23 Amendments of Pilar DEL CASTILLO VERA related to 2012/0146(COD)
Amendment 63 #
Proposal for a regulation
Recital 15
Recital 15
(15) The cross border use of electronic identification means under a notified scheme requires Member States to cooperate in providing technical interoperability in accordance with the principle of technological neutrality. This rules out any specific national technical rules requiring non- national parties for instance to obtain specific hardware or software to verify and validate the notified electronic identification. Technical requirements on users, on the other hand, stemming from the inherent specifications of whatever token is used (e.g. smartcards) are inevitable.
Amendment 74 #
Proposal for a regulation
Recital 29
Recital 29
(29) Notification of security breaches in accordance with Directive 95/46/EC and security risk assessments is essential with a view to providing adequate information to concerned parties in the event of a breach of security or loss of integrity.
Amendment 77 #
Proposal for a regulation
Recital 33
Recital 33
(33) To ensure sustainability and durability of qualified trust services and to boost users‘' confidence in the continuity of qualified trust services, supervisory bodies should ensure that the data ofcollected by the qualified trust service providers are preserved and kept accessible for an appropriate period of time even if a qualified trust service provider ceases to exist.
Amendment 93 #
Proposal for a regulation
Recital 51
Recital 51
(51) In order to ensure uniform conditions for the implementation of this Regulation, implementing powers should be conferred on the Commission, in particular for specifying reference numbers of standards which use would give a presumption of compliance with certain requirements laid down in this Regulation or defined in delegated acts. Those powers should be exercised, after a transparent stakeholder consultation, in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by the Member States of the Commission's exercise of implementing powers.
Amendment 102 #
Proposal for a regulation
Article 2 – paragraph 1
Article 2 – paragraph 1
1. This Regulation applies to electronic identification provided byissued, oin behalf or under the responsibility ofaccordance with the notification conditions provided for in Article 6, by Member States and toor issued by a trust service providers established in the Union. on behalf and under the responsibility of Member States.
Amendment 105 #
Proposal for a regulation
Article 2 – paragraph 2
Article 2 – paragraph 2
2. This Regulation shall apply to both qualified and non-qualified trust service providers established, or providing services, in the Union. It does not apply to the provision of electronic trust services based on voluntary agreements under private law not related to access to public services.
Amendment 146 #
Proposal for a regulation
Article 5
Article 5
When an electronic identification using an electronic identification means and authentication is requiredavailable under national legislation or administrative practice to access a service online, any electronic identification means issued in another Member State falling under a scheme included in the list published by the Commission pursuant to the procedure referred to in Article 7for coordination based on technological neutrality referred to in Article 7, and with a security level equal to or higher than the security level required to access the service, shall be recognised and accepted for the purposes of accessing this service.
Amendment 158 #
Proposal for a regulation
Article 6 – paragraph 1 – point (a a) (new)
Article 6 – paragraph 1 – point (a a) (new)
(aa) the electronic identification means are established by law as an official document and national identifier in the notifying Member State;
Amendment 215 #
Proposal for a regulation
Article 9 a (new)
Article 9 a (new)
Article 9a The agreements amongst the trust service providers or the qualified trust service providers and the authorities responsible for the notified identification scheme should set the liability limits.
Amendment 223 #
Proposal for a regulation
Article 10 – paragraph 2
Article 10 – paragraph 2
2. With reference to paragraph 1, the Commission shall verify that such agreements shall ensure that the requirements applicable to qualified trust services and qualified certificates provided by qualified trust service providers established in the territory of the Union are met by the trust service providers in the third countries or international organisations, especially with regard to the protection of personal data, security and supervision.
Amendment 277 #
Proposal for a regulation
Article 15 – paragraph 1 – subparagraph 1
Article 15 – paragraph 1 – subparagraph 1
Trust service providers who are established in the territory of the Union or provide services in accordance with article 10 of this Regulation shall take appropriate technical and organisational measures to manage the risks posed to the security and resilience of the trust services they provide. Having regard to state of the art, these measures shall ensure that the level of security is appropriate to the degree of risk. In particular, measures shall be taken to prevent and minimise the impact of security incidents and inform stakeholders of adverse effects of any incidents.
Amendment 281 #
Proposal for a regulation
Article 15 – paragraph 1 – subparagraph 2
Article 15 – paragraph 1 – subparagraph 2
Without prejudice to Article 16(1), any trust service provider mayshall submit the report of a security audit carried out by a recognised independent body to the supervisory body to confirm that appropriate security measures have been taken.
Amendment 285 #
Proposal for a regulation
Article 15 – paragraph 2 – subparagraph 1
Article 15 – paragraph 2 – subparagraph 1
Trust service providers shall, without undue delay and where feasible not later than 24 hours after having become aware of it, and confirming that a breach has occurred, notify the competent supervisory body, the competent national body for information security and other relevant third parties such as data protection authorities of any breach of security or loss of integrity that has a significant impact on the trust service provided and on the personal data maintained therein.
Amendment 293 #
Proposal for a regulation
Article 15 – paragraph 4
Article 15 – paragraph 4
4. In order to implement paragraphs 1 and 2, the competent supervisory body shall have the power to issue binding instructions to trust service providers. The supervisory body should coordinate these binding instructions with other relevant regulatory bodies that supervise the trust service provider's activities other than the trust service provision.
Amendment 308 #
Proposal for a regulation
Article 16 – paragraph 1
Article 16 – paragraph 1
1. Qualified trust service providers shall be audited by a recognisn accredited independent body once a year to confirm that they and the qualified trust services provided by them fulfil the requirements set out in this Regulation, and shall submit the resulting securitycompliance audit report to the supervisory body.
Amendment 323 #
Proposal for a regulation
Article 17 – paragraph 1
Article 17 – paragraph 1
1. Qualified trust service providers shall notify the supervisory body of their intention to start providing a qualified trust service and shall submit to the supervisory body a security audit report carried out by a recognised independent body, as provided for in Article 16(1). Qualified trust service providers may start to provide the qualified trust service after they have submitted the notification and security audit report to the supervisory body, and only once obtained the qualified status.
Amendment 326 #
Proposal for a regulation
Article 17 – paragraph 2
Article 17 – paragraph 2
2. Once the relevant documents are submitted to the supervisory body according to paragraph 1, the qualified service providers shall be included in the trusted lists referred to in Article 18 indicating that the notificationqualified status has been submittconfirmed.
Amendment 334 #
Proposal for a regulation
Article 17 – paragraph 4
Article 17 – paragraph 4
Amendment 344 #
Proposal for a regulation
Article 19 – paragraph 2 – point c
Article 19 – paragraph 2 – point c
(c) before entering into a contractual relationship, inform any person seeking to use a qualified trust service of the precise terms and conditions regarding the use of that service, as well as the liability limits, in a clear and transparent manner;
Amendment 354 #
Proposal for a regulation
Article 19 – paragraph 5
Article 19 – paragraph 5
5. The Commission may, by means of implementing acts, establish reference numbers of standards for trustworthy systems and products. Compliance with the requirements laid down in Article 19 shall be presumed whereachieved through the compliance of trustworthy systems and products meetwith those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
Amendment 433 #
Proposal for a regulation
Article 38 – paragraph 4
Article 38 – paragraph 4
4. As soon as it adopts a delegated act, the Commission shall notify it simultaneously to the European Parliament and to the Council. The Commission may not adopt a delegated act subject to this Regulation without prior consultation of industry and relevant stakeholders.
Amendment 434 #
Proposal for a regulation
Article 39 – paragraph 1 a (new)
Article 39 – paragraph 1 a (new)
(1a) Implementing acts subject to this Regulation may not be adopted without prior consultation of industry and relevant stakeholders.
Amendment 435 #
Proposal for a regulation
Article 39 – paragraph 2
Article 39 – paragraph 2
2. Where reference is made to this paragraph, Article 54 of Regulation 182/2011 shall apply.