Progress: Procedure completed
Role | Committee | Rapporteur | Shadows |
---|---|---|---|
Lead | ITRE | ULVSKOG Marita ( S&D) | DEL CASTILLO VERA Pilar ( PPE), CREUTZMANN Jürgen ( ALDE), ANDERSDOTTER Amelia ( Verts/ALE), KARIM Sajjad ( ECR) |
Committee Opinion | JURI | MÉSZÁROS Alajos ( PPE) | Sergio Gaetano COFFERATI ( S&D) |
Committee Opinion | IMCO | BOULLIER GALLO Marielle ( PPE) | Matteo SALVINI ( ENF) |
Committee Opinion | LIBE | ROHDE Jens ( ALDE) | Jan Philipp ALBRECHT ( Verts/ALE), Anna HEDH ( S&D) |
Committee Opinion | ECON |
Lead committee dossier:
Legal Basis:
TFEU 114-p1
Legal Basis:
TFEU 114-p1Subjects
- 1.20.05 Public access to information and documents, administrative practice
- 1.20.09 Protection of privacy and data protection
- 2.50.04.02 Electronic money and payments, cross-border credit transfers
- 2.80 Cooperation between administrations
- 3.30.05 Electronic and mobile communications, personal communications
- 3.30.06 Information and communication technologies, digital technologies
- 3.30.25 International information networks and society, internet
- 3.45.05 Business policy, e-commerce, after-sales service, commercial distribution
- 4.60.06 Consumers' economic and legal interests
- 4.60.08 Safety of products and services, product liability
Events
PURPOSE: to enhance trust in electronic transactions in the internal market and ensure the mutual recognition of electronic identification, authentication, signatures and other trust services across borders.
LEGISLATIVE ACT: Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC.
CONTENT: this new Regulation provides a common foundation for secure electronic interaction between citizens, businesses and public authorities , thereby increasing the effectiveness of public and private online services, electronic business and electronic commerce in the Union and enhancing trust in electronic transactions in the internal market.
In doing so, the Regulation:
lays down the conditions under which Member States recognise electronic identification means of natural and legal persons falling under a notified electronic identification scheme of another Member State; lays down rules for trust services, in particular for electronic transactions; and establishes a legal framework for electronic signatures, electronic seals, electronic time stamps, electronic documents, electronic registered delivery services and certificate services for website authentication.
System for mutual recognition of electronic identification : the new rules require member states to recognise, under certain conditions, means of electronic identification of natural and legal persons falling under another Member State's electronic identification scheme which has been notified to the Commission . It is up to the Member States to choose whether they want to notify all, some or none of the electronic identification schemes used at national level to access at least public online services or specific services. These rules only cover cross-border aspects of electronic identification, and issuing means of electronic identification remains a national prerogative.
Conditions for mutual recognition : the principle of mutual recognition should apply if the notifying Member State’s electronic identification scheme meets the conditions of notification and the notification was published in the Official Journal of the European Union.
The obligation to recognise electronic identification should only apply when the public sector body in question uses the assurance level ‘ substantial’ or ‘high’ in relation to accessing that service online.
This Regulation should provide for the liability of the notifying Member State, the party issuing the electronic identification means and the party operating the authentication procedure for failure to comply with the relevant obligations under this Regulation.
In the case of a breach of security , the notifying Member State shall, without delay, suspend or revoke that cross-border authentication or the compromised parts concerned, and shall inform other Member States and the Commission.
Member States should cooperate with regard to the security and interoperability of the electronic identification schemes at Union level through the exchange of information and the sharing of best practices between Member States.
Timeline for mutual recognition : those Member States which so wish may join the scheme for recognising each others' notified e-identification means as soon as the necessary implementing acts are in place. This is expected to take place on 18 September 2015 at the latest. The mandatory mutual recognition is expected to kick off in the second half of 2018.
Trustworthy service s: Directive 1999/93/EC of the European Parliament and of the Council dealt with electronic signatures without delivering a comprehensive cross-border and cross-sector framework for secure, trustworthy and easy-to-use electronic transactions. This Regulation enhances and expands the acquis of that Directive.
More specifically, the new Regulation also introduces, for the first time, EU-wide rules concerning trust services , such as the creation and verification of electronic time stamps and electronic registered delivery services, or the creation and validation of certificates for website authentication.
Trust services which comply with the regulation can circulate freely within the single market. In addition, an EU trust mark will be created to identify trust services which meet certain strict requirements. Trust services provided by trust service providers established in a third country shall be recognised as legally equivalent to qualified trust services provided by qualified trust service providers established in the Union where the trust services originating from the third country are recognised under an agreement concluded between the Union and the third country in question or an international organisation.
Where feasible, trust services provided and end-user products used in the provision of those services shall be made accessible for persons with disabilities .
An EU trust mark should be created to identify the qualified trust services provided by qualified trust service providers. The use of the trust mark will be voluntary.
Supervisory body : Member States should designate a supervisory body or supervisory bodies to carry out the supervisory activities under this Regulation.
Supervisory bodies should cooperate with data protection authorities, for example by informing them about the results of audits of qualified trust service providers, where personal data protection rules appear to have been breached.
Supervision of qualified trust service providers: qualified trust service providers should be audited, at least every 24 months, at their own expense by a conformity assessment body
The Commission shall review the application of this Regulation and shall report to the European Parliament and to the Council no later than 1 July 2020.
ENTRY INTO FORCE: 17.09.2014. The Regulation shall apply from 1 January 2016.
DELEGATED ACTS: the Commission may adopt delegated acts to adopt the regulatory technical standards. Power to adopt such acts is conferred on the Commission for an indeterminate period of time from 17 September 2014 . The European Parliament or the Council may formulate objections to a delegated act within a period of two months of notification of that act (that period may be extended by two months). If Parliament or Council raise objections, the delegated act will not enter into force.
The European Parliament adopted by 534 votes to 76, with 17 abstentions, a legislative resolution on electronic identification and trust services for electronic transactions in the internal market .
Parliament adopted its position at first reading following the ordinary legislative procedure. The amendments adopted in plenary are the result of an agreement negotiated between the European Parliament and the Council. They amend the proposal as follows:
Purpose: the Regulation seeks to enhance trust in electronic transactions in the internal market by providing a common foundation for secure electronic interaction between businesses, citizens and public authorities , thereby increasing the effectiveness of public and private online services, electronic business and electronic commerce in the Union.
A “ trust service ” means an electronic service normally provided for remuneration which consists in:
· the creation, verification, and validation of electronic signatures , electronic seals or electronic time stamps, electronic registered delivery services and certificates related to these services or
· the creation, verification and validation of certificates for website authentication or
· the preservation of electronic signatures, seals or certificates related to these services.
Scope: this Regulation should apply to electronic identification schemes notified by Member States, and to trust service providers established in the Union. This Regulation does not apply to the provision of trust services used exclusively within closed systems resulting from national legislation or from agreements between a defined set of participants.
This Regulation should be applied in full compliance with the principles relating to the protection of personal data provided for in Directive 95/46/EC.
Mutual recognition: electronic identification systems notified according to the Regulation should specify the assurance levels “low”, “substantial” and/or “high” for electronic identification means issued.
The obligation to recognise electronic identification means should only apply when the public sector body in question uses the assurance level “substantial” or “high in relation to accessing that service online .
Notification of electronic identification systems: systems notified by the Member States should be accompanied by, among other things, the following information : (i) a description of the notified electronic identification scheme, including its assurance levels and the issuer(s) of electronic identification means under that scheme; (ii) the applicable supervisory regime and information on liability regime with respect to the party issuing the electronic identification means, and the party operating the authentication procedure; (iii) information on the entity or entities which manage the registration of the unique person identification data.
Security breach: when either the electronic identification scheme notified or the authentication is breached or partly compromised in a manner that affects the reliability of the cross border authentication of that scheme, the notifying Member State should suspend or revoke without delay that cross border authentication or the compromised parts concerned and inform other Member States and the Commission.
Liability: Parliament and the Council introduced a new provision whereby the notifying Member State, t he party issuing the electronic identification means , as well as t he party operating the authentication procedure, would be liable for damage caused intentionally or negligently to any natural or legal person for failing in a cross border transaction to comply with its obligations under the Regulation.
The intention or negligence of a qualified trust service provider should be presumed unless he proves that the damage occurred without the intention or negligence on his part.
Cooperation and interoperability: the national electronic identification schemes notified should be interoperable. The interoperability framework should aim to be technology neutral and should not discriminate between any specific national technical solutions for electronic identification within the Member State. Member States should cooperate as regards the interoperability of electronic identification systems and the security of electronic identification systems.
Third country trust service providers : according to the amended text, trust services provided by trust service providers established in a third country should be recognised as legally equivalent to qualified trust services provided by qualified trust service providers established in the Union if the trust services originating from the third country are recognised under an agreement concluded between the Union and third countries or international organisations.
Accessibility for persons with disabilities: where feasible, trust services provided and end-user products used in the provision of those services should be made accessible for persons with disabilities
Supervisory body: Member States should designate a supervisory body or supervisory bodies to carry out the supervisory activities under this Regulation. Member States should be also able to decide, upon a mutual agreement with another Member State, to designate a supervisory body in the territory of that other Member State.
Supervisory bodies should cooperate with data protection authorities, for example by informing them about the results of audits of qualified trust service providers, where personal data protection rules appear to have been breached.
Supervision of qualified trust service providers: qualified trust service providers should be audited, at least every 24 months , at their own expense by a conformity assessment body.
EU trust mark: an EU trust mark should be created to identify the qualified trust services provided by qualified trust services providers. The use of an EU trust mark by qualified trust service providers should be voluntary and should not lead to any other requirement than those already provided for in this Regulation.
By 1 July 2015, the Commission should, by means of implementing acts, lay down specification relating to the form and in particular the presentation, composition, size and design of the EU trust mark for qualified trust services.
The Committee on Industry, Research and Energy adopted the report by Marita ULVSKOG (S&D, SE) on the proposal for a regulation of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market.
The committee recommended that the position of the European Parliament adopted in first reading following the ordinary legislative procedure should amend the Commission proposal as follows:
Scope : this Regulation should apply to notified electronic identification schemes mandated, recognised or issued by or on behalf of Member Sates, and to trust service providers established in the Union. It should also apply to both qualified and non-qualified trust service providers established in the Union.
Electronic identification systems : Member States which notify an electronic identification scheme shall forward to the Commission the following information and without undue delay, any subsequent changes thereof: (i) a description of the notified electronic identification scheme and its security assurance level; (ii) information on which entity or entities manage the registration of the appropriate attributes identifiers; (iii) a description of how the requirements of the interoperability framework are met; (iv) a description of the authentication possibility and any technical requirements imposed on relying parties.
Security breach : where there is a breach of security that would affect the reliability of that scheme for cross-border transactions, the notifying Member State shall without undue delay suspend or revoke the cross-border function of that electronic identification scheme or that authentication possibility or the compromised parts concerned and inform other Member States and the Commission thereof.
Liability : the amended text introduced a new provision providing that the notifying Member State shall be liable for any damage caused to a natural or legal person which could reasonably be expected to arise under normal circumstances as a result of its failure to comply with this Regulation, unless it can show that it has acted with due diligence.
Coordination and interoperability : Member States and the Commission shall in particular prioritize interoperability for e-services with the greatest cross border relevance. The provisions intended to guarantee technical interoperability have to be technologically neutral so as not to interfere with the options favoured by Member States when developing their national electronic identification and authentication schemes.
Liability of qualified trust service providers : Members took the view that only qualified trust service providers should be subject to the liability scheme, as in Directive 1999/93/EC. Non-qualified service providers should be covered by the general scheme of civil and contractual liability defined in the national law of each Member State.
Qualified trust services providers from third countries : Members wished to refer to the provision of EU personal data protection law which specifies the adequacy of the level of protection afforded by a third country.
Processing of personal data : processing of personal data might be necessary in case of a breach or in order to take appropriate counter measures and should be applied where this is absolutely necessary and be a "legitimate interest" under the Data Protection Directive and thus be lawful.
Disabled persons : trust services provided and end user products used in the provision of those services shall be made accessible for persons with disabilities in accordance with Union law.
Supervisory body : the designated supervisory body, its addresses and the names of responsible persons shall be communicated to the Commission. Supervisory bodies shall be given adequate resources necessary for the exercise of their tasks.
Supervision of trust service providers : qualified trust service providers shall be audited annually by an independent body whose competence to carry out the audit has been demonstrated to confirm that they and the qualified trust services provided by them fulfil the requirements set out in this Regulation, and shall submit the resulting compliance audit report to the supervisory body. Such audit shall also be carried out following any significant technological or organizational changes. If, after three years, the annual audit reports raise no concerns, the audits shall be carried out every two years only.
‘EU’ qualified trustmark : Members introduced the possibility for qualified trust service providers to use an EU trustmark to present and advertise the qualified trust services which they offer that meet the requirements laid down in this Regulation.
Parliament already called for the creation of a trustmark in its resolution of 11 December 2012 on completing the Digital Single Market.
Electronic documents : Members stated that an electronic document shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in electronic format. A document bearing a qualified electronic signature or a qualified electronic seal, shall have the equivalent legal effect of a paper document bearing a handwritten signature or a physical seal, where this exists under national law, provided the document does not contain any dynamic features capable of automatically changing the document.
Implementing measures and delegated acts : the proposed Regulation empowers the Commission in many provisions to adopt delegated acts or implementing measures. Members have reservations to an approach that relies upon acts and measures so heavily. They proposed amendments that will restrict the proposed acts strictly to technical implementation of the legal act in question in a uniform manner.
The Council took note of progress made on a proposed Regulation intended to enhance trust in electronic transactions by setting up a legal framework for electronic identification and other electronic trust services in the internal market.
Work on this technically complex draft legislation under the Irish Presidency focused primarily on electronic identification and, to a lesser extent, trust services. One key issue is that of assurance levels for electronic identification , which are required so that electronic means of identification issued in another Member State can be recognised.
While a number of delegations favour the principle of matching levels as a basis for recognition, other delegations would prefer to have the required assurance levels set out in the Regulation.
There is, however, broad support amongst delegations for a number of general principles regarding electronic identification : initial limitation on services provided by the public sector; ensuring interoperability between national identification infrastructures; technological neutrality; and the need for security breaches to be addressed.
A considerable number of other issues will also require further discussion, including:
liability with respect to electronic identification and trust services; treatment of trust service providers from third countries; supervision of trust service providers; the effect of certain provisions concerning electronic signatures and electronic seals on national and procedural law; the concept of "electronic document" and the appropriateness of covering electronic documents in this piece of legislation; clarification of definitions; the use of "delegated acts" empowering the Commission to adopt related legal acts on non-essential technical aspects of the Regulation; the deadline for the entry into force of the Regulation.
OPINION OF THE EUROPEAN DATA PROTECTION SUPERVISOR
on the Commission proposal for a Regulation of the European Parliament and of the Council
on trust and confidence in electronic transactions in the internal market (Electronic Trust Services Regulation)
In this Opinion, the EDPS focuses his analysis on three main issues : (a) how data protection is addressed in the proposal; (b) data protection aspects of electronic identification schemes to be recognised and accepted across borders; and (c) data protection aspects of electronic trust services to be recognised and accepted across borders.
Notwithstanding his general support for the proposal, the EDPS provides the following general recommendations:
data protection provisions included in the proposal should not be restricted to trust service providers and should also be applicable to the processing of personal data in the electronic identification schemes described in Chapter II of the proposal, the proposed regulation should set a common set of security requirements for trust service providers and electronic identification issuers. Alternatively, it could allow the Commission to define where needed, through a selective use of delegated acts or implementing measures, the criteria, conditions and requirements for security in electronic trust services and identification schemes, electronic trust service providers and electronic identification issuers should be required to provide the users of their services with: (i) appropriate information on the collection, communication, and retention of their data, as well as (ii) a means to control their personal data and exercise their data protection rights, a more selective inclusion in the proposal of the provisions empowering the Commission to specify or detail concrete provisions after the adoption of the proposed regulation by delegated or implementing acts.
Some specific provisions concerning the mutual recognition of electronic identification schemes should also be improved :
the proposed Regulation should specify which data or categories of data will be processed for cross- border identification of individuals. This specification should contain at least the same level of detail as provided in annexes for other trust services and should take into account the respect of the principle of proportionality, the safeguards required for the provision of identification schemes should at least be compliant with the requirements set forth for the providers of qualified trust services, the proposal should establish appropriate mechanisms to set a framework for the interoperability of national identification schemes.
Lastly, the EDPS also makes the following recommendations in relation to the requirements for the provision and recognition of electronic trust services :
it should be specified with regard to all electronic services if personal data will be processed, the Regulation should take appropriate safeguards to avoid any overlap between the competences of the supervisory bodies for electronic trust services and those of data protection authorities, the obligations imposed on electronic trust service providers concerning data breaches and security incidents should be consistent with the requirements established in the revised e-privacy Directive and in the proposed Data Protection Regulation, more clarity should be provided to the definition of private or public entities that can act as third parties entitled to carry out audits or that can verify electronic signature creation devices, as well as on the criteria under which the independence of these bodies will be assessed, the Regulation should be more precise in setting a time limit for the retention of the data.
The Commission presented to ministers a new draft regulation to enable cross-border and secure electronic transactions in the EU, adopted on 4 June 2012.
The draft regulation:
lays down rules for electronic identification and electronic trust services for electronic transactions with a view to ensuring the proper functioning of the internal market; establishes a legal framework for electronic signatures, electronic seals, electronic time stamps, electronic documents, electronic delivery services and website authentication; contribute to building trust and confidence in the on-line market for goods and services and therefore to the completion of the internal market and growth.
PURPOSE: to enhance trust in electronic transactions in the internal market and ensure the mutual recognition of electronic identification, authentication, signatures and other trust services across borders.
PROPOSED ACT: Regulation of the European Parliament and of the Council.
BACKGROUND: building trust in the online environment is key to economic development.
The existing EU legislation, namely Directive 1999/93/EC on a Community framework for electronic signatures, essentially covers electronic signatures only.
There is no comprehensive EU cross-border and cross-sector framework for secure, trustworthy and easy-to-use electronic transactions that encompasses electronic identification, authentication and signatures.
The Digital Agenda for Europe identifies existing barriers to Europe’s digital development and proposes legislation on e-signatures and the mutual recognition of eIdentification and authentication, establishing a clear legal framework so as to eliminate fragmentation and the lack of interoperability, enhance digital citizenship and prevent cybercrime. Legislation ensuring the mutual recognition of electronic identification and authentication across the EU is also a key action in the Single Market Act, as well as the Roadmap for Stability and Growth. The European Parliament stressed the importance of the security of electronic services, especially of electronic signatures, and of the need to create a public key infrastructure at pan-European level, and called on the Commission to set up a European validation authorities gateway to ensure the cross-border interoperability of electronic signatures and to increase the security of transactions carried out using the internet.
The aim of this proposal is to enhance existing legislation and to expand it to cover the mutual recognition and acceptance at EU level of notified electronic identification schemes and other essential related electronic trust services.
IMPACT ASSESSMENT: three sets of policy options were assessed, dealing respectively with (1) the scope of the new framework, (2) the legal instrument and (3) the level of supervision required. The preferred policy option proved to be enhancing legal certainty , boosting coordination of national supervision, ensuring mutual recognition and acceptance of electronic identification schemes and incorporating essential related trust services. The impact assessment concluded that doing this would lead to considerable improvements to legal certainty, security and trust in terms of cross-border electronic transactions, resulting in less fragmentation of the market.
LEGAL BASIS: Article 114 of the Treaty on the Functioning of the European Union (TFEU).
CONTENT: the proposed regulation seeks to enable secure and seamless electronic interactions between businesses, citizens and public authorities, thereby increasing the effectiveness of public and private online services, e-business and electronic commerce in the EU.
The main points of the proposal are as follows:
1) Electronic identification : the proposal provides for the mutual recognition and acceptance of electronic identification means falling under a scheme, which will be notified, to the Commission on the conditions laid down in the Regulation. It does not oblige Member States to introduce or notify electronic identification schemes, but to recognise and accept notified electronic identifications for those online services where electronic identification is required to get access at national level.
Electronic identification schemes shall be eligible for notification if all five of the following conditions are met:
· the electronic identification means are issued by, on behalf of or under the responsibility of the notifying Member State;
· the electronic identification means can be used to access at least public services requiring electronic identification in the notifying Member State;
· Member States must ensure an unambiguous link between the electronic identification data and the person concerned;
· the notifying Member State ensures the availability of an authentication possibility online, at any time and free of charge. No specific technical requirements, such as hardware or software can be imposed on the parties relying on such authentication;
· Member States must accept liability for the unambiguity of the link (i.e. that the identification data attributed to the person are not linked to any other person) and the authentication possibility (i.e. the possibility to check the validity of the electronic identification data).
The proposal also aims to ensure the technical interoperability of the notified identification schemes through a coordination approach, including delegated acts.
2) Trust services : the proposal sets out the principles relating to the liability of both non-qualified and qualified trust service providers. It builds on Directive 1999/93/EC and extends entitlement to compensation of damage caused by any negligent trust service provider for failure to comply with security good practices which result in a security breach which has a significant impact on the service. It also describes the mechanism for the recognition and acceptance of qualified trust services provided by a provider established in a third country.
3) Supervision : the proposal (i) requires Member States to establish supervisory bodies , clarifying and enlarging the remit of the latter with regard to both trust service providers and qualified trust service providers; (ii) introduces an explicit mechanism of mutual assistance between supervisory bodies in Member States to facilitate the cross-border supervision of trust service providers; (iii) introduces an obligation for both qualified and non-qualified trust service providers to implement appropriate technical and organisational measures for the security of their activities ; (iv) sets out the conditions for the supervision of qualified trust service providers and qualified trust services provided by them ; (v) provides for the establishment of trusted lists containing information on qualified trust service providers who are subject to supervision and to the qualified services they offer.
4) Electronic signature : the proposal enshrines the rules related to the legal effect of natural persons’ electronic signatures, introducing an explicit obligation to give to qualified electronic signatures the same legal effect as handwritten signatures. Furthermore, Member States must ensure the cross-border acceptance of qualified electronic signatures, in the context of the provision of public services.
The proposal also sets out: the requirements for qualified signature certificates and the requirements for qualified electronic signature creation devices; the conditions for qualified validation services, and the condition for the long-term preservation of qualified electronic signatures.
5) Electronic seals : the provisions concern the legal effect of electronic seals of legal persons. A specific legal presumption is bestowed on a qualified electronic seal which guarantees the origin and integrity of electronic documents to which it is linked.
6) Electronic time stamp : a specific legal presumption is bestowed on qualified electronic time stamps with regard to the certainty of the time.
7) Electronic documents : there is a specific legal presumption of the authenticity and integrity of any electronic document signed with a qualified electronic signature or bearing a qualified electronic seal. With regard to the acceptance of electronic documents, when an original document or a certified copy is required for the provision of a public service, at the least electronic documents issued by the persons who are competent to issue the relevant documents and that are considered to be originals or certified copies in accordance with national law of the Member State of origin, shall be accepted in other Member States without additional requirements.
8) Website authentication: the proposal ensures that the authenticity of a website with respect to the owner of the site will be guaranteed.
BUDGETARY IMPLICATION: EUR 9 408 million for the period 2014-2020 (human resources). The specific budgetary implications of the proposal relate to the tasks allocated to the European Commission. The proposal has no implications on operational expenditure.
DELEGATED ACTS: the proposal contains provisions empowering the Commission to adopt delegated acts in accordance with Article 290 of the Treaty on the Functioning of the EU.
PURPOSE: to enhance trust in electronic transactions in the internal market and ensure the mutual recognition of electronic identification, authentication, signatures and other trust services across borders.
PROPOSED ACT: Regulation of the European Parliament and of the Council.
BACKGROUND: building trust in the online environment is key to economic development.
The existing EU legislation, namely Directive 1999/93/EC on a Community framework for electronic signatures, essentially covers electronic signatures only.
There is no comprehensive EU cross-border and cross-sector framework for secure, trustworthy and easy-to-use electronic transactions that encompasses electronic identification, authentication and signatures.
The Digital Agenda for Europe identifies existing barriers to Europe’s digital development and proposes legislation on e-signatures and the mutual recognition of eIdentification and authentication, establishing a clear legal framework so as to eliminate fragmentation and the lack of interoperability, enhance digital citizenship and prevent cybercrime. Legislation ensuring the mutual recognition of electronic identification and authentication across the EU is also a key action in the Single Market Act, as well as the Roadmap for Stability and Growth. The European Parliament stressed the importance of the security of electronic services, especially of electronic signatures, and of the need to create a public key infrastructure at pan-European level, and called on the Commission to set up a European validation authorities gateway to ensure the cross-border interoperability of electronic signatures and to increase the security of transactions carried out using the internet.
The aim of this proposal is to enhance existing legislation and to expand it to cover the mutual recognition and acceptance at EU level of notified electronic identification schemes and other essential related electronic trust services.
IMPACT ASSESSMENT: three sets of policy options were assessed, dealing respectively with (1) the scope of the new framework, (2) the legal instrument and (3) the level of supervision required. The preferred policy option proved to be enhancing legal certainty , boosting coordination of national supervision, ensuring mutual recognition and acceptance of electronic identification schemes and incorporating essential related trust services. The impact assessment concluded that doing this would lead to considerable improvements to legal certainty, security and trust in terms of cross-border electronic transactions, resulting in less fragmentation of the market.
LEGAL BASIS: Article 114 of the Treaty on the Functioning of the European Union (TFEU).
CONTENT: the proposed regulation seeks to enable secure and seamless electronic interactions between businesses, citizens and public authorities, thereby increasing the effectiveness of public and private online services, e-business and electronic commerce in the EU.
The main points of the proposal are as follows:
1) Electronic identification : the proposal provides for the mutual recognition and acceptance of electronic identification means falling under a scheme, which will be notified, to the Commission on the conditions laid down in the Regulation. It does not oblige Member States to introduce or notify electronic identification schemes, but to recognise and accept notified electronic identifications for those online services where electronic identification is required to get access at national level.
Electronic identification schemes shall be eligible for notification if all five of the following conditions are met:
· the electronic identification means are issued by, on behalf of or under the responsibility of the notifying Member State;
· the electronic identification means can be used to access at least public services requiring electronic identification in the notifying Member State;
· Member States must ensure an unambiguous link between the electronic identification data and the person concerned;
· the notifying Member State ensures the availability of an authentication possibility online, at any time and free of charge. No specific technical requirements, such as hardware or software can be imposed on the parties relying on such authentication;
· Member States must accept liability for the unambiguity of the link (i.e. that the identification data attributed to the person are not linked to any other person) and the authentication possibility (i.e. the possibility to check the validity of the electronic identification data).
The proposal also aims to ensure the technical interoperability of the notified identification schemes through a coordination approach, including delegated acts.
2) Trust services : the proposal sets out the principles relating to the liability of both non-qualified and qualified trust service providers. It builds on Directive 1999/93/EC and extends entitlement to compensation of damage caused by any negligent trust service provider for failure to comply with security good practices which result in a security breach which has a significant impact on the service. It also describes the mechanism for the recognition and acceptance of qualified trust services provided by a provider established in a third country.
3) Supervision : the proposal (i) requires Member States to establish supervisory bodies , clarifying and enlarging the remit of the latter with regard to both trust service providers and qualified trust service providers; (ii) introduces an explicit mechanism of mutual assistance between supervisory bodies in Member States to facilitate the cross-border supervision of trust service providers; (iii) introduces an obligation for both qualified and non-qualified trust service providers to implement appropriate technical and organisational measures for the security of their activities ; (iv) sets out the conditions for the supervision of qualified trust service providers and qualified trust services provided by them ; (v) provides for the establishment of trusted lists containing information on qualified trust service providers who are subject to supervision and to the qualified services they offer.
4) Electronic signature : the proposal enshrines the rules related to the legal effect of natural persons’ electronic signatures, introducing an explicit obligation to give to qualified electronic signatures the same legal effect as handwritten signatures. Furthermore, Member States must ensure the cross-border acceptance of qualified electronic signatures, in the context of the provision of public services.
The proposal also sets out: the requirements for qualified signature certificates and the requirements for qualified electronic signature creation devices; the conditions for qualified validation services, and the condition for the long-term preservation of qualified electronic signatures.
5) Electronic seals : the provisions concern the legal effect of electronic seals of legal persons. A specific legal presumption is bestowed on a qualified electronic seal which guarantees the origin and integrity of electronic documents to which it is linked.
6) Electronic time stamp : a specific legal presumption is bestowed on qualified electronic time stamps with regard to the certainty of the time.
7) Electronic documents : there is a specific legal presumption of the authenticity and integrity of any electronic document signed with a qualified electronic signature or bearing a qualified electronic seal. With regard to the acceptance of electronic documents, when an original document or a certified copy is required for the provision of a public service, at the least electronic documents issued by the persons who are competent to issue the relevant documents and that are considered to be originals or certified copies in accordance with national law of the Member State of origin, shall be accepted in other Member States without additional requirements.
8) Website authentication: the proposal ensures that the authenticity of a website with respect to the owner of the site will be guaranteed.
BUDGETARY IMPLICATION: EUR 9 408 million for the period 2014-2020 (human resources). The specific budgetary implications of the proposal relate to the tasks allocated to the European Commission. The proposal has no implications on operational expenditure.
DELEGATED ACTS: the proposal contains provisions empowering the Commission to adopt delegated acts in accordance with Article 290 of the Treaty on the Functioning of the EU.
Documents
- Follow-up document: COM(2021)0290
- Follow-up document: EUR-Lex
- Follow-up document: EUR-Lex
- Follow-up document: SWD(2021)0130
- Final act published in Official Journal: Regulation 2014/910
- Final act published in Official Journal: OJ L 257 28.08.2014, p. 0073
- Draft final act: 00060/2014/LEX
- Commission response to text adopted in plenary: SP(2014)471
- Results of vote in Parliament: Results of vote in Parliament
- Decision by Parliament, 1st reading: T7-0282/2014
- Debate in Parliament: Debate in Parliament
- Debate in Council: 3278
- Committee report tabled for plenary, 1st reading: A7-0365/2013
- Committee opinion: PE508.181
- Committee opinion: PE504.331
- Committee opinion: PE510.497
- Debate in Council: 3243
- Amendments tabled in committee: PE510.822
- Amendments tabled in committee: PE510.784
- Committee draft report: PE507.971
- Debate in Council: 3213
- Contribution: COM(2012)0238
- Contribution: COM(2012)0238
- Document attached to the procedure: OJ C 028 30.01.2013, p. 0006
- Document attached to the procedure: N7-0048/2013
- Economic and Social Committee: opinion, report: CES1243/2012
- Contribution: COM(2012)0238
- Contribution: COM(2012)0238
- Contribution: COM(2012)0238
- Contribution: COM(2012)0238
- Debate in Council: 3171
- Legislative proposal: COM(2012)0238
- Legislative proposal: EUR-Lex
- Document attached to the procedure: EUR-Lex
- Document attached to the procedure: SWD(2012)0135
- Document attached to the procedure: EUR-Lex
- Document attached to the procedure: SWD(2012)0136
- Legislative proposal published: COM(2012)0238
- Legislative proposal published: EUR-Lex
- Legislative proposal: COM(2012)0238 EUR-Lex
- Document attached to the procedure: EUR-Lex SWD(2012)0135
- Document attached to the procedure: EUR-Lex SWD(2012)0136
- Economic and Social Committee: opinion, report: CES1243/2012
- Document attached to the procedure: OJ C 028 30.01.2013, p. 0006 N7-0048/2013
- Committee draft report: PE507.971
- Amendments tabled in committee: PE510.784
- Amendments tabled in committee: PE510.822
- Committee opinion: PE510.497
- Committee opinion: PE504.331
- Committee opinion: PE508.181
- Commission response to text adopted in plenary: SP(2014)471
- Draft final act: 00060/2014/LEX
- Follow-up document: COM(2021)0290 EUR-Lex
- Follow-up document: EUR-Lex SWD(2021)0130
- Contribution: COM(2012)0238
- Contribution: COM(2012)0238
- Contribution: COM(2012)0238
- Contribution: COM(2012)0238
- Contribution: COM(2012)0238
- Contribution: COM(2012)0238
Activities
- Marielle BOULLIER GALLO
Plenary Speeches (2)
- 2016/11/22 European single market for electronic communications - Measures to reduce the cost of deploying high-speed electronic communications networks - Electronic identification and trust services for electronic transactions in the internal market (debate)
- 2016/11/22 European single market for electronic communications - Measures to reduce the cost of deploying high-speed electronic communications networks - Electronic identification and trust services for electronic transactions in the internal market (debate)
- Edit HERCZOG
Plenary Speeches (2)
- 2016/11/22 European single market for electronic communications - Measures to reduce the cost of deploying high-speed electronic communications networks - Electronic identification and trust services for electronic transactions in the internal market (debate)
- 2016/11/22 European single market for electronic communications - Measures to reduce the cost of deploying high-speed electronic communications networks - Electronic identification and trust services for electronic transactions in the internal market (debate)
- Jens ROHDE
Plenary Speeches (2)
- 2016/11/22 European single market for electronic communications - Measures to reduce the cost of deploying high-speed electronic communications networks - Electronic identification and trust services for electronic transactions in the internal market (debate)
- 2016/11/22 European single market for electronic communications - Measures to reduce the cost of deploying high-speed electronic communications networks - Electronic identification and trust services for electronic transactions in the internal market (debate)
- Marietje SCHAAKE
Plenary Speeches (2)
- 2016/11/22 European single market for electronic communications - Measures to reduce the cost of deploying high-speed electronic communications networks - Electronic identification and trust services for electronic transactions in the internal market (debate)
- 2016/11/22 European single market for electronic communications - Measures to reduce the cost of deploying high-speed electronic communications networks - Electronic identification and trust services for electronic transactions in the internal market (debate)
- Catherine TRAUTMANN
Plenary Speeches (2)
- 2016/11/22 European single market for electronic communications - Measures to reduce the cost of deploying high-speed electronic communications networks - Electronic identification and trust services for electronic transactions in the internal market (debate)
- 2016/11/22 European single market for electronic communications - Measures to reduce the cost of deploying high-speed electronic communications networks - Electronic identification and trust services for electronic transactions in the internal market (debate)
- Marita ULVSKOG
Plenary Speeches (2)
- 2016/11/22 European single market for electronic communications - Measures to reduce the cost of deploying high-speed electronic communications networks - Electronic identification and trust services for electronic transactions in the internal market (debate)
- 2016/11/22 European single market for electronic communications - Measures to reduce the cost of deploying high-speed electronic communications networks - Electronic identification and trust services for electronic transactions in the internal market (debate)
- Jan Philipp ALBRECHT
- Amelia ANDERSDOTTER
- Sandrine BÉLIER
- Ivo BELET
- Vicky FORD
- Malcolm HARBOUR
- Eduard-Raul HELLVIG
- Roger HELMER
- Gunnar HÖKMARK
- Danuta JAZŁOWIECKA
- Bogdan Kazimierz MARCINKIEWICZ
- Judith A. MERKIES
- Alajos MÉSZÁROS
- Andreas MÖLZER
- Radvilė MORKŪNAITĖ-MIKULĖNIENĖ
- Franz OBERMAYR
- Vladko Todorov PANAYOTOV
- Teresa RIERA MADURELL
- Paul RÜBIG
- Judith SARGENTINI
- Monika SMOLKOVÁ
- Silvia-Adriana ȚICĂU
- Bernadette VERGNAUD
- Josef WEIDENHOLZER
Votes
A7-0365/2013 - Marita Ulvskog - Résolution législative #
Amendments | Dossier |
894 |
2012/0146(COD)
2013/05/20
ITRE
305 amendments...
Amendment 100 #
Proposal for a regulation Article 1 – paragraph 4 4. This Regulation ensures that qualified and non-qualified trust services and products which comply with
Amendment 101 #
Proposal for a regulation Article 2 – paragraph 1 1. This Regulation applies to electronic identification
Amendment 102 #
Proposal for a regulation Article 2 – paragraph 1 1. This Regulation applies to electronic identification
Amendment 103 #
Proposal for a regulation Article 2 – paragraph 1 1. This Regulation applies to electronic authentication and identification provided by, on behalf or under the responsibility of Member States and to the associated trust service providers
Amendment 104 #
Proposal for a regulation Article 2 – paragraph 2 2. This Regulation does not apply to the provision of electronic trust services
Amendment 105 #
Proposal for a regulation Article 2 – paragraph 2 2. This Regulation shall apply to both qualified and non-qualified trust service providers established, or providing services, in the Union. It does not apply to the provision of electronic trust services based on voluntary agreements under private law not related to access to public services.
Amendment 106 #
Proposal for a regulation Article 2 – paragraph 2 Amendment 107 #
Proposal for a regulation Article 2 – paragraph 3 – subparagraph 2 (new) Without prejudice to their national sovereignty, Member States shall ensure that the forms prescribed by National or Union Law shall not compromise the legal validity of electronic trust services under public and private law requirements.
Amendment 108 #
Proposal for a regulation Article 3 – point 1 (1) ‘electronic identification’ means the process of
Amendment 109 #
Proposal for a regulation Article 3 – point 1 (1)
Amendment 110 #
Proposal for a regulation Article 3 – point 1 1) ‘electronic identification’ means the process of using
Amendment 111 #
Proposal for a regulation Article 3 – point 1 a (new) (1a) 'transaction' means a session or contact between the person and a relying party;
Amendment 112 #
Proposal for a regulation Article 3 – point 1 b (new) (1b) 'unlinkable electronic authentication' means a process of using data in electronic form on attributes of a natural or legal person where the provided attributes and additionally available information do not allow the transaction to be linked to a person or any other transaction;
Amendment 113 #
Proposal for a regulation Article 3 – point 1 c (new) (1c) 'context specific electronic authentication' means the process of using data in electronic form on personal attributes of a natural or legal person where the provided attributes allow verification that the same person has electronically authenticated in the same context on a previous transaction;
Amendment 114 #
Proposal for a regulation Article 3 – point 2 (2)
Amendment 115 #
Proposal for a regulation Article 3 – point 3 (3)
Amendment 116 #
Proposal for a regulation Article 3 – point 4 (4)
Amendment 117 #
Proposal for a regulation Article 3 – point 4 a (new) (4a) 'identification data' means any set of attributes the knowledge of which specifies a single physical person, e.g. the combination of name and residential address or name and date of birth or any information leading to such, e.g. a passport number or unique person number;
Amendment 118 #
Proposal for a regulation Article 3 – point 4 b (new) (4b) 'issuer' means an entity that vouches for the validity of one or more attributes of a person, by issuing an electronic identification means to a holder;
Amendment 119 #
Proposal for a regulation Article 3 – point 4 c (new) (4c) 'validation service' means the entity responsible for a authentication possibility ensured by a notifying Member State according to point (d) of Article 6(1);
Amendment 120 #
Proposal for a regulation Article 3 – point 4 d (new) (4d) 'holder' means a natural or legal person to whom an electronic authentication means is issued;
Amendment 121 #
Proposal for a regulation Article 3 – point 4 e (new) (4e) 'relying party' means a natural or legal person to whom the holder of an electronic authentication means verifies attributes;
Amendment 122 #
Proposal for a regulation Article 3 – point 7 – point c (c)
Amendment 123 #
Proposal for a regulation Article 3 – point 7 – point c (c) it is created using electronic signature creation data that the signatory can, with high level of confidence, use
Amendment 124 #
Proposal for a regulation Article 3 – point 8 Amendment 125 #
Proposal for a regulation Article 3 – point 10 10) ‘certificate’ means an electronic attestation which links
Amendment 126 #
Proposal for a regulation Article 3 – point 11 Amendment 127 #
Proposal for a regulation Article 3 – point 12 (12) ‘trust service’ means any electronic service consisting in the creation, verification, validation, handling and preservation of electronic signatures, electronic seals, electronic time stamps, electronic documents, electronic delivery services,
Amendment 128 #
Proposal for a regulation Article 3 – point 13 Amendment 129 #
Proposal for a regulation Article 3 – point 14 (14)
Amendment 130 #
Proposal for a regulation Article 3 – point 15 Amendment 131 #
Proposal for a regulation Article 3 – point 18 Amendment 132 #
Proposal for a regulation Article 3 – point 21 Amendment 133 #
Proposal for a regulation Article 3 – point 22 Amendment 134 #
Proposal for a regulation Article 3 – point 24 Amendment 135 #
Proposal for a regulation Article 3 – point 26 Amendment 136 #
Proposal for a regulation Article 3 – point 29 Amendment 137 #
Proposal for a regulation Article 3 – point 30 Amendment 138 #
Proposal for a regulation Article 3 – point 30 Amendment 139 #
Proposal for a regulation Article 3 – point 30 (
Amendment 140 #
Proposal for a regulation Article 4 a (new) Article 4a Data procession and protection 1. Trust service providers, issuers, validation services, relying parties and supervisory bodies shall ensure fair and lawful processing in accordance with Directive 95/46/EC when processing personal data. 2. Trust service providers, issuers, validation services shall process personal data according to Directive 95/46/EC. Such processing shall be strictly limited to the minimum data needed to issue and maintain an eID or certificate, validate an electronic authentication or to provide a trust service. 3. Trust service providers, issuers, validation services shall guarantee the confidentiality and integrity of data related to a person to whom the eID is issued or the service is provided. 4. Without prejudice to the legal effect given to pseudonyms under national law, Member States shall not prevent issuers from indicating in electronic authentication means a pseudonym instead of or in addition to the holder's name or prevent trust service providers indicating in electronic signature certificates a pseudonym instead of the signatory's name. 5. Validation services must not collect or retain data beyond the extent necessary for the process of validation. Validation services must not profile signatories, relying parties or any other customers. Logs may be retained for the purpose of detecting fraud and intrusions but for no more than 90 days.
Amendment 142 #
Proposal for a regulation Article 5 1. When an electronic
Amendment 143 #
Proposal for a regulation Article 5 When an electronic identification using an electronic identification means and authentication is required under Union or national legislation or administrative practice to access a service online in one Member State or in the Union institution, any the electronic identification means issued in another Member State or by the Union institution falling under a scheme, which is included in the list published by the Commission pursuant to
Amendment 144 #
Proposal for a regulation Article 5 When an electronic identification using an electronic identification means and authentication is required under national legislation or administrative practice to access a public service online
Amendment 145 #
Proposal for a regulation Article 5 When an electronic identification using an electronic identification means and authentication is required under national legislation or administrative practice to access a service online,
Amendment 146 #
Proposal for a regulation Article 5 When an electronic identification using an electronic identification means and authentication is
Amendment 147 #
Proposal for a regulation Article 5 – subparagraph 1 a (new) Paragraph 1 only applies to specific cross border public services. In order to specify these cross border services the Commission shall, by means of an implementing act, draw up a list. This implementing act shall be adopted in accordance with the examination procedure referred to in Article 39(2).
Amendment 148 #
Proposal for a regulation Article 5 – subparagraph 1 a (new) Subparagraph 1 only applies to specific cross border public services. In order to specify these cross border services the Commission shall, by means of an implementing act, draw up a list. This implementing act shall follow the decisions of article 8 and be adopted in accordance with the examination procedure referred to in Article 39(2).
Amendment 149 #
Proposal for a regulation Article 5 – subparagraph 1 b (new) Member States may maintain and use under national law their own identification systems for online services that are outside of the list referred to in subparagraph 2.
Amendment 150 #
Proposal for a regulation Article 5 – subparagraph 1 c (new) Member States may voluntarily provide electronic identification systems to citizens of another Member State under national law.
Amendment 151 #
Proposal for a regulation Article 6 – title Conditions of notification of electronic authentication or identification schemes
Amendment 152 #
Proposal for a regulation Article 6 – paragraph 1 – introductory part 1. Electronic authentication or identification schemes shall be eligible for notification pursuant to Article 7 if all the following conditions are met:
Amendment 153 #
Proposal for a regulation Article 6 – paragraph 1 – introductory part 1.
Amendment 154 #
Proposal for a regulation Article 6 – paragraph 1 – point a (a) the electronic identification means are
Amendment 155 #
Proposal for a regulation Article 6 – paragraph 1 – point a (a) the electronic identification means are issued
Amendment 156 #
Proposal for a regulation Article 6 – paragraph 1 – point a (a) the electronic authentication or identification means are issued by, on behalf of or under the responsibility of the notifying Member State;
Amendment 157 #
Proposal for a regulation Article 6 – paragraph 1 – point a (a) the electronic identification means are issued
Amendment 158 #
Proposal for a regulation Article 6 – paragraph 1 – point (a a) (new) (aa) the electronic identification means are established by law as an official document and national identifier in the notifying Member State;
Amendment 159 #
Proposal for a regulation Article 6 – paragraph 1 – point b (b) the electronic identification means under that scheme can be used to access at least
Amendment 160 #
Proposal for a regulation Article 6 – paragraph 1 – point b (b) the electronic authentication or identification means can be used to access at least public services requiring electronic identification in the notifying Member State;
Amendment 161 #
Proposal for a regulation Article 6 – paragraph 1 – point b a (new) (ba) the electronic identification scheme meets the requirements of the interoperability model under Article 8,
Amendment 162 #
Proposal for a regulation Article 6 – paragraph 1 – point c (c) the notifying Member State ensures that the person identification data are attributed
Amendment 163 #
Proposal for a regulation Article 6 – paragraph 1 – point c (c) the notifying Member State ensures that the
Amendment 164 #
Proposal for a regulation Article 6 – paragraph 1 – point c (c) the notifying Member State ensures that the person identification data are attributed
Amendment 165 #
Proposal for a regulation Article 6 – paragraph 1 – point c a (new) (ca) the party issuing the electronic identification means under that scheme ensures that the person identification data referred to in point (c) are attributed to a sufficiently high level for the identity assurance level in question to the electronic identification means at the time of the issuance of the electronic identification means;
Amendment 166 #
Proposal for a regulation Article 6 – paragraph 1 – point d (d) the notifying Member State ensures the availability of an authentication possibility
Amendment 167 #
Proposal for a regulation Article 6 – paragraph 1 – point d (d) the notifying Member State ensures the
Amendment 168 #
Proposal for a regulation Article 6 – paragraph 1 – point d (d) the notifying Member State ensures the availability of an authentication possibility online, at any time and, in case of access to public services, free of charge so that any relying party outside the territory of this Member State can validate the person identification data received in electronic form. Member States shall not impose any disproportionate specific technical requirements on relying parties established outside of their territory intending to carry out such authentication. When either the notified identification scheme or authentication possibility is breached or partly compromised, Member States shall suspend or revoke without delay the notified identification scheme or authentication possibility or the compromised parts concerned and inform
Amendment 169 #
Proposal for a regulation Article 6 – paragraph 1 – point d a (new) (da) the notifying Member State ensures the availability of authentication online, so that any relying party established outside of the territory of that Member State can validate the person identification data received in electronic form. Such authentication shall be provided free of charge when accessing a service online provided by a public sector body. Member States shall not unduly impose any specific technical requirements on relying parties intending to carry out such authentication;
Amendment 170 #
Proposal for a regulation Article 6 – paragraph 1 – point d a (new) (da) validation services must provide at the discretion of the holder a signed or sealed proof of attributes selected by the holder. In case of an anonymous authentication the provided proof must not be linkable to the holder or to any other proof or personal attributes provided. In cases of context specific electronic authentication linkability is permissible only within the specific context;
Amendment 171 #
Proposal for a regulation Article 6 – paragraph 1 – point d a (new) (da) the validation service referred to in (d) respects the data minimization principle and can only collect or retain data for the purpose of carrying out the validation. The validation service cannot profile signatories, relying parties or any other customers;
Amendment 172 #
Proposal for a regulation Article 6 – paragraph 1 – point e – introductory part (e) the notifying Member State
Amendment 173 #
Proposal for a regulation Article 6 – paragraph 1 – point e – point i (i) th
Amendment 174 #
Proposal for a regulation Article 6 – paragraph 1 – point e – point i (i) the
Amendment 175 #
Proposal for a regulation Article 6 – paragraph 1a (1a) The notifying Member States may only notify an electronic identification scheme by certification service-provider established in a third country, if that provider fulfils all of the requirements laid down in this Directive.
Amendment 176 #
Proposal for a regulation Article 7 – paragraph 1 – introductory part 1. Member States which notify an electronic authentication or identification scheme shall forward to the Commission the following information and without undue delay, any subsequent changes thereof:
Amendment 177 #
Proposal for a regulation Article 7 – paragraph 1 – point a (a) a description of the notified electronic identification scheme; including its identity assurance levels;
Amendment 178 #
Proposal for a regulation Article 7 – paragraph 1 – point a (a) a description of the notified electronic identification scheme and its security assurance level;
Amendment 179 #
Proposal for a regulation Article 7 – paragraph 1 – point a (a) a description of the notified electronic authentication or identification scheme;
Amendment 180 #
Proposal for a regulation Article 7 – paragraph 1 – point b (b) the authorities responsible for the notified electronic authentication or identification scheme;
Amendment 181 #
Proposal for a regulation Article 7 – paragraph 1 – point b (b) the authority or authorities responsible for the notified electronic identification scheme;
Amendment 182 #
Proposal for a regulation Article 7 – paragraph 1 – point c (c) information on
Amendment 183 #
Proposal for a regulation Article 7 – paragraph 1 – point c (c) information on by whom the registration of the
Amendment 184 #
Proposal for a regulation Article 7 – paragraph 1 – point c (c) information on
Amendment 185 #
Proposal for a regulation Article 7 – paragraph 1 – point c a (new) (ca) a description of how the requirements of the interoperability framework referred to in Article 8 are met;
Amendment 186 #
Proposal for a regulation Article 7 – paragraph 1 – point d (d) a description of the authentication possibility and any technical requirements imposed on relying parties;
Amendment 187 #
Proposal for a regulation Article 7 – paragraph 1 – point d (d) a description of the authentication possibility referred to in point (d) of Article 6(1);
Amendment 188 #
Proposal for a regulation Article 7 – paragraph 1 – point e (e) arrangements for suspension or revocation of either the notified
Amendment 189 #
Proposal for a regulation Article 7 – paragraph 1 – point e a (new) Amendment 190 #
Proposal for a regulation Article 7 – paragraph 2 2. Six months after the entry into force of the Regulation, the Commission shall publish in the Official Journal of the European Union as well as on a publicly available website the list of the electronic identification schemes which were notified pursuant to paragraph 1 and the basic information thereon.
Amendment 191 #
Proposal for a regulation Article 7 – paragraph 3 3. If the Commission receives a notification after the period referred to in paragraph 2 has expired, it shall
Amendment 192 #
Proposal for a regulation Article 7 a (new) Article 7a 1. When either the electronic identification scheme notified pursuant to Article 7(1) or the authentication referred to in point (d) of Article 6(1) is breached or partly compromised in a way that would affect the reliability of that scheme for cross border transactions, the notifying Member State shall without delay suspend or revoke the cross border part of that electronic identification scheme or that authentication or the compromised parts concerned and inform other Member States and the Commission. 2. When the breach or compromise referred to in paragraph 1 has been remedied, the notifying Member State shall reestablish the authentication and shall inform other Member States and the Commission without undue delay. 3. If the breach or compromise referred to in paragraph 1 is not remedied within 3 months of the suspension or revocation, the notifying Member State shall notify the withdrawal of the electronic identification scheme to other Member States and to the Commission. The Commission shall publish without undue delay in the Official Journal of the European Union the corresponding amendments to the list referred to in Article 7(2).
Amendment 193 #
Proposal for a regulation Article 7 a (new) Article 7a Liability 1. The notifying Member State shall be liable with regard to electronic identification means issued by it or on its behalf for any direct damage caused by non-compliance with obligations under Article 6, unless it can show that it has not acted negligently. 2. The issuer of an electronic identification means recognized and notified by a Member State pursuant to the procedure referred to in Article 7 shall be liable for failure to ensure – (i) the unambiguous attribution of the person identification data, and – (ii) the authentication possibility, unless he can show that he has not acted negligently.
Amendment 194 #
Proposal for a regulation Article 7 b (new) Article 7b 1. The notifying Member State shall be liable for any direct damage caused to any natural or non-natural person due to a failure to comply with its obligations under points (c) and (d) of Article 6(1), unless it can show that it has not acted negligently. 2. The party issuing the electronic identification means shall be liable for any direct damage caused to any natural or non-natural person for failing to ensure, consistent with the application of the identity assurance levels within national schemes: (i) the attribution of the person identification data referred to in point (ca) of Article 6(1), and (ii) the correct operation of the authentication referred to in point (d) of Article 6(1). unless it can show that it has not acted negligently. 3. Paragraphs 1 and 2 are without prejudice to the liability under national legislation of parties to a transaction in which electronic identification means falling under the notified scheme are used.
Amendment 197 #
Proposal for a regulation Article 8 – paragraphs 1, 1 a (new), 1 b (new), 1 c (new), 1 d (new) and 1 e (new) 1. The national electronic identification infrastructures need to provide for interoperability with the electronic identification infrastructures of other Member States. The interoperability between the national electronic identification infrastructures shall be ensured through an interoperability model. 1a. The interoperability model shall include the necessary minimum technical requirements, the common operational security standards and the levels of identity assurance and standards against which Member States will map their national scheme, certification and governance. 1b. The interoperability model shall : i) ensure technology neutrality; ii) facilitate the principle of privacy by design; iii) ensure personal data is processed in accordance with Directive 95/46EC. 1c. By [insert the date], in order to establish uniform conditions for implementing paragraphs 1, 1a and 1b, the Commission shall adopt implementing acts on standards, protocols for the interoperability model and identity assurance levels. 1d. Member States shall cooperate in order to ensure the interoperability of electronic identification means falling under a notified electronic identification scheme and to enhance their security. 1e. The cooperation between Member States shall consist of: i) exchange of information, experience and good practice on eID schemes; ii) peer review of eID schemes; iii)examination of relevant developments in the eID sector.
Amendment 198 #
Proposal for a regulation Article 8 – paragraph 1 1. Member States shall cooperate in order to ensure the interoperability of electronic identification means falling under a notified scheme and to enhance their security. Interoperability standards shall be public together with the cryptographic algorithms, protocols and key management standards. All audit reports shall be published together with all breach notifications following the responsible disclosure period set out in Article 15(2).
Amendment 199 #
Proposal for a regulation Article 8 – paragraph 1 a (new) 1a. Member States and the commission shall in particular prioritize interoperability for such e-services with the greatest cross-border relevance by: (a) exchanging best practices concerning the electronic identification means falling under a notified scheme; (b) providing and regularly update best practices on trust and security of the electronic identification means; (c) providing and regularly update on the promotion of the use of electronic identification means.
Amendment 200 #
Proposal for a regulation Article 8 – paragraph 2 2. The Commission shall, by means of implementing acts, establish the necessary modalities to facilitate the cooperation between the Member States referred to in paragraphs 1d and 1e with a view to fostering a high level of trust and security appropriate to the degree of risk.
Amendment 201 #
Proposal for a regulation Article 8 – paragraph 2 2. The Commission shall, by means of implementing acts, establish the necessary modalities to facilitate the cooperation between the Member States and the publication and peer-review mechanisms referred to in paragraph 1 with a view to fostering a high level of trust and security appropriate to the degree of risk. Those implementing acts shall concern, in particular, the exchange of information, experiences and good practice on electronic identification schemes, the
Amendment 202 #
Proposal for a regulation Article 8 – paragraph 3 Amendment 203 #
Proposal for a regulation Article 8 – paragraph 3 3. The
Amendment 204 #
Proposal for a regulation Article 8 – paragraph 3 3. The Commission shall, b
Amendment 205 #
Proposal for a regulation Article 9 – paragraph 1 Amendment 206 #
Proposal for a regulation Article 9 – paragraph 1 1. A trust service provider shall be liable for any direct damage caused to any natural or legal person due to failure to comply with the obligations laid down in Article 15(1),
Amendment 207 #
Proposal for a regulation Article 9 – paragraph 1 1. A trust service provider shall be liable for any direct damage caused to any natural or legal person due to failure to comply with the obligations laid down in Article 15(1)
Amendment 208 #
Proposal for a regulation Article 9 – paragraph 1 1. A trust service provider shall be liable
Amendment 209 #
Proposal for a regulation Article 9 – paragraph 2 Amendment 210 #
Proposal for a regulation Article 9 – paragraph 2 Amendment 211 #
Proposal for a regulation Article 9 – paragraph 2 a (new) 2a. Paragraph 2 shall apply mutatis mutandis where he guaranteed, pursuant to Article 11 paragraph 1 point (b), for the compliance with the requirements of this Regulation by a qualified trust service provider established in a third country, unless the qualified trust service provider established in the Union can prove that the former has not acted negligently.
Amendment 212 #
Proposal for a regulation Article 9 – paragraph 2 2. A qualified trust service provider shall be liable for any direct damage caused to any natural or legal person due to failure to meet the requirements laid down in this Regulation, in particular in Article 19
Amendment 213 #
Proposal for a regulation Article 9 – paragraph 2 a (new) 2a. Subject to the following conditions, trust service providers may indicate limitations on the use of the services they provide: (a) they duly inform their customers in advance of those limitations, and (b) those limitations are recognisable to third parties. Where trust service providers indicate limitations on the use of the services they provide in accordance with the first subparagraph, they shall not be liable for damages exceeding the indicated limitations.
Amendment 214 #
Proposal for a regulation Article 9 – paragraph 2 a (new) 2a. The law applicable to trust services, particularly with regard to disputes, shall be that of the Member State in which the person receiving the service is established unless otherwise jointly agreed by the service provider and recipient.
Amendment 215 #
Proposal for a regulation Article 9 a (new) Article 9a The agreements amongst the trust service providers or the qualified trust service providers and the authorities responsible for the notified identification scheme should set the liability limits.
Amendment 216 #
Proposal for a regulation Article 10 – title Amendment 217 #
Proposal for a regulation Article 10 – paragraph 1 1. Qualified trust services and qualified certificates provided by qualified trust service providers established in a third country shall be accepted as qualified trust services and qualified certificates provided by a qualified trust service providers established in the territory of the Union if: (a) the qualified trust service provider fulfils the requirements laid down in this Regulation and has been accredited under a voluntary accreditation scheme established in a Member State; or (b) a qualified trust service provider established within the Union which fulfils the requirements laid down in this Regulation guarantees the compliance with the requirements of this Regulation; or (c) the qualified trust services or qualified certificates originating from the third country are recognised under an agreement between the Union and third countries or international organisations in accordance with Article 218 TFUE.
Amendment 218 #
Proposal for a regulation Article 10 – paragraph 1 1. Qualified trust services and qualified certificates provided by qualified trust service providers established in a third country shall be accepted as qualified trust services and qualified certificates provided by a qualified trust service provider established in the territory of the Union if the qualified trust services or qualified certificates originating from the third country are recognised under an agreement between the Union and third countries or international organisations in accordance with Article 218 TFUE and if the third country in which they are established recognises as acceptable, under the principle of reciprocity, qualified trust services and qualified certificates from qualified trust service providers established in the European Union.
Amendment 219 #
Proposal for a regulation Article 10 – paragraph 1 1.
Amendment 220 #
Proposal for a regulation Article 10 – paragraph 1 1.
Amendment 221 #
Proposal for a regulation Article 10 – paragraph 2 Amendment 222 #
Proposal for a regulation Article 10 – paragraph 2 2. With reference to paragraph 1, such agreements shall ensure that the requirements applicable to
Amendment 223 #
Proposal for a regulation Article 10 – paragraph 2 2. With reference to paragraph 1, the Commission shall verify that such agreements
Amendment 224 #
Proposal for a regulation Article 11 Amendment 225 #
Proposal for a regulation Article 11 – paragraph 3 a (new) 3a. Trust service providers shall provide users with information on the collection, communication and retention of their personal data.
Amendment 226 #
Proposal for a regulation Article 11 – paragraph 3 b (new) 3b. Trust service providers shall provide users with the means to check their personal data and exercise their data protection right.
Amendment 227 #
Proposal for a regulation Article 11 – paragraph 4 a (new) 4 a. Processing of personal data by or on behalf of the trust service provider, where strictly necessary to ensure network and information security for the purpose of complying with the requirements of Articles 11, 15, 16 and 19, shall be considered a legitimate interest in the meaning of point (f) of Article 7 of Directive 95/46/EC.
Amendment 228 #
Proposal for a regulation Article 12 – title Accessibility for persons with
Amendment 229 #
Proposal for a regulation Article 12 Trust services provided and end user products used in the provision of those services shall be made accessible for persons with
Amendment 230 #
Proposal for a regulation Article 12 Trust services provided and end user products used in the provision of those services shall be made accessible for persons with disabilities whenever reasonably possible.
Amendment 231 #
Proposal for a regulation Article 13 – paragraphs 1 and 1 a (new) 1. Member States shall designate a
Amendment 232 #
Proposal for a regulation Article 13 – paragraph 1 1. Member States shall designate a
Amendment 233 #
Proposal for a regulation Article 13 – paragraph 1 1. Member States shall designate an appropriate body established in their territory or, upon mutual agreement
Amendment 234 #
Proposal for a regulation Article 13 – paragraph 2 – introductory part 2. The supervisory body shall
Amendment 235 #
Proposal for a regulation Article 13 – paragraph 2 – introductory part 2. The supervisory body shall
Amendment 236 #
Proposal for a regulation Article 13 – paragraph 2 – point a (a)
Amendment 237 #
Proposal for a regulation Article 13 – paragraph 2 – point a (a) monitoring trust service providers established in the territory of the designating Member State(s) to ensure that they fulfil the requirements laid down in Article 15;
Amendment 238 #
Proposal for a regulation Article 13 – paragraph 2 – point a (a)
Amendment 239 #
Proposal for a regulation Article 13 – paragraph 2 – point b Amendment 240 #
Proposal for a regulation Article 13 – paragraph 2 – point b (b)
Amendment 241 #
Proposal for a regulation Article 13 – paragraph 2 – point b (b) undertaking supervision of qualified trust service providers established in the territory of the designating Member State(s) and of the qualified trust services they provide in order to ensure that they and the qualified trust services provided by them meet the applicable requirements laid down in this Regulation;
Amendment 242 #
Proposal for a regulation Article 13 – paragraph 2 – point b (b) undertaking supervision of
Amendment 243 #
Proposal for a regulation Article 13 – paragraph 2 – point b a (new) (ba) if relevant pursuant to Article 10, that the trust service providers established in third countries and the trust services they provide fulfil the applicable requirements laid down in this Regulation;
Amendment 244 #
Proposal for a regulation Article 13 – paragraph 2 – point c Amendment 245 #
Proposal for a regulation Article 13 – paragraph 2 – point c (c) ensuring that relevant information and data referred to in point (g) of Article 19(2), and recorded by qualified trust service providers are preserved and kept accessible after the activities of a qualified trust service provider have ceased, for an appropriate time, in particular considering the validity period of the services, with a view to guaranteeing continuity of the service.
Amendment 246 #
Proposal for a regulation Article 13 – paragraph 2 a (new) 2a. For the purposes of ensuring continuity of the service, the supervisory body may adopt provisions on termination plans in cases where the qualified trust service providers cease their activities.
Amendment 247 #
Proposal for a regulation Article 13 – paragraph 3 – introductory part 3.
Amendment 248 #
Proposal for a regulation Article 13 – paragraph 3 – introductory part 3. Each supervisory body shall
Amendment 249 #
Proposal for a regulation Article 13 – paragraph 3 – point a Amendment 250 #
Proposal for a regulation Article 13 – paragraph 3 – point b Amendment 251 #
Proposal for a regulation Article 13 – paragraph 3 – point b (b) a
Amendment 252 #
Proposal for a regulation Article 13 – paragraph 3 – point c Amendment 253 #
Proposal for a regulation Article 13 – paragraph 3 – point c Amendment 254 #
Proposal for a regulation Article 13 – paragraph 3 a (new) 3a. The Commission shall make the annual report referred to in paragraph 3 available to Member States.
Amendment 255 #
Proposal for a regulation Article 13 – paragraph 4 Amendment 256 #
Proposal for a regulation Article 13 – paragraph 4 Amendment 257 #
Proposal for a regulation Article 13 – paragraph 4 4. Member States shall
Amendment 258 #
Proposal for a regulation Article 13 – paragraph 5 Amendment 259 #
Proposal for a regulation Article 13 – paragraph 6 6. The Commission may, by means of implementing acts, define the
Amendment 260 #
Proposal for a regulation Article 14 – paragraph 1 1. Supervisory bodies shall cooperate with a view to exchang
Amendment 261 #
Proposal for a regulation Article 14 – paragraph 1 1. Supervisory bodies shall cooperate with a view to exchang
Amendment 262 #
Proposal for a regulation Article 14 – paragraph 2 – introductory part 2. A supervisory body to which a request for assistance is addressed may
Amendment 263 #
Proposal for a regulation Article 14 – paragraph 2 – introductory part 2. A supervisory body
Amendment 264 #
Proposal for a regulation Article 14 – paragraph 2 – point a (a)
Amendment 265 #
Proposal for a regulation Article 14 – paragraph 2 – point a (a)
Amendment 266 #
Proposal for a regulation Article 14 – paragraph 2 – point a a (new) (aa) the requested assistance is not proportionate to standard supervisory activities of the supervisory body;
Amendment 267 #
Proposal for a regulation Article 14 – paragraph 2 – point b (b) compliance with the request would
Amendment 268 #
Proposal for a regulation Article 14 – paragraph 2 – point b (b)
Amendment 269 #
Proposal for a regulation Article 14 – paragraph 3 Amendment 270 #
Proposal for a regulation Article 14 – paragraph 3 – subparagraph 1 Where appropriate, supervisory bodies may carry out joint
Amendment 271 #
Proposal for a regulation Article 14 – paragraph 3 – subparagraph 2 Amendment 272 #
Proposal for a regulation Article 14 – paragraph 4 Amendment 273 #
Proposal for a regulation Article 14 – paragraph 4 Amendment 274 #
Proposal for a regulation Article 15 – paragraph 1 – subparagraph 1 Trust service providers who are established in the territory of the Union shall take appropriate technical and organisational measures to manage the risks posed to the security of the trust services they provide. Having regard to state of the art, these measures shall ensure that the level of security is appropriate to the degree of risk.
Amendment 275 #
Proposal for a regulation Article 15 – paragraph 1 – subparagraph 1 Trust service providers
Amendment 276 #
Proposal for a regulation Article 15 – paragraph 1 – subparagraph 1 Trust service providers who are established in the territory of the Union shall take appropriate technical and organisational measures to manage the risks posed to the security of the trust services they provide. Having regard to
Amendment 277 #
Proposal for a regulation Article 15 – paragraph 1 – subparagraph 1 Trust service providers who are established in the territory of the Union or provide services in accordance with article 10 of this Regulation shall take appropriate technical and organisational measures to manage the risks posed to the security and resilience of the trust services they provide. Having regard to state of the art, these measures shall ensure
Amendment 278 #
Proposal for a regulation Article 15 – paragraph 1 – subparagraph 2 Without prejudice to Article 16(1),
Amendment 279 #
Proposal for a regulation Article 15 – paragraph 1 – subparagraph 2 Without prejudice to Article 16(1), any trust service provider
Amendment 280 #
Proposal for a regulation Article 15 – paragraph 1 – subparagraph 2 Without prejudice to Article 16(1), any trust service provider
Amendment 281 #
Proposal for a regulation Article 15 – paragraph 1 – subparagraph 2 Without prejudice to Article 16(1), any
Amendment 282 #
Proposal for a regulation Article 15 – paragraph 2 – subparagraph 1 In case of a breach of the security of the network, the provider of a trust service must inform both signatories and relying parties and, where the risk lies outside the scope of the measures to be taken by the service provider, of any possible remedies, including an indication of the likely costs involved. Trust service providers shall, without undue delay and where feasible not later than 24 hours after having become aware of it, notify, the competent supervisory body, the competent national body for information security and
Amendment 283 #
Proposal for a regulation Article 15 – paragraph 2 – subparagraph 1 Trust service providers shall, without undue delay
Amendment 284 #
Proposal for a regulation Article 15 – paragraph 2 – subparagraph 1 Trust service providers shall, without undue delay
Amendment 285 #
Proposal for a regulation Article 15 – paragraph 2 – subparagraph 1 Trust service providers shall, without undue delay and where feasible not later than 24 hours after having become aware of it, and confirming that a breach has occurred, notify the competent supervisory body, the competent national body for information security and other relevant third parties such as data protection authorities of any breach of security or loss of integrity that has a significant impact on the trust service provided and on the personal data maintained therein.
Amendment 286 #
Proposal for a regulation Article 15 – paragraph 2 – subparagraph 2 Where appropriate, in particular if a breach of security or loss of integrity concerns two or more Member States, the notified supervisory body
Amendment 287 #
Proposal for a regulation Article 15 – paragraph 2 – subparagraph 2 Where appropriate, in particular if a breach of security or loss of integrity concerns two or more Member States, the supervisory body concerned shall inform supervisory bodies in
Amendment 288 #
Proposal for a regulation Article 15 – paragraph 2 – subparagraph 3 The supervisory body concerned
Amendment 289 #
Proposal for a regulation Article 15 – paragraph 2 – subparagraph 3 The supervisory body concerned, in consultation with the trust service provider, may also inform the public or require the trust service provider to do so, where it determines that disclosure of the breach is in the public interest.
Amendment 290 #
Proposal for a regulation Article 15 – paragraph 2 – subparagraph 3 The notified supervisory body
Amendment 291 #
Proposal for a regulation Article 15 – paragraph 3 Amendment 292 #
Proposal for a regulation Article 15 – paragraph 3 3. The supervisory body shall provide the European Network and Information Security Agency (ENISA) and the Commission once a year with a summary of breach notifications received from trust service providers.
Amendment 293 #
Proposal for a regulation Article 15 – paragraph 4 4. In order to implement paragraphs 1 and 2, the competent supervisory body shall have the power to issue binding instructions to trust service providers. The supervisory body should coordinate these binding instructions with other relevant regulatory bodies that supervise the trust service provider's activities other than the trust service provision.
Amendment 294 #
Proposal for a regulation Article 15 – paragraph 4 4. In order to implement paragraphs 1 and 2, the
Amendment 295 #
Proposal for a regulation Article 15 – paragraph 4 4. In order to implement paragraphs 1 and 2, the competent supervisory body shall have the power to issue binding instructions to trust service providers. All such instructions must be published.
Amendment 296 #
Proposal for a regulation Article 15 – paragraph 4 4. In order to
Amendment 297 #
Proposal for a regulation Article 15 – paragraph 4 a (new) 4a. If the provisions laid down in this article are not sufficiently implementable in a particular technological context, the Commission or any other stakeholder may request a clarification through the mechanism for adoption of technological requirements laid out in Chapter IIIa.
Amendment 298 #
Proposal for a regulation Article 15 – paragraph 5 Amendment 299 #
Proposal for a regulation Article 15 – paragraph 5 Amendment 300 #
Proposal for a regulation Article 15 – paragraph 5 5. The Commission
Amendment 301 #
Proposal for a regulation Article 15 – paragraph 6 Amendment 302 #
Proposal for a regulation Article 15 – paragraph 6 Amendment 303 #
Proposal for a regulation Article 15 – paragraph 6 6. The Commission may, by means of implementing acts, define the
Amendment 304 #
Proposal for a regulation Article 16 – paragraph 1 1.
Amendment 305 #
Proposal for a regulation Article 16 – paragraph 1 1. Qualified trust service providers shall be audited by a recognised independent body
Amendment 306 #
Proposal for a regulation Article 16 – paragraph 1 1. Qualified trust service providers shall be audited by a recognised independent body once a year to confirm that they and the qualified trust services provided by them fulfil the requirements set out in this Regulation, and shall submit the resulting security audit report to the supervisory body. If, after three years of existence, the annual audit reports raise no concerns, the audits referred to in this paragraph shall be carried out every two years only.
Amendment 307 #
Proposal for a regulation Article 16 – paragraph 1 1. Qualified trust service providers shall be audited
Amendment 308 #
Proposal for a regulation Article 16 – paragraph 1 1. Qualified trust service providers shall be audited by a
Amendment 309 #
Proposal for a regulation Article 16 – paragraph 2 2. Without prejudice to paragraph 1, the supervisory body may at any time audit the qualified trust service providers to confirm that they and the qualified trust services provided by them
Amendment 310 #
Proposal for a regulation Article 16 – paragraph 2 2. Without prejudice to paragraph 1, in case of substantiated doubts, the supervisory body may at any time audit the qualified trust service providers to confirm that they and the qualified trust services provided by them still meet the conditions set out in this Regulation, either on its own initiative or in response to a request from
Amendment 311 #
Proposal for a regulation Article 16 – paragraph 2 2. Without prejudice to paragraph 1, the supervisory body may at any time audit the
Amendment 312 #
Proposal for a regulation Article 16 – paragraph 3 3. The supervisory body shall have the power to
Amendment 313 #
Proposal for a regulation Article 16 – paragraph 3 3. The supervisory body shall have the power to issue binding instructions to qualified trust service providers to remedy any failure to fulfil the requirements
Amendment 314 #
Proposal for a regulation Article 16 – paragraph 3 3. The supervisory body shall have the power to issue binding instructions to
Amendment 315 #
Proposal for a regulation Article 16 – paragraph 4 Amendment 316 #
Proposal for a regulation Article 16 – paragraph 4 4. With reference to paragraph 3, if the qualified trust service provider does not remedy any such failure within a time limit
Amendment 317 #
Proposal for a regulation Article 16 – paragraph 5 Amendment 318 #
Proposal for a regulation Article 16 – paragraph 6 Amendment 319 #
Proposal for a regulation Article 16 – paragraph 6 6. The Commission may, by means of implementing acts, define the
Amendment 320 #
Proposal for a regulation Article 17 Amendment 321 #
Proposal for a regulation Article 17 – paragraph 1 1.
Amendment 322 #
Proposal for a regulation Article 17 – paragraph 1 1.
Amendment 323 #
Proposal for a regulation Article 17 – paragraph 1 1. Qualified trust service providers shall notify the supervisory body of their intention to start providing a qualified trust service and shall submit to the supervisory body a security audit report carried out by a recognised independent body, as provided for in Article 16(1). Qualified trust service providers may start to provide the qualified trust service after they have submitted the
Amendment 324 #
Proposal for a regulation Article 17 – paragraph 2 2. Once the relevant documents are submitted
Amendment 325 #
Proposal for a regulation Article 17 – paragraph 2 2.
Amendment 326 #
Proposal for a regulation Article 17 – paragraph 2 2. Once the relevant documents are submitted to the supervisory body according to paragraph 1, the qualified service providers shall be included in the
Amendment 327 #
Proposal for a regulation Article 17 – paragraph 3 – subparagraph 1 Amendment 328 #
Proposal for a regulation Article 17 – paragraph 3 – subparagraph 1 The supervisory body shall verify the compliance of the trust service provider and of the trust services provided by it with the requirements of this Regulation, in particular with the requirements provided for qualified trust services provider
Amendment 329 #
Proposal for a regulation Article 17 – paragraph 3 – subparagraph 2 Amendment 330 #
Proposal for a regulation Article 17 – paragraph 3 – subparagraph 2 The supervisory body shall indicate the qualified status of the qualified service providers and the qualified trust services they provide in the trusted lists after the positive conclusion of the verification
Amendment 331 #
Proposal for a regulation Article 17 – paragraph 3 – subparagraph 3 If the verification is not concluded within one month, the supervisory body shall inform the qualified trust service provider specifying the reasons of the delay and the period by which the verification shall be concluded. If the trust service provider has submitted the relevant documentation, the verification shall be concluded within a maximum period of nine months from the date of notification.
Amendment 332 #
Proposal for a regulation Article 17 – paragraph 3 – subparagraph 3 If the verification is not concluded within one month, the supervisory body shall inform the qualified trust service provider specifying the reasons of the delay and the period by which the verification shall be concluded. The total period may not exceed 3 months.
Amendment 333 #
Proposal for a regulation Article 17 – paragraph 4 Amendment 334 #
Proposal for a regulation Article 17 – paragraph 4 Amendment 335 #
Proposal for a regulation Article 17 – paragraph 4 Amendment 336 #
Proposal for a regulation Article 17 – paragraph 5 5. The Commission may, by means of implementing acts, define the
Amendment 337 #
Proposal for a regulation Article 18 Amendment 338 #
Proposal for a regulation Article 18 – paragraph 2 2. Member States shall establish, maintain and publish, in a secure manner, electronically signed or sealed trusted lists provided for in paragraph 1 in a form suitable for automated processing of both the list itself as well as the individual certificates.
Amendment 339 #
Proposal for a regulation Article 18 – paragraph 5 Amendment 340 #
Proposal for a regulation Article 18 – paragraph 6 6. The Commission may, by means of implementing acts, specify the information referred to in paragraph and define the technical specifications and formats for trusted lists applicable for the purposes of paragraphs 1 to 4. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).
Amendment 342 #
Proposal for a regulation Article 19 – paragraph 1 – subparagraph 1 When issuing a qualified certificate, a qualified trust service provider shall verify, by appropriate means and in accordance with national and Union law, the identity and, if applicable, any specific attributes of the natural or legal person to whom a qualified certificate is issued.
Amendment 343 #
Proposal for a regulation Article 19 – paragraph 2 – point b (b)
Amendment 344 #
Proposal for a regulation Article 19 – paragraph 2 – point c (c) before entering into a contractual relationship, inform any person seeking to use a qualified trust service of the precise terms and conditions regarding the use of that service, as well as the liability limits, in a clear and transparent manner;
Amendment 345 #
Proposal for a regulation Article 19 – paragraph 2 – point d (d) use
Amendment 346 #
Proposal for a regulation Article 19 – paragraph 2 – point e – introductory part (e) use
Amendment 347 #
Proposal for a regulation Article 19 – paragraph 2 – point e – indent 1 – they are publicly available for retrieval only where national or Union law allows for this or where the consent of the person to whom the data has been issued has been obtained,
Amendment 348 #
Proposal for a regulation Article 19 – paragraph 2 – point g (g) record for an appropriate period of time, regardless of whether the qualified trust service provider has ceased to provide qualified trust services, all relevant information concerning data issued and received by the qualified trust service provider, in particular for the purpose of providing evidence in legal proceedings. Such recording may be done electronically;
Amendment 349 #
Proposal for a regulation Article 19 – paragraph 2 – point i a (new) (ia) refuse to provide services for activities they know to be illegal.
Amendment 350 #
Proposal for a regulation Article 19 – paragraph 3 3. Qualified trust service providers issuing qualified certificates shall register in their certificate database the revocation of the certificate with
Amendment 351 #
Proposal for a regulation Article 19 – paragraph 4 4. With regard to paragraph 3, qualified trust service providers issuing qualified certificates shall provide to any relying party information on the validity or revocation status of qualified certificates issued by them. This information shall be made available at any time at least on a certificate basis in an automated manner
Amendment 352 #
Proposal for a regulation Article 19 – paragraph 5 5. The Commission may, by means of implementing acts, establish reference numbers of standards for trustworthy systems and products. The Commission shall ensure, that stakeholder input is duly considered, preferably in form of an impact assessment, when defining standards to be used for the purpose of this Regulation. Compliance with the requirements laid down in Article 19 shall be presumed where trustworthy systems and products meet those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
Amendment 353 #
Proposal for a regulation Article 19 – paragraph 5 5. The Commission may, by means of implementing acts, establish reference numbers of standards for
Amendment 354 #
Proposal for a regulation Article 19 – paragraph 5 5. The Commission may, by means of implementing acts, establish reference numbers of standards for trustworthy systems and products. Compliance with the requirements laid down in Article 19 shall be
Amendment 355 #
Proposal for a regulation Article 20 – paragraph 2 2. A qualified electronic signature shall
Amendment 51 #
Proposal for a regulation Recital 1 (1) Building trust in the online environment is key to economic and social development. Lack of trust, in particular because of a perceived lack of legal certainty, makes consumers, businesses and administrations hesitate to carry out transactions electronically and to adopt new services.
Amendment 52 #
Proposal for a regulation Recital 2 (2) This Regulation seeks to enhance trust in electronic transactions in the internal market by
Amendment 53 #
Proposal for a regulation Recital 3 (3) Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures, essentially covered electronic signatures without delivering a comprehensive cross- border and cross-sector framework for secure, trustworthy and easy-to-use electronic transactions. This Regulation
Amendment 54 #
Proposal for a regulation Recital 5 (5) The European Council invited the Commission to create a digital single market by 2015 to make rapid progress in key areas of the digital economy and to
Amendment 55 #
Proposal for a regulation Recital 6 (6) The Council invited the Commission to contribute to the digital single market by creating appropriate conditions for the mutual recognition of key enablers across borders, such as electronic authentication or identification, electronic documents, electronic signatures and electronic delivery services, and for interoperable eGovernment services across the European Union.
Amendment 56 #
Proposal for a regulation Recital 7 a (new) (7a) Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications)1 calls on the Commission to adopt measures were required to ensure that terminal equipment is constructed in a way that is compatible with the right of users to protect and control the use of their personal data, in accordance with Directive 1999/5/EC of the European Parliament and of the Council of 9 March 1999 on radio equipment and telecommunications terminal equipment and the mutual recognition of their conformity2 and Council Decision 87/95/EEC of 22 December 1986 on standardisation in the field of information technology and communications3. The European multi-stakeholder platform on ICT standardisation established through Commission Decision of 28 November 2011 setting up the European multi- stakeholder platform on ICT standardisation4 further seems a plausible agent to use for such purposes to the extent that data protection authorities and the European Data Protection Board are adequately resourced to participate in standardisation procedures which relate to information and communication technologies dealing with personal data as defined in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data5. _________________ 1 OJ L 201, 31.7.2002, p. 37. 2 OJ L 91, 7.4.1999, p. 10. 3 OJ L 36, 7.2.1987, p. 31. 4 OJ C 349, 30.11.2011, p. 4. 5 OJ L 281, 23.11.1995, p. 31.
Amendment 57 #
Proposal for a regulation Recital 8 (8) Directive 2006/123/EC of the European Parliament and of the Council of 12 December 2006 on services in the internal market requests Member States to establish
Amendment 58 #
Proposal for a regulation Recital 9 (9) In most cases service providers from another Member State cannot use their electronic authentication or identification to access these
Amendment 59 #
Proposal for a regulation Recital 12 (12) Member States should remain free to use or introduce means, for electronic authentication or identification purposes, for accessing online services. They should also be able to decide whether to involve the private sector in the provision of these means. Member States should not be obliged to notify their electronic identification schemes. The choice to either notify all,
Amendment 60 #
Proposal for a regulation Recital 13 (13) Some conditions need to be set in the Regulation with regard to which electronic authentication or identification means have to be accepted and how the schemes should be notified. These should help Member States to build the necessary trust in each other's electronic identification schemes and to mutually recognise and accept electronic identification means falling under their notified schemes. The principle of mutual recognition and acceptance should apply if the notifying Member State meets the conditions of notification and the notification was published in the Official Journal of the European Union. However, the access to these online services and their final delivery to the applicant should be closely linked to the right to receive such services under the conditions set by national legislation.
Amendment 61 #
Proposal for a regulation Recital 14 (14) Member States should be able to
Amendment 62 #
Proposal for a regulation Recital 15 (15) The cross border use of electronic identification means under a notified
Amendment 63 #
Proposal for a regulation Recital 15 (15) The cross border use of electronic identification means under a notified scheme requires Member States to cooperate in providing technical interoperability in accordance with the principle of technological neutrality. This rules out any specific national technical rules requiring non-
Amendment 64 #
Proposal for a regulation Recital 16 (16) Cooperation of Member States should serve the technical interoperability of the notified electronic identification schemes with a view to foster a high level of trust and security appropriate to the degree of risk. The exchange of information and the sharing of best practices between Member States, particularly on e-services considered as having significant cross- border relevance, with a view to their mutual recognition should help such cooperation.
Amendment 65 #
Proposal for a regulation Recital 16 (16) Cooperation of Member States should serve the technical interoperability of the notified electronic authentication or identification schemes with a view to foster a high level of trust and security appropriate to the degree of risk. The exchange of information and the sharing of best practices between Member States with a view to their mutual recognition should help such cooperation.
Amendment 66 #
Proposal for a regulation Recital 17 (17) This Regulation should also establish a general legal framework for the use of electronic trust services
Amendment 67 #
Proposal for a regulation Recital 19 (19) Member States should remain free to define other types of trust services in addition to those making part of the closed
Amendment 68 #
Proposal for a regulation Recital 22 Amendment 69 #
Proposal for a regulation Recital 22 (22) To enhance people's trust in the internal market and to promote the use of trust services and products, the notions of qualified trust services and qualified trust service provider should be introduced with a view to indicating requirements and obligations to ensure high-level security of whatever qualified trust services and products are used or provided. Both qualified and advanced electronic signatures may be legally equivalent to handwritten signatures. Nothing in this Regulation should limit the ability of any natural or legal person to demonstrate with evidence the non-reliability of any form of electronic signature. However, in the case of a qualified electronic signature the burden of proof when questioning the identity of the signatory should rest with the contesting party.
Amendment 70 #
Proposal for a regulation Recital 23 (23) In line with the obligations under the UN Convention on the Rights of Persons
Amendment 71 #
Proposal for a regulation Recital 24 a (new) (24a) A trust service provider operates in a particularly sensitive environment where many other parties rely on the integrity of their services. In particular, it is presumed by its customers that they are always trustworthy. Therefore it is important that they avoid conflicts of interest. In the interest of good governance within the context of electronic signatures and electronic identification, trust service providers should not in general be operated or owned by entities providing services that require their trust services. Over-sight shall be provided by a competent supervisory body.
Amendment 72 #
Proposal for a regulation Recital 25 (25)
Amendment 73 #
Proposal for a regulation Recital 28 (28) All Member States should follow common essential supervision requirements to ensure a comparable security level of
Amendment 74 #
Proposal for a regulation Recital 29 (29) Notification of security breaches in accordance with Directive 95/46/EC and security risk assessments is essential with a view to providing adequate information to concerned parties in the event of a breach of security or loss of integrity.
Amendment 75 #
Proposal for a regulation Recital 31 (31) To enable the Commission and the Member States to assess the impact of this Regulation, supervisory bodies should be requested to provide statistics on and the use of
Amendment 76 #
Proposal for a regulation Recital 33 (33) To ensure sustainability and durability of
Amendment 77 #
Proposal for a regulation Recital 33 (33) To ensure sustainability and durability of qualified trust services and to boost users
Amendment 78 #
Proposal for a regulation Recital 34 (34) To facilitate the supervision of
Amendment 79 #
Proposal for a regulation Recital 35 (35) It is the responsibility of trust service providers to meet the requirements set out in this Regulation for the provisioning of trust services, in particular for
Amendment 80 #
Proposal for a regulation Recital 36 (36) In order to allow an efficient initiation process, which should lead to the inclusion of
Amendment 81 #
Proposal for a regulation Recital 37 Amendment 82 #
Proposal for a regulation Recital 38 (38) Once it has been subject to a notification, a
Amendment 83 #
Proposal for a regulation Recital 38 a (new) Amendment 84 #
Proposal for a regulation Recital 40 (40) It should be possible to entrust
Amendment 85 #
Proposal for a regulation Recital 41 (41) To ensure legal certainty on the validity of the signature it is essential to detail which components of a
Amendment 86 #
Proposal for a regulation Recital 42 Amendment 87 #
Proposal for a regulation Recital 43 Amendment 88 #
Proposal for a regulation Recital 43 (43) Electronic seals and/or stamps should serve as evidence that an electronic document was issued by a legal person, ensuring certainty of the document's
Amendment 89 #
Proposal for a regulation Recital 44 Amendment 90 #
Proposal for a regulation Recital 46 Amendment 91 #
Proposal for a regulation Recital 47 Amendment 92 #
Proposal for a regulation Recital 49 Amendment 93 #
Proposal for a regulation Recital 51 (51) In order to ensure uniform conditions for the implementation of this Regulation, implementing powers should be conferred on the Commission, in particular for specifying reference numbers of standards which use would give a presumption of compliance with certain requirements laid down in this Regulation or defined in delegated acts. Those powers should be exercised, after a transparent stakeholder consultation, in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by the Member States of the Commission's exercise of implementing powers.
Amendment 94 #
Proposal for a regulation Recital 53 (53) To ensure legal certainty to the market operators already using
Amendment 95 #
Proposal for a regulation Article 1 – paragraph 1 1. This Regulation lays down rules for certain electronic authentication or identification and electronic trust services for electronic transactions with a view to ensuring the proper functioning of the internal market.
Amendment 96 #
Proposal for a regulation Article 1 – paragraph 1 1. This Regulation lays down rules for electronic identification and
Amendment 97 #
Proposal for a regulation Article 1 – paragraph 2 2. This Regulation lays down the conditions under which Member States shall recognise and accept electronic authentication or identification means
Amendment 98 #
Proposal for a regulation Article 1 – paragraph 3 3. This Regulation establishes a legal framework for certain electronic signatures,
Amendment 99 #
Proposal for a regulation Article 1 – paragraph 3 3. This Regulation establishes a legal framework for electronic signatures, electronic seals, electronic time stamps, electronic documents
source: PE-510.784
2013/05/21
ITRE
350 amendments...
Amendment 100 #
Proposal for a regulation Article 5 – title Mutual recognition and acceptance Mutual recognition
Amendment 101 #
Proposal for a regulation Article 5 – title Mutual recognition and acceptance Mutual recognition
Amendment 102 #
Proposal for a regulation Article 5 – paragraph 1 When an electronic identification using an electronic identification means and authentication is required under national legislation or administrative practice to access a service online,
Amendment 103 #
Proposal for a regulation Article 5 – paragraph 1 When an electronic identification using an electronic identification means and authentication is required under Union or national legislation or administrative practice to access a service online
Amendment 104 #
Proposal for a regulation Article 5 – paragraph 1 When
Amendment 105 #
Proposal for a regulation Article 5 – paragraph 1 a (new) Paragraph 1 only applies to specific cross border public services. In order to specify these cross border services the Commission shall, by means of an implementing act, draw up a list. This implementing act shall follow the article 8 and be adopted in accordance with the examination procedure referred to in Article 39(2).
Amendment 106 #
Proposal for a regulation Article 6 – paragraph 1 – point a (a) the electronic identification means are issued
Amendment 107 #
Proposal for a regulation Article 6 – paragraph 1 – point a (a) the electronic identification means are recognized by, issued by
Amendment 108 #
Proposal for a regulation Article 6 – paragraph 1 – point b (b) the electronic identification means can be used to access at least public services
Amendment 109 #
Proposal for a regulation Article 6 – paragraph 1 – point b a (new) (ba) the electronic identification means incorporate different levels of security in accordance with the type of services to which they allow access;
Amendment 110 #
Proposal for a regulation Article 6 – paragraph 1 – point c (c) the notifying Member State ensures that the person identification data are attributed
Amendment 111 #
Proposal for a regulation Article 6 – paragraph 1 – point d (d) the notifying Member State ensures the availability of an online authentication
Amendment 112 #
Proposal for a regulation Article 6 – paragraph 1 – point d (d) the notifying Member State ensures the availability of an authentication possibility online, at any time and, in case of access to public services, free of charge so that any relying party outside the territory of this Member State can validate the person identification data received in electronic form. Member States shall not impose any disproportionate specific technical requirements on relying parties established outside of their territory intending to carry out such authentication. When either the notified identification scheme or authentication possibility is breached or partly compromised, Member States shall suspend or revoke without delay the notified identification scheme or authentication possibility or the compromised parts concerned and inform the other Member States and the Commission pursuant to Article 7;
Amendment 113 #
Proposal for a regulation Article 6 – paragraph 1 – point e – introductory part (e) the notifying Member State
Amendment 114 #
Proposal for a regulation Article 6 – paragraph 1 – point e – point i (i) the
Amendment 115 #
Proposal for a regulation Article 6 – paragraph 1 – point e – point ii (ii) the authentication
Amendment 116 #
Proposal for a regulation Article 6 – paragraph 1 a (new) 1a. The notifying Member States may only notify an electronic identification scheme by certification service-provider established in a third country, if that provider fulfils all of the requirements laid down in this regulation.
Amendment 117 #
Proposal for a regulation Article 6 – paragraph 2 a (new) 2a. The Commission, by means of implementing acts, shall set out the criteria for determining the various security levels linked to the type of services to which the electronic identification scheme allows access.
Amendment 118 #
Proposal for a regulation Article 7 – paragraph 1 – point a (a) a description of the notified electronic identification scheme, including the various security levels linked to the type of services to which access is permitted;
Amendment 119 #
Proposal for a regulation Article 7 – paragraph 1 – point a (a) a description of the notified electronic identification scheme and its security assurance level;
Amendment 120 #
Proposal for a regulation Article 7 – paragraph 1 – point c (c) information on by wh
Amendment 121 #
Proposal for a regulation Article 7 – paragraph 1 – point d (d) a description of the authentication possibility, also in accordance with the different security levels required for access;
Amendment 122 #
Proposal for a regulation Article 7 – paragraph 1 – point d (d) a description of the authentication possibility and any technical requirements imposed on relying parties;
Amendment 123 #
Proposal for a regulation Article 7 – paragraph 1 – point d (d) a description of the authentication
Amendment 124 #
Proposal for a regulation Article 7 – paragraph 1 – point e (e) arrangements for suspension or revocation of either the notified identification scheme or authentication
Amendment 125 #
Proposal for a regulation Article 7 – paragraph 2 2. Six months after the entry into force of the Regulation, the Commission shall publish in the Official Journal of the European Union as well as on a publicly available website the list of the electronic identification schemes which were notified pursuant to paragraph 1 and the basic information thereon.
Amendment 126 #
Proposal for a regulation Article 7 – paragraph 4 4. The Commission may, by means of implementing acts, define the
Amendment 127 #
Proposal for a regulation Article 7 a (new) Amendment 128 #
Proposal for a regulation Article 7 a (new) Article 7a 1. When either the electronic identification scheme notified pursuant to Article 7(1) or the authentication referred to in point (d) of Article 6 is breached or partly compromised in a way that would affect the reliability of that scheme for cross border transactions, the notifying Member State shall without delay suspend or revoke the cross border part of that electronic identification scheme or that authentication or the compromised parts concerned and inform other Member States and the Commission. 2. When the breach or compromise referred to in paragraph (1) has been remedied, the notifying Member State shall re-establish the authentication and shall inform other Member States and the Commission as soon as possible. 3. If the breach or compromise referred to in paragraph (1) is not remedied within 3 months of the suspension or revocation, the notifying Member State shall notify the withdrawal of the electronic identification scheme to other Member States and to the Commission. The Commission shall publish as soon as possible in the Official Journal of the European Union the corresponding amendments to the list referred to in Article 7(2).
Amendment 129 #
Proposal for a regulation Article 7 b (new) Amendment 130 #
Proposal for a regulation Article 8 – title Coordination Coordination and interoperability
Amendment 131 #
Proposal for a regulation Article 8 – title Coordination Interoperability and coordination
Amendment 132 #
Proposal for a regulation Article 8 – paragraph 1 1. Member States shall cooperate in order to ensure the interoperability and technological neutrality of electronic identification means falling under a notified scheme and to enhance their security.
Amendment 133 #
Proposal for a regulation Article 8 – paragraph 1 – point 1 a (new) 1a. The Commission shall together with ENISA, take on a coordinating role. The opinion of ENISA, as an expert on privacy and trust issues and electronic identification, shall be requested by the Commission in order to ensure the technical interoperability of electronic identification and electronic trust service schemes.
Amendment 134 #
Proposal for a regulation Article 8 – paragraph 1 a (new) 1a. Where an electronic identification scheme does not pass the prior technological test in terms of neutrality and interoperability, which is the responsibility of the Member States under the cooperation mechanism referred to in paragraph 1, the scheme shall not be eligible for notification under Article 7 for the purpose of the mutual recognition referred to in Article 5.
Amendment 135 #
Proposal for a regulation Article 8 – paragraph 1 a (new) 1a. Member States and the Commission shall in particular prioritize interoperability for such e-services with the greatest cross border relevance by: (a) exchanging best practices concerning the electronic identification means falling under a notified scheme; (b) providing and regularly update best practices on trust and security of the electronic identification means; (c) providing and regularly update on the promotion of the use of electronic identification means.
Amendment 136 #
Proposal for a regulation Article 8 – paragraph 3 3. The Commission shall be empowered to adopt
Amendment 137 #
Proposal for a regulation Article 8 – paragraph 3 3. The Commission shall be empowered to adopt delegated acts in accordance with Article 38 concerning the facilitation of cross border interoperability of electronic identification means by setting of
Amendment 138 #
Proposal for a regulation Article 8 – paragraph 3 3. The Commission shall be empowered to adopt delegated acts in accordance with Article 38 concerning the facilitation of cross border interoperability of electronic identification means by setting of minimum, technology-neutral, technical requirements.
Amendment 139 #
Proposal for a regulation Article 9 – paragraph 1 Amendment 140 #
Proposal for a regulation Article 9 – paragraph 1 1. A trust service provider shall be liable for any
Amendment 141 #
Proposal for a regulation Article 9 – paragraph 1 1. A trust service provider shall be liable
Amendment 142 #
Proposal for a regulation Article 9 – paragraph 1 1. A trust service provider shall be strictly liable for any
Amendment 143 #
Proposal for a regulation Article 9 – paragraph 2 - subparagraph 1 2. A qualified trust service provider shall be liable for: (a) any direct damage caused to any natural or legal person due to failure to meet the requirements laid down in this Regulation, in particular in Article 19, unless the qualified trust service provider can prove that he has not acted negligently. (b) point (a) shall apply mutatis mutandis where he guaranteed, pursuant to Article 11 paragraph 1 point (b), for the compliance with the requirements of this Regulation by a qualified trust service provider established in a third country, unless the qualified trust service provider established in the Union can prove that the former has not acted negligently.
Amendment 144 #
Proposal for a regulation Article 9 – paragraph 2 2. A qualified trust service provider shall be liable for any
Amendment 145 #
Proposal for a regulation Article 9 – paragraph 2 2. A qualified trust service provider shall be strictly liable for any
Amendment 146 #
Proposal for a regulation Article 10 – title Amendment 147 #
Proposal for a regulation Article 10 – paragraph 1 1. Qualified trust services and qualified certificates provided by qualified trust service providers established in a third country shall be accepted as qualified trust services and qualified certificates provided by a qualified trust service providers established in the territory of the Union if: (a) the qualified trust service provider fulfils the requirements laid down in this Regulation and has been accredited under a voluntary accreditation scheme established in a Member State; or (b) the qualified trust service provider established within the Union which fulfils the requirements laid down in this Regulation guarantees the compliance with the requirements laid down in this Regulation; or (c) the qualified trust services or qualified certificates originating from the third country are recognised under an
Amendment 148 #
Proposal for a regulation Article 10 – paragraph 1 1. Qualified trust services and qualified certificates provided by qualified trust service providers established in a third country shall be accepted as qualified trust services and qualified certificates provided
Amendment 149 #
Proposal for a regulation Article 10 – paragraph 1 1. Qualified trust services and qualified certificates provided by qualified trust service providers established in a third country shall be accepted as qualified trust services and qualified certificates provided by a qualified trust service providers established in the territory of the Union if the qualified trust services or qualified certificates originating from the third country are recognised under an agreement between the Union and third countries or international organisations in accordance with Article 218 TFUE and, if the third country in which they are based so agrees, qualified trust services and qualified certificates provided by qualified trust service providers based in the EU shall, under the principle of reciprocity, be accepted in this country.
Amendment 150 #
Proposal for a regulation Article 10 – paragraph 1 1. Qualified trust services and qualified certificates provided by qualified trust service providers established in a third country shall be accepted as legally equivalent to qualified trust services and qualified certificates provided by a qualified trust service providers established in the territory of the Union if the qualified trust services or qualified certificates originating from the third country are recognised under an agreement between the Union and third countries or international organisations in accordance with Article 218 TFUE.
Amendment 151 #
Proposal for a regulation Article 10 – paragraph 2 Amendment 152 #
Proposal for a regulation Article 10 – paragraph 2 2. With reference to paragraph 1, such agreements shall ensure that the requirements applicable to qualified trust services and qualified certificates provided by qualified trust service providers established in the territory of the Union are met by the trust service providers in the third countries or international organisations, especially with regard to the protection of personal data, pursuant to article 25 of Directive 95/46/EC, security and supervision.
Amendment 153 #
Proposal for a regulation Article 10 – paragraph 2 a (new) 2a. Such agreements shall also ensure that requirements are also applicable to the trust service providers from third countries operating in the territory of the Union, while also meeting the requirements of mutual recognition of trust services.
Amendment 154 #
Proposal for a regulation Article 10 – paragraph 2 a (new) 2a. Qualified trust service provider established within the Union may guarantee for certificates which are issued as qualified by supervised or accredited trust service providers established in a third country.
Amendment 155 #
Proposal for a regulation Article 11 – paragraph 1 1. Trust service providers and supervisory bodies shall ensure fair and lawful processing in accordance with Directive 95/46/EC when processing personal data, adhering to the principles of data minimization.
Amendment 156 #
Proposal for a regulation Article 11 – paragraph 4 a (new) 4a. Processing of personal data by or on behalf of the trust service provider, where strictly necessary to ensure network and information security for the purpose of complying with the requirements of Articles 11, 15, 16 and 19, shall be considered a legitimate interest in the meaning of Article 7 paragraph (f) of Directive 95/46/EC.
Amendment 157 #
Proposal for a regulation Article 12 Trust services provided and end user products used in the provision of those services shall be made accessible for persons with disabilities
Amendment 158 #
Proposal for a regulation Article 12 Trust services provided and end user products used in the provision of those services shall be made accessible for
Amendment 159 #
Proposal for a regulation Article 12 Trust services provided and end user products used in the provision of those services shall be made accessible for persons with disabilities
Amendment 160 #
Proposal for a regulation Article 12 Trust services provided and end user products used in the provision of those services shall be made accessible for persons with disabilities whenever reasonably possible.
Amendment 161 #
Proposal for a regulation Article 13 – paragraph 1 1. Member States shall designate a
Amendment 162 #
Proposal for a regulation Article 13 – paragraph 2 – introductory part 2. The supervisory body shall
Amendment 163 #
Proposal for a regulation Article 13 – paragraph 2 – point a (a)
Amendment 164 #
Proposal for a regulation Article 13 – paragraph 2 – point a (a) monitoring qualified trust service providers established in the territory of the designating Member State to ensure that they fulfil the requirements laid down in Article 15;
Amendment 165 #
Proposal for a regulation Article 13 – paragraph 2 – point b Amendment 166 #
Proposal for a regulation Article 13 – paragraph 2 – point c (c) ensuring that relevant information and data referred to in point (g) of Article 19(2), and recorded by qualified trust service providers are preserved and kept accessible after the activities of a qualified trust service provider have ceased, for an appropriate time, in particular considering the validity period of the services, with a view to guaranteeing continuity of the service.
Amendment 167 #
Proposal for a regulation Article 13 – paragraph 3 – point c Amendment 168 #
Proposal for a regulation Article 13 – paragraph 4 Amendment 169 #
Proposal for a regulation Article 13 – paragraph 5 Amendment 170 #
Proposal for a regulation Article 13 – paragraph 5 Amendment 171 #
Proposal for a regulation Article 13 – paragraph 6 6. The Commission may, by means of implementing acts, define the
Amendment 172 #
Proposal for a regulation Article 13 – paragraph 6 6. The Commission may, by means of implementing acts, define the
Amendment 173 #
Proposal for a regulation Article 14 – paragraph 1 1. Supervisory bodies shall cooperate with a view to exchange good practice and provide each other, within the shortest possible time, with relevant information and mutual assistance so that activities can be carried out in a consistent manner. Supervisory bodies shall also cooperate where a request is made under the Regulation on Accreditation and Market surveillance (765/2008). Mutual assistance shall cover, in particular, information requests and supervisory measures, such as requests to carry out inspections related to the
Amendment 174 #
Proposal for a regulation Article 14 – paragraph 1 1. Supervisory bodies shall cooperate with a view to exchang
Amendment 175 #
Proposal for a regulation Article 14 – paragraph 2 – introductory part 2. A supervisory body
Amendment 176 #
Proposal for a regulation Article 14 – paragraph 2 – point b (b) compliance with the request would
Amendment 177 #
Proposal for a regulation Article 14 – paragraph 2 – point b (b) compliance with the request would be incompatible with this Regulation and applicable legislation.
Amendment 178 #
Proposal for a regulation Article 14 – paragraph 3 Amendment 179 #
Proposal for a regulation Article 14 – paragraph 3 – subparagraph 1 3. Where appropriate, supervisory bodies may carry out joint
Amendment 180 #
Proposal for a regulation Article 14 – paragraph 3 – subparagraph 2 Amendment 181 #
Proposal for a regulation Article 14 – paragraph 4 Amendment 182 #
Proposal for a regulation Article 14 – paragraph 4 Amendment 183 #
Proposal for a regulation Article 15 – paragraph 1 – subparagraph 1 1. Trust service providers who are established in the territory of the Union shall take appropriate technical and organisational measures to manage the risks posed to the security of the trust services they provide. Having regard to
Amendment 184 #
Proposal for a regulation Article 15 – paragraph 1 – subparagraph 2 Without prejudice to Article 16(1), any trust service provider
Amendment 185 #
Proposal for a regulation Article 15 – paragraph 2 – subparagraph 1 1.
Amendment 186 #
Proposal for a regulation Article 15 – paragraph 2 – subparagraph 2 Where appropriate, in particular if a breach of security or loss of integrity concerns two or more Member States, the supervisory body concerned shall inform supervisory bodies in
Amendment 187 #
Proposal for a regulation Article 15 – paragraph 2 – subparagraph 3 The supervisory body concerned
Amendment 188 #
Proposal for a regulation Article 15 – paragraph 2 – subparagraph 3 The supervisory body concerned, in consultation with the trust service provider, may also inform the public or require the trust service provider to do so, where it determines that disclosure of the breach is in the public interest.
Amendment 189 #
Proposal for a regulation Article 15 – paragraph 4 4. In order to
Amendment 190 #
Proposal for a regulation Article 15 – paragraph 5 Amendment 191 #
Proposal for a regulation Article 15 – paragraph 6 6. The Commission may, by means of implementing acts, define the
Amendment 192 #
Proposal for a regulation Article 16 – paragraph 1 (1) Qualified trust service providers shall be audited by a recognised independent body once a year to confirm that they and the qualified trust services provided by them fulfil the requirements set out in this Regulation, and shall submit the resulting security audit report to the supervisory body. In order to provide a continual guarantee of the independence of the audit, a qualified trust service provider may not be audited by the same body for more than two successive years.
Amendment 193 #
Proposal for a regulation Article 16 – paragraph 1 1. Qualified trust service providers shall be audited by a recognised independent body, whose competence to undertake the audit has been demonstrated, once a year to confirm that they and the qualified trust services provided by them fulfil the requirements set out in this Regulation, and shall
Amendment 194 #
Proposal for a regulation Article 16 – paragraph 1 1. Qualified trust service providers shall be audited by a recognised independent body
Amendment 195 #
Proposal for a regulation Article 16 – paragraph 2 2. Without prejudice to paragraph 1, in case of substantiated doubts, the supervisory body may at any time audit the qualified trust service providers to confirm that they and the qualified trust services provided by them still meet the conditions set out in this Regulation, either on its own initiative or in response to a request from
Amendment 196 #
Proposal for a regulation Article 16 – paragraph 3 3. The supervisory body shall have the power to issue binding instructions to qualified trust service providers to remedy any failure to fulfil the requirements indicated in the security audit report. These instructions shall be made publically available.
Amendment 197 #
Proposal for a regulation Article 16 – paragraph 3 3. The supervisory body shall have the power to issue binding instructions to qualified trust service providers to remedy any failure to fulfil the requirements
Amendment 198 #
Proposal for a regulation Article 16 – paragraph 4 4. With reference to paragraph 3, if the qualified trust service provider does not remedy any such failure within a time limit set by the supervisory body,
Amendment 199 #
Proposal for a regulation Article 16 – paragraph 6 6. The Commission may, by means of implementing acts, define the
Amendment 200 #
Proposal for a regulation Article 16 a (new) Article 16(a) Supervision of trust service providers In order to facilitate supervision by the supervisory body referred to in Article 13(2)(a), trust service providers shall notify the supervisory body of their intention to start offering a trust service and shall inform it of the technical and organisational measures they have taken to manage the risks linked to the security of the trust services they provide in accordance with Article 15(1).
Amendment 201 #
Proposal for a regulation Article 17 – paragraph 1 1.
Amendment 202 #
Proposal for a regulation Article 17 – paragraph 1 1.
Amendment 203 #
Proposal for a regulation Article 17 – paragraph 1 1. Qualified trust service providers shall notify the supervisory body of their intention to start providing a qualified trust service and shall submit to the supervisory body a security audit report carried out by a recognised independent body, as provided for in Article 16(1). Qualified trust service providers may start to provide the qualified trust service after they have submitted the notification and security audit report to the supervisory body and the supervisory body has certified compliance in accordance with paragraph 3.
Amendment 204 #
Proposal for a regulation Article 17 – paragraph 2 Amendment 205 #
Proposal for a regulation Article 17 – paragraph 2 2. Once the relevant documents are submitted
Amendment 206 #
Proposal for a regulation Article 17 – paragraph 3 – subparagraph 1 Amendment 207 #
Proposal for a regulation Article 17 – paragraph 3 – subparagraph 1 The supervisory body shall verify the compliance of the qualified trust service provider and of the qualified trust services provided by it with the requirements of the Regulation. The trust service provider shall be informed of the outcome of the verification within one month from the submission of the notification and of the trust service provider’s audit report.
Amendment 208 #
Proposal for a regulation Article 17 – paragraph 3 – subparagraph 1 The supervisory body shall verify the compliance of the
Amendment 209 #
Proposal for a regulation Article 17 – paragraph 3 – subparagraph 2 Amendment 210 #
Proposal for a regulation Article 17 – paragraph 3 – subparagraph 2 The supervisory body shall indicate the qualified status of the qualified service providers and the qualified trust services they provide in the trusted lists after the
Amendment 211 #
Proposal for a regulation Article 17 – paragraph 3 – subparagraph 3 If the verification is not concluded within one month, the supervisory body shall inform the qualified trust service provider specifying the reasons of the delay and the period by which the verification shall be concluded. The total period may not exceed 3 months.
Amendment 212 #
Proposal for a regulation Article 17 – paragraph 4 Amendment 213 #
Proposal for a regulation Article 17 – paragraph 4 4.
Amendment 214 #
Proposal for a regulation Article 17 – paragraph 5 5. The Commission may, by means of
Amendment 215 #
Proposal for a regulation Article 18 – paragraph 1 1. Each Member State shall establish, maintain and publish trusted lists with information related to the qualified trust service providers for which it is competent together with information related to the qualified trust services provided by them. A compulsory element of these trusted lists shall be a five-year retrospective chronological record of previous changes in a qualified trust service provider’s qualification status.
Amendment 216 #
Proposal for a regulation Article 18 – paragraph 2 2. Member States shall establish, maintain and publish, in a secure manner, electronically signed or sealed trusted lists provided for in paragraph 1 in a form suitable for automated processing
Amendment 217 #
Proposal for a regulation Article 18 – paragraph 5 Amendment 218 #
Proposal for a regulation Article 18 – paragraph 6 6. The Commission may, by means of implementing acts, specify the information referred to in paragraph and define the technical specifications and formats for trusted lists applicable for the purposes of paragraphs 1 to 4. Those implementing acts shall be
Amendment 219 #
Proposal for a regulation Article 19 – paragraph 1 – subparagraph 1 When issuing a qualified certificate, a qualified trust service provider shall verify, by appropriate means and in accordance with national and Union law, the identity and, if applicable, any specific attributes of the natural or legal person to whom a qualified certificate is issued.
Amendment 220 #
Proposal for a regulation Article 19 – paragraph 2 – point b (b)
Amendment 221 #
Proposal for a regulation Article 19 – paragraph 2 – point c (c) before entering into a contractual relationship, inform any person seeking to use a qualified trust service of the precise terms and conditions regarding the use of that service, including any limitation on its use;
Amendment 222 #
Proposal for a regulation Article 19 – paragraph 2 – point d (d) use
Amendment 223 #
Proposal for a regulation Article 19 – paragraph 2 – point e – introductory part (e) use
Amendment 224 #
Proposal for a regulation Article 19 – paragraph 2 – point e – indent 1 – they are publicly available for retrieval only where the consent of the person to whom the data
Amendment 225 #
Proposal for a regulation Article 19 – paragraph 2 – point e – indent 1 – they are publicly available for retrieval only where national or Union law allows for this or where the consent of the person to whom the data has been issued has been obtained,
Amendment 226 #
Proposal for a regulation Article 19 – paragraph 2 – point g (g) record for an appropriate period of time, regardless of whether the qualified trust service provider has ceased to provide qualified trust services, all relevant information concerning data issued and received by the qualified trust service provider, in particular for the purpose of providing evidence in legal proceedings. Such recording may be done electronically;
Amendment 227 #
Proposal for a regulation Article 19 – paragraph 3 3. Qualified trust service providers issuing qualified certificates shall register the revocation of the certificate in their certificate database on the
Amendment 228 #
Proposal for a regulation Article 19 – paragraph 3 3. Qualified trust service providers issuing qualified certificates shall register in their certificate database the revocation of the certificate with
Amendment 229 #
Proposal for a regulation Article 19 – paragraph 4 4. With regard to paragraph 3, qualified
Amendment 230 #
Proposal for a regulation Article 19 – paragraph 5 5. The Commission may, by means of implementing acts, establish reference numbers of standards for trustworthy systems and products. The Commission shall ensure, that stakeholder input is duly considered, preferably in form of an impact assessment, when defining standards to be used for the purpose of this regulation. Compliance with the requirements laid down in Article 19 shall be presumed where trustworthy systems and products meet those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
Amendment 231 #
Proposal for a regulation Article 19 – paragraph 5 5. The Commission may, by means of implementing acts, establish reference numbers of standards for
Amendment 232 #
Proposal for a regulation Article 20 – paragraph 1 1. A document with an electronic signature shall not be denied
Amendment 233 #
Proposal for a regulation Article 20 – paragraph 1 1. An electronic signature shall
Amendment 234 #
Proposal for a regulation Article 20 – paragraph 2 2. An electronic document with a qualified electronic signature shall
Amendment 235 #
Proposal for a regulation Article 20 – paragraph 2 2. A qualified electronic signature shall
Amendment 236 #
Proposal for a regulation Article 20 – paragraph 2 2. A qualified electronic signature which has associated a qualified electronic time stamp shall have the equivalent legal effect of a handwritten signature.
Amendment 237 #
Proposal for a regulation Article 20 – paragraph 2 2. A
Amendment 238 #
Proposal for a regulation Article 20 – paragraph 2 a (new) 2a. A valid qualified electronic signature shall serve as prima facie evidence for the authenticity and integrity of the electronic document associated with it.
Amendment 239 #
Proposal for a regulation Article 20 – paragraph 3 Amendment 240 #
Proposal for a regulation Article 20 – paragraph 3 3. Qualified electronic signatures shall be recognised and accepted by public bodies in all Member States.
Amendment 241 #
Proposal for a regulation Article 20 – paragraph 3 3. Qualified electronic signatures shall be recognised and accepted in
Amendment 242 #
Proposal for a regulation Article 20 – paragraph 4 4. If an electronic signature with a security assurance level below qualified electronic signature is
Amendment 243 #
Proposal for a regulation Article 20 – paragraph 4 4. If an electronic signature with a security assurance level below qualified electronic signature is required
Amendment 244 #
Proposal for a regulation Article 20 – paragraph 4 4. If an electronic signature with a security assurance level below qualified electronic signature is required
Amendment 245 #
Proposal for a regulation Article 20 – paragraph 6 Amendment 246 #
Proposal for a regulation Article 20 – paragraph 7 7. The Commission may, by means of implementing acts, establish reference numbers of standards for the security levels of electronic signature. The Commission shall ensure, that stakeholder input is duly considered, preferably in form of an impact assessment, when defining standards to be used for the purpose of this regulation. Compliance with the security level defined in a delegated act adopted pursuant to paragraph 6 shall be presumed when an electronic signature meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
Amendment 247 #
Proposal for a regulation Article 20 – paragraph 7 7. The Commission
Amendment 248 #
Proposal for a regulation Article 21 – paragraph 2 2. Qualified certificates for electronic signature for cross border use shall not be subject to any mandatory requirement exceeding the requirements laid down in Annex
Amendment 249 #
Proposal for a regulation Article 21 – paragraph 4 Amendment 250 #
Proposal for a regulation Article 21 – paragraph 5 5. The Commission may, by means of implementing acts, establish reference numbers of standards for qualified certificates for electronic signature. The Commission shall ensure, that stakeholder input is duly considered, preferably in form of an impact assessment, when defining standards to be used for the purpose of this regulation. Compliance with the requirements laid down in Annex I shall be presumed where a qualified certificate for electronic signature meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
Amendment 251 #
Proposal for a regulation Article 21 – paragraph 5 5. The Commission may, by means of implementing acts, specify the requirements laid down in Annex I and establish reference numbers of standards for qualified certificates for electronic signature. Compliance with the requirements laid down in Annex I shall be presumed where a qualified certificate for electronic signature meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
Amendment 252 #
Proposal for a regulation Article 22 – paragraph 2 2. The Commission may, by means of implementing acts, establish reference numbers of standards for qualified electronic signature creation devices. The Commission shall ensure, that stakeholder input is duly considered, preferably in form of an impact assessment, when defining standards to be used for the purpose of this regulation. Compliance with the requirements laid down in Annex II shall be presumed where a qualified electronic signature creation device meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
Amendment 253 #
Proposal for a regulation Article 23 – paragraph 1 1. Qualified electronic signature creation devices may be certified by appropriate public or private bodies designated by Member States provided that they have been submitted to a security evaluation
Amendment 254 #
Proposal for a regulation Article 23 – paragraph 1 1. Qualified electronic signature creation devices m
Amendment 255 #
Proposal for a regulation Article 25 – paragraph 3 3. The Commission may, by means of implementing acts, establish reference numbers of standards for the validation of qualified electronic signatures. The Commission shall ensure, that stakeholder input is duly considered, preferably in form of an impact assessment, when defining standards to be used for the purpose of this regulation. Compliance with the requirements laid down in paragraph 1 shall be presumed where the validation of qualified electronic signatures meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
Amendment 256 #
Proposal for a regulation Article 26 – paragraph 1 – point b (b) allows relying parties to receive the result of the validation process in an automated manner
Amendment 257 #
Proposal for a regulation Article 26 – paragraph 2 2. The Commission may, by means of implementing acts, establish reference numbers of standards for qualified validation service referred to in paragraph 1. The Commission shall ensure, that stakeholder input is duly considered, preferably in form of an impact assessment, when defining standards to be used for the purpose of this regulation. Compliance with the requirements laid down in point (b) of paragraph 1 shall be presumed where the validation service for
Amendment 258 #
Proposal for a regulation Article 27 – paragraph 3 3. The Commission may, by means of implementing acts, establish reference numbers of standards for the preservation of qualified electronic signatures. The Commission shall ensure, that stakeholder input is duly considered, preferably in form of an impact assessment, when defining standards to be used for the purpose of this regulation. Compliance with the requirements laid down in paragraph 1 shall be presumed where the arrangements for the preservation of qualified electronic signatures meet those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
Amendment 259 #
Proposal for a regulation Article 28 – title Amendment 260 #
Proposal for a regulation Article 28 – paragraph 1 1. A document with an electronic seal shall not be denied
Amendment 261 #
Proposal for a regulation Article 28 – paragraph 1 a (new) 1a. National law or agreement between parties may assign to electronic seal or qualified electronic seal additional legal effects beyond this regulation.
Amendment 262 #
Proposal for a regulation Article 28 – paragraph 2 2. A valid qualified electronic seal shall
Amendment 263 #
Proposal for a regulation Article 28 – paragraph 2 2. A qualified electronic seal shall
Amendment 264 #
Proposal for a regulation Article 28 – paragraph 2 2. A qualified electronic seal
Amendment 265 #
Proposal for a regulation Article 28 – paragraph 3 3. A qualified electronic seal shall be recognised and accepted by public bodies in all Member States.
Amendment 266 #
Proposal for a regulation Article 28 – paragraph 3 3. A valid qualified electronic seal shall be recognised and accepted in all Member States public services and institutions of the Union.
Amendment 267 #
Proposal for a regulation Article 28 – paragraph 3 3. A qualified electronic seal shall be recognised
Amendment 268 #
Proposal for a regulation Article 28 – paragraph 4 4. If an electronic seal security assurance
Amendment 269 #
Proposal for a regulation Article 28 – paragraph 4 4. If an electronic seal security assurance level below the qualified electronic seal is
Amendment 270 #
Proposal for a regulation Article 28 – paragraph 4 4. If an electronic seal security assurance level below the qualified electronic seal is required
Amendment 271 #
Proposal for a regulation Article 28 – paragraph 5 5. Member States shall not request for cross-border access
Amendment 272 #
Proposal for a regulation Article 28 – paragraph 5 5. Member States shall not request for accessing cross border a service online offered by a public sector body an electronic seal with higher security assurance level than qualified electronic seals.
Amendment 273 #
Proposal for a regulation Article 28 – paragraph 6 Amendment 274 #
Proposal for a regulation Article 28 – paragraph 7 7. The Commission may, by means of implementing acts, establish reference numbers of standards for the security assurance levels of electronic seals. The Commission shall ensure, that stakeholder input is duly considered, preferably in form of an impact assessment, when defining standards to be used for the purpose of this regulation. Compliance with the security assurance level defined in a delegated act adopted pursuant to paragraph 6 shall be presumed
Amendment 275 #
Proposal for a regulation Article 28 – paragraph 7 7. The Commission may, by means of implementing acts, define different security assurance levels of electronic seals referred to in paragraph 4 and establish reference numbers of standards for the security assurance levels of electronic seals. Compliance with the security assurance level defined in a delegated act adopted pursuant to paragraph 6 shall be presumed when an electronic seal meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
Amendment 276 #
Proposal for a regulation Article 29 – paragraph 2 2. Qualified certificates for electronic seal for cross border use shall not be subject to any mandatory requirements exceeding the requirements laid down in Annex III.
Amendment 277 #
Proposal for a regulation Article 29 – paragraph 5 5. The Commission may, by means of implementing acts, establish reference numbers of standards for qualified certificates for electronic seal. The Commission shall ensure, that stakeholder input is duly considered, preferably in form of an impact assessment, when defining standards to be used for the purpose of this regulation. Compliance with the requirements laid down in Annex III shall be presumed where a qualified certificate for electronic seal meet those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in
Amendment 278 #
Proposal for a regulation Article 32 – title Amendment 279 #
Proposal for a regulation Article 32 – paragraph 1 1. A document with an electronic time stamp shall not be denied
Amendment 280 #
Proposal for a regulation Article 32 – paragraph 2 2.
Amendment 281 #
Proposal for a regulation Article 32 – paragraph 3 3. A qualified electronic time stamp shall be recognised and accepted by public bodies in all Member States.
Amendment 282 #
Proposal for a regulation Article 33 – paragraph 2 2. The Commission may, by means of implementing acts, establish reference numbers of standards for the accurate linkage of time to data and an accurate
Amendment 283 #
Proposal for a regulation Article 34 – title Amendment 284 #
Proposal for a regulation Article 34 – paragraph 1 1. An electronic document shall
Amendment 285 #
Proposal for a regulation Article 34 – paragraph 1 1. An electronic document shall
Amendment 286 #
Proposal for a regulation Article 34 – paragraph 1 1. An electronic document shall be
Amendment 287 #
Proposal for a regulation Article 34 – paragraph 1 1. An electronic document shall be considered as equivalent to a paper document and admissible as evidence in legal proceedings,
Amendment 288 #
Proposal for a regulation Article 34 – paragraph 2 Amendment 289 #
Proposal for a regulation Article 34 – paragraph 2 2. A document bearing a qualified electronic signature or a qualified electronic seal of the person who is competent to issue the relevant document, shall
Amendment 290 #
Proposal for a regulation Article 34 – paragraph 2 2. A document bearing a qualified electronic signature or a qualified electronic seal
Amendment 291 #
Proposal for a regulation Article 34 – paragraph 2 2. A document or an electronically certified copy thereof bearing a valid qualified electronic signature or a valid qualified electronic seal of the person who is competent to issue
Amendment 292 #
Proposal for a regulation Article 34 – paragraph 3 Amendment 293 #
Proposal for a regulation Article 34 – paragraph 3 3. When an original document or a certified copy is required for the provision of a service online offered by a public
Amendment 294 #
Proposal for a regulation Article 34 – paragraph 4 Amendment 295 #
Proposal for a regulation Article 34 – paragraph 4 4. The Commission
Amendment 296 #
Proposal for a regulation Article 35 – title Amendment 297 #
Proposal for a regulation Article 35 – paragraph 1 1. Data sent or received using an electronic delivery service shall be admissible as evidence in legal proceedings
Amendment 298 #
Proposal for a regulation Article 35 – paragraph 2 2. Data sent or received using a qualified electronic delivery service shall
Amendment 299 #
Proposal for a regulation Article 35 – paragraph 2 a (new) 2a. This shall be without prejudice to Regulation (EC) No 1348/2000.
Amendment 300 #
Proposal for a regulation Article 35 – paragraph 3 a (new) 3a. National law or agreement between parties may assign to electronic delivery service additional legal effects beyond this regulation.
Amendment 301 #
Proposal for a regulation Article 36 – paragraph 2 2. The Commission may, by means of implementing acts, establish reference numbers of standards for processes for sending and receiving data. The Commission shall ensure, that stakeholder input is duly considered, preferably in form of an impact assessment, when defining standards to be used for the purpose of this regulation. Compliance with the requirements laid down in paragraph 1 shall be presumed where the process for sending and receiving data meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
Amendment 302 #
Proposal for a regulation Chapter 3 – section 8 - Title Website authentication deleted
Amendment 303 #
Proposal for a regulation Article 37 Amendment 304 #
Proposal for a regulation Article 37 – paragraph 4 4. The Commission may, by means of implementing acts, establish reference numbers of standards for qualified certificates for website authentication. The Commission shall ensure, that stakeholder input is duly considered, preferably in form of an impact assessment, when defining standards to be used for the purpose of this regulation. Compliance with the requirements laid down in Annex IV shall be presumed where a qualified certificate for website authentication meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
Amendment 305 #
Proposal for a regulation Article 40 – paragraph 1 a (new) The report shall include an assessment of relevant developments in electronic identification, authentication and signatures within Member States and leading countries outside the Union. The review shall inter alia assess whether the scope of this Regulation should be modified, taking account of technological, market and legal developments of trust services.
Amendment 306 #
Proposal for a regulation Article 40 – paragraph 1 b (new) Amendment 307 #
Proposal for a regulation Article 41 – paragraph 4 4. Qualified certificates issued under Directive 1999/93/EC shall be considered as qualified certificates for electronic signatures under this Regulation until they expire, but for no more than
Amendment 308 #
Proposal for a regulation Annex 1 – paragraph 1 – point c (c) a set of data unambiguously representing the signatory to whom the certificate is issued including at least
Amendment 309 #
Proposal for a regulation Annex 1 – paragraph 1 – point c a (new) (ca) provision for a specific attribute of the signatory to be included if relevant, depending on the purpose for which the certificate is intended;
Amendment 310 #
Proposal for a regulation Annex 3 – paragraph 1 – point c (c) a set of data unambiguously representing the legal person to whom the certificate is issued, including at least name and registration number as stated in the official records (unique in EU context, suitable for automated processing);
Amendment 311 #
Proposal for a regulation Annex 4 Amendment 356 #
Proposal for a regulation Article 20 – paragraph 2 2. A
Amendment 357 #
Proposal for a regulation Article 20 – paragraph 2 2. A qualified electronic signature which has associated a qualified electronic time stamp shall have the equivalent legal effect of a handwritten signature.
Amendment 358 #
Proposal for a regulation Article 20 – paragraph 2 2. A qualified electronic signature shall be presumed to have the equivalent legal effect of a handwritten signature.
Amendment 359 #
Proposal for a regulation Article 20 – paragraph 2 2. A
Amendment 360 #
Proposal for a regulation Article 20 – paragraph 3 Amendment 361 #
Proposal for a regulation Article 20 – paragraph 3 Amendment 362 #
Proposal for a regulation Article 20 – paragraph 4 Amendment 363 #
Proposal for a regulation Article 20 – paragraph 4 4. If an electronic signature with a security assurance level below qualified electronic signature is required
Amendment 364 #
Proposal for a regulation Article 20 – paragraph 5 Amendment 365 #
Proposal for a regulation Article 20 – paragraph 6 Amendment 366 #
Proposal for a regulation Article 20 – paragraph 6 Amendment 367 #
Proposal for a regulation Article 20 – paragraph 7 Amendment 368 #
Proposal for a regulation Article 20 – paragraph 7 7. The Commission
Amendment 369 #
Proposal for a regulation Article 20 – paragraph 7 7. The Commission may, by means of implementing acts, establish reference numbers of standards for the security levels of electronic signature. The Commission shall ensure, that stakeholder input is duly considered, preferably in form of an impact assessment, when defining standards to be used for the purpose of this Regulation. Compliance with the security level defined in a delegated act adopted pursuant to paragraph 6 shall be presumed when an electronic signature meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
Amendment 370 #
Proposal for a regulation Article 21 Amendment 371 #
Proposal for a regulation Article 21 – paragraph 2 2. Qualified certificates for electronic signature for cross-border use shall not be subject to any mandatory requirement exceeding the requirements laid down in Annex I.
Amendment 372 #
Proposal for a regulation Article 21 – paragraph 4 Amendment 373 #
Proposal for a regulation Article 21 – paragraph 5 5. The Commission may, by means of implementing acts, establish reference numbers of standards for qualified certificates for electronic signature. The Commission shall ensure, that stakeholder input is duly considered, preferably in form of an impact assessment, when defining standards to be used for the purpose of this Regulation. Compliance with the requirements laid down in Annex I shall be presumed where a qualified certificate for electronic signature meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
Amendment 374 #
Proposal for a regulation Article 21 – paragraph 5 5. The Commission may, by means of implementing acts, specify the requirements laid down in Annex I and establish reference numbers of standards for qualified certificates for electronic signature. Compliance with the requirements laid down in Annex I shall be presumed where a qualified certificate for electronic signature meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
Amendment 375 #
Proposal for a regulation Article 22 Amendment 376 #
Proposal for a regulation Article 22 – paragraph 2 2. The Commission may, by means of
Amendment 377 #
Proposal for a regulation Article 23 – paragraph 1 1. Qualified electronic signature creation devices may be certified by appropriate public or private bodies designated by Member States provided that they have been submitted to a security evaluation process carried out in accordance with one of the standards for the security assessment of information technology products included in a list that shall be established by the Commission by means of implementing acts. The Commission shall ensure, that stakeholder input is duly considered, preferably in form of an impact assessment, when defining standards to be used for the purpose of this Regulation. Those implementing acts shall be adopted in accordance with
Amendment 378 #
Proposal for a regulation Article 23 – paragraph 1 1.
Amendment 379 #
Proposal for a regulation Article 24 – title Publication of a list of certified
Amendment 380 #
Proposal for a regulation Article 24 – paragraph 1 1. Member States shall notify to the Commission without undue delay, information on
Amendment 381 #
Proposal for a regulation Article 24 – paragraph 2 2. On the basis of the information received, the Commission shall establish, publish and maintain a list of certified qualified electronic signature creation devices. The Commission shall without delay forward these updates to the Member States by electronic means.
Amendment 382 #
Proposal for a regulation Article 24 – paragraph 2 2. On the basis of the information received, the Commission shall establish, publish and maintain a list of certified
Amendment 383 #
Proposal for a regulation Article 24 – paragraph 3 Amendment 384 #
Proposal for a regulation Article 25 Amendment 385 #
Proposal for a regulation Article 25 – paragraph 3 3. The Commission may, by means of
Amendment 386 #
Proposal for a regulation Article 26 Amendment 387 #
Proposal for a regulation Article 26 – paragraph 1 – point b (b) allows relying parties to receive the result of the validation process in an automated manner
Amendment 388 #
Proposal for a regulation Article 26 – paragraph 2 2. The Commission may, by means of implementing acts, establish reference numbers of standards for qualified validation service referred to in paragraph 1. The Commission shall ensure, that stakeholder input is duly considered, preferably in form of an impact assessment, when defining standards to be used for the purpose of this Regulation. Compliance with the requirements laid down in point (b) of paragraph 1 shall be presumed where the validation service for qualified electronic signature meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
Amendment 389 #
Proposal for a regulation Article 27 Amendment 390 #
Proposal for a regulation Article 27 – paragraph 3 3. The Commission may, by means of implementing acts, establish reference numbers of standards for the preservation of qualified electronic signatures. The Commission shall ensure, that stakeholder input is duly considered, preferably in form of an impact assessment, when defining standards to be used for the purpose of this regulation. Compliance with the requirements laid down in paragraph 1 shall be presumed where the arrangements for the preservation of qualified electronic signatures meet those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
Amendment 391 #
Proposal for a regulation Article 28 Amendment 392 #
Proposal for a regulation Chapter 3 – section 4 – title Electronic seals and /or stamps
Amendment 393 #
Proposal for a regulation Article 28 – paragraph 2 2. A qualified electronic seal
Amendment 394 #
Proposal for a regulation Article 28 – paragraph 3 3. A qualified electronic seal shall be recognised
Amendment 395 #
Proposal for a regulation Article 28 – paragraph 4 4. If an electronic seal security assurance level below the qualified electronic seal is required
Amendment 396 #
Proposal for a regulation Article 28 – paragraph 5 5. Member States shall not request for accessing cross-border a service online offered by a public sector body an electronic seal with higher security assurance level than qualified electronic seals.
Amendment 397 #
Proposal for a regulation Article 28 – paragraph 6 Amendment 398 #
Proposal for a regulation Article 28 – paragraph 7 7. The Commission may, by means of implementing acts, establish reference numbers of standards for the security assurance levels of electronic seals. The Commission shall ensure, that stakeholder input is duly considered, preferably in form of an impact assessment, when defining standards to be used for the purpose of this Regulation. Compliance with the security assurance level defined in a delegated act adopted pursuant to paragraph 6 shall be presumed when an electronic seal meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
Amendment 399 #
Proposal for a regulation Article 28 – paragraph 7 7. The Commission may, by means of
Amendment 400 #
Proposal for a regulation Article 29 Amendment 401 #
Proposal for a regulation Article 29 – paragraph 1 1. Qualified certificates for electronic seal and/or stamp shall meet the requirements laid down in Annex III.
Amendment 402 #
Proposal for a regulation Article 29 – paragraph 2 2. Qualified certificates for electronic seal for cross-border use shall not be subject to any mandatory requirements exceeding the requirements laid down in Annex III.
Amendment 403 #
Proposal for a regulation Article 29 – paragraph 2 2. Qualified certificates for electronic seal and/or stamp shall not be subject to any mandatory requirements exceeding the requirements laid down in Annex III.
Amendment 404 #
Proposal for a regulation Article 29 – paragraph 3 3. If a qualified certificate for an electronic seal and/or stamp has been revoked after initial activation, it shall lose its validity, and its status shall not in any circumstances be reverted by renewing its validity.
Amendment 405 #
Proposal for a regulation Article 29 – paragraph 5 5. The Commission may, by means of implementing acts, establish reference numbers of standards for qualified certificates for electronic seal. The Commission shall ensure, that stakeholder input is duly considered, preferably in form of an impact assessment, when defining standards to be used for the purpose of this Regulation. Compliance with the requirements laid down in Annex III shall be presumed where a qualified certificate for electronic seal meet those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
Amendment 406 #
Proposal for a regulation Article 29 – paragraph 5 5. The Commission may, by means of implementing acts, establish reference numbers of standards for qualified certificates for electronic seal and/or stamp. Compliance with the requirements laid down in Annex III shall be presumed where a qualified certificate for electronic seal meet those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
Amendment 407 #
Proposal for a regulation Article 30 Amendment 408 #
Proposal for a regulation Article 30 – paragraph 1 1. Article 22 shall apply mutatis mutandis to requirements for qualified electronic seal and/or stamp creation devices.
Amendment 409 #
Proposal for a regulation Article 30 – paragraph 2 2. Article 23 shall apply mutatis mutandis to the certification of qualified electronic seal and/or stamp creation devices.
Amendment 410 #
Proposal for a regulation Article 30 – paragraph 3 3. Article 24 shall apply mutatis mutandis to the publication of a list of certified qualified electronic seal and/or stamp creation devices.
Amendment 411 #
Proposal for a regulation Article 31 Amendment 412 #
Proposal for a regulation Article 31 Articles 25, 26 and 27 shall apply mutatis mutandis to the validation and preservation of qualified electronic seals and/or stamps.
Amendment 413 #
Proposal for a regulation Article 32 Amendment 414 #
Proposal for a regulation Article 33 Amendment 415 #
Proposal for a regulation Article 33 – paragraph 1 – point d (d) it is signed using an advanced electronic signature or an advanced electronic seal of the qualified trust service provider
Amendment 416 #
Proposal for a regulation Article 33 – paragraph 2 2. The Commission may, by means of implementing acts, establish reference numbers of standards for the accurate linkage of time to data and an accurate time source. The Commission shall ensure, that stakeholder input is duly considered, preferably in form of an impact assessment, when defining standards to be used for the purpose of this Regulation. Compliance with the requirements laid down in paragraph 1 shall be presumed where an accurate
Amendment 417 #
Proposal for a regulation Article 34 Amendment 418 #
Proposal for a regulation Article 34 – paragraph 1 1. An electronic document shall be
Amendment 419 #
Proposal for a regulation Article 34 – paragraph 1 1. An electronic document shall be considered as equivalent to a paper document and admissible as evidence in legal proceedings,
Amendment 420 #
Proposal for a regulation Article 34 – paragraph 2 2. A document bearing a qualified electronic signature or a qualified electronic seal
Amendment 421 #
Proposal for a regulation Article 34 – paragraph 2 2. A document bearing a qualified electronic signature or a qualified electronic seal of the person who is competent to issue the relevant document, shall enjoy legal presumption of its authenticity and integrity provided the document does not contain any dynamic features capable of automatically changing the
Amendment 422 #
Proposal for a regulation Article 34 – paragraph 3 3. When an original document or a certified copy is required for the provision of a service online offered by a public sector body, at least electronic documents
Amendment 423 #
Proposal for a regulation Article 35 Amendment 424 #
Proposal for a regulation Article 36 Amendment 425 #
Proposal for a regulation Article 36 – paragraph 2 2. The Commission may, by means of implementing acts, establish reference numbers of standards for processes for sending and receiving data. The Commission shall ensure, that stakeholder input is duly considered, preferably in form of an impact assessment, when defining standards to be used for the purpose of this Regulation. Compliance with the requirements laid down in paragraph 1 shall be presumed where the process for sending and receiving data meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
Amendment 426 #
Proposal for a regulation Article 37 Amendment 427 #
Proposal for a regulation Article 37 Amendment 428 #
Proposal for a regulation Article 37 – paragraph 4 4. The Commission may, by means of implementing acts, establish reference numbers of standards for qualified certificates for website authentication. The Commission shall ensure, that stakeholder input is duly considered, preferably in form of an impact assessment, when defining standards to be used for the purpose of this Regulation. Compliance with the requirements laid down in Annex IV shall be presumed where a qualified certificate for website authentication meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
Amendment 429 #
Proposal for a regulation Chapter III a (new) Chapter IIIa Standardisation Article 37a Mechanism for adoption of technological requirements (1) Where provisions of this Regulation can be implemented only by requiring specific technical features in electronic authentication or identification schemes, Member States shall inform the Commission in accordance with the procedure provided for by Directive 98/34/EC of the European Parliament and of the Council of 22 June 1998 laying down a procedure for the provision of information in the field of technical standards and regulations and of rules on information society services. (2) The elaboration of technical requirements, specifications and standards shall further be subjected to the review mechanisms incorporated in Directive 1999/5/EC and Council Decision 87/95/EEC of 22 December 1986 on standardisation in the field of information technology and communications.
Amendment 430 #
Proposal for a regulation Article 38 – paragraph 2 2. The power to adopt delegated acts referred to in Articles 8(3), 1
Amendment 431 #
Proposal for a regulation Article 38 – paragraph 2 2. The power to adopt delegated acts referred to in Articles
Amendment 432 #
Proposal for a regulation Article 38 – paragraph 3 3. The delegation of power referred to in Articles
Amendment 433 #
Proposal for a regulation Article 38 – paragraph 4 4. As soon as it adopts a delegated act, the Commission shall notify it simultaneously to the European Parliament and to the Council. The Commission may not adopt a delegated act subject to this Regulation without prior consultation of industry and relevant stakeholders.
Amendment 434 #
Proposal for a regulation Article 39 – paragraph 1 a (new) (1a) Implementing acts subject to this Regulation may not be adopted without prior consultation of industry and relevant stakeholders.
Amendment 435 #
Proposal for a regulation Article 39 – paragraph 2 2. Where reference is made to this paragraph, Article
Amendment 436 #
Proposal for a regulation Article 40 The Commission shall report to the European Parliament and to the Council on the application of this Regulation. The first report shall be submitted no later than
Amendment 437 #
Proposal for a regulation Article 40 The Commission shall report to the European Parliament and to the Council on the application of this Regulation. The first report shall be submitted no later than
Amendment 438 #
Proposal for a regulation Article 41 – paragraph 4 4.
Amendment 440 #
Proposal for a regulation Annex I – point c (c) a set of data unambiguously representing the signatory to whom the certificate is issued including at least
Amendment 441 #
Proposal for a regulation Annex I – point c a (new) (ca) provision for a specific attribute of the signatory to be included if relevant, depending on the purpose for which the certificate is intended;
Amendment 444 #
Proposal for a regulation Annex III – point d (d)
Amendment 447 #
Proposal for a regulation Annex IV – point c (c) a set of data unambiguously representing the natural or legal person to whom the certificate is issued, including at least name and registration number as the case may be, as stated in the official records;
Amendment 448 #
Proposal for a regulation Annex IV – point d (d) elements of the address, including at least city and Member State, of the natural or legal person to whom the certificate is issued as stated in the official records;
Amendment 449 #
Proposal for a regulation Annex IV – point e (e) the domain name(s) operated by the natural or legal person to whom the certificate is issued;
Amendment 56 #
Proposal for a regulation Recital 10 Amendment 57 #
Proposal for a regulation Recital 11 (11) One of the objectives of this Regulation is to remove existing barriers to the cross-border use of electronic identification means used in the Member States to access at least public services. This Regulation does not aim at intervening on electronic identity management systems and related infrastructures established in the Member States. The aim of this Regulation is to ensure that for the access to cross-border online services offered by the Member States,
Amendment 58 #
Proposal for a regulation Recital 11 (11) One of the objectives of this Regulation is to remove existing barriers to the cross-border use of electronic identification means used in the Member
Amendment 59 #
Proposal for a regulation Recital 16 (16) Cooperation of Member States should serve the technical interoperability and neutrality of the notified electronic identification schemes with a view to fostering a high level of trust and security appropriate to the degree of risk. In this regard, the Member States should ensure that their electronic identification schemes undergo prior technological verification as part of the cooperation mechanism mentioned above. The exchange of information and the sharing of best practices between Member States with a view to their mutual recognition should help such cooperation.
Amendment 60 #
Proposal for a regulation Recital 16 (16) Cooperation of Member States should serve the technical interoperability of the notified electronic identification schemes with a view to foster a high level of trust and security appropriate to the degree of risk. The exchange of information and the sharing of best practices between Member States with a view to their mutual recognition should help such cooperation. To ensure efficiency, interoperability and security safeguards should be addressed prior to notification.
Amendment 61 #
Proposal for a regulation Recital 17 (17) This Regulation should also establish a general legal framework for the use of electronic trust services. However, it should not create a general obligation to use them. In particular, it should not cover the provision of services based on voluntary agreements under private law.
Amendment 62 #
Proposal for a regulation Recital 20 (20) Because of the pace of technological change, this Regulation should adopt an approach which
Amendment 63 #
Proposal for a regulation Recital 22 (22) To enhance people's trust in the internal market and to promote the use of trust services and products, the notions of qualified trust services and qualified trust service provider should be introduced with a view to indicating requirements and obligations to ensure high-level security of
Amendment 64 #
Proposal for a regulation Recital 22 (22) To enhance
Amendment 65 #
Proposal for a regulation Recital 23 (23) In line with the obligations under the UN Convention on the Rights of Persons with Disabilities that has entered into force in the EU, and with respect to and in full compliance with Union legislation on accessibility of public sector bodies' websites, persons with disabilities should be able to use trust services, electronic identification services and end user products used in the provision of those services on equal bases with other consumers.
Amendment 66 #
Proposal for a regulation Recital 34 (34) To facilitate the supervision of qualified trust services providers and ensure that it is effective, as stipulated in this Regulation, for example when a provider is providing its services in the territory of another Member State and is not subject to supervision there, or when the computers of a provider are located in the territory of another Member State than the one where it is established, a mutual assistance system between supervisory bodies in the Member States
Amendment 67 #
Proposal for a regulation Recital 42 (42) When
Amendment 68 #
Proposal for a regulation Recital 43 (43)
Amendment 69 #
Proposal for a regulation Recital 43 (43) Electronic seals should
Amendment 70 #
Proposal for a regulation Recital 45 Amendment 71 #
Proposal for a regulation Recital 46 a (new) (46a) Member States should ensure that the possibilities and limitations of use of electronic identification are clearly communicated to the citizens.
Amendment 72 #
Proposal for a regulation Recital 49 (49) In order to complement certain detailed technical aspects of this Regulation in a flexible and rapid manner, the power to adopt acts in accordance with Article 290 of the Treaty on the Functioning of the European Union should be delegated to the Commission in respect of interoperability of electronic identification; security measures required of trust service providers;
Amendment 73 #
Proposal for a regulation Recital 51 a (new) (51a) The standardisation work carried out by international and European organisations enjoys international recognition. This work is undertaken in cooperation with the industries and stakeholders concerned, and is funded by the European Union and national authorities, among others. With a view to ensuring a high level of security in electronic identification and in electronic trust services, particularly in the Commission’s drafting of delegated and implementing acts, due account must be paid to standards drawn up by organisations such as the European Committee for Standardisation (CEN), the European Telecommunications Standards Institute (ETSI), the European Committee for Electrotechnical Standardisation (CENELEC) or the International Organisation for Standardisation (ISO).
Amendment 74 #
Proposal for a regulation Article 1 – paragraph 1 1. This Regulation lays down rules for electronic identification and
Amendment 75 #
Proposal for a regulation Article 1 – paragraph 1 1. This Regulation lays down rules for electronic identification and
Amendment 76 #
Proposal for a regulation Article 1 – paragraph 3 3. This Regulation establishes a legal framework for electronic signatures, electronic seals, electronic time stamps, electronic documents
Amendment 77 #
Proposal for a regulation Article 1 – paragraph 3 3. This Regulation establishes a legal framework for electronic signatures, electronic seals, electronic validation and verification, electronic time stamps, electronic documents, electronic delivery services and website authentication.
Amendment 78 #
Proposal for a regulation Article 1 – paragraph 4 4. This Regulation ensures that qualified and non-qualified trust services and products which comply with this Regulation are permitted to circulate freely in the internal market.
Amendment 79 #
Proposal for a regulation Article 2 – paragraph 1 1. This Regulation applies to electronic identification provided
Amendment 80 #
Proposal for a regulation Article 2 – paragraph 1 1. This Regulation applies to electronic identification
Amendment 81 #
Proposal for a regulation Article 2 – paragraph 2 2. This Regulation does not apply to the provision of electronic trust services based solely on voluntary agreements under private law. Such trust services may not be denied validity, legal effectiveness resulting from voluntary agreements and admissibility as evidence in legal proceedings solely on the grounds that they are: — in electronic form, or — not based upon a qualified certificate for electronic signature, or qualified certificate for electronic seal, or qualified certificate for website authentication, — not provided by a qualified trust service provider, or — not created by a qualified electronic signature creation device or qualified electronic seal creation device.
Amendment 82 #
Proposal for a regulation Article 2 – paragraph 2 2. This Regulation does not apply to the provision of electronic trust services
Amendment 83 #
Proposal for a regulation Article 2 – paragraph 3 (3) This Regulation
Amendment 84 #
Proposal for a regulation Article 2 – paragraph 3 3. This Regulation
Amendment 85 #
Proposal for a regulation Article 2 – paragraph 3 a (new) (3a) This regulation shall be without prejudice to rules and restrictions in national or Union law on the use of documents. It shall not apply to register procedures, particularly those relating to land registers and trade registers.
Amendment 86 #
Proposal for a regulation Article 3 – paragraph 1 – point 1 (1)
Amendment 87 #
Proposal for a regulation Article 3 – paragraph 1 – point 4 (4) ‘authentication’ means an electronic process that allows the validation of the electronic identification of a natural or legal person; or of the origin and integrity of
Amendment 88 #
Proposal for a regulation Article 3 – paragraph 1 – point 7 – point b (b) it is capable of
Amendment 89 #
Proposal for a regulation Article 3 – paragraph 1 – point 7 – point d (d) it is linked to the data
Amendment 90 #
Proposal for a regulation Article 3 – paragraph 1 – point 10 (10)
Amendment 91 #
Proposal for a regulation Article 3 – paragraph 1 – point 11 (11) ‘qualified certificate for electronic signature’ means a
Amendment 92 #
Proposal for a regulation Article 3 – paragraph 1 – point 12 (12)
Amendment 93 #
Proposal for a regulation Article 3 – paragraph 1 – point 12 (12)
Amendment 94 #
Proposal for a regulation Article 3 – paragraph 1 – point 13 (13) ‘qualified trust service’ means a trust service that meets the applicable requirements
Amendment 95 #
Proposal for a regulation Article 3 – paragraph 1 – point 20 (20) ‘electronic seal’ means data in electronic form which are attached to or logically associated with other electronic
Amendment 96 #
Proposal for a regulation Article 3 – paragraph 1 – point 21 – point d (d) it is linked to the data t
Amendment 97 #
Proposal for a regulation Article 3 – paragraph 1 – point 30 Amendment 98 #
Proposal for a regulation Article 4 – paragraph 1 1. There shall be no restriction on the provision of trust services in the territory of a Member State by a trust service provider established in another Member States for reasons which fall within the fields covered by this Regulation. Member States shall ensure that trust services originating from another Member States are admissible as evidence in legal proceedings.
Amendment 99 #
Proposal for a regulation Article 4 – paragraph 1 a (new) 1a. For trust services offered in another Member State certification policy documents shall be made publicly available in official languages of that Member State or in English language.
source: PE-510.822
2013/05/28
JURI
134 amendments...
Amendment 100 #
Proposal for a regulation Article 8 – paragraph 1 a (new) 1a. The interoperability model shall include the necessary minimum technical requirements, the common operational security standards and the levels of identity assurance and standards against which Member States will map their national scheme, certification and governance.
Amendment 101 #
Proposal for a regulation Article 8 – paragraph 1 a (new) 1a. Where an electronic identification scheme has been shown to be unacceptable from the point of view of neutrality and interoperability in the light of the technological pre-checking for which Member States are to be responsible under the cooperation arrangement referred to in paragraph 1, it shall not be eligible for notification under Article 7 for the purposes of mutual recognition within the meaning of Article 5.
Amendment 102 #
Proposal for a regulation Article 8 – paragraph 1 b (new) 1b. The interoperability model shall: i) ensure technology neutrality, ii) facilitate the principle of privacy by design, iii) ensure personal data is processed in accordance with Directive 95/46/EC.
Amendment 103 #
Proposal for a regulation Article 8 – paragraph 1 c (new) 1c. By [insert the date], in order to establish uniform conditions for implementing paragraphs 1, 1a and 1b, the Commission shall adopt implementing acts on standards, protocols for the interoperability model and identity assurance levels.
Amendment 104 #
Proposal for a regulation Article 8 – paragraph 1 d (new) 1d. Member States shall cooperate in order to ensure the interoperability of electronic identification means falling under a notified electronic identification scheme and to enhance their security.
Amendment 105 #
Proposal for a regulation Article 8 – paragraph 1 e (new) 1e. The cooperation between Member States shall consist of: i) exchange of information, experience and good practice on eID schemes, ii) peer review of eID schemes; iii) examination of relevant developments in the eID sector.
Amendment 106 #
Proposal for a regulation Article 8 – paragraph 2 and 2 a (new) 2. The Commission shall, by means of implementing acts, establish the necessary modalities to facilitate the cooperation between the Member States referred to in paragraphs 1d and 1e with a view to fostering a high level of trust and security appropriate to the degree of risk. 2a. Th
Amendment 107 #
Proposal for a regulation Article 8 – paragraph 3 Amendment 108 #
Proposal for a regulation Article 8 – paragraph 3 Amendment 109 #
Proposal for a regulation Article 8 – paragraph 3 3. The Commission shall be empowered to adopt delegated acts in accordance with Article 38 concerning the facilitation of cross
Amendment 110 #
Proposal for a regulation Article 9 – paragraph 1 1. A trust service provider shall be liable for any
Amendment 111 #
Proposal for a regulation Article 9 – paragraph 1 1. A trust service provider shall be liable
Amendment 112 #
Proposal for a regulation Article 9 – paragraph 2 Amendment 113 #
Proposal for a regulation Article 9 – paragraph 2 2. A qualified trust service provider shall be liable for any
Amendment 114 #
Proposal for a regulation Article 9 – paragraph 2 a (new) 2a. Subject to the following conditions, trust service providers may indicate limitations on the use of the services they provide: (a) they duly inform their customers in advance of those limitations, and (b) those limitations are recognisable to third parties. Where trust service providers indicate limitations on the use of the services they provide in accordance with the previous subparagraph, they shall not be liable for damages exceeding the indicated limitations.
Amendment 115 #
Proposal for a regulation Article 10 – paragraph 1 1.
Amendment 116 #
Proposal for a regulation Article 10 – paragraph 2 Amendment 117 #
Proposal for a regulation Article 11 a (new) Article 11a Right of access and information for users of trust services Trust service providers shall provide users with at least the following: (a) information on the collection, communication, and retention of their personal data; (b) means of checking their personal data and exercising their data protection rights.
Amendment 118 #
Proposal for a regulation Article 12 – paragraph 1 Trust services provided and end user products used in the provision of those
Amendment 119 #
Proposal for a regulation Article 12 – paragraph 1 1. Trust services provided and end user products used in the provision of those services shall be made accessible for persons with disabilities
Amendment 120 #
Proposal for a regulation Article 12 – paragraph 1 a (new) 1a. The Commission shall establish and award trust mark to distinguish products and services accessible for persons with disabilities.
Amendment 121 #
Proposal for a regulation Article 12 – paragraph 1 b (new) 1b. EU standards organizations are responsible for development of assessment criteria for products and services accessible for persons with disabilities.
Amendment 122 #
Proposal for a regulation Article 13 – paragraph 1 1. Member States shall designate a
Amendment 123 #
Proposal for a regulation Article 13 – paragraph 1 1. Member States shall designate an appropriate body established in their territory or, upon mutual agreement, in another Member State under the responsibility of the designating Member State. Supervisory bodies shall be given
Amendment 124 #
Proposal for a regulation Article 13 – paragraph 1 a (new) 1a. Member States shall notify to the Commission the names and the addresses of their respective designated supervisory bodies.
Amendment 125 #
Proposal for a regulation Article 13 – paragraph 1 a (new) 1a. The Commission shall be empowered to adopt implementing acts in accordance with the examination procedure referred to in Article 39(2) concerning specific means of supervision.
Amendment 126 #
Proposal for a regulation Article 13 – paragraph 2 – introductory wording 2. The supervisory body shall
Amendment 127 #
Proposal for a regulation Article 13 – paragraph 2 – point a (a)
Amendment 128 #
Proposal for a regulation Article 13 – paragraph 2 – point b (b)
Amendment 129 #
Proposal for a regulation Article 13 – paragraph 2 – point b a (new) (ba) if relevant pursuant to Article 10, that the trust service providers established in third countries and the trust services they provide fulfil the applicable requirements laid down in this Regulation.
Amendment 130 #
Proposal for a regulation Article 13 – paragraph 2 – point c Amendment 131 #
Proposal for a regulation Article 13 – paragraph 2 a (new) 2a. For the purposes of ensuring continuity of the service, the supervisory body may adopt provisions on termination plans in cases where the qualified trust service providers cease their activities.
Amendment 132 #
Proposal for a regulation Article 13 – paragraph 3 3.
Amendment 133 #
Proposal for a regulation Article 13 – paragraph 3 a (new) 3a. The Commission shall make the annual report referred to in paragraph 3 available to Member States.
Amendment 134 #
Proposal for a regulation Article 13 – paragraph 4 Amendment 135 #
Proposal for a regulation Article 13 – paragraph 5 Amendment 136 #
Proposal for a regulation Article 13 – paragraph 6 6. The Commission may, by means of implementing acts, define the
Amendment 137 #
Proposal for a regulation Article 14 – paragraph 1 1. Supervisory bodies shall cooperate with a view to exchang
Amendment 138 #
Proposal for a regulation Article 14 – paragraph 2 2. A supervisory body to which a request for assistance is addressed may
Amendment 139 #
Proposal for a regulation Article 14 – paragraph 3 Amendment 140 #
Proposal for a regulation Article 14 – paragraph 4 Amendment 141 #
Proposal for a regulation Article 15 – paragraph 1 1. Trust service providers
Amendment 142 #
Proposal for a regulation Article 15 – paragraph 2 2. Trust service providers shall, without undue delay
Amendment 143 #
Proposal for a regulation Article 15 – paragraph 2 – subparagraph 1 2. Trust service providers shall, without undue delay and
Amendment 144 #
Proposal for a regulation Article 15 – paragraph 2 a (new) 2a. When the breach of security is likely to adversely affect the users of trust services, the supervisory body shall without undue delay notify the breach to those users in order to enable them to take the necessary precautions.
Amendment 145 #
Proposal for a regulation Article 15 – paragraph 3 Amendment 146 #
Proposal for a regulation Article 15 – paragraph 4 4. In order to implement paragraphs 1 and 2, the
Amendment 147 #
Proposal for a regulation Article 15 – paragraph 5 Amendment 148 #
Proposal for a regulation Article 15 – paragraph 6 6. The Commission may, by means of implementing acts, define
Amendment 149 #
Proposal for a regulation Article 16 – paragraph 1 1. Qualified trust service providers shall be audited
Amendment 150 #
Proposal for a regulation Article 16 – paragraph 2 2. Without prejudice to paragraph 1, the supervisory body may at any time audit the qualified trust service providers to confirm that they and the qualified trust services provided by them
Amendment 151 #
Proposal for a regulation Article 16 – paragraph 3 3. The supervisory body shall have the power to
Amendment 152 #
Proposal for a regulation Article 16 – paragraph 4 4. With reference to paragraph 3, if the qualified trust service provider does not remedy any such failure within a time limit set by the supervisory body,
Amendment 153 #
Proposal for a regulation Article 16 – paragraph 5 Amendment 154 #
Proposal for a regulation Article 16 – paragraph 6 Amendment 155 #
Proposal for a regulation Article 17 – paragraph 1 1.
Amendment 156 #
Proposal for a regulation Article 17 – paragraph 2 Amendment 157 #
Proposal for a regulation Article 17 – paragraph 3 – subparagraphs 1 and 2 3. The supervisory body shall verify the compliance of the
Amendment 158 #
Proposal for a regulation Article 17 – paragraph 4 4.
Amendment 159 #
Proposal for a regulation Article 17 – paragraph 5 5. The Commission may, by means of implementing acts, define the
Amendment 160 #
Proposal for a regulation Article 18 – paragraph 1 1. Each Member State shall establish, maintain and publish trusted lists with information related to the qualified trust service providers for which it is
Amendment 161 #
Proposal for a regulation Article 18 – paragraph 5 Amendment 162 #
Proposal for a regulation Article 18 – paragraph 6 6. The Commission may, by means of implementing acts, specify the information referred to in paragraph 1 and define the technical specifications and formats for trusted lists applicable for the purposes of paragraphs 1 to 4. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).
Amendment 163 #
Proposal for a regulation Article 19 – paragraph 1 1. When issuing a qualified certificate, a qualified trust service provider shall verify, by appropriate means and in accordance with national law, the identity
Amendment 164 #
Proposal for a regulation Article 19 – paragraph 2 – point a (a) employ staff who possess the necessary expertise, experience, and qualifications and who have received appropriate training regarding security and personal data protection rules and shall apply administrative and management procedures which correspond to European or international standards
Amendment 165 #
Proposal for a regulation Article 19 – paragraph 2 – point b (b)
Amendment 166 #
Proposal for a regulation Article 19 – paragraph 2 – point c (c) before entering into a contractual relationship, inform any person seeking to use a qualified trust service of the
Amendment 167 #
Proposal for a regulation Article 19 – paragraph 2 – point e (e) use trustworthy systems to store data provided to them, in a verifiable form so
Amendment 168 #
Proposal for a regulation Article 19 – paragraph 2 – point f (f) take appropriate measures against forgery and theft of data;
Amendment 169 #
Proposal for a regulation Article 19 – paragraph 2 – point g (g) record and keep accessible for an appropriate period of time, including after the activities of the qualified trust service provider have ceased, all relevant information concerning data issued and received by the qualified trust service provider, in particular for the purpose of providing evidence in legal proceedings and for the purpose of ensuring continuity of the service in accordance with the termination plans referred to in Article 13(2)(a). Such recording may be done electronically;
Amendment 170 #
Proposal for a regulation Article 19 – paragraph 2 – point h (h) have an up-to-date termination plan to ensure continuity of service, where applicable, in accordance with
Amendment 171 #
Proposal for a regulation Article 19 – paragraph 2 – point i a (new) (ia) when the qualified trust service includes the issuing of qualified certificates, establish and keep updated a certificate database.
Amendment 172 #
Proposal for a regulation Article 19 – paragraph 3 3.
Amendment 173 #
Proposal for a regulation Article 19 – paragraph 5 5. The Commission may, by means of implementing acts, establish reference numbers of standards for trustworthy systems and products which comply with the requirements under paragraph 2, points (d) and (e), of this Article. Compliance with the requirements laid down in Article 19 shall be presumed where trustworthy systems and products meet those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).
Amendment 174 #
Proposal for a regulation Article 20 – paragraph 6 Amendment 175 #
Proposal for a regulation Article 28 – paragraph 6 Amendment 42 #
Proposal for a regulation Recital 10 (10) Directive 2011/24/EU of the European Parliament and of the Council of 9 March 2011 on the application of patients’ rights in cross-border healthcare sets up a network of national authorities responsible for eHealth. To enhance safety and the continuity of cross-border healthcare, the network is required to produce guidelines on cross-border access to electronic health data and services, including by supporting ‘common identification and authentication measures to facilitate transferability of data in cross- border healthcare’. Mutual recognition and acceptance of electronic identification and authentication is key to make cross
Amendment 43 #
Proposal for a regulation Recital 11 (11) One of the objectives of this Regulation is to remove existing barriers to
Amendment 44 #
Proposal for a regulation Recital 11 (11) One of the objectives of this Regulation is to remove existing barriers to the cross-border use of electronic identification means used in the Member States to access at least public services. This Regulation does not aim at intervening on electronic identity management systems and related infrastructures established in the Member States. The aim of this Regulation is to ensure that for the access to cross-border online services offered by the Member
Amendment 45 #
Proposal for a regulation Recital 16 (16) Cooperation of Member States should serve the technical interoperability and neutrality of the notified electronic identification schemes with a view to fostering a high level of trust and security appropriate to the degree of risk. Member States should submit electronic identification schemes for technological pre-checking, implementing the cooperation arrangement referred to above. The exchange of information and the sharing of best practices between Member States with a view to their mutual recognition should help such cooperation.
Amendment 46 #
Proposal for a regulation Recital 23 a (new) (23a) Under Article 9 of the Treaty on the Functioning of the European Union, the Union must, in defining and implementing its policies and activities, take into account requirements linked to the promotion of a high level of employment, the guarantee of adequate social protection, the fight against social exclusion, and a high level of education, training and protection of human health. The concepts of accessibility and design for all should be mainstreamed when legislative measures on electronic identification are being pursued at Union level.
Amendment 47 #
Proposal for a regulation Recital 25 (25) Supervisory bodies should cooperate and exchange information with data protection authorities to ensure proper implementation of data and consumer protection legislation by service providers. The exchange of information should in particular cover security incidents and personal data breaches.
Amendment 48 #
Proposal for a regulation Recital 28 (28) All Member States should follow common essential supervision requirements to ensure a comparable security and data protection level of qualified trust services. To e
Amendment 49 #
Proposal for a regulation Article 1 – paragraph 1 1. This Regulation lays down rules for electronic identification and electronic trust services for electronic transactions with a view to ensuring the proper functioning of the internal market, guaranteeing a high degree of security, and increasing citizens’ confidence in the digital environment.
Amendment 50 #
Proposal for a regulation Article 1 – paragraph 1 1. This Regulation lays down rules for electronic identification and electronic trust services for electronic transactions with a view to ensuring the proper functioning of the internal market, guaranteeing a high degree of security, and increasing citizens’ confidence in the digital environment.
Amendment 51 #
Proposal for a regulation Article 1 – paragraph 1 1. This Regulation lays down rules for electronic
Amendment 52 #
Proposal for a regulation Article 1 – paragraph 2 2. This Regulation lays down the conditions under which Member States shall recognise and accept electronic identification means of any entity or natural
Amendment 53 #
Proposal for a regulation Article 1 – paragraph 3 3. This Regulation establishes a legal framework for electronic signatures, electronic seals, electronic validation and verification, electronic time stamps, electronic documents, electronic delivery services and website authentication.
Amendment 54 #
Proposal for a regulation Article 1 – paragraph 4 4. This Regulation ensures that trust services and products
Amendment 55 #
Proposal for a regulation Article 2 – paragraph 1 1. This Regulation applies to notification of electronic identification provided by, on behalf or under the responsibility of Member States and to trust service providers established in the Union. This regulation applies to trust services offered to the public.
Amendment 56 #
Proposal for a regulation Article 2 – paragraph 2 Amendment 57 #
Proposal for a regulation Article 2 – paragraph 2 Amendment 58 #
Proposal for a regulation Article 2 – paragraph 3 a (new) 3a. This Regulation does not apply to trust services deployed solely for testing, training or scientific research purposes.
Amendment 59 #
Proposal for a regulation Article 3 – paragraph 1 – point 1 (1) ‘electronic identification’ means the
Amendment 60 #
Proposal for a regulation Article 3 – paragraph 1 – point 2 (2) ‘electronic identification means’ means a material or immaterial unit containing data as referred to in point 1 of this Article, and which is used to access electronic services
Amendment 61 #
Proposal for a regulation Article 3 – paragraph 1 – point 10 (10) ‘certificate’ means an electronic attestation which links electronic signature or seal validation data
Amendment 62 #
Proposal for a regulation Article 3 – paragraph 1 – point 14 (14) ‘trust service provider’ means an entity or a natural or a legal person who provides
Amendment 63 #
Proposal for a regulation Article 3 – paragraph 1 – point 19 (19) ‘creator of a seal’ means an entity or a legal person who creates an electronic seal;
Amendment 64 #
Proposal for a regulation Article 3 – paragraph 1 – point 27 (27) ‘electronic document’ means a
Amendment 65 #
Proposal for a regulation Article 3 – paragraph 1 – point 31 a (new) (31a) ‘breach of security’ means a security incident leading to the accidental or unlawful destruction, loss, alteration, or unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
Amendment 66 #
Proposal for a regulation Article 4 a (new) Article 4 a Data processing and protection 1. Trust service providers, issuers, validation services, relying parties and supervisory bodies shall ensure fair and lawful processing in accordance with Directive 95/46/EC when processing personal data. Such processing shall be strictly limited to the minimum data needed to issue and maintain an eID or certificate, validate an electronic authentication or to provide a trust service. 2. Trust service providers, issuers, validation services shall guarantee the confidentiality and integrity of data related to a person to whom the eID is issued or the service is provided. 3. Without prejudice to the legal effect given to pseudonyms under national law, Member States shall not prevent issuers from indicating in electronic authentication means a pseudonym instead of or in addition to the holder's name or prevent trust service providers indicating in electronic signature certificates a pseudonym instead of the signatory's name. 4. Validation services must not collect or retain data beyond the extent necessary for the process of validation. Validation services must not profile signatories, relying parties or any other customers. Logs may be retained for the purpose of detecting fraud and intrusions but for no more than 90 days.
Amendment 67 #
Proposal for a regulation Article 4 a (new) Article 4a Data processing and protection 1. Trust service providers and data protection supervisory bodies shall ensure fair and lawful processing in accordance with Directive 95/46/EC when processing personal data. 2. Trust service providers shall process personal data according to Directive 95/46/EC. Such processing shall be strictly limited to the minimum data needed to issue and maintain a certificate or to provide a trust service. 3. Trust service providers shall guarantee the confidentiality and integrity of data related to a person to whom the trust service is provided. 4. Qualified trust service providers shall store documents or information related to provided service according to national laws. In case of qualified trust service providers ending all activity aforementioned documents and data shall be deposed in supervisory body. Relevant documents and information may be archived electronically.
Amendment 69 #
Proposal for a regulation Article 5 When an electronic identification using an electronic identification means and authentication is
Amendment 70 #
Proposal for a regulation Article 5 When an electronic identification using an electronic identification means and authentication is required under national legislation or administrative practice to access a public service online
Amendment 71 #
Proposal for a regulation Article 6 – paragraph 1 – introductory wording 1.
Amendment 72 #
Proposal for a regulation Article 6 – paragraph 1 – point a (a) the electronic identification means
Amendment 73 #
Proposal for a regulation Article 6 – paragraph 1 – point b (b) the electronic identification means under that scheme can be used to access at least
Amendment 74 #
Proposal for a regulation Article 6 – paragraph 1 – point b (b) the electronic identification means can be used to access at least public services
Amendment 75 #
Proposal for a regulation Article 6 – paragraph 1 – point b a (new) (ba) the electronic identification scheme meets the requirements of the interoperability mode under Article 8l;
Amendment 76 #
Proposal for a regulation Article 6 – paragraph 1 – point b a (new) (ba) the electronic identification means have built-in security levels adjusted according to the types of services to which they give access;
Amendment 77 #
Proposal for a regulation Article 6 – paragraph 1 – point b a (new) (ba) the electronic identification means have built-in security levels adjusted according to the types of services to which they give access;
Amendment 78 #
Proposal for a regulation Article 6 – paragraph 1 – point c (c) the notifying Member State ensures that the person identification data are attributed
Amendment 79 #
Proposal for a regulation Article 6 – paragraph 1 – point c (c) the notifying Member State ensures that the person identification data are attributed
Amendment 80 #
Proposal for a regulation Article 6 – paragraph 1 – point c a (new) (ca) the party issuing the electronic identification means under that scheme ensures that the person identification data referred to in point (c) are attributed to a sufficiently high level for the identity assurance level in question to the electronic identification means at the time of the issuance of the electronic identification means;
Amendment 81 #
Proposal for a regulation Article 6 – paragraph 1 – point c a (new) (ca) the party issuing the electronic identification means ensures that the person identification data referred to in point (c) are attributed to a sufficiently high level for t |