member States shall ensure that advanced electronic signatures which are based on a qualified certificate and which are created by a secure-signature-creation device:
(a) satisfy the legal requirements of a signature in relation to data in electronic form in the same manner as a handwritten signature satisfies those requirements in relation to paper-based data; and
(b) are admissible as evidence in legal proceedings.
2. Member States shall ensure that an electronic signature is not denied legal effectiveness and admissibility as evidence in legal proceedings solely on the grounds that it is:
— in electronic form, or
— not based upon a qualified certificate, or
— not based upon a qualified certificate issued by an accredited
certification-service-provider, or
— not created by a secure signature-creation device.
Article 6
Liability
1. As a minimum, Member States shall ensure that by issuing a certificate as a qualified certificate to the public or by guaranteeing such a certificate to the public a certification service-provider is liable for damage caused to any entity or legal or natural person who reasonably relies on that certificate:
(a) as regards the accuracy at the time of issuance of all information contained in the qualified certificate and as regards the fact that the certificate contains all the details prescribed for a qualified certificate;
(b) for assurance that at the time of the issuance of the certificate,the signatory identified in the qualified certificate held the signature-creation data corresponding to the signatureverification
data given or identified in the certificate;
(c) for assurance that the signature-creation data and the signature- verification data can be used in a complementary manner in cases where the certification-service-provider generates them both;
unless the certification-service-provider proves that he has not
acted negligently.
L 13/16 EN Official Journal of the European Communities 19. 1. 2000
2. As a minimum Member States shall ensure that a certification- service-provider who has issued a certificate as a qualified certificate to the public is liable for damage caused to any entity or legal or natural person who reasonably relies on the certificate for failure to register revocation of the certificate unless the certification-service-provider proves that he has not acted negligently.
3. Member States shall ensure that a certification-serviceprovider may indicate in a qualified certificate limitations on the use of that certificate. provided that the limitations are
recognisable to third parties. The certification-service-provider shall not be liable for damage arising from use of a qualified certificate which exceeds the limitations placed on it.
4. Member States shall ensure that a certification-serviceprovider may indicate in the qualified certificate a limit on the value of transactions for which the certificate can be used, provided that the limit is recognisable to third parties.The certification-service-provider shall not be liable for damage
resulting from this maximum limit being exceeded.
5. The provisions of paragraphs 1 to 4 shall be without prejudice to Council Directive 93/13/EEC of 5 April 1993 on unfair terms in consumer contracts (1).
Article 7
International aspects
1. Member States shall ensure that certificates which are issued as qualified certificates to the public by a certificationservice- provider established in a third country are recognised as legally equivalent to certificates issued by a certification-serviceprovider established within the Community if:
(a) the certification-service-provider fulfils the requirements laid down in this Directive and has been accredited under a voluntary accreditation scheme established in a Member State; or
(b) a certification-service-provider established within the Community which fulfils the requirements laid down in this Directive guarantees the certificate; or
(c) the certificate or the certification-service-provider is recognised
under a bilateral or multilateral agreement between the Community and third countries or international organisations.
2. In order to facilitate cross-border certification services with third countries and legal recognition of advanced electronic signatures originating in third countries, the Commission shall make proposals, where appropriate, to achieve the effective implementation of standards and international agreements applicable to certification services. In particular, and where necessary, it shall submit proposals to the Council for appropriate mandates for the negotiation of bilateral and multilateral
agreements with third countries and international organisations.
The Council shall decide by qualified majority.
3. Whenever the Commission is informed of any difficulties
encountered by Community undertakings with respect to
market access in third countries, it may, if necessary, submit
proposals to the Council for an appropriate mandate for the
negotiation of comparable rights for Community undertakings
in these third countries. The Council shall decide by qualified
majority.
Measures taken pursuant to this paragraph shall be without
prejudice to the obligations of the Community and of the
Member States under relevant international agreements.
Article 8
Data protection
1. Member States shall ensure that certification-serviceproviders and national bodies responsible for accreditation or supervision comply with the requirements laid down in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on tile protection of individuals
with regard to the processing of personal data and on the free movement of such data (2).
2. Member States shall ensure that a certification-serviceprovider which issues certificates to the public may collect personal data only directly from the data subject, or after the explicit consent of the data subject, and only insofar as it is necessary for the purposes of issuing and maintaining the certificate. The data may not be collected or processed for any other purposes without the explicit consent of the data subject.
3. Without prejudice to the legal effect given to pseudonyms under national law, Member States shall not prevent certification service providers from indicating in the certificate a pseudonym instead of the signatory's name.
Article 9
Committee
1. The Commission shall be assisted by an 'Electronic-Signature Committee', hereinafter referred to as 'the committee'.
2. Where reference is made to this paragraph, Articles 4 and 7 of Decision 1999/468/EC shall apply, having regard to the provisions of Article 8 thereof.
The period laid down in Article 4(3) of Decision 1999/468/EC shall be set at three months.
3. The Committee shall adopt its own rules of procedure.
Article 10
Tasks of the committee
The committee shall clarify the requirements laid down in the Annexes of this Directive, the criteria referred to in Article 3(4) and the generally recognised standards for electronic signature
products established and published pursuant to Article 3(5), in accordance with the procedure laid down in Article 9(2) .
(1) OJ L 95, 21.4.1993, p. 29. (2) OJ L 281, 23.11.1995, p. 31.
19. 1. 2000 EN Official Journal of the European Communities L 13/17
Article 11
Notification
1. Member States shall notify to the Commission and the
other Member States the following:
(a) information on national voluntary accreditation schemes, including any additional requirements pursuant to Article 3(7);
(b) the names and addresses of the national bodies responsible for accreditation and supervision as well as of the bodies referred to in Article 3(4);
(c) the names and addresses of all accredited national certification service providers.
2. Any information supplied under paragraph 1 and changes in respect of that information shall be notified by the Member States as soon as possible.
Article 12
Review
1. The Commission shall review the operation of this Directive and report thereon to the European Parliament and to the Council by 19 July 2003 at the latest.
2. The review shall inter alia assess whether the scope of this Directive should be modified, taking account of technological, market and legal developments. The report shall in particular
include an assessment, on the basis of experience gained, of aspects of harmonisation. The report shall be accompanied, where appropriate, by legislative proposals.
Article 13
Implementation
1. Member States shall bring into force the laws, regulations and administrative provisions necessary to comply with this Directive before 19 July 2001. They shall forthwith inform the
Commission thereof. When Member States adopt these measures, they shall contain
a reference to this Directive or shall be accompanied by such a reference on the occasion of their official publication. The methods of making such reference shall be laid down by the
Member States.
2. Member States shall communicate to the Commission the
text of the main provisions of domestic law which they adopt
in the field governed by this Directive.
Article 14
Entry into force
This Directive shall enter into force on the day of its publication
in the Official Journal of the European Communities
Article 15
Addressees
This Directive is addressed to the Member States.
Done at Brussels, 13 December 1999.For the European Parliament
The PresidentN. FONTAINEFor the CouncilThe PresidentS. HASSI
L 13/18 EN Official Journal of the European Communities 19. 1. 2000
ANNEX I
Requirements for qualified certificates
Qualified certificates must contain:
(a) an indication that the certificate is issued as a qualified certificate;
(b) the identification of the certification-service-provider and the State in which it is established;
(c) the name of the signatory or a pseudonym, which shall be identified as such;
(d) provision for a specific attribute of the signatory to be included if relevant, depending on the purpose for which the certificate is intended;
(e) signature-verification data which correspond to signature-creation data under the control of the signatory;
(f) an indication of the beginning and end of the period of validity of the certificate;
(g) the identity code of the certificate;
(h) the advanced electronic signature of the certification-service-provider issuing it;
(i) limitations on the scope of use of the certificate, if applicable; and
(j) limits on the value of transactions for which the certificate can be used, if applicable.
19. 1. 2000 EN Official Journal of the European Communities L 13/19
ANNEX II
Requirements for certification-service-providers issuing qualified certificates
Certification-service-providers must:
(a) demonstrate the reliability necessary for providing certification services;
(b) ensure the operation of a prompt and secure directory and a secure and immediate revocation service;
(c) ensure that the date and time when a certificate is issued or revoked can be determined precisely;
(d) verify, by appropriate means in accordance with national law, the identity and, if applicable, any specific attributes of the person to which a qualified certificate is issued;
(e) employ personnel who possess the expert knowledge, experience, and qualifications necessary for the services provided, in particular competence at managerial level, expertise in electronic signature techology and familiarity with
proper security procedures; they must also apply administrative and management procedures which are adequate and correspond to recognised standards;
(f) use trustworthy systems and products which are protected against modification and ensure the technical and cryptographic security of the process supported by them;
(g) take measures against forgery of certificates, and, in cases where the certification-service-provider generates signaturecreation data, guarantee confidentiality during the process of generating such data; (h) maintain sufficient financial resources to operate in conformity with the requirements laid down in the Directive, in
particular to bear the risk of liability for damages, for example, by obtaining appropriate insurance;
(i) record all relevant information concerning a qualified certificate for an appropriate period of time, in particular for the purpose of providing evidence of certification for the purposes of legal proceedings. Such recording may be done electronically;
(j) not store or copy signature-creation data of the person to whom the certification-service-provider provided key management services;
(k) before entering into a contractual relationship with a person seeking a certificate to support his electronic signature inform that person by a durable means of communication of the precise terms and conditions regarding the use of
the certificate, including any limitations on its use, the existence of a voluntary accreditation scheme and procedures for complaints and dispute settlement. Such information, which may be transmitted electronically, must be in writing
and in redily understandable language. Relevant parts of this information must also be made available on request to third-parties relying on the certificate;
(l) use trustworthy systems to store certificates in a verifiable form so that:
— only authorised persons can make entries and changes,
— information can be checked for authenticity,
— certificates are publicly available for retrieval in only those cases for which the certificate-holder's consent has been
obtained, and
— any technical changes compromising these security requirements are apparent to the operator.
L 13/20 EN Official Journal of the European Communities 19. 1. 2000
ANNEX III
Requirements for secure signature-creation devices
1. Secure signature-creation devices must, by appropriate technical and procedural means, ensure at the least that:
(a) the signature-creation-data used for signature generation can practically occur only once, and that their secrecy is reasonably assured;
(b) the signature-creation-data used for signature generation cannot, with reasonable assurance, be derived and the signature is protected against forgery using currently available technology;
(c) the signature-creation-data used for signature generation can be reliably protected by the legitimate signatory against the use of others.
2. Secure signature-creation devices must not alter the data to be signed or prevent such data from being presented to the signatory prior to the signature process.
ANNEX IV
Recommendations for secure signature verification
During the signature-verification process it should be ensured with reasonable certainty that:
(a) the data used for verifying the signature correspond to the data displayed to the verifier;
(b) the signature is reliably verified and the result of that verification is correctly displayed;
(c) the verifier can, as necessary, reliably establish the contents of the signed data;
(d) the authenticity and validity of the certificate required at the time of signature verification are reliably verified;
(e) the result of verification and the signatory's identity are correctly displayed;
(f) the use of a pseudonym is clearly indicated; and
(g) any security-relevant changes can be detected.
3- Droit belge:
LOIS, DECRETS, ORDONNANCES ET REGLEMENTS
MINISTERE DES AFFAIRES ECONOMIQUES
[2001/11298] F. 2001 — 2699
9 JUILLET 2001. —Loi fixant certaines règles relatives au cadre
juridique pour les signatures électroniques et les services de
certification .ALBERT II, Roi des Belges, A tous, présents et à venir, Salut.
Les Chambres ont adopté et Nous sanctionnons ce qui suit :
CHAPITRE I er . — Disposition générale
Article 1 er . La présente loi règle une matière visée à l'article 78 de la
Constitution.
CHAPITRE II. — Définitions et champ d'application de la loi
Section 1
re
. — Définitions
Art. 2. La présente loi transpose les dispositions de la directive
1999/93/CE du Parlement européen et du Conseil du 13 décembre
1999 sur un cadre communautaire pour les signatures électroniques.
Pour l'application de la présente loi et de ses arrêtés d'exécution, on
entend par :
1° « signature électronique » : une donnée sous forme électronique
jointe ou liée logiquement à d'autres données électroniques et servant
de méthode d'authentification;
2° « signature électronique avancée » : une donnée électronique,
jointe ou liée logiquement à d'autres données électroniques, servant de
méthode d'authentification et satisfaisant aux exigences suivantes :
a) être liée uniquement au signataire;
b) permettre l'identification du signataire;
c) être créée par des moyens que le signataire puisse garder sous son
contrôle exclusif;
d) être liée aux données auxquelles elle se rapporte de telle sorte que
toute modification ultérieure des données soit détectée;
3° « certificat » : une attestation électronique qui lie des données
afférentes à la vérification de signature à une personne physique ou
morale et confirme l'identité de cette personne;
4° « certificat qualifié » : un certificat qui satisfait aux exigences visées
à l'annexe I de la présente loi et qui est fourni par un prestataire de
service de certification satisfaisant aux exigences visées à l'annexe II de
la présente loi;
5° « titulaire de certificat » : une personne physique ou morale à
laquelle un prestataire de service de certification a délivré un certificat;
6° « données afférentes à la création de signature » : des données
uniques, telles que des codes ou des clés cryptographiques privées, que
le signataire utilise pour créer une signature électronique avancée;
7° « dispositif sécurisé de création de signature » : un dispositif
logiciel ou matériel configuré pour mettre en application les données
afférentes à la création de signature qui satisfait aux exigences de
l'annexe III de la présente loi;
8° « données afférentes à la vérification de signature » : des données,
telles que des codes ou des clés cryptographiques publiques, qui sont
utilisées pour vérifier une signature électronique avancée;
9° « dispositif de vérification de signature » : un dispositif logiciel ou
matériel configuré pour mettre en application les données afférentes à
la vérification de signature;
10° « prestataire de service de certification » : toute personne physique
ou morale qui délivre et gère des certificats ou fournit d'autres
services liés aux signatures électroniques;
33070 MONITEUR BELGE — 29.09.2001 — BELGISCH STAATSBLAD
11° « produit de signature électronique » : tout produit matériel ou
logiciel, ou élément spécifique de ce produit, destiné à être utilisé par
un prestataire de service de certification pour la fourniture de services
de signature électronique ou pour la création ou la vérification de
signatures électroniques;
12° « Administration » : l'administration du ministère des Affaires
économiques qui est chargée des tâches relatives à l'accréditation et au
contrôle des prestataires de service de certification délivrant des
certificats qualifiés et établis en Belgique;
13° « entité » : organisme qui démontre sa compétence sur base d'un
certificat délivré par le système belge d'accréditation conformément à la
loi du 20 juillet 1990 concernant l'accréditation des organismes de
certification et de contrôle, ainsi que des laboratoires d'essais, ou par un
organisme équivalent établi dans l'Espace économique européen.
Section 2. — Champ d'application
Art. 3. La présente loi fixe certaines règles relatives au cadre
juridique pour les signatures électroniques et définit le régime juridique
applicable aux opérations effectuées par les prestataires de service de
certification ainsi que les règles à respecter par ces derniers et les
titulaires de certificats sans préjudice des dispositions légales concernant
les règles de représentations des personnes morales.
La présente loi instaure également un régime d'accréditation volontaire.
CHAPITRE III. — Principes généraux
Art. 4. §
1er. A défaut de dispositions légales contraires, nul ne peut
être contraint de poser un acte juridique par voie électronique.
§ 2. Nul prestataire de service de certification ne peut être contraint
de demander une autorisation préalable pour exercer ses activités.
Néanmoins, les prestataires de service de certification délivrant des
certificats qualifiés établis en Belgique doivent communiquer les
informations suivantes à l'Administration, soit dans le mois suivant la
publication de la présente loi, soit avant le début de leurs activités :
— leur nom;
— l'adresse géographique où ils sont établis;
— les coordonnées permettant de les contacter rapidement, y
compris leur adresse de courrier électronique;
— le cas échéant, leur titre professionnel et leurs références et leurs
numéros d'identification (registre de commerce, T.V.A.);
— la preuve qu'une assurance a été souscrite en vue de couvrir leurs
obligations visées à l'article 14.
L'Administration leur délivre un récépissé dans les cinq jours
ouvrables suivant la réception de leur communication.
§ 3. Le Roi peut, par arrêté délibéré en Conseil des Ministres,
soumettre l'usage des signatures électroniques dans le secteur public à
des exigences supplémentaires éventuelles. Ces exigences doivent être
objectives, transparentes, proportionnées et non discriminatoires et ne
s'appliquer qu'aux caractéristiques spécifiques de l'application concernée.
Ces exigences ne peuvent pas constituer un obstacle aux services
transfrontaliers pour les citoyens.
§ 4. Sans préjudice des articles 1323 et suivants du Code civil, une
signature électronique avancée réalisée sur la base d'un certificat
qualifié et conçue au moyen d'un dispositif sécurisé de création de
signature électronique, est assimilée à une signature manuscrite, qu'elle
soit réalisée par une personne physique ou morale.
§ 5. Une signature électronique ne peut être privée de son efficacité
juridique et ne peut être refusée comme preuve en justice au seul motif :
— que la signature se présente sous forme électronique, ou
— qu'elle ne repose pas sur un certificat qualifié, ou
— qu'elle ne repose pas sur un certificat qualifié délivré par un prestataire accrédité de service de certification, ou
— qu'elle n'est pas créée par un dispositif sécurisé de création de Art. 5. § 1er . Sans préjudice de la loi du 8 décembre 1992 relative à la protection de la vie privée à l'égard des traitements de données à caractère personnel, un prestataire de service de certification qui délivre des certificats à l'intention du public ne peut recueillir des données personnelles que directement auprès de la personne concernée ou avec le consentement explicite de celle-ci et uniquement dans la mesure où cela est nécessaire à la délivrance et à la conservation du certificat. Les données ne peuvent être recueillies ni traitées à d'autres fins sans le
consentement explicite de la personne intéressée.
§ 2. Lorsque le titulaire du certificat utilise un pseudonyme et lorsque les nécessités de l'instruction l'exigent, le prestataire de service de certification ayant délivré le certificat est tenu de communiquer toute donnée relative à l'identité du titulaire dans les circonstances et selon
les conditions prévues par les articles 90ter à 90decies du Code d'instruction criminelle.
CHAPITRE IV. — Des produits de signature électronique
Art. 6. Lorsqu'un produit de signature électronique est conforme à des normes dont les numéros de référence sont publiés au Journal officiel des Communautés européennes conformément à la procédure visée par la directive 99/93/CE du Parlement et du Conseil du 13 décembre 1999 sur un cadre communautaire pour les signatures électroniques, ce produit est présumé conforme aux exigences visées à l'annexe II point f), et à l'annexe III de la présente loi.
Art. 7. §
1er . Les exigences relatives aux dispositifs sécurisés de
création de signature électronique sont reprises à l'annexe III de la
présente loi.
§ 2. La conformité des dispositifs sécurisés de création de signature
électronique par rapport aux exigences visées à l'annexe III de la
présente loi est attestée par des organismes compétents désignés par
l'Administration et dont la liste est communiquée à la Commission
européenne.
§ 3. Le Roi détermine les conditions auxquelles doivent répondre les
organismes visés au paragraphe précèdent.
§ 4. La conformité établie par un organisme désigné par un autre Etat
membre de l'Espace économique européen est reconnue en Belgique.
CHAPITRE V. — Des prestataires de service de certification
délivrant des certificats qualifiés
Section 1re
. — Des certificats qualifiés
Sous-section 1 re
. — Des missions
Art. 8.
§ 1er . Préalablement à la délivrance d'un certificat, le
prestataire de service de certification vérifie la complémentarité des
données afférentes à la création et à la vérification de signature.
§ 2. Après avoir vérifié son identité et, le cas échéant, ses qualités
spécifiques, le prestataire de service de certification délivre un ou
plusieurs certificats à toute personne qui en fait la demande.
§ 3. En ce qui concerne les personnes morales, le prestataire de
services de certification tient un registre contenant le nom et la qualité
de la personne physique qui représente la personne morale et qui fait
usage de la signature liée au certificat, de telle manière qu'à chaque
utilisation de cette signature, on puisse établir l'identité de la personne
physique.
Art. 9. Le prestataire de service de certification fournit un exemplaire
du certificat au candidat titulaire.
Art. 10. Le prestataire de service de certification conserve un
annuaire électronique comprenant les certificats qu'il délivre et le
moment de leur expiration.
Sous-section 2
Exigences relatives aux certificats qualifiés
Art. 11.
§ 1 er . Les certificats qualifiés doivent satisfaire aux exigences
visées à l'annexe I de la présente loi.
§ 2. Les prestataires de service de certification qui délivrent des
certificats qualifiés doivent satisfaire aux exigences visées à l'annexe II
de la présente loi.
Sous-section 3
De la révocation des certificats qualifiés
Art. 12.
§ 1er . A la demande du titulaire du certificat, préalablement
identifié, le prestataire de service de certification révoque immédiatement
le certificat.
§ 2. Le prestataire de service de certification révoque également un
certificat lorsque :
1° il existe des raisons sérieuses pour admettre que le certificat a été
délivré sur base d'informations erronées ou falsifiées, que les informations
contenues dans le certificat ne sont plus conformes à la réalité ou
que la confidentialité des données afférentes à la création de signature
a été violée;
2° les tribunaux ont ordonné les mesures prévues à l'article 20, § 4, b);
3° le prestataire de service de certification arrête ses activités sans qu'il n'y ait reprise de celles-ci par un autre prestataire de service de certification garantissant un niveau de qualité et de sécurité équivalent;
4° le prestataire de service de certification est informé du décès de la personne physique ou de la dissolution de la personne morale qui en est le titulaire. Le prestataire de service de certification informe le titulaire de certificat, sauf en cas de décès, de la révocation et motive sa décision. Un mois avant l'expiration d'un certificat, le prestataire de service de certification informe son titulaire de celle-ci. § 3. La révocation d'un certificat est définitive.
Art. 13.
§ 1 er . Le prestataire de service de certification prend les mesures nécessaires afin de répondre à tout moment et sans délai à une demande de révocation.
§ 2. Immédiatement après la décision de révocation, le prestataire de service de certification inscrit la mention de la révocation du certificat dans l'annuaire électronique visé à l'article 10.
La révocation est opposable aux tiers à partir de cette inscription.
Sous-section 4. — De la responsabilité des prestataires
de service de certification délivrant des certificats qualifiés
Art. 14.
§ 1 er. Un prestataire de service de certification qui délivre à l'intention du public un certificat présenté comme qualifié ou qui garantit au public un tel certificat est responsable du préjudice causé à tout organisme ou personne physique ou morale qui, en bon père de famille, se fie raisonnablement à ce certificat pour ce qui est de :
a) l'exactitude de toutes les informations contenues dans le certificat qualifié à la date où il a été délivré et la présence, dans ce certificat, de toutes les données prescrites pour un certificat qualifié;
b) l'assurance que, au moment de la délivrance du certificat, le signataire identifié dans le certificat qualifié détenait les données afférentes à la création de signature correspondant aux données afférentes à la vérification de signature fournies ou identifiées dans le certificat;
c) l'assurance que les données afférentes à la création de signature et
celles afférentes à la vérification de signature puissent être utilisées de
façon complémentaire, dans le cas où le prestataire de service de certification génère ces deux types de données; sauf si le prestataire de service de certification prouve qu'il n'a commis aucune négligence.
§ 2. Un prestataire de service de certification qui a délivré à l'intention du public un certificat présenté comme qualifié est responsable du préjudice causé à un organisme ou à une personne physique ou morale qui se prévaut raisonnablement du certificat, pour avoir omis de faire enregistrer la révocation du certificat, sauf si le prestataire de service de certification prouve qu'il n'a commis aucune négligence.
§ 3. Un prestataire de service de certification peut indiquer, dans un certificat qualifié, les limites fixées à son utilisation, à condition que ces limites soient discernables par des tiers. Le prestataire de service de certification ne doit pas être tenu responsable du préjudice résultant de l'usage d'un certificat qualifié qui dépasse les limites fixées à son utilisation.
§ 4. Un prestataire de service de certification peut indiquer, dans un
certificat qualifié, la valeur maximale des transactions pour lesquelles le
certificat peut être utilisé, à condition que cette valeur soit discernable
par des tiers. Le prestataire de service de certification n'est pas
responsable des dommages qui résultent du dépassement de cette
valeur maximale.
33073 MONITEUR BELGE —— 29.09.2001
§ 2. Le prestataire de service de certification révoque également un
certificat lorsque :
1° il existe des raisons sérieuses pour admettre que le certificat a été
délivré sur base d'informations erronées ou falsifiées, que les informations
contenues dans le certificat ne sont plus conformes à la réalité ou
que la confidentialité des données afférentes à la création de signature
a été violée;
2° les tribunaux ont ordonné les mesures prévues à l'article 20, § 4, b);
3° le prestataire de service de certification arrête ses activités sans qu'il n'y ait reprise de celles-ci par un autre prestataire de service de certification garantissant un niveau de qualité et de sécurité équivalent;
4° le prestataire de service de certification est informé du décès de la personne physique ou de la dissolution de la personne morale qui en est le titulaire.Le prestataire de service de certification informe le titulaire de certificat, sauf en cas de décès, de la révocation et motive sa décision. Un mois avant l'expiration d'un certificat, le prestataire de service de certification informe son titulaire de celle-ci.
§ 3. La révocation d'un certificat est définitive.
Art. 15. § 1
er
. Le prestataire de service de certification qui délivre des
certificats qualifiés informe l'Administration dans un délai raisonnable
de son intention de mettre fin à ses activités de prestataire de service de
certification qualifiée ainsi que de toute action qui pourrait conduire à
la cessation de ses activités. Dans ce cas, il doit s'assurer de la reprise de
celles-ci par un autre prestataire de service de certification garantissant
un même niveau de qualité et de sécurité, ou à défaut, révoque les
certificats deux mois après en avoir averti les titulaires. Dans ce cas, le
prestataire de service de certification prend les mesures nécessaires
pour satisfaire à l'obligation prévue à l'Annexe II, i).
§ 2. Le prestataire de service de certification qui arrête ses activités
pour des raisons indépendantes de sa volonté ou en cas de faillite en
informe immédiatement l'Administration. Il procède, le cas échéant, à
la révocation des certificats et prend les mesures nécessaires pour
satisfaire à l'obligation prévue à l'Annexe II, i).
Sous-section 6. — Certificats délivrés à titre de certificats
qualifiés par des prestataires de service de certification étrangers
Art. 16. § 1
er
. Un certificat qualifié délivré à l'intention du public par
un prestataire de service de certification qui est établi dans un Etat
membre de l'Espace économique européen est assimilé aux certificats
qualifiés délivrés par un prestataire de service de certification établi en
Belgique.
§ 2. Les certificats délivrés à titre de certificats qualifiés à l'intention
du public par un prestataire de service de certification établi dans un
pays tiers sont reconnus équivalents, sur le plan juridique, aux
certificats délivrés par un prestataire de service de certification établi en
Belgique :
a) si le prestataire de service de certification remplit les conditions
visées par sa réglementation nationale transposant la directive
99/93/CE du Parlement et du Conseil du 13 décembre 1999 sur un
cadre communautaire pour les signatures électroniques et a été
accrédité dans le cadre d'un régime volontaire d'accréditation établi
dans un Etat membre de l'Espace économique européen;
ou
b) si un prestataire de service de certification établi dans la
Communauté européenne, qui satisfait aux exigences visées par la
réglementation nationale transposant la directive 99/93/CE du Parlement
et du Conseil du 13 décembre 1999 sur un cadre communautaire
pour les signatures électroniques, garantit le certificat;
ou
c) si le certificat ou le prestataire de servic
|