Activities of Jürgen CREUTZMANN related to 2012/0146(COD)
Shadow reports (1)
REPORT on the proposal for a regulation of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market PDF (1 MB) DOC (1 MB)
Shadow opinions (1)
OPINION on the proposal for a regulation of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market
Amendments (192)
Amendment 63 #
Proposal for a regulation
Recital 22
Recital 22
(22) To enhance people's trust in the internal market and to promote the use of trust services and products, the notions of qualified trust services and qualified trust service provider should be introduced with a view to indicating requirements and obligations to ensure high-level security of whatever qualified trust services and products are used or provided. Both qualified and advanced electronic signatures may be legally equivalent to handwritten signatures. Nothing in this Regulation shall limit the ability of any natural or legal person to demonstrate with evidence the non-reliability of any form of electronic signature. However, in case of qualified electronic signature the burden of proof when questioning the identity of the signatory shall rest with the contesting party.
Amendment 69 #
Proposal for a regulation
Recital 22
Recital 22
(22) To enhance people's trust in the internal market and to promote the use of trust services and products, the notions of qualified trust services and qualified trust service provider should be introduced with a view to indicating requirements and obligations to ensure high-level security of whatever qualified trust services and products are used or provided. Both qualified and advanced electronic signatures may be legally equivalent to handwritten signatures. Nothing in this Regulation should limit the ability of any natural or legal person to demonstrate with evidence the non-reliability of any form of electronic signature. However, in the case of a qualified electronic signature the burden of proof when questioning the identity of the signatory should rest with the contesting party.
Amendment 75 #
Proposal for a regulation
Article 1 – paragraph 1
Article 1 – paragraph 1
1. This Regulation lays down rules for electronic identification and electronic trust services for electronic transactions with a view to ensuring the proper functioning of the internal market.
Amendment 76 #
Proposal for a regulation
Article 1 – paragraph 3
Article 1 – paragraph 3
3. This Regulation establishes a legal framework for electronic signatures, electronic seals, electronic time stamps, electronic documents, and electronic delivery services and website authentication.
Amendment 78 #
Proposal for a regulation
Article 1 – paragraph 4
Article 1 – paragraph 4
4. This Regulation ensures that qualified and non-qualified trust services and products which comply with this Regulation are permitted to circulate freely in the internal market.
Amendment 80 #
Proposal for a regulation
Article 2 – paragraph 1
Article 2 – paragraph 1
1. This Regulation applies to electronic identification provided by, on behalf or under the responsibilityrecognized by, issued by or on behalf of Member States and to trust service providers established in the Union.
Amendment 82 #
Proposal for a regulation
Article 2 – paragraph 2
Article 2 – paragraph 2
2. This Regulation does not apply to the provision of electronic trust services based on voluntthat are only provided for internal purposes within a closed group of parties. Any third party agreements under private lawwishing to contest the validity of such a trust service may not do so solely on the grounds that the trust service did not fulfil the requirements of this Regulation.
Amendment 86 #
Proposal for a regulation
Article 3 – paragraph 1 – point 1
Article 3 – paragraph 1 – point 1
(1) ‘'electronic identification’' means the process of using person identification data in electronic form unambiguously representing a natural or legal person either unambiguously or to the degree necessary for the specific purpose;
Amendment 93 #
Proposal for a regulation
Article 3 – paragraph 1 – point 12
Article 3 – paragraph 1 – point 12
(12) ‘'trust service’' means any electronic service consisting in the creation, verification, validation, handling and preservation of electronic signatures, electronic seals, electronic time stamps, electronic documents, electronic delivery services, website authentication, andor electronic certificates, including certificates for electronic signature and for electronic seals;
Amendment 96 #
Proposal for a regulation
Article 1 – paragraph 1
Article 1 – paragraph 1
1. This Regulation lays down rules for electronic identification and electronic trust services for electronic transactions with a view to ensuring the proper functioning of the internal market.
Amendment 97 #
Proposal for a regulation
Article 3 – paragraph 1 – point 30
Article 3 – paragraph 1 – point 30
Amendment 99 #
Proposal for a regulation
Article 1 – paragraph 3
Article 1 – paragraph 3
3. This Regulation establishes a legal framework for electronic signatures, electronic seals, electronic time stamps, electronic documents, and electronic delivery services and website authentication.
Amendment 100 #
Proposal for a regulation
Article 1 – paragraph 4
Article 1 – paragraph 4
4. This Regulation ensures that qualified and non-qualified trust services and products which comply with this Regulation are permitted to circulate freely in the internal market.
Amendment 101 #
Proposal for a regulation
Article 2 – paragraph 1
Article 2 – paragraph 1
1. This Regulation applies to electronic identification provided by, on behalf or under the responsibilityrecognized by, issued by or on behalf of Member States and to trust service providers established in the Union.
Amendment 102 #
Proposal for a regulation
Article 5 – paragraph 1
Article 5 – paragraph 1
When an electronic identification using an electronic identification means and authentication is required under national legislation or administrative practice to access a service online, any electronic identification means issued in another Member State falling under a scheme included in the list published by the Commissionof the same or higher security assurance level issued in another Member State, notified pursuant to the procedure referred to in Article 7, shall be recognised and accepted for the purposes of accessing this service online six months following the publication of the list of notified schemes by the Commission.
Amendment 104 #
Proposal for a regulation
Article 2 – paragraph 2
Article 2 – paragraph 2
2. This Regulation does not apply to the provision of electronic trust services based on voluntthat are only provided for internal purposes within a closed group of parties. Any third party agreements under private lawwishing to contest the validity of such a trust service may not do so solely on the grounds that the trust service did not fulfil the requirements of this Regulation.
Amendment 107 #
Proposal for a regulation
Article 6 – paragraph 1 – point a
Article 6 – paragraph 1 – point a
(a) the electronic identification means are recognized by, issued by, or on behalf of or under the responsibility of the notifying Member State;
Amendment 109 #
Proposal for a regulation
Article 3 – point 1
Article 3 – point 1
(1) ‘'electronic identification’' means the process of using person identification data in electronic form unambiguously representing a natural or legal person either unambiguously or to the degree necessary for the specific purpose;
Amendment 110 #
Proposal for a regulation
Article 6 – paragraph 1 – point c
Article 6 – paragraph 1 – point c
(c) the notifying Member State ensures that the person identification data are attributed unambiguously to the natural or legal person referred to in Article 3 point1 either unambiguously or to the degree necessary for the specific purpose;
Amendment 112 #
Proposal for a regulation
Article 6 – paragraph 1 – point d
Article 6 – paragraph 1 – point d
(d) the notifying Member State ensures the availability of an authentication possibility online, at any time and, in case of access to public services, free of charge so that any relying party outside the territory of this Member State can validate the person identification data received in electronic form. Member States shall not impose any disproportionate specific technical requirements on relying parties established outside of their territory intending to carry out such authentication. When either the notified identification scheme or authentication possibility is breached or partly compromised, Member States shall suspend or revoke without delay the notified identification scheme or authentication possibility or the compromised parts concerned and inform the other Member States and the Commission pursuant to Article 7;
Amendment 113 #
Proposal for a regulation
Article 6 – paragraph 1 – point e – introductory part
Article 6 – paragraph 1 – point e – introductory part
(e) the notifying Member State takes liability forensures:
Amendment 114 #
Proposal for a regulation
Article 6 – paragraph 1 – point e – point i
Article 6 – paragraph 1 – point e – point i
(i) the unambiguous attribution of the person identification data referred to in point (c), and
Amendment 119 #
Proposal for a regulation
Article 7 – paragraph 1 – point a
Article 7 – paragraph 1 – point a
(a) a description of the notified electronic identification scheme and its security assurance level;
Amendment 120 #
Proposal for a regulation
Article 7 – paragraph 1 – point c
Article 7 – paragraph 1 – point c
(c) information on by whomich entity the registration of the unambiguous person identifiers is managed;
Amendment 122 #
Proposal for a regulation
Article 7 – paragraph 1 – point d
Article 7 – paragraph 1 – point d
(d) a description of the authentication possibility and any technical requirements imposed on relying parties;
Amendment 125 #
Proposal for a regulation
Article 7 – paragraph 2
Article 7 – paragraph 2
2. Six months after the entry into force of the Regulation, the Commission shall publish in the Official Journal of the European Union as well as on a publicly available website the list of the electronic identification schemes which were notified pursuant to paragraph 1 and the basic information thereon.
Amendment 127 #
Proposal for a regulation
Article 3 – point 12
Article 3 – point 12
(12) ‘trust service’ means any electronic service consisting in the creation, verification, validation, handling and preservation of electronic signatures, electronic seals, electronic time stamps, electronic documents, electronic delivery services, website authentication, andor electronic certificates, including certificates for electronic signature and for electronic seals;
Amendment 127 #
Proposal for a regulation
Article 7 a (new)
Article 7 a (new)
Amendment 131 #
Proposal for a regulation
Article 8 – title
Article 8 – title
Coordination Interoperability and coordination
Amendment 136 #
Proposal for a regulation
Article 8 – paragraph 3
Article 8 – paragraph 3
3. The Commission shall be empowered to adopt delegatedimplementing acts in accordance with Article 38 concerning the facilitation ofing to the examination procedure referred to in Article 39 (2) establishing standards and technical requirements for cross border interoperability and security of electronic identification means by setting of minimum technical requirements.
Amendment 137 #
Proposal for a regulation
Article 3 – point 30
Article 3 – point 30
Amendment 139 #
Proposal for a regulation
Article 9 – paragraph 1
Article 9 – paragraph 1
Amendment 143 #
Proposal for a regulation
Article 9 – paragraph 2 - subparagraph 1
Article 9 – paragraph 2 - subparagraph 1
2. A qualified trust service provider shall be liable for: (a) any direct damage caused to any natural or legal person due to failure to meet the requirements laid down in this Regulation, in particular in Article 19, unless the qualified trust service provider can prove that he has not acted negligently. (b) point (a) shall apply mutatis mutandis where he guaranteed, pursuant to Article 11 paragraph 1 point (b), for the compliance with the requirements of this Regulation by a qualified trust service provider established in a third country, unless the qualified trust service provider established in the Union can prove that the former has not acted negligently.
Amendment 145 #
Proposal for a regulation
Article 5
Article 5
When an electronic identification using an electronic identification means and authentication is required under national legislation or administrative practice to access a service online, any electronic identification means issued in another Member State falling under a scheme included in the list published by the Commissionof the same or higher security assurance level issued in another Member State, notified pursuant to the procedure referred to in Article 7, shall be recognised and accepted for the purposes of accessing this service online 6 months following the publishing of the list of notified schemes by the Commission.
Amendment 146 #
Proposal for a regulation
Article 10 – title
Article 10 – title
Amendment 147 #
Proposal for a regulation
Article 10 – paragraph 1
Article 10 – paragraph 1
1. Qualified trust services and qualified certificates provided by qualified trust service providers established in a third country shall be accepted as qualified trust services and qualified certificates provided by a qualified trust service providers established in the territory of the Union if: (a) the qualified trust service provider fulfils the requirements laid down in this Regulation and has been accredited under a voluntary accreditation scheme established in a Member State; or (b) the qualified trust service provider established within the Union which fulfils the requirements laid down in this Regulation guarantees the compliance with the requirements laid down in this Regulation; or (c) the qualified trust services or qualified certificates originating from the third country are recognised under an agreement between the Union and third countries or international organisations in accordance with Article 218 TFUE.
Amendment 154 #
Proposal for a regulation
Article 6 – paragraph 1 – point a
Article 6 – paragraph 1 – point a
(a) the electronic identification means are issued by, on behalf of or under the responsibilityrecognised by, issued by or on behalf of the notifying Member State;
Amendment 156 #
Proposal for a regulation
Article 11 – paragraph 4 a (new)
Article 11 – paragraph 4 a (new)
4a. Processing of personal data by or on behalf of the trust service provider, where strictly necessary to ensure network and information security for the purpose of complying with the requirements of Articles 11, 15, 16 and 19, shall be considered a legitimate interest in the meaning of Article 7 paragraph (f) of Directive 95/46/EC.
Amendment 160 #
Proposal for a regulation
Article 12
Article 12
Trust services provided and end user products used in the provision of those services shall be made accessible for persons with disabilities whenever reasonably possible.
Amendment 161 #
Proposal for a regulation
Article 13 – paragraph 1
Article 13 – paragraph 1
1. Member States shall designate an appropriate supervisory body established in their territory or, upon mutual agreement, in another Member State under the responsibility of the designating Member State. Supervisory bodies shall be given all supervisory and investigatory powers that areThe designated supervisory body, its addresses and the names of responsible persons shall be communicated to the Commission. Supervisory bodies shall be given adequate resources necessary for the exercise of their tasks.
Amendment 162 #
Proposal for a regulation
Article 13 – paragraph 2 – introductory part
Article 13 – paragraph 2 – introductory part
2. The supervisory body shall be responsible for the performance ofperform the following tasks:
Amendment 163 #
Proposal for a regulation
Article 13 – paragraph 2 – point a
Article 13 – paragraph 2 – point a
(a) monitoringensuring that trust service providers and qualified trust service providers established in the territory of the designating Member State to ensure that they fulfil the requirements laid down in Article 15of this Regulation;
Amendment 164 #
Proposal for a regulation
Article 6 – paragraph 1 – point c
Article 6 – paragraph 1 – point c
(c) the notifying Member State ensures that the person identification data are attributed unambiguously to the natural or legal person referred to in Article 3 point 1 either unambiguously or to the degree necessary for the specific purpose;
Amendment 165 #
Proposal for a regulation
Article 13 – paragraph 2 – point b
Article 13 – paragraph 2 – point b
Amendment 166 #
Proposal for a regulation
Article 13 – paragraph 2 – point c
Article 13 – paragraph 2 – point c
(c) ensuring that relevant information and data referred to in point (g) of Article 19(2), and recorded by qualified trust service providers are preserved and kept accessible after the activities of a qualified trust service provider have ceased, for an appropriate time, in particular considering the validity period of the services, with a view to guaranteeing continuity of the service.
Amendment 167 #
Proposal for a regulation
Article 13 – paragraph 3 – point c
Article 13 – paragraph 3 – point c
Amendment 168 #
Proposal for a regulation
Article 6 – paragraph 1 – point d
Article 6 – paragraph 1 – point d
(d) the notifying Member State ensures the availability of an authentication possibility online, at any time and, in case of access to public services, free of charge so that any relying party outside the territory of this Member State can validate the person identification data received in electronic form. Member States shall not impose any disproportionate specific technical requirements on relying parties established outside of their territory intending to carry out such authentication. When either the notified identification scheme or authentication possibility is breached or partly compromised, Member States shall suspend or revoke without delay the notified identification scheme or authentication possibility or the compromised parts concerned and inform the other Member States and the Commission pursuant to Article 7;
Amendment 168 #
Proposal for a regulation
Article 13 – paragraph 4
Article 13 – paragraph 4
Amendment 172 #
Proposal for a regulation
Article 6 – paragraph 1 – point e – introductory part
Article 6 – paragraph 1 – point e – introductory part
(e) the notifying Member State takes liability forensures:
Amendment 172 #
Proposal for a regulation
Article 13 – paragraph 6
Article 13 – paragraph 6
6. The Commission may, by means of implementing acts, define the circumstances, formats and procedures for the report referred to in paragraph 3. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).
Amendment 174 #
Proposal for a regulation
Article 6 – paragraph 1 – point e – point i
Article 6 – paragraph 1 – point e – point i
(i) the unambiguous attribution of the person identification data referred to in point (c), and
Amendment 174 #
Proposal for a regulation
Article 14 – paragraph 1
Article 14 – paragraph 1
1. Supervisory bodies shall cooperate with a view to exchangeing good practice and provide each other, within the shortest possible time, with relevant information and mutual. They shall, upon justified requests, provide each other with assistance so that activities can be carried out in a consistent manner. MutualRequests for assistance shallmay cover, in particular, information requests and supervisory measures, such as requests to carry out inspections related to the securitycompliance audits as referred to in Articles 15, 16 and 17.
Amendment 175 #
Proposal for a regulation
Article 14 – paragraph 2 – introductory part
Article 14 – paragraph 2 – introductory part
2. A supervisory body to whichmay refuse a request for assistance is addressed may not refuse to comply with it unlessf:
Amendment 176 #
Proposal for a regulation
Article 14 – paragraph 2 – point b
Article 14 – paragraph 2 – point b
(b) compliance with the request would be incompatible withgo beyond the tasks and powers of the supervisory body set out in this Regulation.
Amendment 178 #
Proposal for a regulation
Article 7 – paragraph 1 – point a
Article 7 – paragraph 1 – point a
(a) a description of the notified electronic identification scheme and its security assurance level;
Amendment 179 #
Proposal for a regulation
Article 14 – paragraph 3 – subparagraph 1
Article 14 – paragraph 3 – subparagraph 1
3. Where appropriate, supervisory bodies may carry out joint investigations in which staff from other Member States’ supervisory bodies is involvedsupervisory actions.
Amendment 180 #
Proposal for a regulation
Article 14 – paragraph 3 – subparagraph 2
Article 14 – paragraph 3 – subparagraph 2
Amendment 181 #
Proposal for a regulation
Article 14 – paragraph 4
Article 14 – paragraph 4
Amendment 183 #
Proposal for a regulation
Article 15 – paragraph 1 – subparagraph 1
Article 15 – paragraph 1 – subparagraph 1
1. Trust service providers who are established in the territory of the Union shall take appropriate technical and organisational measures to manage the risks posed to the security of the trust services they provide. Having regard to state of the art, these measures shall ensure that thethe technological development, these measures shall fully respect the data protection rights and ensure a level of security is appropriate to the degree of risk. In particular, measures shall be taken to prevent and minimise the impact of security incidents and inform stakeholders of adverse effects of any significant incidents.
Amendment 184 #
Proposal for a regulation
Article 7 – paragraph 1 – point c
Article 7 – paragraph 1 – point c
(c) information on by whomwhich entity the registration of the unambiguous person identifiers is managed;
Amendment 184 #
Proposal for a regulation
Article 15 – paragraph 1 – subparagraph 2
Article 15 – paragraph 1 – subparagraph 2
Without prejudice to Article 16(1), any trust service provider mayshall, without undue delay and not later than 6 months following the commencement of its activities, submit the report of a securitycompliance audit carried out by a recognised independent body to the supervisory body to confirm that appropriate security measures have been taken.
Amendment 185 #
Proposal for a regulation
Article 15 – paragraph 2 – subparagraph 1
Article 15 – paragraph 2 – subparagraph 1
1. Trust service providers shall, without undue delay and where feasible not later than 24 hours after having become aware of it, notify the competent supervisory body and, where appropriate, the competent national body for information security and other relevant third parties such as data protection authorities of any breach of security or loss of integrity that has a significant impact on the trust service provided and on the personal data maintained therein.
Amendment 186 #
Proposal for a regulation
Article 7 – paragraph 1 – point d
Article 7 – paragraph 1 – point d
(d) a description of the authentication possibility and any technical requirements imposed on relying parties;
Amendment 186 #
Proposal for a regulation
Article 15 – paragraph 2 – subparagraph 2
Article 15 – paragraph 2 – subparagraph 2
Where appropriate, in particular if a breach of security or loss of integrity concerns two or more Member States, the supervisory body concerned shall inform supervisory bodies in otherse Member States and the European Network and Information Security Agency (ENISA).
Amendment 188 #
Proposal for a regulation
Article 15 – paragraph 2 – subparagraph 3
Article 15 – paragraph 2 – subparagraph 3
The supervisory body concerned, in consultation with the trust service provider, may also inform the public or require the trust service provider to do so, where it determines that disclosure of the breach is in the public interest.
Amendment 189 #
Proposal for a regulation
Article 15 – paragraph 4
Article 15 – paragraph 4
4. In order to implementensure compliance with paragraphs 1 and 2, the competent supervisory body shall have the power to issue binding instructions to trust service providers.
Amendment 190 #
Proposal for a regulation
Article 7 – paragraph 2
Article 7 – paragraph 2
2. Six months after the entry into force of the Regulation, the Commission shall publish in the Official Journal of the European Union as well as on a publicly available website the list of the electronic identification schemes which were notified pursuant to paragraph 1 and the basic information thereon.
Amendment 190 #
Proposal for a regulation
Article 15 – paragraph 5
Article 15 – paragraph 5
Amendment 191 #
Proposal for a regulation
Article 15 – paragraph 6
Article 15 – paragraph 6
6. The Commission may, by means of implementing acts, define the circumstances,further specification of the measures referred to in paragraph 1 and formats and procedures, including deadlines, applicable for the purpose of paragraphs 1 to 3. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).
Amendment 193 #
Proposal for a regulation
Article 7 a (new)
Article 7 a (new)
Article 7a Liability 1. The notifying Member State shall be liable with regard to electronic identification means issued by it or on its behalf for any direct damage caused by non-compliance with obligations under Article 6, unless it can show that it has not acted negligently. 2. The issuer of an electronic identification means recognized and notified by a Member State pursuant to the procedure referred to in Article 7 shall be liable for failure to ensure – (i) the unambiguous attribution of the person identification data, and – (ii) the authentication possibility, unless he can show that he has not acted negligently.
Amendment 194 #
Proposal for a regulation
Article 16 – paragraph 1
Article 16 – paragraph 1
1. Qualified trust service providers shall be audited by a recognised independent body once a yearevery two years and following any significant technological or organizational changes to confirm that they and the qualified trust services provided by them fulfil the requirements set out in this Regulation, and shall submit the resulting securitycompliance audit report to the supervisory body.
Amendment 195 #
Proposal for a regulation
Article 8 – title
Article 8 – title
Amendment 195 #
Proposal for a regulation
Article 16 – paragraph 2
Article 16 – paragraph 2
2. Without prejudice to paragraph 1, in case of substantiated doubts, the supervisory body may at any time audit the qualified trust service providers to confirm that they and the qualified trust services provided by them still meet the conditions set out in this Regulation, either on its own initiative or in response to a request from the Commissiona supervisory body in another Member State. The supervisory body shall inform the data protection authorities of the results of its audits, in case personal data protection rules appear to have been breached.
Amendment 197 #
Proposal for a regulation
Article 16 – paragraph 3
Article 16 – paragraph 3
3. The supervisory body shall have the power to issue binding instructions to qualified trust service providers to remedy any failure to fulfil the requirements indicated in the security audit reportset out in this Regulation.
Amendment 199 #
Proposal for a regulation
Article 16 – paragraph 6
Article 16 – paragraph 6
6. The Commission may, by means of implementing acts, define the circumstances, procedures and formats applicable for the purpose of paragraphs 1, 2 and 4. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).
Amendment 202 #
Proposal for a regulation
Article 17 – paragraph 1
Article 17 – paragraph 1
1. Qualified tTrust service providers shall notify the supervisory body of their intention to start providinge a qualified trust service and shall submit to the supervisory body a security audit report carried out by a recognised independent body, as provided for in Article 16(1). Qualified trust service providers may start to provide the qualified trust service after they have submitted the notification and security audit report to the supervisory body.
Amendment 204 #
Proposal for a regulation
Article 8 – paragraph 3
Article 8 – paragraph 3
3. The Commission shall, be empowered to adopt delegated acts in accordance with Article 38 concerning the facilitation ofy means of implementing acts, establish standards and technical requirements for cross border interoperability and security of electronic identification means by setting of minimum technical requirements.. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2)
Amendment 205 #
Proposal for a regulation
Article 9 – paragraph 1
Article 9 – paragraph 1
Amendment 205 #
Proposal for a regulation
Article 17 – paragraph 2
Article 17 – paragraph 2
2. Once the relevant documents are submitted to the supervisory body according to paragraph 1, the qualified service providers shall be included in the trusted lists referred to in Article 18 indicating that the notification has been submittedaccording to paragraph 1, the supervisory body shall verify the compliance of the trust service provider and of the trust services to be provided by it with the requirements of this Regulation. If the verification process confirms compliance, the supervisory body shall grant the status of a qualified trust service provider and the qualified trust service provider may start to provide the qualified trust service.
Amendment 206 #
Proposal for a regulation
Article 17 – paragraph 3 – subparagraph 1
Article 17 – paragraph 3 – subparagraph 1
Amendment 210 #
Proposal for a regulation
Article 17 – paragraph 3 – subparagraph 2
Article 17 – paragraph 3 – subparagraph 2
The supervisory body shall indicate the qualified status of the qualified service providers and the qualified trust services they provide in the trusted lists after the positive conclusion of the verification, not later than one month after the notification has been done in accordance with paragraph 1 process without undue delay and not later than two weeks.
Amendment 211 #
Proposal for a regulation
Article 9 – paragraph 2 a (new)
Article 9 – paragraph 2 a (new)
2a. Paragraph 2 shall apply mutatis mutandis where he guaranteed, pursuant to Article 11 paragraph 1 point (b), for the compliance with the requirements of this Regulation by a qualified trust service provider established in a third country, unless the qualified trust service provider established in the Union can prove that the former has not acted negligently.
Amendment 211 #
Proposal for a regulation
Article 17 – paragraph 3 – subparagraph 3
Article 17 – paragraph 3 – subparagraph 3
If the verification is not concluded within one month, the supervisory body shall inform the qualified trust service provider specifying the reasons of the delay and the period by which the verification shall be concluded. The total period may not exceed 3 months.
Amendment 212 #
Proposal for a regulation
Article 17 – paragraph 4
Article 17 – paragraph 4
Amendment 214 #
Proposal for a regulation
Article 17 – paragraph 5
Article 17 – paragraph 5
5. The Commission may, by means of implementing acts, define the circumstances, formats and procedures for the purpose of paragraphs 1, 2 and.3 Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).
Amendment 216 #
Proposal for a regulation
Article 10 – title
Article 10 – title
Amendment 216 #
Proposal for a regulation
Article 18 – paragraph 2
Article 18 – paragraph 2
2. Member States shall establish, maintain and publish, in a secure manner, electronically signed or sealed trusted lists provided for in paragraph 1 in a form suitable for automated processing. of both the list itself as well as the individual certificates.
Amendment 217 #
Proposal for a regulation
Article 10 – paragraph 1
Article 10 – paragraph 1
1. Qualified trust services and qualified certificates provided by qualified trust service providers established in a third country shall be accepted as qualified trust services and qualified certificates provided by a qualified trust service providers established in the territory of the Union if: (a) the qualified trust service provider fulfils the requirements laid down in this Regulation and has been accredited under a voluntary accreditation scheme established in a Member State; or (b) a qualified trust service provider established within the Union which fulfils the requirements laid down in this Regulation guarantees the compliance with the requirements of this Regulation; or (c) the qualified trust services or qualified certificates originating from the third country are recognised under an agreement between the Union and third countries or international organisations in accordance with Article 218 TFUE.
Amendment 217 #
Proposal for a regulation
Article 18 – paragraph 5
Article 18 – paragraph 5
Amendment 218 #
Proposal for a regulation
Article 18 – paragraph 6
Article 18 – paragraph 6
6. The Commission may, by means of implementing acts, specify the information referred to in paragraph and define the technical specifications and formats for trusted lists applicable for the purposes of paragraphs 1 to 4. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).
Amendment 219 #
Proposal for a regulation
Article 19 – paragraph 1 – subparagraph 1
Article 19 – paragraph 1 – subparagraph 1
When issuing a qualified certificate, a qualified trust service provider shall verify, by appropriate means and in accordance with national and Union law, the identity and, if applicable, any specific attributes of the natural or legal person to whom a qualified certificate is issued.
Amendment 220 #
Proposal for a regulation
Article 19 – paragraph 2 – point b
Article 19 – paragraph 2 – point b
(b) bear the risk of liability for damages byshall take appropriate precautions with regard to its liability for damages under this Regulation by, in particular, maintaining sufficient financial resources or by an appropriateeffecting a liability insurance scheme;
Amendment 222 #
Proposal for a regulation
Article 19 – paragraph 2 – point d
Article 19 – paragraph 2 – point d
(d) use trustworthy systems and products which are protected against unauthorized modification and guarantee the technical security and reliability of the process supported by them;
Amendment 223 #
Proposal for a regulation
Article 19 – paragraph 2 – point e – introductory part
Article 19 – paragraph 2 – point e – introductory part
(e) use trustworthy systems to store data provided to them, in a verifiable form so that:
Amendment 225 #
Proposal for a regulation
Article 19 – paragraph 2 – point e – indent 1
Article 19 – paragraph 2 – point e – indent 1
– they are publicly available for retrieval only where national or Union law allows for this or where the consent of the person to whom the data has been issued has been obtained,
Amendment 226 #
Proposal for a regulation
Article 19 – paragraph 2 – point g
Article 19 – paragraph 2 – point g
(g) record for an appropriate period of time, regardless of whether the qualified trust service provider has ceased to provide qualified trust services, all relevant information concerning data issued and received by the qualified trust service provider, in particular for the purpose of providing evidence in legal proceedings. Such recording may be done electronically;
Amendment 227 #
Proposal for a regulation
Article 11 – paragraph 4 a (new)
Article 11 – paragraph 4 a (new)
4 a. Processing of personal data by or on behalf of the trust service provider, where strictly necessary to ensure network and information security for the purpose of complying with the requirements of Articles 11, 15, 16 and 19, shall be considered a legitimate interest in the meaning of point (f) of Article 7 of Directive 95/46/EC.
Amendment 228 #
Proposal for a regulation
Article 19 – paragraph 3
Article 19 – paragraph 3
3. Qualified trust service providers issuing qualified certificates shall register in their certificate database the revocation of the certificate within ten minutes after such revocation has taken effectout undue delay.
Amendment 229 #
Proposal for a regulation
Article 19 – paragraph 4
Article 19 – paragraph 4
4. With regard to paragraph 3, qualified trust service providers issuing qualified certificates shall provide to any relying party information on the validity or revocation status of qualified certificates issued by them. This information shall be made available at any time at least on a certificate basis in an automated manner which is reliable, free of charge and efficient.
Amendment 230 #
Proposal for a regulation
Article 12
Article 12
Trust services provided and end user products used in the provision of those services shall be made accessible for persons with disabilities whenever reasonably possible.
Amendment 231 #
Proposal for a regulation
Article 19 – paragraph 5
Article 19 – paragraph 5
5. The Commission may, by means of implementing acts, establish reference numbers of standards for trustworthy systems and products. C, for which compliance with the requirements laid down in Article 19 shall be presumed where trustworthy systems and products meet those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
Amendment 232 #
Proposal for a regulation
Article 13 – paragraph 1
Article 13 – paragraph 1
1. Member States shall designate an appropriate supervisory body established in their territory or, upon mutual agreement, in another Member State under the responsibility of the designating Member State. Supervisory bodies shall be given all supervisory and investigatory powers that areThe designated supervisory body, its addresses and the names of responsible persons shall be communicated to the Commission. Supervisory bodies shall be given adequate resources necessary for the exercise of their tasks.
Amendment 235 #
Proposal for a regulation
Article 13 – paragraph 2 – introductory part
Article 13 – paragraph 2 – introductory part
2. The supervisory body shall be responsible for the performance ofperform the following tasks:
Amendment 235 #
Proposal for a regulation
Article 20 – paragraph 2
Article 20 – paragraph 2
2. A qualified electronic signature shall have the equivalent legal effect of a handwritten signature.satisfy the legal requirements of a signature in relation to data in electronic form in the same manner as a handwritten signature satisfies those requirements in relation to paper-based data;
Amendment 236 #
Proposal for a regulation
Article 13 – paragraph 2 – point a
Article 13 – paragraph 2 – point a
(a) monitoringensuring that trust service providers and qualified trust service providers established in the territory of the designating Member State to ensure that they fulfil the requirements laid down in Article 15of this Regulation;
Amendment 239 #
Proposal for a regulation
Article 13 – paragraph 2 – point b
Article 13 – paragraph 2 – point b
Amendment 239 #
Proposal for a regulation
Article 20 – paragraph 3
Article 20 – paragraph 3
Amendment 244 #
Proposal for a regulation
Article 20 – paragraph 4
Article 20 – paragraph 4
4. If an electronic signature with a security assurance level below qualified electronic signature is required, in particular by a Member State for accessing a service online offered by a public sector body, on the basis of an appropriate assessment of the risks involved in such a service, all electronic signatures matching at least the same security assurance level shall be recognised and accepted.
Amendment 245 #
Proposal for a regulation
Article 13 – paragraph 2 – point c
Article 13 – paragraph 2 – point c
(c) ensuring that relevant information and data referred to in point (g) of Article 19(2), and recorded by qualified trust service providers are preserved and kept accessible after the activities of a qualified trust service provider have ceased, for an appropriate time, in particular considering the validity period of the services, with a view to guaranteeing continuity of the service.
Amendment 245 #
Proposal for a regulation
Article 20 – paragraph 6
Article 20 – paragraph 6
Amendment 247 #
Proposal for a regulation
Article 20 – paragraph 7
Article 20 – paragraph 7
7. The Commission mayshall, by means of implementing acts, establish definitions of the different security levels of electronic signatures referred to in paragraph 4 and reference numbers of standards for the security levels of electronic signatures. Compliance with thea defined security level defined in a delegated act adopted pursuant to paragraph 6 shall be presumed when an electronic signature meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
Amendment 248 #
Proposal for a regulation
Article 21 – paragraph 2
Article 21 – paragraph 2
2. Qualified certificates for electronic signature for cross border use shall not be subject to any mandatory requirement exceeding the requirements laid down in Annex I.
Amendment 249 #
Proposal for a regulation
Article 21 – paragraph 4
Article 21 – paragraph 4
Amendment 251 #
Proposal for a regulation
Article 21 – paragraph 5
Article 21 – paragraph 5
5. The Commission may, by means of implementing acts, specify the requirements laid down in Annex I and establish reference numbers of standards for qualified certificates for electronic signature. Compliance with the requirements laid down in Annex I shall be presumed where a qualified certificate for electronic signature meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
Amendment 253 #
Proposal for a regulation
Article 13 – paragraph 3 – point c
Article 13 – paragraph 3 – point c
Amendment 255 #
Proposal for a regulation
Article 13 – paragraph 4
Article 13 – paragraph 4
Amendment 256 #
Proposal for a regulation
Article 26 – paragraph 1 – point b
Article 26 – paragraph 1 – point b
(b) allows relying parties to receive the result of the validation process in an automated manner which is reliable, efficient and bearing the advanced electronic signature or advanced electronic seal of the provider of the qualified validation service.
Amendment 259 #
Proposal for a regulation
Article 13 – paragraph 6
Article 13 – paragraph 6
6. The Commission may, by means of implementing acts, define the circumstances, formats and procedures for the report referred to in paragraph 3. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).
Amendment 261 #
Proposal for a regulation
Article 14 – paragraph 1
Article 14 – paragraph 1
1. Supervisory bodies shall cooperate with a view to exchangeing good practice and provide each other, within the shortest possible time, with relevant information and mutual. They shall, upon justified requests, provide each other assistance so that activities can be carried out in a consistent manner. MutualRequests for assistance shallmay cover, in particular, information requests and supervisory measures, such as requests to carry out inspections related to the securitycompliance audits as referred to in Articles 15, 16 and 17.
Amendment 263 #
Proposal for a regulation
Article 14 – paragraph 2 – introductory part
Article 14 – paragraph 2 – introductory part
2. A supervisory body to whichmay refuse a request for assistance is addressed may not refuse to comply with it unlessf:
Amendment 264 #
Proposal for a regulation
Article 28 – paragraph 2
Article 28 – paragraph 2
2. A qualified electronic seal shall enjoy the legal presumption of ensuring the originensures the identity of the creator and integrity of the data to which it is linked.
Amendment 267 #
Proposal for a regulation
Article 14 – paragraph 2 – point b
Article 14 – paragraph 2 – point b
(b) compliance with the request would be incompatible withgo beyond the tasks and powers of the supervisory body set out in this Regulation.
Amendment 267 #
Proposal for a regulation
Article 28 – paragraph 3
Article 28 – paragraph 3
3. A qualified electronic seal shall be recognised and accepted in all Member States.
Amendment 270 #
Proposal for a regulation
Article 14 – paragraph 3 – subparagraph 1
Article 14 – paragraph 3 – subparagraph 1
Where appropriate, supervisory bodies may carry out joint investigations in which staff from other Member States‘ supervisory bodies is involvedsupervisory actions.
Amendment 270 #
Proposal for a regulation
Article 28 – paragraph 4
Article 28 – paragraph 4
4. If an electronic seal security assurance level below the qualified electronic seal is required, in particular by a Member State for accessing a service online offered by a public sector body on the basis of an appropriate assessment of the risks involved in such a service, all electronic seals matching at a minimum the same security assurance level shall be accepted.
Amendment 271 #
Proposal for a regulation
Article 14 – paragraph 3 – subparagraph 2
Article 14 – paragraph 3 – subparagraph 2
Amendment 272 #
Proposal for a regulation
Article 14 – paragraph 4
Article 14 – paragraph 4
Amendment 272 #
Proposal for a regulation
Article 28 – paragraph 5
Article 28 – paragraph 5
5. Member States shall not request for accessing cross border a service online offered by a public sector body an electronic seal with higher security assurance level than qualified electronic seals.
Amendment 273 #
Proposal for a regulation
Article 28 – paragraph 6
Article 28 – paragraph 6
Amendment 275 #
Proposal for a regulation
Article 28 – paragraph 7
Article 28 – paragraph 7
7. The Commission may, by means of implementing acts, define different security assurance levels of electronic seals referred to in paragraph 4 and establish reference numbers of standards for the security assurance levels of electronic seals. Compliance with the security assurance level defined in a delegated act adopted pursuant to paragraph 6 shall be presumed when an electronic seal meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
Amendment 276 #
Proposal for a regulation
Article 15 – paragraph 1 – subparagraph 1
Article 15 – paragraph 1 – subparagraph 1
Trust service providers who are established in the territory of the Union shall take appropriate technical and organisational measures to manage the risks posed to the security of the trust services they provide. Having regard to state of the art, these measures shall ensure that thethe technological development, these measures shall fully respect the data protection rights and ensure a level of security is appropriate to the degree of risk. In particular, measures shall be taken to prevent and minimise the impact of security incidents and inform stakeholders of adverse effects of any significant incidents.
Amendment 276 #
Proposal for a regulation
Article 29 – paragraph 2
Article 29 – paragraph 2
2. Qualified certificates for electronic seal for cross border use shall not be subject to any mandatory requirements exceeding the requirements laid down in Annex III.
Amendment 279 #
Proposal for a regulation
Article 15 – paragraph 1 – subparagraph 2
Article 15 – paragraph 1 – subparagraph 2
Without prejudice to Article 16(1), any trust service provider mayshall, without undue delay and not later than 6 months following the commencement of its activities, submit the report of a securitycompliance audit carried out by a recognised independent body to the supervisory body to confirm that appropriate security measures have been taken.
Amendment 284 #
Proposal for a regulation
Article 15 – paragraph 2 – subparagraph 1
Article 15 – paragraph 2 – subparagraph 1
Trust service providers shall, without undue delay and where feasible not later than 24 hours after having become aware of it, notify the competent supervisory body and, where appropriate, the competent national body for information security and other relevant third parties such as data protection authorities of any breach of security or loss of integrity that has a significant impact on the trust service provided and on the personal data maintained therein.
Amendment 286 #
Proposal for a regulation
Article 34 – paragraph 1
Article 34 – paragraph 1
1. An electronic document shall be considered as equivalent to a paper document and admissible as evidence in legal proceedings, having regard to its assurance level of authenticity and integrity.
Amendment 287 #
Proposal for a regulation
Article 15 – paragraph 2 – subparagraph 2
Article 15 – paragraph 2 – subparagraph 2
Where appropriate, in particular if a breach of security or loss of integrity concerns two or more Member States, the supervisory body concerned shall inform supervisory bodies in otherse Member States and the European Network and Information Security Agency (ENISA).
Amendment 289 #
Proposal for a regulation
Article 15 – paragraph 2 – subparagraph 3
Article 15 – paragraph 2 – subparagraph 3
The supervisory body concerned, in consultation with the trust service provider, may also inform the public or require the trust service provider to do so, where it determines that disclosure of the breach is in the public interest.
Amendment 290 #
Proposal for a regulation
Article 34 – paragraph 2
Article 34 – paragraph 2
2. A document bearing a qualified electronic signature or a qualified electronic seal of the person who is competent to issue the relevant document, shall enjoy legal presumption of its authenticity and integrity provided the document does not contain any dynamic features capable of automatically changing the document.
Amendment 293 #
Proposal for a regulation
Article 34 – paragraph 3
Article 34 – paragraph 3
3. When an original document or a certified copy is required for the provision of a service online offered by a public sector body, at least electronic documents issuelectronically signed or sealed by the persons who are competent to issue the relevant documents and that are considered to be originals or certified copies in accordance with national law of the Member State of origin, shall be accepted in other Member States without additional requirements.
Amendment 296 #
Proposal for a regulation
Article 15 – paragraph 4
Article 15 – paragraph 4
4. In order to implementensure compliance with paragraphs 1 and 2, the competent supervisory body shall have the power to issue binding instructions to trust service providers.
Amendment 299 #
Proposal for a regulation
Article 15 – paragraph 5
Article 15 – paragraph 5
Amendment 302 #
Proposal for a regulation
Chapter 3 – section 8 - Title
Chapter 3 – section 8 - Title
Website authentication deleted
Amendment 303 #
Proposal for a regulation
Article 15 – paragraph 6
Article 15 – paragraph 6
6. The Commission may, by means of implementing acts, define the circumstances,further specification of the measures referred to in paragraph 1 and formats and procedures, including deadlines, applicable for the purpose of paragraphs 1 to 3. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).
Amendment 303 #
Proposal for a regulation
Article 37
Article 37
Amendment 305 #
Proposal for a regulation
Article 16 – paragraph 1
Article 16 – paragraph 1
1. Qualified trust service providers shall be audited by a recognised independent body once a yearevery two years and following any significant technological or organizational changes to confirm that they and the qualified trust services provided by them fulfil the requirements set out in this Regulation, and shall submit the resulting securitycompliance audit report to the supervisory body.
Amendment 309 #
Proposal for a regulation
Annex 1 – paragraph 1 – point c a (new)
Annex 1 – paragraph 1 – point c a (new)
(ca) provision for a specific attribute of the signatory to be included if relevant, depending on the purpose for which the certificate is intended;
Amendment 310 #
Proposal for a regulation
Article 16 – paragraph 2
Article 16 – paragraph 2
2. Without prejudice to paragraph 1, in case of substantiated doubts, the supervisory body may at any time audit the qualified trust service providers to confirm that they and the qualified trust services provided by them still meet the conditions set out in this Regulation, either on its own initiative or in response to a request from the Commissiona supervisory body in another Member State. The supervisory body shall inform the data protection authorities of the results of its audits, in case personal data protection rules appear to have been breached.
Amendment 311 #
Proposal for a regulation
Annex 4
Annex 4
Amendment 313 #
Proposal for a regulation
Article 16 – paragraph 3
Article 16 – paragraph 3
3. The supervisory body shall have the power to issue binding instructions to qualified trust service providers to remedy any failure to fulfil the requirements indicated in the security audit reportset out in this Regulation.
Amendment 319 #
Proposal for a regulation
Article 16 – paragraph 6
Article 16 – paragraph 6
6. The Commission may, by means of implementing acts, define the circumstances, procedures and formats applicable for the purpose of paragraphs 1, 2 and 4. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).
Amendment 322 #
Proposal for a regulation
Article 17 – paragraph 1
Article 17 – paragraph 1
1. Qualified tTrust service providers shall notify the supervisory body of their intention to start providinge a qualified trust service and shall submit to the supervisory body a security audit report carried out by a recognised independent body, as provided for in Article 16(1). Qualified trust service providers may start to provide the qualified trust service after they have submitted the notification and security audit report to the supervisory body.
Amendment 324 #
Proposal for a regulation
Article 17 – paragraph 2
Article 17 – paragraph 2
2. Once the relevant documents are submitted to the supervisory body according to paragraph 1, the qualified service providers shall be included inaccording to paragraph 1, the supervisory body shall verify the compliance of the trust service provider and of the trusted lists referred to in Article 18 indicating that the notification has been submitted services to be provided by it with the requirements of this Regulation. If the verification process confirms compliance, the supervisory body shall grant the status of a qualified trust service provider and the qualified trust service provider may start to provide the qualified trust service.
Amendment 327 #
Proposal for a regulation
Article 17 – paragraph 3 – subparagraph 1
Article 17 – paragraph 3 – subparagraph 1
Amendment 330 #
Proposal for a regulation
Article 17 – paragraph 3 – subparagraph 2
Article 17 – paragraph 3 – subparagraph 2
The supervisory body shall indicate the qualified status of the qualified service providers and the qualified trust services they provide in the trusted lists after the positive conclusion of the verification, not later than one month after the notification has been done in accordance with paragraph 1 process without undue delay and not later than 2 weeks.
Amendment 332 #
Proposal for a regulation
Article 17 – paragraph 3 – subparagraph 3
Article 17 – paragraph 3 – subparagraph 3
If the verification is not concluded within one month, the supervisory body shall inform the qualified trust service provider specifying the reasons of the delay and the period by which the verification shall be concluded. The total period may not exceed 3 months.
Amendment 333 #
Proposal for a regulation
Article 17 – paragraph 4
Article 17 – paragraph 4
Amendment 336 #
Proposal for a regulation
Article 17 – paragraph 5
Article 17 – paragraph 5
5. The Commission may, by means of implementing acts, define the circumstances, formats and procedures for the purpose of paragraphs 1, 2 and.3 Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).
Amendment 338 #
Proposal for a regulation
Article 18 – paragraph 2
Article 18 – paragraph 2
2. Member States shall establish, maintain and publish, in a secure manner, electronically signed or sealed trusted lists provided for in paragraph 1 in a form suitable for automated processing of both the list itself as well as the individual certificates.
Amendment 339 #
Proposal for a regulation
Article 18 – paragraph 5
Article 18 – paragraph 5
Amendment 340 #
Proposal for a regulation
Article 18 – paragraph 6
Article 18 – paragraph 6
6. The Commission may, by means of implementing acts, specify the information referred to in paragraph and define the technical specifications and formats for trusted lists applicable for the purposes of paragraphs 1 to 4. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2).
Amendment 342 #
Proposal for a regulation
Article 19 – paragraph 1 – subparagraph 1
Article 19 – paragraph 1 – subparagraph 1
When issuing a qualified certificate, a qualified trust service provider shall verify, by appropriate means and in accordance with national and Union law, the identity and, if applicable, any specific attributes of the natural or legal person to whom a qualified certificate is issued.
Amendment 343 #
Proposal for a regulation
Article 19 – paragraph 2 – point b
Article 19 – paragraph 2 – point b
(b) bear the risk of liability for damages byshall take appropriate precautions with regard to its liability for damages under this Regulation by, in particular, maintaining sufficient financial resources or by an appropriateeffecting a liability insurance scheme;
Amendment 345 #
Proposal for a regulation
Article 19 – paragraph 2 – point d
Article 19 – paragraph 2 – point d
(d) use trustworthy systems and products which are protected against unauthorized modification and guarantee the technical security and reliability of the process supported by them;
Amendment 346 #
Proposal for a regulation
Article 19 – paragraph 2 – point e – introductory part
Article 19 – paragraph 2 – point e – introductory part
(e) use trustworthy systems to store data provided to them, in a verifiable form so that:
Amendment 347 #
Proposal for a regulation
Article 19 – paragraph 2 – point e – indent 1
Article 19 – paragraph 2 – point e – indent 1
– they are publicly available for retrieval only where national or Union law allows for this or where the consent of the person to whom the data has been issued has been obtained,
Amendment 348 #
Proposal for a regulation
Article 19 – paragraph 2 – point g
Article 19 – paragraph 2 – point g
(g) record for an appropriate period of time, regardless of whether the qualified trust service provider has ceased to provide qualified trust services, all relevant information concerning data issued and received by the qualified trust service provider, in particular for the purpose of providing evidence in legal proceedings. Such recording may be done electronically;
Amendment 350 #
Proposal for a regulation
Article 19 – paragraph 3
Article 19 – paragraph 3
3. Qualified trust service providers issuing qualified certificates shall register in their certificate database the revocation of the certificate within ten minutes after such revocation has taken effectout undue delay.
Amendment 351 #
Proposal for a regulation
Article 19 – paragraph 4
Article 19 – paragraph 4
4. With regard to paragraph 3, qualified trust service providers issuing qualified certificates shall provide to any relying party information on the validity or revocation status of qualified certificates issued by them. This information shall be made available at any time at least on a certificate basis in an automated manner which is reliable, free of charge and efficient.
Amendment 353 #
Proposal for a regulation
Article 19 – paragraph 5
Article 19 – paragraph 5
5. The Commission may, by means of implementing acts, establish reference numbers of standards for trustworthy systems and products. C, for which compliance with the requirements laid down in Article 19 shall be presumed where trustworthy systems and products meet those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
Amendment 355 #
Proposal for a regulation
Article 20 – paragraph 2
Article 20 – paragraph 2
2. A qualified electronic signature shall have the equivalent legal effect of a handwritten signaturesatisfy the legal requirements of a signature in relation to data in electronic form in the same manner as a handwritten signature satisfies those requirements in relation to paper-based data.
Amendment 360 #
Proposal for a regulation
Article 20 – paragraph 3
Article 20 – paragraph 3
Amendment 363 #
Proposal for a regulation
Article 20 – paragraph 4
Article 20 – paragraph 4
4. If an electronic signature with a security assurance level below qualified electronic signature is required, in particular by a Member State for accessing a service online offered by a public sector body, on the basis of an appropriate assessment of the risks involved in such a service, all electronic signatures matching at least the same security assurance level shall be recognised and accepted.
Amendment 365 #
Proposal for a regulation
Article 20 – paragraph 6
Article 20 – paragraph 6
Amendment 368 #
Proposal for a regulation
Article 20 – paragraph 7
Article 20 – paragraph 7
7. The Commission mayshall, by means of implementing acts, establish definitions of the different security levels of electronic signatures referred to in paragraph 4 of this Article and reference numbers of standards for the security levels of electronic signatures. Compliance with thea defined security level defined in a delegated act adopted pursuant to paragraph 6 shall be presumed when an electronic signature meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
Amendment 371 #
Proposal for a regulation
Article 21 – paragraph 2
Article 21 – paragraph 2
2. Qualified certificates for electronic signature for cross-border use shall not be subject to any mandatory requirement exceeding the requirements laid down in Annex I.
Amendment 372 #
Proposal for a regulation
Article 21 – paragraph 4
Article 21 – paragraph 4
Amendment 374 #
Proposal for a regulation
Article 21 – paragraph 5
Article 21 – paragraph 5
5. The Commission may, by means of implementing acts, specify the requirements laid down in Annex I and establish reference numbers of standards for qualified certificates for electronic signature. Compliance with the requirements laid down in Annex I shall be presumed where a qualified certificate for electronic signature meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
Amendment 387 #
Proposal for a regulation
Article 26 – paragraph 1 – point b
Article 26 – paragraph 1 – point b
(b) allows relying parties to receive the result of the validation process in an automated manner which is reliable, efficient and bearing the advanced electronic signature or advanced electronic seal of the provider of the qualified validation service.
Amendment 393 #
Proposal for a regulation
Article 28 – paragraph 2
Article 28 – paragraph 2
2. A qualified electronic seal shall enjoy the legal presumption of ensuring the originensures the identity of the creator and integrity of the data to which it is linked.
Amendment 394 #
Proposal for a regulation
Article 28 – paragraph 3
Article 28 – paragraph 3
3. A qualified electronic seal shall be recognised and accepted in all Member States.
Amendment 395 #
Proposal for a regulation
Article 28 – paragraph 4
Article 28 – paragraph 4
4. If an electronic seal security assurance level below the qualified electronic seal is required, in particular by a Member State for accessing a service online offered by a public sector body on the basis of an appropriate assessment of the risks involved in such a service, all electronic seals matching at a minimum the same security assurance level shall be accepted.
Amendment 396 #
Proposal for a regulation
Article 28 – paragraph 5
Article 28 – paragraph 5
5. Member States shall not request for accessing cross-border a service online offered by a public sector body an electronic seal with higher security assurance level than qualified electronic seals.
Amendment 397 #
Proposal for a regulation
Article 28 – paragraph 6
Article 28 – paragraph 6
Amendment 399 #
Proposal for a regulation
Article 28 – paragraph 7
Article 28 – paragraph 7
7. The Commission may, by means of implementing acts, define different security assurance levels of electronic seals referred to in paragraph 4 and establish reference numbers of standards for the security assurance levels of electronic seals. Compliance with the security assurance level defined in a delegated act adopted pursuant to paragraph 6 shall be presumed when an electronic seal meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 39(2). The Commission shall publish those acts in the Official Journal of the European Union.
Amendment 402 #
Proposal for a regulation
Article 29 – paragraph 2
Article 29 – paragraph 2
2. Qualified certificates for electronic seal for cross-border use shall not be subject to any mandatory requirements exceeding the requirements laid down in Annex III.
Amendment 418 #
Proposal for a regulation
Article 34 – paragraph 1
Article 34 – paragraph 1
1. An electronic document shall be considered as equivalent to a paper document and admissible as evidence in legal proceedings, having regard to its assurance level of authenticity and integrity.
Amendment 420 #
Proposal for a regulation
Article 34 – paragraph 2
Article 34 – paragraph 2
2. A document bearing a qualified electronic signature or a qualified electronic seal of the person who is competent to issue the relevant document, shall enjoy legal presumption of its authenticity and integrity provided the document does not contain any dynamic features capable of automatically changing the document.
Amendment 421 #
Proposal for a regulation
Article 34 – paragraph 2
Article 34 – paragraph 2
2. A document bearing a qualified electronic signature or a qualified electronic seal of the person who is competent to issue the relevant document, shall enjoy legal presumption of its authenticity and integrity provided the document does not contain any dynamic features capable of automatically changing the documentcontent of the document subsequently.
Amendment 422 #
Proposal for a regulation
Article 34 – paragraph 3
Article 34 – paragraph 3
3. When an original document or a certified copy is required for the provision of a service online offered by a public sector body, at least electronic documents issuelectronically signed or sealed by the persons who are competent to issue the relevant documents and that are considered to be originals or certified copies in accordance with national law of the Member State of origin, shall be accepted in other Member States without additional requirements.
Amendment 427 #
Proposal for a regulation
Article 37
Article 37
Amendment 441 #
Proposal for a regulation
Annex I – point c a (new)
Annex I – point c a (new)
(ca) provision for a specific attribute of the signatory to be included if relevant, depending on the purpose for which the certificate is intended;
Amendment 446 #
Proposal for a regulation
Annex IV
Annex IV
Annex deleted