Electronic Signatures

Legal Status ofQualified Electronic Signatures

11

"certification service provider"means

a natural or legal person

who issues

qualified certificates or qualified time stamps.

Definition according to section 2,paragraph 8 of the Electronic Signatures Act:

Electronic Signatures

Legal Status22

What is different about qualified signatures?

- Validity model(sections 16 and 19 of the Electronic Signatures Act)

- Algorithms (specified annually)

- Hardware compulsory (non-repudiation)

- Long-term verifiability (at least 5/35 years)

- National root certificate for accredited certification serviceproviders only

- Quality mark for accredited certification service providersonly

Section IS 15

ElectronicSignatures

RecognisesRecognised evaluation and certification bodies

BSI debis TÜVIT

Publishes

Federal Gazette/RegTP Official

Gazette/Internet

Evaluation andcertification bodies Proposes

AlgorithmsAlgorithms

Certify compliancewith the

Electronic SignaturesAct and Ordinance

Security concept

- Products- Management- Staff, etc

Technical components

- Signature creation device- Directory service- Time stamp service- Key generator, etc

Products

Certification serviceproviders

Signature key holders

AccreditsAccredits

Certification serviceproviders

Operates

National rootcertification authority

Competent Authority'skeys

Certifies

Certification serviceproviders

Electronic Signatures

Legal Status44

Enhanced quality through voluntary accreditation

Enhance the level of the certification services to be provided towards the levelsof trust, security and quality demanded by the evolving market.Electronic Signatures Directive, Recital 11

= Secure procedures, archivability, availability, etc

Voluntary accreditationArticle 2, paragraph 13 of the Electronic Signatures DirectiveSection 15 of the Electronic Signatures Act= Permission, setting out rights and obligations for the provision of certification services and granted at the request of the certification service provider concerned by the competent body. The certification service provider is not entitled to exercise the rights and obligations stemming from the permission until it has received the permission.

PermissionCompetent

bodyApplication Right to operate as accredited provider

Electronic Signatures

Legal Status55

EU Directive for Electronic Signatures

Continental European Approach Anglo-Saxon Approach

Prevention throughcomprehensive pre-implementation checks for- products,- technical, administrative and organisational aspects of certification activities, and- reliability and specialised knowledge of staff.

Ensuring adequate minimum level of - competition in the market, and- liability.

Liability depends on- ability and willingness to assume liability in cases of damage, and- recognised cases of damage.

Long-term problem

- Development costs (evaluation of products and security concepts)- More time-intensive in initial stages

"Teething problem"

Electronic Signatures

Legal Status66

Unregulated area – section 1(2)

Unregulated area – section 1(2)

Qualified electronic signatures (section 2 paragraph 3)

- Certification service providers:

Certification service providerssubject to

supervision

Certification service providersgranted

accreditation(can be made mandatory

in the public sector)

Legal status: equivalence with handwritten signatures(section 126a of the Civil Code)

Implementation in the Electronic Signatures Act

Electronic Signatures

Legal Status77

Time horizon

Developmental stage(Act and Ordinance)

Evaluation of products, proceduresand acceptance bodies

"Equivalence" ofelectronic signatures

1998

2000

1996

2001 Amendment of legislation requiringwriting as the legal form

Electronic Signatures Ordinance16 November 2001

Amendment of Formal Requirements Act1 August 2001

Electronic Signatures Act22 May 2001