BETA

Activities of Jürgen CREUTZMANN related to 2012/0146(COD)

Shadow reports (1)

REPORT on the proposal for a regulation of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market PDF (1 MB) DOC (1 MB)
2016/11/22
Committee: ITRE
Dossiers: 2012/0146(COD)
Documents: PDF(1 MB) DOC(1 MB)

Shadow opinions (1)

OPINION on the proposal for a regulation of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market
2016/11/22
Committee: IMCO
Dossiers: 2012/0146(COD)
Documents: PDF(457 KB) DOC(853 KB)

Amendments (192)

Amendment 63 #
Proposal for a regulation
Recital 22
(22) To enhance people's trust in the internal market and to promote the use of trust services and products, the notions of qualified trust services and qualified trust service provider should be introduced with a view to indicating requirements and obligations to ensure high-level security of whatever qualified trust services and products are used or provided. Both qualified and advanced electronic signatures may be legally equivalent to handwritten signatures. Nothing in this Regulation shall limit the ability of any natural or legal person to demonstrate with evidence the non-reliability of any form of electronic signature. However, in case of qualified electronic signature the burden of proof when questioning the identity of the signatory shall rest with the contesting party.
2013/05/21
Committee: IMCO
Amendment 69 #
Proposal for a regulation
Recital 22
(22) To enhance people's trust in the internal market and to promote the use of trust services and products, the notions of qualified trust services and qualified trust service provider should be introduced with a view to indicating requirements and obligations to ensure high-level security of whatever qualified trust services and products are used or provided. Both qualified and advanced electronic signatures may be legally equivalent to handwritten signatures. Nothing in this Regulation should limit the ability of any natural or legal person to demonstrate with evidence the non-reliability of any form of electronic signature. However, in the case of a qualified electronic signature the burden of proof when questioning the identity of the signatory should rest with the contesting party.
2013/05/20
Committee: ITRE
Amendment 75 #
Proposal for a regulation
Article 1 – paragraph 1
1. This Regulation lays down rules for electronic identification and electronic trust services for electronic transactions with a view to ensuring the proper functioning of the internal market.
2013/05/21
Committee: IMCO
Amendment 76 #
Proposal for a regulation
Article 1 – paragraph 3
3. This Regulation establishes a legal framework for electronic signatures, electronic seals, electronic time stamps, electronic documents, and electronic delivery services and website authentication.
2013/05/21
Committee: IMCO
Amendment 78 #
Proposal for a regulation
Article 1 – paragraph 4
4. This Regulation ensures that qualified and non-qualified trust services and products which comply with this Regulation are permitted to circulate freely in the internal market.
2013/05/21
Committee: IMCO
Amendment 80 #
Proposal for a regulation
Article 2 – paragraph 1
1. This Regulation applies to electronic identification provided by, on behalf or under the responsibilityrecognized by, issued by or on behalf of Member States and to trust service providers established in the Union.
2013/05/21
Committee: IMCO
Amendment 82 #
Proposal for a regulation
Article 2 – paragraph 2
2. This Regulation does not apply to the provision of electronic trust services based on voluntthat are only provided for internal purposes within a closed group of parties. Any third party agreements under private lawwishing to contest the validity of such a trust service may not do so solely on the grounds that the trust service did not fulfil the requirements of this Regulation.
2013/05/21
Committee: IMCO
Amendment 86 #
Proposal for a regulation
Article 3 – paragraph 1 – point 1
(1) 'electronic identification' means the process of using person identification data in electronic form unambiguously representing a natural or legal person either unambiguously or to the degree necessary for the specific purpose;
2013/05/21
Committee: IMCO
Amendment 93 #
Proposal for a regulation
Article 3 – paragraph 1 – point 12
(12) 'trust service' means any electronic service consisting in the creation, verification, validation, handling and preservation of electronic signatures, electronic seals, electronic time stamps, electronic documents, electronic delivery services, website authentication, andor electronic certificates, including certificates for electronic signature and for electronic seals;
2013/05/21
Committee: IMCO
Amendment 96 #
Proposal for a regulation
Article 1 – paragraph 1
1. This Regulation lays down rules for electronic identification and electronic trust services for electronic transactions with a view to ensuring the proper functioning of the internal market.
2013/05/20
Committee: ITRE
Amendment 97 #
Proposal for a regulation
Article 3 – paragraph 1 – point 30
(30) ‘qualified certificate for website authentication’ means an attestation which makes it possible to authenticate a website and links the website to the person to whom the certificate is issued, which is issued by a qualified trust service provider and meets the requirements laid down in Annex IV;deleted
2013/05/21
Committee: IMCO
Amendment 99 #
Proposal for a regulation
Article 1 – paragraph 3
3. This Regulation establishes a legal framework for electronic signatures, electronic seals, electronic time stamps, electronic documents, and electronic delivery services and website authentication.
2013/05/20
Committee: ITRE
Amendment 100 #
Proposal for a regulation
Article 1 – paragraph 4
4. This Regulation ensures that qualified and non-qualified trust services and products which comply with this Regulation are permitted to circulate freely in the internal market.
2013/05/20
Committee: ITRE
Amendment 101 #
Proposal for a regulation
Article 2 – paragraph 1
1. This Regulation applies to electronic identification provided by, on behalf or under the responsibilityrecognized by, issued by or on behalf of Member States and to trust service providers established in the Union.
2013/05/20
Committee: ITRE
Amendment 102 #
Proposal for a regulation
Article 5 – paragraph 1
When an electronic identification using an electronic identification means and authentication is required under national legislation or administrative practice to access a service online, any electronic identification means issued in another Member State falling under a scheme included in the list published by the Commissionof the same or higher security assurance level issued in another Member State, notified pursuant to the procedure referred to in Article 7, shall be recognised and accepted for the purposes of accessing this service online six months following the publication of the list of notified schemes by the Commission.
2013/05/21
Committee: IMCO
Amendment 104 #
Proposal for a regulation
Article 2 – paragraph 2
2. This Regulation does not apply to the provision of electronic trust services based on voluntthat are only provided for internal purposes within a closed group of parties. Any third party agreements under private lawwishing to contest the validity of such a trust service may not do so solely on the grounds that the trust service did not fulfil the requirements of this Regulation.
2013/05/20
Committee: ITRE
Amendment 107 #
Proposal for a regulation
Article 6 – paragraph 1 – point a
(a) the electronic identification means are recognized by, issued by, or on behalf of or under the responsibility of the notifying Member State;
2013/05/21
Committee: IMCO
Amendment 109 #
Proposal for a regulation
Article 3 – point 1
(1) 'electronic identification' means the process of using person identification data in electronic form unambiguously representing a natural or legal person either unambiguously or to the degree necessary for the specific purpose;
2013/05/20
Committee: ITRE
Amendment 110 #
Proposal for a regulation
Article 6 – paragraph 1 – point c
(c) the notifying Member State ensures that the person identification data are attributed unambiguously to the natural or legal person referred to in Article 3 point1 either unambiguously or to the degree necessary for the specific purpose;
2013/05/21
Committee: IMCO
Amendment 112 #
Proposal for a regulation
Article 6 – paragraph 1 – point d
(d) the notifying Member State ensures the availability of an authentication possibility online, at any time and, in case of access to public services, free of charge so that any relying party outside the territory of this Member State can validate the person identification data received in electronic form. Member States shall not impose any disproportionate specific technical requirements on relying parties established outside of their territory intending to carry out such authentication. When either the notified identification scheme or authentication possibility is breached or partly compromised, Member States shall suspend or revoke without delay the notified identification scheme or authentication possibility or the compromised parts concerned and inform the other Member States and the Commission pursuant to Article 7;
2013/05/21
Committee: IMCO
Amendment 113 #
Proposal for a regulation
Article 6 – paragraph 1 – point e – introductory part
(e) the notifying Member State takes liability forensures:
2013/05/21
Committee: IMCO
Amendment 114 #
Proposal for a regulation
Article 6 – paragraph 1 – point e – point i
(i) the unambiguous attribution of the person identification data referred to in point (c), and
2013/05/21
Committee: IMCO
Amendment 119 #
Proposal for a regulation
Article 7 – paragraph 1 – point a
(a) a description of the notified electronic identification scheme and its security assurance level;
2013/05/21
Committee: IMCO
Amendment 120 #
Proposal for a regulation
Article 7 – paragraph 1 – point c
(c) information on by whomich entity the registration of the unambiguous person identifiers is managed;
2013/05/21
Committee: IMCO
Amendment 122 #
Proposal for a regulation
Article 7 – paragraph 1 – point d
(d) a description of the authentication possibility and any technical requirements imposed on relying parties;
2013/05/21
Committee: IMCO
Amendment 125 #
Proposal for a regulation
Article 7 – paragraph 2
2. Six months after the entry into force of the Regulation, the Commission shall publish in the Official Journal of the European Union as well as on a publicly available website the list of the electronic identification schemes which were notified pursuant to paragraph 1 and the basic information thereon.
2013/05/21
Committee: IMCO
Amendment 127 #
Proposal for a regulation
Article 3 – point 12
(12) ‘trust service’ means any electronic service consisting in the creation, verification, validation, handling and preservation of electronic signatures, electronic seals, electronic time stamps, electronic documents, electronic delivery services, website authentication, andor electronic certificates, including certificates for electronic signature and for electronic seals;
2013/05/20
Committee: ITRE
Amendment 127 #
Proposal for a regulation
Article 7 a (new)
Article 7a Liability 1. The notifying Member State shall be liable with regard to electronic identification means issued by it or on its behalf for any direct damage caused by non-compliance with obligations under Article 6, unless it can show that it has not acted negligently. 2. The issuer of an electronic identification means recognized and notified by a Member State pursuant to the procedure referred to in Article 7 shall be liable for failure to ensure – (i) the unambiguous attribution of the person identification data, and – (ii) the authentication possibility, unless he can show that he has not acted negligently.
2013/05/21
Committee: IMCO
Amendment 131 #
Proposal for a regulation
Article 8 – title
Coordination Interoperability and coordination
2013/05/21
Committee: IMCO
Amendment 136 #
Proposal for a regulation
Article 8 – paragraph 3
3. The Commission shall be empowered to adopt delegatedimplementing acts in accordance with Article 38 concerning the facilitation ofing to the examination procedure referred to in Article 39 (2) establishing standards and technical requirements for cross border interoperability and security of electronic identification means by setting of minimum technical requirements.
2013/05/21
Committee: IMCO
Amendment 137 #
Proposal for a regulation
Article 3 – point 30
(30) ‘qualified certificate for website authentication’ means an attestation which makes it possible to authenticate a website and links the website to the person to whom the certificate is issued, which is issued by a qualified trust service provider and meets the requirements laid down in Annex IV;deleted
2013/05/20
Committee: ITRE
Amendment 139 #
Proposal for a regulation
Article 9 – paragraph 1
1. A trust service provider shall be liable for any direct damage caused to any natural or legal person due to failure to comply with the obligations laid down in Article 15(1), unless the trust service provider can prove that he has not acted negligently.deleted
2013/05/21
Committee: IMCO
Amendment 143 #
Proposal for a regulation
Article 9 – paragraph 2 - subparagraph 1
2. A qualified trust service provider shall be liable for: (a) any direct damage caused to any natural or legal person due to failure to meet the requirements laid down in this Regulation, in particular in Article 19, unless the qualified trust service provider can prove that he has not acted negligently. (b) point (a) shall apply mutatis mutandis where he guaranteed, pursuant to Article 11 paragraph 1 point (b), for the compliance with the requirements of this Regulation by a qualified trust service provider established in a third country, unless the qualified trust service provider established in the Union can prove that the former has not acted negligently.
2013/05/21
Committee: IMCO
Amendment 145 #
Proposal for a regulation
Article 5
When an electronic identification using an electronic identification means and authentication is required under national legislation or administrative practice to access a service online, any electronic identification means issued in another Member State falling under a scheme included in the list published by the Commissionof the same or higher security assurance level issued in another Member State, notified pursuant to the procedure referred to in Article 7, shall be recognised and accepted for the purposes of accessing this service online 6 months following the publishing of the list of notified schemes by the Commission.
2013/05/20
Committee: ITRE
Amendment 146 #
Proposal for a regulation
Article 10 – title
TQualified trust services providers from thirdcountries third countries
2013/05/21
Committee: IMCO
Amendment 147 #
Proposal for a regulation
Article 10 – paragraph 1
1. Qualified trust services and qualified certificates provided by qualified trust service providers established in a third country shall be accepted as qualified trust services and qualified certificates provided by a qualified trust service providers established in the territory of the Union if: (a) the qualified trust service provider fulfils the requirements laid down in this Regulation and has been accredited under a voluntary accreditation scheme established in a Member State; or (b) the qualified trust service provider established within the Union which fulfils the requirements laid down in this Regulation guarantees the compliance with the requirements laid down in this Regulation; or (c) the qualified trust services or qualified certificates originating from the third country are recognised under an agreement between the Union and third countries or international organisations in accordance with Article 218 TFUE.
2013/05/21
Committee: IMCO
Amendment 154 #
Proposal for a regulation
Article 6 – paragraph 1 – point a
(a) the electronic identification means are issued by, on behalf of or under the responsibilityrecognised by, issued by or on behalf of the notifying Member State;
2013/05/20
Committee: ITRE
Amendment 156 #
Proposal for a regulation
Article 11 – paragraph 4 a (new)
4a. Processing of personal data by or on behalf of the trust service provider, where strictly necessary to ensure network and information security for the purpose of complying with the requirements of Articles 11, 15, 16 and 19, shall be considered a legitimate interest in the meaning of Article 7 paragraph (f) of Directive 95/46/EC.
2013/05/21
Committee: IMCO
Amendment 160 #
Proposal for a regulation
Article 12
Trust services provided and end user products used in the provision of those services shall be made accessible for persons with disabilities whenever reasonably possible.
2013/05/21
Committee: IMCO
Amendment 161 #
Proposal for a regulation
Article 13 – paragraph 1
1. Member States shall designate an appropriate supervisory body established in their territory or, upon mutual agreement, in another Member State under the responsibility of the designating Member State. Supervisory bodies shall be given all supervisory and investigatory powers that areThe designated supervisory body, its addresses and the names of responsible persons shall be communicated to the Commission. Supervisory bodies shall be given adequate resources necessary for the exercise of their tasks.
2013/05/21
Committee: IMCO
Amendment 162 #
Proposal for a regulation
Article 13 – paragraph 2 – introductory part
2. The supervisory body shall be responsible for the performance ofperform the following tasks:
2013/05/21
Committee: IMCO
Amendment 163 #
Proposal for a regulation
Article 13 – paragraph 2 – point a
(a) monitoringensuring that trust service providers and qualified trust service providers established in the territory of the designating Member State to ensure that they fulfil the requirements laid down in Article 15of this Regulation;
2013/05/21
Committee: IMCO
Amendment 164 #
Proposal for a regulation
Article 6 – paragraph 1 – point c
(c) the notifying Member State ensures that the person identification data are attributed unambiguously to the natural or legal person referred to in Article 3 point 1 either unambiguously or to the degree necessary for the specific purpose;
2013/05/20
Committee: ITRE
Amendment 165 #
Proposal for a regulation
Article 13 – paragraph 2 – point b
(b) undertaking supervision of qualified trust service providers established in the territory of the designating Member State and of the qualified trust services they provide in order to ensure that they and the qualified trust services provided by them meet the applicable requirements laid down in this Regulation;deleted
2013/05/21
Committee: IMCO
Amendment 166 #
Proposal for a regulation
Article 13 – paragraph 2 – point c
(c) ensuring that relevant information and data referred to in point (g) of Article 19(2), and recorded by qualified trust service providers are preserved and kept accessible after the activities of a qualified trust service provider have ceased, for an appropriate time, in particular considering the validity period of the services, with a view to guaranteeing continuity of the service.
2013/05/21
Committee: IMCO
Amendment 167 #
Proposal for a regulation
Article 13 – paragraph 3 – point c
(c) statistics on the market and usage of qualified trust services, including information on qualified trust service providers themselves, the qualified trust services they provide, the products they use and the general description of their customers.deleted
2013/05/21
Committee: IMCO
Amendment 168 #
Proposal for a regulation
Article 6 – paragraph 1 – point d
(d) the notifying Member State ensures the availability of an authentication possibility online, at any time and, in case of access to public services, free of charge so that any relying party outside the territory of this Member State can validate the person identification data received in electronic form. Member States shall not impose any disproportionate specific technical requirements on relying parties established outside of their territory intending to carry out such authentication. When either the notified identification scheme or authentication possibility is breached or partly compromised, Member States shall suspend or revoke without delay the notified identification scheme or authentication possibility or the compromised parts concerned and inform the other Member States and the Commission pursuant to Article 7;
2013/05/20
Committee: ITRE
Amendment 168 #
Proposal for a regulation
Article 13 – paragraph 4
4. Member States shall notify to the Commission and other Member States the names and the addresses of their respective designated supervisory bodies.deleted
2013/05/21
Committee: IMCO
Amendment 172 #
Proposal for a regulation
Article 6 – paragraph 1 – point e – introductory part
(e) the notifying Member State takes liability forensures:
2013/05/20
Committee: ITRE
Amendment 172 #
Proposal for a regulation
Article 13 – paragraph 6
6. The Commission may, by means of implementing acts, define the circumstances, formats and procedures for the report referred to in paragraph 3. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).
2013/05/21
Committee: IMCO
Amendment 174 #
Proposal for a regulation
Article 6 – paragraph 1 – point e – point i
(i) the unambiguous attribution of the person identification data referred to in point (c), and
2013/05/20
Committee: ITRE
Amendment 174 #
Proposal for a regulation
Article 14 – paragraph 1
1. Supervisory bodies shall cooperate with a view to exchangeing good practice and provide each other, within the shortest possible time, with relevant information and mutual. They shall, upon justified requests, provide each other with assistance so that activities can be carried out in a consistent manner. MutualRequests for assistance shallmay cover, in particular, information requests and supervisory measures, such as requests to carry out inspections related to the securitycompliance audits as referred to in Articles 15, 16 and 17.
2013/05/21
Committee: IMCO
Amendment 175 #
Proposal for a regulation
Article 14 – paragraph 2 – introductory part
2. A supervisory body to whichmay refuse a request for assistance is addressed may not refuse to comply with it unlessf:
2013/05/21
Committee: IMCO
Amendment 176 #
Proposal for a regulation
Article 14 – paragraph 2 – point b
(b) compliance with the request would be incompatible withgo beyond the tasks and powers of the supervisory body set out in this Regulation.
2013/05/21
Committee: IMCO
Amendment 178 #
Proposal for a regulation
Article 7 – paragraph 1 – point a
(a) a description of the notified electronic identification scheme and its security assurance level;
2013/05/20
Committee: ITRE
Amendment 179 #
Proposal for a regulation
Article 14 – paragraph 3 – subparagraph 1
3. Where appropriate, supervisory bodies may carry out joint investigations in which staff from other Member States’ supervisory bodies is involvedsupervisory actions.
2013/05/21
Committee: IMCO
Amendment 180 #
Proposal for a regulation
Article 14 – paragraph 3 – subparagraph 2
The supervisory body of the Member State where the investigation is to take place, in compliance with its own national law, may devolve investigative tasks to the assisted supervisory body's staff. Such powers may be exercised only under the guidance and in the presence of staff from the host supervisory body. The assisted supervisory body's staff shall be subject to the host supervisory body's national law. The host supervisory body shall assume responsibility for the assisted supervisory body staff's actions.deleted
2013/05/21
Committee: IMCO
Amendment 181 #
Proposal for a regulation
Article 14 – paragraph 4
4. The Commission may, by means of implementing acts, specify the formats and procedures for the mutual assistance provided for in this Article. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).deleted
2013/05/21
Committee: IMCO
Amendment 183 #
Proposal for a regulation
Article 15 – paragraph 1 – subparagraph 1
1. Trust service providers who are established in the territory of the Union shall take appropriate technical and organisational measures to manage the risks posed to the security of the trust services they provide. Having regard to state of the art, these measures shall ensure that thethe technological development, these measures shall fully respect the data protection rights and ensure a level of security is appropriate to the degree of risk. In particular, measures shall be taken to prevent and minimise the impact of security incidents and inform stakeholders of adverse effects of any significant incidents.
2013/05/21
Committee: IMCO
Amendment 184 #
Proposal for a regulation
Article 7 – paragraph 1 – point c
(c) information on by whomwhich entity the registration of the unambiguous person identifiers is managed;
2013/05/20
Committee: ITRE
Amendment 184 #
Proposal for a regulation
Article 15 – paragraph 1 – subparagraph 2
Without prejudice to Article 16(1), any trust service provider mayshall, without undue delay and not later than 6 months following the commencement of its activities, submit the report of a securitycompliance audit carried out by a recognised independent body to the supervisory body to confirm that appropriate security measures have been taken.
2013/05/21
Committee: IMCO
Amendment 185 #
Proposal for a regulation
Article 15 – paragraph 2 – subparagraph 1
1. Trust service providers shall, without undue delay and where feasible not later than 24 hours after having become aware of it, notify the competent supervisory body and, where appropriate, the competent national body for information security and other relevant third parties such as data protection authorities of any breach of security or loss of integrity that has a significant impact on the trust service provided and on the personal data maintained therein.
2013/05/21
Committee: IMCO
Amendment 186 #
Proposal for a regulation
Article 7 – paragraph 1 – point d
(d) a description of the authentication possibility and any technical requirements imposed on relying parties;
2013/05/20
Committee: ITRE
Amendment 186 #
Proposal for a regulation
Article 15 – paragraph 2 – subparagraph 2
Where appropriate, in particular if a breach of security or loss of integrity concerns two or more Member States, the supervisory body concerned shall inform supervisory bodies in otherse Member States and the European Network and Information Security Agency (ENISA).
2013/05/21
Committee: IMCO
Amendment 188 #
Proposal for a regulation
Article 15 – paragraph 2 – subparagraph 3
The supervisory body concerned, in consultation with the trust service provider, may also inform the public or require the trust service provider to do so, where it determines that disclosure of the breach is in the public interest.
2013/05/21
Committee: IMCO
Amendment 189 #
Proposal for a regulation
Article 15 – paragraph 4
4. In order to implementensure compliance with paragraphs 1 and 2, the competent supervisory body shall have the power to issue binding instructions to trust service providers.
2013/05/21
Committee: IMCO
Amendment 190 #
Proposal for a regulation
Article 7 – paragraph 2
2. Six months after the entry into force of the Regulation, the Commission shall publish in the Official Journal of the European Union as well as on a publicly available website the list of the electronic identification schemes which were notified pursuant to paragraph 1 and the basic information thereon.
2013/05/20
Committee: ITRE
Amendment 190 #
Proposal for a regulation
Article 15 – paragraph 5
5. The Commission shall be empowered to adopt delegated acts, in accordance with Article 38, concerning the further specification of the measures referred to in paragraph 1.
2013/05/21
Committee: IMCO
Amendment 191 #
Proposal for a regulation
Article 15 – paragraph 6
6. The Commission may, by means of implementing acts, define the circumstances,further specification of the measures referred to in paragraph 1 and formats and procedures, including deadlines, applicable for the purpose of paragraphs 1 to 3. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).
2013/05/21
Committee: IMCO
Amendment 193 #
Proposal for a regulation
Article 7 a (new)
Article 7a Liability 1. The notifying Member State shall be liable with regard to electronic identification means issued by it or on its behalf for any direct damage caused by non-compliance with obligations under Article 6, unless it can show that it has not acted negligently. 2. The issuer of an electronic identification means recognized and notified by a Member State pursuant to the procedure referred to in Article 7 shall be liable for failure to ensure – (i) the unambiguous attribution of the person identification data, and – (ii) the authentication possibility, unless he can show that he has not acted negligently.
2013/05/20
Committee: ITRE
Amendment 194 #
Proposal for a regulation
Article 16 – paragraph 1
1. Qualified trust service providers shall be audited by a recognised independent body once a yearevery two years and following any significant technological or organizational changes to confirm that they and the qualified trust services provided by them fulfil the requirements set out in this Regulation, and shall submit the resulting securitycompliance audit report to the supervisory body.
2013/05/21
Committee: IMCO
Amendment 195 #
Proposal for a regulation
Article 8 – title
CInteroperability and coordination
2013/05/20
Committee: ITRE
Amendment 195 #
Proposal for a regulation
Article 16 – paragraph 2
2. Without prejudice to paragraph 1, in case of substantiated doubts, the supervisory body may at any time audit the qualified trust service providers to confirm that they and the qualified trust services provided by them still meet the conditions set out in this Regulation, either on its own initiative or in response to a request from the Commissiona supervisory body in another Member State. The supervisory body shall inform the data protection authorities of the results of its audits, in case personal data protection rules appear to have been breached.
2013/05/21
Committee: IMCO
Amendment 197 #
Proposal for a regulation
Article 16 – paragraph 3
3. The supervisory body shall have the power to issue binding instructions to qualified trust service providers to remedy any failure to fulfil the requirements indicated in the security audit reportset out in this Regulation.
2013/05/21
Committee: IMCO
Amendment 199 #
Proposal for a regulation
Article 16 – paragraph 6
6. The Commission may, by means of implementing acts, define the circumstances, procedures and formats applicable for the purpose of paragraphs 1, 2 and 4. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).
2013/05/21
Committee: IMCO
Amendment 202 #
Proposal for a regulation
Article 17 – paragraph 1
1. Qualified tTrust service providers shall notify the supervisory body of their intention to start providinge a qualified trust service and shall submit to the supervisory body a security audit report carried out by a recognised independent body, as provided for in Article 16(1). Qualified trust service providers may start to provide the qualified trust service after they have submitted the notification and security audit report to the supervisory body.
2013/05/21
Committee: IMCO
Amendment 204 #
Proposal for a regulation
Article 8 – paragraph 3
3. The Commission shall, be empowered to adopt delegated acts in accordance with Article 38 concerning the facilitation ofy means of implementing acts, establish standards and technical requirements for cross border interoperability and security of electronic identification means by setting of minimum technical requirements.. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2)
2013/05/20
Committee: ITRE
Amendment 205 #
Proposal for a regulation
Article 9 – paragraph 1
1. A trust service provider shall be liable for any direct damage caused to any natural or legal person due to failure to comply with the obligations laid down in Article 15(1), unless the trust service provider can prove that he has not acted negligently.deleted
2013/05/20
Committee: ITRE
Amendment 205 #
Proposal for a regulation
Article 17 – paragraph 2
2. Once the relevant documents are submitted to the supervisory body according to paragraph 1, the qualified service providers shall be included in the trusted lists referred to in Article 18 indicating that the notification has been submittedaccording to paragraph 1, the supervisory body shall verify the compliance of the trust service provider and of the trust services to be provided by it with the requirements of this Regulation. If the verification process confirms compliance, the supervisory body shall grant the status of a qualified trust service provider and the qualified trust service provider may start to provide the qualified trust service.
2013/05/21
Committee: IMCO
Amendment 206 #
Proposal for a regulation
Article 17 – paragraph 3 – subparagraph 1
The supervisory body shall verify the compliance of the qualified trust service provider and of the qualified trust services provided by it with the requirements of the Regulation.deleted
2013/05/21
Committee: IMCO
Amendment 210 #
Proposal for a regulation
Article 17 – paragraph 3 – subparagraph 2
The supervisory body shall indicate the qualified status of the qualified service providers and the qualified trust services they provide in the trusted lists after the positive conclusion of the verification, not later than one month after the notification has been done in accordance with paragraph 1 process without undue delay and not later than two weeks.
2013/05/21
Committee: IMCO
Amendment 211 #
Proposal for a regulation
Article 9 – paragraph 2 a (new)
2a. Paragraph 2 shall apply mutatis mutandis where he guaranteed, pursuant to Article 11 paragraph 1 point (b), for the compliance with the requirements of this Regulation by a qualified trust service provider established in a third country, unless the qualified trust service provider established in the Union can prove that the former has not acted negligently.
2013/05/20
Committee: ITRE
Amendment 211 #
Proposal for a regulation
Article 17 – paragraph 3 – subparagraph 3
If the verification is not concluded within one month, the supervisory body shall inform the qualified trust service provider specifying the reasons of the delay and the period by which the verification shall be concluded. The total period may not exceed 3 months.
2013/05/21
Committee: IMCO
Amendment 212 #
Proposal for a regulation
Article 17 – paragraph 4
4. A qualified trust service which has been subject to the notification referred to in paragraph 1 cannot be refused for the fulfilment of an administrative procedure or formality by the concerned public sector body for not being included in the lists referred to in paragraph 3.deleted
2013/05/21
Committee: IMCO
Amendment 214 #
Proposal for a regulation
Article 17 – paragraph 5
5. The Commission may, by means of implementing acts, define the circumstances, formats and procedures for the purpose of paragraphs 1, 2 and.3 Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).
2013/05/21
Committee: IMCO
Amendment 216 #
Proposal for a regulation
Article 10 – title
TQualified trust services providers from third countries
2013/05/20
Committee: ITRE
Amendment 216 #
Proposal for a regulation
Article 18 – paragraph 2
2. Member States shall establish, maintain and publish, in a secure manner, electronically signed or sealed trusted lists provided for in paragraph 1 in a form suitable for automated processing. of both the list itself as well as the individual certificates.
2013/05/21
Committee: IMCO
Amendment 217 #
Proposal for a regulation
Article 10 – paragraph 1
1. Qualified trust services and qualified certificates provided by qualified trust service providers established in a third country shall be accepted as qualified trust services and qualified certificates provided by a qualified trust service providers established in the territory of the Union if: (a) the qualified trust service provider fulfils the requirements laid down in this Regulation and has been accredited under a voluntary accreditation scheme established in a Member State; or (b) a qualified trust service provider established within the Union which fulfils the requirements laid down in this Regulation guarantees the compliance with the requirements of this Regulation; or (c) the qualified trust services or qualified certificates originating from the third country are recognised under an agreement between the Union and third countries or international organisations in accordance with Article 218 TFUE.
2013/05/20
Committee: ITRE
Amendment 217 #
Proposal for a regulation
Article 18 – paragraph 5
5. The Commission shall be empowered to adopt delegated acts in accordance with Article 38 concerning the definition of the information referred to in paragraph 1.
2013/05/21
Committee: IMCO
Amendment 218 #
Proposal for a regulation
Article 18 – paragraph 6
6. The Commission may, by means of implementing acts, specify the information referred to in paragraph and define the technical specifications and formats for trusted lists applicable for the purposes of paragraphs 1 to 4. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).
2013/05/21
Committee: IMCO
Amendment 219 #
Proposal for a regulation
Article 19 – paragraph 1 – subparagraph 1
When issuing a qualified certificate, a qualified trust service provider shall verify, by appropriate means and in accordance with national and Union law, the identity and, if applicable, any specific attributes of the natural or legal person to whom a qualified certificate is issued.
2013/05/21
Committee: IMCO
Amendment 220 #
Proposal for a regulation
Article 19 – paragraph 2 – point b
(b) bear the risk of liability for damages byshall take appropriate precautions with regard to its liability for damages under this Regulation by, in particular, maintaining sufficient financial resources or by an appropriateeffecting a liability insurance scheme;
2013/05/21
Committee: IMCO
Amendment 222 #
Proposal for a regulation
Article 19 – paragraph 2 – point d
(d) use trustworthy systems and products which are protected against unauthorized modification and guarantee the technical security and reliability of the process supported by them;
2013/05/21
Committee: IMCO
Amendment 223 #
Proposal for a regulation
Article 19 – paragraph 2 – point e – introductory part
(e) use trustworthy systems to store data provided to them, in a verifiable form so that:
2013/05/21
Committee: IMCO
Amendment 225 #
Proposal for a regulation
Article 19 – paragraph 2 – point e – indent 1
– they are publicly available for retrieval only where national or Union law allows for this or where the consent of the person to whom the data has been issued has been obtained,
2013/05/21
Committee: IMCO
Amendment 226 #
Proposal for a regulation
Article 19 – paragraph 2 – point g
(g) record for an appropriate period of time, regardless of whether the qualified trust service provider has ceased to provide qualified trust services, all relevant information concerning data issued and received by the qualified trust service provider, in particular for the purpose of providing evidence in legal proceedings. Such recording may be done electronically;
2013/05/21
Committee: IMCO
Amendment 227 #
Proposal for a regulation
Article 11 – paragraph 4 a (new)
4 a. Processing of personal data by or on behalf of the trust service provider, where strictly necessary to ensure network and information security for the purpose of complying with the requirements of Articles 11, 15, 16 and 19, shall be considered a legitimate interest in the meaning of point (f) of Article 7 of Directive 95/46/EC.
2013/05/20
Committee: ITRE
Amendment 228 #
Proposal for a regulation
Article 19 – paragraph 3
3. Qualified trust service providers issuing qualified certificates shall register in their certificate database the revocation of the certificate within ten minutes after such revocation has taken effectout undue delay.
2013/05/21
Committee: IMCO
Amendment 229 #
Proposal for a regulation
Article 19 – paragraph 4
4. With regard to paragraph 3, qualified trust service providers issuing qualified certificates shall provide to any relying party information on the validity or revocation status of qualified certificates issued by them. This information shall be made available at any time at least on a certificate basis in an automated manner which is reliable, free of charge and efficient.
2013/05/21
Committee: IMCO
Amendment 230 #
Proposal for a regulation
Article 12
Trust services provided and end user products used in the provision of those services shall be made accessible for persons with disabilities whenever reasonably possible.
2013/05/20
Committee: ITRE
Amendment 231 #
Proposal for a regulation
Article 19 – paragraph 5
5. The Commission may, by means of implementing acts, establish reference numbers of standards for trustworthy systems and products. C, for which compliance with the requirements laid down in Article 19 shall be presumed where trustworthy systems and products meet those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
2013/05/21
Committee: IMCO
Amendment 232 #
Proposal for a regulation
Article 13 – paragraph 1
1. Member States shall designate an appropriate supervisory body established in their territory or, upon mutual agreement, in another Member State under the responsibility of the designating Member State. Supervisory bodies shall be given all supervisory and investigatory powers that areThe designated supervisory body, its addresses and the names of responsible persons shall be communicated to the Commission. Supervisory bodies shall be given adequate resources necessary for the exercise of their tasks.
2013/05/20
Committee: ITRE
Amendment 235 #
Proposal for a regulation
Article 13 – paragraph 2 – introductory part
2. The supervisory body shall be responsible for the performance ofperform the following tasks:
2013/05/20
Committee: ITRE
Amendment 235 #
Proposal for a regulation
Article 20 – paragraph 2
2. A qualified electronic signature shall have the equivalent legal effect of a handwritten signature.satisfy the legal requirements of a signature in relation to data in electronic form in the same manner as a handwritten signature satisfies those requirements in relation to paper-based data;
2013/05/21
Committee: IMCO
Amendment 236 #
Proposal for a regulation
Article 13 – paragraph 2 – point a
(a) monitoringensuring that trust service providers and qualified trust service providers established in the territory of the designating Member State to ensure that they fulfil the requirements laid down in Article 15of this Regulation;
2013/05/20
Committee: ITRE
Amendment 239 #
Proposal for a regulation
Article 13 – paragraph 2 – point b
(b) undertaking supervision of qualified trust service providers established in the territory of the designating Member State and of the qualified trust services they provide in order to ensure that they and the qualified trust services provided by them meet the applicable requirements laid down in this Regulation;deleted
2013/05/20
Committee: ITRE
Amendment 239 #
Proposal for a regulation
Article 20 – paragraph 3
3. Qualified electronic signatures shall be recognised and accepted in all Member States.deleted
2013/05/21
Committee: IMCO
Amendment 244 #
Proposal for a regulation
Article 20 – paragraph 4
4. If an electronic signature with a security assurance level below qualified electronic signature is required, in particular by a Member State for accessing a service online offered by a public sector body, on the basis of an appropriate assessment of the risks involved in such a service, all electronic signatures matching at least the same security assurance level shall be recognised and accepted.
2013/05/21
Committee: IMCO
Amendment 245 #
Proposal for a regulation
Article 13 – paragraph 2 – point c
(c) ensuring that relevant information and data referred to in point (g) of Article 19(2), and recorded by qualified trust service providers are preserved and kept accessible after the activities of a qualified trust service provider have ceased, for an appropriate time, in particular considering the validity period of the services, with a view to guaranteeing continuity of the service.
2013/05/20
Committee: ITRE
Amendment 245 #
Proposal for a regulation
Article 20 – paragraph 6
6. The Commission shall be empowered to adopt delegated acts in accordance with Article 38 concerning the definition of the different security levels of electronic signature referred to in paragraph 4.
2013/05/21
Committee: IMCO
Amendment 247 #
Proposal for a regulation
Article 20 – paragraph 7
7. The Commission mayshall, by means of implementing acts, establish definitions of the different security levels of electronic signatures referred to in paragraph 4 and reference numbers of standards for the security levels of electronic signatures. Compliance with thea defined security level defined in a delegated act adopted pursuant to paragraph 6 shall be presumed when an electronic signature meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
2013/05/21
Committee: IMCO
Amendment 248 #
Proposal for a regulation
Article 21 – paragraph 2
2. Qualified certificates for electronic signature for cross border use shall not be subject to any mandatory requirement exceeding the requirements laid down in Annex I.
2013/05/21
Committee: IMCO
Amendment 249 #
Proposal for a regulation
Article 21 – paragraph 4
4. The Commission shall be empowered to adopt delegated acts in accordance with Article 38 concerning the further specification of the requirements laid down in Annex I.
2013/05/21
Committee: IMCO
Amendment 251 #
Proposal for a regulation
Article 21 – paragraph 5
5. The Commission may, by means of implementing acts, specify the requirements laid down in Annex I and establish reference numbers of standards for qualified certificates for electronic signature. Compliance with the requirements laid down in Annex I shall be presumed where a qualified certificate for electronic signature meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
2013/05/21
Committee: IMCO
Amendment 253 #
Proposal for a regulation
Article 13 – paragraph 3 – point c
(c) statistics on the market and usage of qualified trust services, including information on qualified trust service providers themselves, the qualified trust services they provide, the products they use and the general description of their customers.deleted
2013/05/20
Committee: ITRE
Amendment 255 #
Proposal for a regulation
Article 13 – paragraph 4
4. Member States shall notify to the Commission and other Member States the names and the addresses of their respective designated supervisory bodies.deleted
2013/05/20
Committee: ITRE
Amendment 256 #
Proposal for a regulation
Article 26 – paragraph 1 – point b
(b) allows relying parties to receive the result of the validation process in an automated manner which is reliable, efficient and bearing the advanced electronic signature or advanced electronic seal of the provider of the qualified validation service.
2013/05/21
Committee: IMCO
Amendment 259 #
Proposal for a regulation
Article 13 – paragraph 6
6. The Commission may, by means of implementing acts, define the circumstances, formats and procedures for the report referred to in paragraph 3. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).
2013/05/20
Committee: ITRE
Amendment 261 #
Proposal for a regulation
Article 14 – paragraph 1
1. Supervisory bodies shall cooperate with a view to exchangeing good practice and provide each other, within the shortest possible time, with relevant information and mutual. They shall, upon justified requests, provide each other assistance so that activities can be carried out in a consistent manner. MutualRequests for assistance shallmay cover, in particular, information requests and supervisory measures, such as requests to carry out inspections related to the securitycompliance audits as referred to in Articles 15, 16 and 17.
2013/05/20
Committee: ITRE
Amendment 263 #
Proposal for a regulation
Article 14 – paragraph 2 – introductory part
2. A supervisory body to whichmay refuse a request for assistance is addressed may not refuse to comply with it unlessf:
2013/05/20
Committee: ITRE
Amendment 264 #
Proposal for a regulation
Article 28 – paragraph 2
2. A qualified electronic seal shall enjoy the legal presumption of ensuring the originensures the identity of the creator and integrity of the data to which it is linked.
2013/05/21
Committee: IMCO
Amendment 267 #
Proposal for a regulation
Article 14 – paragraph 2 – point b
(b) compliance with the request would be incompatible withgo beyond the tasks and powers of the supervisory body set out in this Regulation.
2013/05/20
Committee: ITRE
Amendment 267 #
Proposal for a regulation
Article 28 – paragraph 3
3. A qualified electronic seal shall be recognised and accepted in all Member States.
2013/05/21
Committee: IMCO
Amendment 270 #
Proposal for a regulation
Article 14 – paragraph 3 – subparagraph 1
Where appropriate, supervisory bodies may carry out joint investigations in which staff from other Member States‘ supervisory bodies is involvedsupervisory actions.
2013/05/20
Committee: ITRE
Amendment 270 #
Proposal for a regulation
Article 28 – paragraph 4
4. If an electronic seal security assurance level below the qualified electronic seal is required, in particular by a Member State for accessing a service online offered by a public sector body on the basis of an appropriate assessment of the risks involved in such a service, all electronic seals matching at a minimum the same security assurance level shall be accepted.
2013/05/21
Committee: IMCO
Amendment 271 #
Proposal for a regulation
Article 14 – paragraph 3 – subparagraph 2
The supervisory body of the Member State where the investigation is to take place, in compliance with its own national law, may devolve investigative tasks to the assisted supervisory body's staff. Such powers may be exercised only under the guidance and in the presence of staff from the host supervisory body. The assisted supervisory body's staff shall be subject to the host supervisory body's national law. The host supervisory body shall assume responsibility for the assisted supervisory body staff's actions.deleted
2013/05/20
Committee: ITRE
Amendment 272 #
Proposal for a regulation
Article 14 – paragraph 4
4. The Commission may, by means of implementing acts, specify the formats and procedures for the mutual assistance provided for in this Article. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).deleted
2013/05/20
Committee: ITRE
Amendment 272 #
Proposal for a regulation
Article 28 – paragraph 5
5. Member States shall not request for accessing cross border a service online offered by a public sector body an electronic seal with higher security assurance level than qualified electronic seals.
2013/05/21
Committee: IMCO
Amendment 273 #
Proposal for a regulation
Article 28 – paragraph 6
6. The Commission shall be empowered to adopt delegated acts in accordance with Article 38 concerning the definition of different security assurance levels of electronic seals referred to in paragraph 4.
2013/05/21
Committee: IMCO
Amendment 275 #
Proposal for a regulation
Article 28 – paragraph 7
7. The Commission may, by means of implementing acts, define different security assurance levels of electronic seals referred to in paragraph 4 and establish reference numbers of standards for the security assurance levels of electronic seals. Compliance with the security assurance level defined in a delegated act adopted pursuant to paragraph 6 shall be presumed when an electronic seal meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
2013/05/21
Committee: IMCO
Amendment 276 #
Proposal for a regulation
Article 15 – paragraph 1 – subparagraph 1
Trust service providers who are established in the territory of the Union shall take appropriate technical and organisational measures to manage the risks posed to the security of the trust services they provide. Having regard to state of the art, these measures shall ensure that thethe technological development, these measures shall fully respect the data protection rights and ensure a level of security is appropriate to the degree of risk. In particular, measures shall be taken to prevent and minimise the impact of security incidents and inform stakeholders of adverse effects of any significant incidents.
2013/05/20
Committee: ITRE
Amendment 276 #
Proposal for a regulation
Article 29 – paragraph 2
2. Qualified certificates for electronic seal for cross border use shall not be subject to any mandatory requirements exceeding the requirements laid down in Annex III.
2013/05/21
Committee: IMCO
Amendment 279 #
Proposal for a regulation
Article 15 – paragraph 1 – subparagraph 2
Without prejudice to Article 16(1), any trust service provider mayshall, without undue delay and not later than 6 months following the commencement of its activities, submit the report of a securitycompliance audit carried out by a recognised independent body to the supervisory body to confirm that appropriate security measures have been taken.
2013/05/20
Committee: ITRE
Amendment 284 #
Proposal for a regulation
Article 15 – paragraph 2 – subparagraph 1
Trust service providers shall, without undue delay and where feasible not later than 24 hours after having become aware of it, notify the competent supervisory body and, where appropriate, the competent national body for information security and other relevant third parties such as data protection authorities of any breach of security or loss of integrity that has a significant impact on the trust service provided and on the personal data maintained therein.
2013/05/20
Committee: ITRE
Amendment 286 #
Proposal for a regulation
Article 34 – paragraph 1
1. An electronic document shall be considered as equivalent to a paper document and admissible as evidence in legal proceedings, having regard to its assurance level of authenticity and integrity.
2013/05/21
Committee: IMCO
Amendment 287 #
Proposal for a regulation
Article 15 – paragraph 2 – subparagraph 2
Where appropriate, in particular if a breach of security or loss of integrity concerns two or more Member States, the supervisory body concerned shall inform supervisory bodies in otherse Member States and the European Network and Information Security Agency (ENISA).
2013/05/20
Committee: ITRE
Amendment 289 #
Proposal for a regulation
Article 15 – paragraph 2 – subparagraph 3
The supervisory body concerned, in consultation with the trust service provider, may also inform the public or require the trust service provider to do so, where it determines that disclosure of the breach is in the public interest.
2013/05/20
Committee: ITRE
Amendment 290 #
Proposal for a regulation
Article 34 – paragraph 2
2. A document bearing a qualified electronic signature or a qualified electronic seal of the person who is competent to issue the relevant document, shall enjoy legal presumption of its authenticity and integrity provided the document does not contain any dynamic features capable of automatically changing the document.
2013/05/21
Committee: IMCO
Amendment 293 #
Proposal for a regulation
Article 34 – paragraph 3
3. When an original document or a certified copy is required for the provision of a service online offered by a public sector body, at least electronic documents issuelectronically signed or sealed by the persons who are competent to issue the relevant documents and that are considered to be originals or certified copies in accordance with national law of the Member State of origin, shall be accepted in other Member States without additional requirements.
2013/05/21
Committee: IMCO
Amendment 296 #
Proposal for a regulation
Article 15 – paragraph 4
4. In order to implementensure compliance with paragraphs 1 and 2, the competent supervisory body shall have the power to issue binding instructions to trust service providers.
2013/05/20
Committee: ITRE
Amendment 299 #
Proposal for a regulation
Article 15 – paragraph 5
5. The Commission shall be empowered to adopt delegated acts, in accordance with Article 38, concerning the further specification of the measures referred to in paragraph 1.
2013/05/20
Committee: ITRE
Amendment 302 #
Proposal for a regulation
Chapter 3 – section 8 - Title
Website authentication deleted
2013/05/21
Committee: IMCO
Amendment 303 #
Proposal for a regulation
Article 15 – paragraph 6
6. The Commission may, by means of implementing acts, define the circumstances,further specification of the measures referred to in paragraph 1 and formats and procedures, including deadlines, applicable for the purpose of paragraphs 1 to 3. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).
2013/05/20
Committee: ITRE
Amendment 303 #
Proposal for a regulation
Article 37
Article 37 Requirements for qualified certificates for website authentication 1. Qualified certificates for website authentication shall meet the requirements laid down in Annex IV. 2. Qualified certificates for website authentication shall be recognised and accepted in all Member States. 3. The Commission shall be empowered to adopt delegated acts in accordance with Article 38 concerning the further specification of the requirements laid down in Annex IV. 4. The Commission may, by means of implementing acts, establish reference numbers of standards for qualified certificates for website authentication. Compliance with the requirements laid down in Annex IV shall be presumed where a qualified certificate for website authentication meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.deleted
2013/05/21
Committee: IMCO
Amendment 305 #
Proposal for a regulation
Article 16 – paragraph 1
1. Qualified trust service providers shall be audited by a recognised independent body once a yearevery two years and following any significant technological or organizational changes to confirm that they and the qualified trust services provided by them fulfil the requirements set out in this Regulation, and shall submit the resulting securitycompliance audit report to the supervisory body.
2013/05/20
Committee: ITRE
Amendment 309 #
Proposal for a regulation
Annex 1 – paragraph 1 – point c a (new)
(ca) provision for a specific attribute of the signatory to be included if relevant, depending on the purpose for which the certificate is intended;
2013/05/21
Committee: IMCO
Amendment 310 #
Proposal for a regulation
Article 16 – paragraph 2
2. Without prejudice to paragraph 1, in case of substantiated doubts, the supervisory body may at any time audit the qualified trust service providers to confirm that they and the qualified trust services provided by them still meet the conditions set out in this Regulation, either on its own initiative or in response to a request from the Commissiona supervisory body in another Member State. The supervisory body shall inform the data protection authorities of the results of its audits, in case personal data protection rules appear to have been breached.
2013/05/20
Committee: ITRE
Amendment 311 #
Proposal for a regulation
Annex 4
Requirements for qualified certificates for website authentication Qualified certificates for website authentication shall contain: (a) an indication, at least in a form suitable for automated processing, that the certificate has been issued as a qualified certificate for website authentication; (b) a set of data unambiguously representing the qualified trust service provider issuing the qualified certificates including at least the Member State in which that provider is established and – for a legal person: the name and registration number as stated in the official records, – for a natural person: person's name; (c) a set of data unambiguously representing the legal person to whom the certificate is issued, including at least name and registration number as stated in the official records; (d) elements of the address, including at least city and Member State, of the legal person to whom the certificate is issued as stated in the official records; (e) the domain name(s) operated by the legal person to whom the certificate is issued; (f) details of the beginning and end of the certificate's period of validity; (g) the certificate identity code which must be unique for the qualified trust service provider; (h) the advanced electronic signature or advanced electronic seal of the issuing qualified trust service provider; (i) the location where the certificate supporting the advanced electronic signature or advanced electronic seal referred to in point (h) is available free of charge; (j) the location of the certificate validity status services that can be used to enquire the validity status of the qualified certificate.deleted
2013/05/21
Committee: IMCO
Amendment 313 #
Proposal for a regulation
Article 16 – paragraph 3
3. The supervisory body shall have the power to issue binding instructions to qualified trust service providers to remedy any failure to fulfil the requirements indicated in the security audit reportset out in this Regulation.
2013/05/20
Committee: ITRE
Amendment 319 #
Proposal for a regulation
Article 16 – paragraph 6
6. The Commission may, by means of implementing acts, define the circumstances, procedures and formats applicable for the purpose of paragraphs 1, 2 and 4. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).
2013/05/20
Committee: ITRE
Amendment 322 #
Proposal for a regulation
Article 17 – paragraph 1
1. Qualified tTrust service providers shall notify the supervisory body of their intention to start providinge a qualified trust service and shall submit to the supervisory body a security audit report carried out by a recognised independent body, as provided for in Article 16(1). Qualified trust service providers may start to provide the qualified trust service after they have submitted the notification and security audit report to the supervisory body.
2013/05/20
Committee: ITRE
Amendment 324 #
Proposal for a regulation
Article 17 – paragraph 2
2. Once the relevant documents are submitted to the supervisory body according to paragraph 1, the qualified service providers shall be included inaccording to paragraph 1, the supervisory body shall verify the compliance of the trust service provider and of the trusted lists referred to in Article 18 indicating that the notification has been submitted services to be provided by it with the requirements of this Regulation. If the verification process confirms compliance, the supervisory body shall grant the status of a qualified trust service provider and the qualified trust service provider may start to provide the qualified trust service.
2013/05/20
Committee: ITRE
Amendment 327 #
Proposal for a regulation
Article 17 – paragraph 3 – subparagraph 1
The supervisory body shall verify the compliance of the qualified trust service provider and of the qualified trust services provided by it with the requirements of the Regulation.deleted
2013/05/20
Committee: ITRE
Amendment 330 #
Proposal for a regulation
Article 17 – paragraph 3 – subparagraph 2
The supervisory body shall indicate the qualified status of the qualified service providers and the qualified trust services they provide in the trusted lists after the positive conclusion of the verification, not later than one month after the notification has been done in accordance with paragraph 1 process without undue delay and not later than 2 weeks.
2013/05/20
Committee: ITRE
Amendment 332 #
Proposal for a regulation
Article 17 – paragraph 3 – subparagraph 3
If the verification is not concluded within one month, the supervisory body shall inform the qualified trust service provider specifying the reasons of the delay and the period by which the verification shall be concluded. The total period may not exceed 3 months.
2013/05/20
Committee: ITRE
Amendment 333 #
Proposal for a regulation
Article 17 – paragraph 4
4. A qualified trust service which has been subject to the notification referred to in paragraph 1 cannot be refused for the fulfilment of an administrative procedure or formality by the concerned public sector body for not being included in the lists referred to in paragraph 3.deleted
2013/05/20
Committee: ITRE
Amendment 336 #
Proposal for a regulation
Article 17 – paragraph 5
5. The Commission may, by means of implementing acts, define the circumstances, formats and procedures for the purpose of paragraphs 1, 2 and.3 Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).
2013/05/20
Committee: ITRE
Amendment 338 #
Proposal for a regulation
Article 18 – paragraph 2
2. Member States shall establish, maintain and publish, in a secure manner, electronically signed or sealed trusted lists provided for in paragraph 1 in a form suitable for automated processing of both the list itself as well as the individual certificates.
2013/05/20
Committee: ITRE
Amendment 339 #
Proposal for a regulation
Article 18 – paragraph 5
5. The Commission shall be empowered to adopt delegated acts in accordance with Article 38 concerning the definition of the information referred to in paragraph 1.
2013/05/20
Committee: ITRE
Amendment 340 #
Proposal for a regulation
Article 18 – paragraph 6
6. The Commission may, by means of implementing acts, specify the information referred to in paragraph and define the technical specifications and formats for trusted lists applicable for the purposes of paragraphs 1 to 4. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).
2013/05/20
Committee: ITRE
Amendment 342 #
Proposal for a regulation
Article 19 – paragraph 1 – subparagraph 1
When issuing a qualified certificate, a qualified trust service provider shall verify, by appropriate means and in accordance with national and Union law, the identity and, if applicable, any specific attributes of the natural or legal person to whom a qualified certificate is issued.
2013/05/20
Committee: ITRE
Amendment 343 #
Proposal for a regulation
Article 19 – paragraph 2 – point b
(b) bear the risk of liability for damages byshall take appropriate precautions with regard to its liability for damages under this Regulation by, in particular, maintaining sufficient financial resources or by an appropriateeffecting a liability insurance scheme;
2013/05/20
Committee: ITRE
Amendment 345 #
Proposal for a regulation
Article 19 – paragraph 2 – point d
(d) use trustworthy systems and products which are protected against unauthorized modification and guarantee the technical security and reliability of the process supported by them;
2013/05/20
Committee: ITRE
Amendment 346 #
Proposal for a regulation
Article 19 – paragraph 2 – point e – introductory part
(e) use trustworthy systems to store data provided to them, in a verifiable form so that:
2013/05/20
Committee: ITRE
Amendment 347 #
Proposal for a regulation
Article 19 – paragraph 2 – point e – indent 1
– they are publicly available for retrieval only where national or Union law allows for this or where the consent of the person to whom the data has been issued has been obtained,
2013/05/20
Committee: ITRE
Amendment 348 #
Proposal for a regulation
Article 19 – paragraph 2 – point g
(g) record for an appropriate period of time, regardless of whether the qualified trust service provider has ceased to provide qualified trust services, all relevant information concerning data issued and received by the qualified trust service provider, in particular for the purpose of providing evidence in legal proceedings. Such recording may be done electronically;
2013/05/20
Committee: ITRE
Amendment 350 #
Proposal for a regulation
Article 19 – paragraph 3
3. Qualified trust service providers issuing qualified certificates shall register in their certificate database the revocation of the certificate within ten minutes after such revocation has taken effectout undue delay.
2013/05/20
Committee: ITRE
Amendment 351 #
Proposal for a regulation
Article 19 – paragraph 4
4. With regard to paragraph 3, qualified trust service providers issuing qualified certificates shall provide to any relying party information on the validity or revocation status of qualified certificates issued by them. This information shall be made available at any time at least on a certificate basis in an automated manner which is reliable, free of charge and efficient.
2013/05/20
Committee: ITRE
Amendment 353 #
Proposal for a regulation
Article 19 – paragraph 5
5. The Commission may, by means of implementing acts, establish reference numbers of standards for trustworthy systems and products. C, for which compliance with the requirements laid down in Article 19 shall be presumed where trustworthy systems and products meet those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
2013/05/20
Committee: ITRE
Amendment 355 #
Proposal for a regulation
Article 20 – paragraph 2
2. A qualified electronic signature shall have the equivalent legal effect of a handwritten signaturesatisfy the legal requirements of a signature in relation to data in electronic form in the same manner as a handwritten signature satisfies those requirements in relation to paper-based data.
2013/05/20
Committee: ITRE
Amendment 360 #
Proposal for a regulation
Article 20 – paragraph 3
3. Qualified electronic signatures shall be recognised and accepted in all Member States.deleted
2013/05/21
Committee: ITRE
Amendment 363 #
Proposal for a regulation
Article 20 – paragraph 4
4. If an electronic signature with a security assurance level below qualified electronic signature is required, in particular by a Member State for accessing a service online offered by a public sector body, on the basis of an appropriate assessment of the risks involved in such a service, all electronic signatures matching at least the same security assurance level shall be recognised and accepted.
2013/05/21
Committee: ITRE
Amendment 365 #
Proposal for a regulation
Article 20 – paragraph 6
6. The Commission shall be empowered to adopt delegated acts in accordance with Article 38 concerning the definition of the different security levels of electronic signature referred to in paragraph 4.
2013/05/21
Committee: ITRE
Amendment 368 #
Proposal for a regulation
Article 20 – paragraph 7
7. The Commission mayshall, by means of implementing acts, establish definitions of the different security levels of electronic signatures referred to in paragraph 4 of this Article and reference numbers of standards for the security levels of electronic signatures. Compliance with thea defined security level defined in a delegated act adopted pursuant to paragraph 6 shall be presumed when an electronic signature meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
2013/05/21
Committee: ITRE
Amendment 371 #
Proposal for a regulation
Article 21 – paragraph 2
2. Qualified certificates for electronic signature for cross-border use shall not be subject to any mandatory requirement exceeding the requirements laid down in Annex I.
2013/05/21
Committee: ITRE
Amendment 372 #
Proposal for a regulation
Article 21 – paragraph 4
4. The Commission shall be empowered to adopt delegated acts in accordance with Article 38 concerning the further specification of the requirements laid down in Annex I.
2013/05/21
Committee: ITRE
Amendment 374 #
Proposal for a regulation
Article 21 – paragraph 5
5. The Commission may, by means of implementing acts, specify the requirements laid down in Annex I and establish reference numbers of standards for qualified certificates for electronic signature. Compliance with the requirements laid down in Annex I shall be presumed where a qualified certificate for electronic signature meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
2013/05/21
Committee: ITRE
Amendment 387 #
Proposal for a regulation
Article 26 – paragraph 1 – point b
(b) allows relying parties to receive the result of the validation process in an automated manner which is reliable, efficient and bearing the advanced electronic signature or advanced electronic seal of the provider of the qualified validation service.
2013/05/21
Committee: ITRE
Amendment 393 #
Proposal for a regulation
Article 28 – paragraph 2
2. A qualified electronic seal shall enjoy the legal presumption of ensuring the originensures the identity of the creator and integrity of the data to which it is linked.
2013/05/21
Committee: ITRE
Amendment 394 #
Proposal for a regulation
Article 28 – paragraph 3
3. A qualified electronic seal shall be recognised and accepted in all Member States.
2013/05/21
Committee: ITRE
Amendment 395 #
Proposal for a regulation
Article 28 – paragraph 4
4. If an electronic seal security assurance level below the qualified electronic seal is required, in particular by a Member State for accessing a service online offered by a public sector body on the basis of an appropriate assessment of the risks involved in such a service, all electronic seals matching at a minimum the same security assurance level shall be accepted.
2013/05/21
Committee: ITRE
Amendment 396 #
Proposal for a regulation
Article 28 – paragraph 5
5. Member States shall not request for accessing cross-border a service online offered by a public sector body an electronic seal with higher security assurance level than qualified electronic seals.
2013/05/21
Committee: ITRE
Amendment 397 #
Proposal for a regulation
Article 28 – paragraph 6
6. The Commission shall be empowered to adopt delegated acts in accordance with Article 38 concerning the definition of different security assurance levels of electronic seals referred to in paragraph 4.
2013/05/21
Committee: ITRE
Amendment 399 #
Proposal for a regulation
Article 28 – paragraph 7
7. The Commission may, by means of implementing acts, define different security assurance levels of electronic seals referred to in paragraph 4 and establish reference numbers of standards for the security assurance levels of electronic seals. Compliance with the security assurance level defined in a delegated act adopted pursuant to paragraph 6 shall be presumed when an electronic seal meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
2013/05/21
Committee: ITRE
Amendment 402 #
Proposal for a regulation
Article 29 – paragraph 2
2. Qualified certificates for electronic seal for cross-border use shall not be subject to any mandatory requirements exceeding the requirements laid down in Annex III.
2013/05/21
Committee: ITRE
Amendment 418 #
Proposal for a regulation
Article 34 – paragraph 1
1. An electronic document shall be considered as equivalent to a paper document and admissible as evidence in legal proceedings, having regard to its assurance level of authenticity and integrity.
2013/05/21
Committee: ITRE
Amendment 420 #
Proposal for a regulation
Article 34 – paragraph 2
2. A document bearing a qualified electronic signature or a qualified electronic seal of the person who is competent to issue the relevant document, shall enjoy legal presumption of its authenticity and integrity provided the document does not contain any dynamic features capable of automatically changing the document.
2013/05/21
Committee: ITRE
Amendment 421 #
Proposal for a regulation
Article 34 – paragraph 2
2. A document bearing a qualified electronic signature or a qualified electronic seal of the person who is competent to issue the relevant document, shall enjoy legal presumption of its authenticity and integrity provided the document does not contain any dynamic features capable of automatically changing the documentcontent of the document subsequently.
2013/05/21
Committee: ITRE
Amendment 422 #
Proposal for a regulation
Article 34 – paragraph 3
3. When an original document or a certified copy is required for the provision of a service online offered by a public sector body, at least electronic documents issuelectronically signed or sealed by the persons who are competent to issue the relevant documents and that are considered to be originals or certified copies in accordance with national law of the Member State of origin, shall be accepted in other Member States without additional requirements.
2013/05/21
Committee: ITRE
Amendment 427 #
Proposal for a regulation
Article 37
Article 37 Requirements for qualified certificates for website authentication 1. Qualified certificates for website authentication shall meet the requirements laid down in Annex IV. 2. Qualified certificates for website authentication shall be recognised and accepted in all Member States. 3. The Commission shall be empowered to adopt delegated acts in accordance with Article 38 concerning the further specification of the requirements laid down in Annex IV. 4. The Commission may, by means of implementing acts, establish reference numbers of standards for qualified certificates for website authentication. Compliance with the requirements laid down in Annex IV shall be presumed where a qualified certificate for website authentication meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.deleted
2013/05/21
Committee: ITRE
Amendment 441 #
Proposal for a regulation
Annex I – point c a (new)
(ca) provision for a specific attribute of the signatory to be included if relevant, depending on the purpose for which the certificate is intended;
2013/05/21
Committee: ITRE
Amendment 446 #
Proposal for a regulation
Annex IV
Annex deleted
2013/05/21
Committee: ITRE