Annexes to COM(2012)238 - Electronic identification and trust services for electronic transactions in the internal market - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
| dossier | COM(2012)238 - Electronic identification and trust services for electronic transactions in the internal market. |
|---|---|
| document | COM(2012)238  |
| date | July 23, 2014 |
REQUIREMENTS FOR QUALIFIED CERTIFICATES FOR ELECTRONIC SIGNATURES
Qualified certificates for electronic signatures shall contain:
| (a) | an indication, at least in a form suitable for automated processing, that the certificate has been issued as a qualified certificate for electronic signature; |
| (b) | a set of data unambiguously representing the qualified trust service provider issuing the qualified certificates including at least, the Member State in which that provider is established and:
|
| (c) | at least the name of the signatory, or a pseudonym; if a pseudonym is used, it shall be clearly indicated; |
| (d) | electronic signature validation data that corresponds to the electronic signature creation data; |
| (e) | details of the beginning and end of the certificate’s period of validity; |
| (f) | the certificate identity code, which must be unique for the qualified trust service provider; |
| (g) | the advanced electronic signature or advanced electronic seal of the issuing qualified trust service provider; |
| (h) | the location where the certificate supporting the advanced electronic signature or advanced electronic seal referred to in point (g) is available free of charge; |
| (i) | the location of the services that can be used to enquire about the validity status of the qualified certificate; |
| (j) | where the electronic signature creation data related to the electronic signature validation data is located in a qualified electronic signature creation device, an appropriate indication of this, at least in a form suitable for automated processing. |
ANNEX II
REQUIREMENTS FOR QUALIFIED ELECTRONIC SIGNATURE CREATION DEVICES
| 1. | Qualified electronic signature creation devices shall ensure, by appropriate technical and procedural means, that at least:
|
| 2. | Qualified electronic signature creation devices shall not alter the data to be signed or prevent such data from being presented to the signatory prior to signing. |
| 3. | Generating or managing electronic signature creation data on behalf of the signatory may only be done by a qualified trust service provider. |
| 4. | Without prejudice to point (d) of point 1, qualified trust service providers managing electronic signature creation data on behalf of the signatory may duplicate the electronic signature creation data only for back-up purposes provided the following requirements are met:
|
ANNEX III
REQUIREMENTS FOR QUALIFIED CERTIFICATES FOR ELECTRONIC SEALS
Qualified certificates for electronic seals shall contain:
| (a) | an indication, at least in a form suitable for automated processing, that the certificate has been issued as a qualified certificate for electronic seal; |
| (b) | a set of data unambiguously representing the qualified trust service provider issuing the qualified certificates including at least the Member State in which that provider is established and:
|
| (c) | at least the name of the creator of the seal and, where applicable, registration number as stated in the official records; |
| (d) | electronic seal validation data, which corresponds to the electronic seal creation data; |
| (e) | details of the beginning and end of the certificate’s period of validity; |
| (f) | the certificate identity code, which must be unique for the qualified trust service provider; |
| (g) | the advanced electronic signature or advanced electronic seal of the issuing qualified trust service provider; |
| (h) | the location where the certificate supporting the advanced electronic signature or advanced electronic seal referred to in point (g) is available free of charge; |
| (i) | the location of the services that can be used to enquire as to the validity status of the qualified certificate; |
| (j) | where the electronic seal creation data related to the electronic seal validation data is located in a qualified electronic seal creation device, an appropriate indication of this, at least in a form suitable for automated processing. |
ANNEX IV
REQUIREMENTS FOR QUALIFIED CERTIFICATES FOR WEBSITE AUTHENTICATION
Qualified certificates for website authentication shall contain:
| (a) | an indication, at least in a form suitable for automated processing, that the certificate has been issued as a qualified certificate for website authentication; |
| (b) | a set of data unambiguously representing the qualified trust service provider issuing the qualified certificates including at least the Member State in which that provider is established and:
|
| (c) | for natural persons: at least the name of the person to whom the certificate has been issued, or a pseudonym. If a pseudonym is used, it shall be clearly indicated; for legal persons: at least the name of the legal person to whom the certificate is issued and, where applicable, registration number as stated in the official records; |
| (d) | elements of the address, including at least city and State, of the natural or legal person to whom the certificate is issued and, where applicable, as stated in the official records; |
| (e) | the domain name(s) operated by the natural or legal person to whom the certificate is issued; |
| (f) | details of the beginning and end of the certificate’s period of validity; |
| (g) | the certificate identity code, which must be unique for the qualified trust service provider; |
| (h) | the advanced electronic signature or advanced electronic seal of the issuing qualified trust service provider; |
| (i) | the location where the certificate supporting the advanced electronic signature or advanced electronic seal referred to in point (h) is available free of charge; |
| (j) | the location of the certificate validity status services that can be used to enquire as to the validity status of the qualified certificate. |