keyboard_tab EIDAS 2014/0910 EN
BG CS DA DE EL EN ES ET FI FR GA HR HU IT LV LT MT NL PL PT RO SK SL SV print pdf
- 3 Article 3 Definitions
- 2 Article 7 Eligibility for notification of electronic identification schemes
- 1 Article 9 Notification
- 1 Article 12 Cooperation and interoperability
CHAPTER I
GENERAL PROVISIONS
CHAPTER II
ELECTRONIC IDENTIFICATION
CHAPTER III
TRUST SERVICES
SECTION 1
General provisions
SECTION 2
Supervision
SECTION 3
Qualified trust services
SECTION 4
Electronic signatures
SECTION 5
Electronic seals
SECTION 6
Electronic time stamps
SECTION 7
Electronic registered delivery services
SECTION 8
Website authentication
CHAPTER IV
ELECTRONIC DOCUMENTS
CHAPTER V
DELEGATIONS OF POWER AND IMPLEMENTING PROVISIONS
CHAPTER VI
FINAL PROVISIONS
- electronic identification
- electronic identification means
- person identification data
- electronic identification scheme
- authentication
- relying party
- public sector body
- body governed by public law
- signatory
- electronic signature
- advanced electronic signature
- qualified electronic signature
- electronic signature creation data
- certificate for electronic signature
- qualified certificate for electronic signature
- trust service
- qualified trust service
- conformity assessment body
- trust service provider
- qualified trust service provider
- product
- electronic signature creation device
- qualified electronic signature creation device
- creator of a seal
- electronic seal
- advanced electronic seal
- qualified electronic seal
- electronic seal creation data
- certificate for electronic seal
- qualified certificate for electronic seal
- electronic seal creation device
- qualified electronic seal creation device
- electronic time stamp
- qualified electronic time stamp
- electronic document
- electronic registered delivery service
- qualified electronic registered delivery service
- certificate for website authentication
- qualified certificate for website authentication
- validation data
- validation
- means 96
- person 46
- which 44
- electronic_identification 44
- data 41
- article 38
- electronic_seal 30
- electronic 29
- requirements 28
- electronic_signature 26
- legal 26
- natural 26
- qualified 24
- creation 24
- ‘qualified 22
- meets 21
- member 21
- trust_service 20
- form 19
- certificate 18
- under 17
- used 17
- referred 17
- shall 17
- laid 16
- down 16
- state 16
- authentication 13
- scheme 13
- implementing 12
- website 12
- issued 12
- provider 12
- schemes 12
- representing 10
- identification 10
- electronic_signature’ 10
- electronic_seal’ 10
- annex 10
- notifying 9
- interoperability 9
- paragraph 9
- regulation 9
- assurance 9
- provides 9
- commission 8
- trust_services 8
- electronic_signatures 8
- create 8
- acts 8
Article 3
Definitions
For the purposes of this Regulation, the following definitions apply:
| (1) | ‘ electronic_identification’ means the process of using person identification data in electronic form uniquely representing either a natural or legal person, or a natural person representing a legal person; |
| (2) | ‘ electronic_identification means’ means a material and/or immaterial unit containing person identification data and which is used for authentication for an online service; |
| (3) | ‘ person identification data’ means a set of data enabling the identity of a natural or legal person, or a natural person representing a legal person to be established; |
| (4) | ‘ electronic_identification scheme’ means a system for electronic_identification under which electronic_identification means are issued to natural or legal persons, or natural persons representing legal persons; |
| (5) | ‘ authentication’ means an electronic process that enables the electronic_identification of a natural or legal person, or the origin and integrity of data in electronic form to be confirmed; |
| (6) | ‘ relying_party’ means a natural or legal person that relies upon an electronic_identification or a trust_service; |
| (7) | ‘ public_sector_body’ means a state, regional or local authority, a body_governed_by_public_law or an association formed by one or several such authorities or one or several such bodies governed by public law, or a private entity mandated by at least one of those authorities, bodies or associations to provide public services, when acting under such a mandate; |
| (8) | ‘ body_governed_by_public_law’ means a body defined in point (4) of Article 2(1) of Directive 2014/24/EU of the European Parliament and of the Council (15); |
| (9) | ‘ signatory’ means a natural person who creates an electronic_signature; |
| (10) | ‘ electronic_signature’ means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign; |
| (11) | ‘advanced electronic_signature’ means an electronic_signature which meets the requirements set out in Article 26; |
| (12) | ‘qualified electronic_signature’ means an advanced electronic_signature that is created by a qualified electronic_signature creation device, and which is based on a qualified certificate for electronic_signatures; |
| (13) | ‘ electronic_signature creation data’ means unique data which is used by the signatory to create an electronic_signature; |
| (14) | ‘certificate for electronic_signature’ means an electronic attestation which links electronic_signature validation_data to a natural person and confirms at least the name or the pseudonym of that person; |
| (15) | ‘qualified certificate for electronic_signature’ means a certificate for electronic_signatures, that is issued by a qualified trust_service provider and meets the requirements laid down in Annex I; |
| (16) | ‘ trust_service’ means an electronic service normally provided for remuneration which consists of:
|
| (17) | ‘qualified trust_service’ means a trust_service that meets the applicable requirements laid down in this Regulation; |
| (18) | ‘ conformity_assessment_body’ means a body defined in point 13 of Article 2 of Regulation (EC) No 765/2008, which is accredited in accordance with that Regulation as competent to carry out conformity assessment of a qualified trust_service provider and the qualified trust_services it provides; |
| (19) | ‘ trust_service provider’ means a natural or a legal person who provides one or more trust_services either as a qualified or as a non-qualified trust_service provider; |
| (20) | ‘qualified trust_service provider’ means a trust_service provider who provides one or more qualified trust_services and is granted the qualified status by the supervisory body; |
| (21) | ‘ product’ means hardware or software, or relevant components of hardware or software, which are intended to be used for the provision of trust_services; |
| (22) | ‘ electronic_signature creation device’ means configured software or hardware used to create an electronic_signature; |
| (23) | ‘qualified electronic_signature creation device’ means an electronic_signature creation device that meets the requirements laid down in Annex II; |
| (24) | ‘ creator_of_a_seal’ means a legal person who creates an electronic_seal; |
| (25) | ‘ electronic_seal’ means data in electronic form, which is attached to or logically associated with other data in electronic form to ensure the latter’s origin and integrity; |
| (26) | ‘advanced electronic_seal’ means an electronic_seal, which meets the requirements set out in Article 36; |
| (27) | ‘qualified electronic_seal’ means an advanced electronic_seal, which is created by a qualified electronic_seal creation device, and that is based on a qualified certificate for electronic_seal; |
| (28) | ‘ electronic_seal creation data’ means unique data, which is used by the creator of the electronic_seal to create an electronic_seal; |
| (29) | ‘certificate for electronic_seal’ means an electronic attestation that links electronic_seal validation_data to a legal person and confirms the name of that person; |
| (30) | ‘qualified certificate for electronic_seal’ means a certificate for an electronic_seal, that is issued by a qualified trust_service provider and meets the requirements laid down in Annex III; |
| (31) | ‘ electronic_seal creation device’ means configured software or hardware used to create an electronic_seal; |
| (32) | ‘qualified electronic_seal creation device’ means an electronic_seal creation device that meets mutatis mutandis the requirements laid down in Annex II; |
| (33) | ‘ electronic_time_stamp’ means data in electronic form which binds other data in electronic form to a particular time establishing evidence that the latter data existed at that time; |
| (34) | ‘qualified electronic_time_stamp’ means an electronic_time_stamp which meets the requirements laid down in Article 42; |
| (35) | ‘ electronic_document’ means any content stored in electronic form, in particular text or sound, visual or audiovisual recording; |
| (36) | ‘ electronic_registered_delivery_service’ means a service that makes it possible to transmit data between third parties by electronic means and provides evidence relating to the handling of the transmitted data, including proof of sending and receiving the data, and that protects transmitted data against the risk of loss, theft, damage or any unauthorised alterations; |
| (37) | ‘qualified electronic_registered_delivery_service’ means an electronic_registered_delivery_service which meets the requirements laid down in Article 44; |
| (38) | ‘certificate for website authentication’ means an attestation that makes it possible to authenticate a website and links the website to the natural or legal person to whom the certificate is issued; |
| (39) | ‘qualified certificate for website authentication’ means a certificate for website authentication, which is issued by a qualified trust_service provider and meets the requirements laid down in Annex IV; |
| (40) | ‘ validation_data’ means data that is used to validate an electronic_signature or an electronic_seal; |
| (41) | ‘ validation’ means the process of verifying and confirming that an electronic_signature or a seal is valid. |
Article 3
Definitions
For the purposes of this Regulation, the following definitions apply:
| (1) | ‘ electronic_identification’ means the process of using person identification data in electronic form uniquely representing either a natural or legal person, or a natural person representing a legal person; |
| (2) | ‘ electronic_identification means’ means a material and/or immaterial unit containing person identification data and which is used for authentication for an online service; |
| (3) | ‘ person identification data’ means a set of data enabling the identity of a natural or legal person, or a natural person representing a legal person to be established; |
| (4) | ‘ electronic_identification scheme’ means a system for electronic_identification under which electronic_identification means are issued to natural or legal persons, or natural persons representing legal persons; |
| (5) | ‘ authentication’ means an electronic process that enables the electronic_identification of a natural or legal person, or the origin and integrity of data in electronic form to be confirmed; |
| (6) | ‘ relying_party’ means a natural or legal person that relies upon an electronic_identification or a trust_service; |
| (7) | ‘ public_sector_body’ means a state, regional or local authority, a body_governed_by_public_law or an association formed by one or several such authorities or one or several such bodies governed by public law, or a private entity mandated by at least one of those authorities, bodies or associations to provide public services, when acting under such a mandate; |
| (8) | ‘ body_governed_by_public_law’ means a body defined in point (4) of Article 2(1) of Directive 2014/24/EU of the European Parliament and of the Council (15); |
| (9) | ‘ signatory’ means a natural person who creates an electronic_signature; |
| (10) | ‘ electronic_signature’ means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign; |
| (11) | ‘advanced electronic_signature’ means an electronic_signature which meets the requirements set out in Article 26; |
| (12) | ‘qualified electronic_signature’ means an advanced electronic_signature that is created by a qualified electronic_signature creation device, and which is based on a qualified certificate for electronic_signatures; |
| (13) | ‘ electronic_signature creation data’ means unique data which is used by the signatory to create an electronic_signature; |
| (14) | ‘certificate for electronic_signature’ means an electronic attestation which links electronic_signature validation_data to a natural person and confirms at least the name or the pseudonym of that person; |
| (15) | ‘qualified certificate for electronic_signature’ means a certificate for electronic_signatures, that is issued by a qualified trust_service provider and meets the requirements laid down in Annex I; |
| (16) | ‘ trust_service’ means an electronic service normally provided for remuneration which consists of:
|
| (17) | ‘qualified trust_service’ means a trust_service that meets the applicable requirements laid down in this Regulation; |
| (18) | ‘ conformity_assessment_body’ means a body defined in point 13 of Article 2 of Regulation (EC) No 765/2008, which is accredited in accordance with that Regulation as competent to carry out conformity assessment of a qualified trust_service provider and the qualified trust_services it provides; |
| (19) | ‘ trust_service provider’ means a natural or a legal person who provides one or more trust_services either as a qualified or as a non-qualified trust_service provider; |
| (20) | ‘qualified trust_service provider’ means a trust_service provider who provides one or more qualified trust_services and is granted the qualified status by the supervisory body; |
| (21) | ‘ product’ means hardware or software, or relevant components of hardware or software, which are intended to be used for the provision of trust_services; |
| (22) | ‘ electronic_signature creation device’ means configured software or hardware used to create an electronic_signature; |
| (23) | ‘qualified electronic_signature creation device’ means an electronic_signature creation device that meets the requirements laid down in Annex II; |
| (24) | ‘ creator_of_a_seal’ means a legal person who creates an electronic_seal; |
| (25) | ‘ electronic_seal’ means data in electronic form, which is attached to or logically associated with other data in electronic form to ensure the latter’s origin and integrity; |
| (26) | ‘advanced electronic_seal’ means an electronic_seal, which meets the requirements set out in Article 36; |
| (27) | ‘qualified electronic_seal’ means an advanced electronic_seal, which is created by a qualified electronic_seal creation device, and that is based on a qualified certificate for electronic_seal; |
| (28) | ‘ electronic_seal creation data’ means unique data, which is used by the creator of the electronic_seal to create an electronic_seal; |
| (29) | ‘certificate for electronic_seal’ means an electronic attestation that links electronic_seal validation_data to a legal person and confirms the name of that person; |
| (30) | ‘qualified certificate for electronic_seal’ means a certificate for an electronic_seal, that is issued by a qualified trust_service provider and meets the requirements laid down in Annex III; |
| (31) | ‘ electronic_seal creation device’ means configured software or hardware used to create an electronic_seal; |
| (32) | ‘qualified electronic_seal creation device’ means an electronic_seal creation device that meets mutatis mutandis the requirements laid down in Annex II; |
| (33) | ‘ electronic_time_stamp’ means data in electronic form which binds other data in electronic form to a particular time establishing evidence that the latter data existed at that time; |
| (34) | ‘qualified electronic_time_stamp’ means an electronic_time_stamp which meets the requirements laid down in Article 42; |
| (35) | ‘ electronic_document’ means any content stored in electronic form, in particular text or sound, visual or audiovisual recording; |
| (36) | ‘ electronic_registered_delivery_service’ means a service that makes it possible to transmit data between third parties by electronic means and provides evidence relating to the handling of the transmitted data, including proof of sending and receiving the data, and that protects transmitted data against the risk of loss, theft, damage or any unauthorised alterations; |
| (37) | ‘qualified electronic_registered_delivery_service’ means an electronic_registered_delivery_service which meets the requirements laid down in Article 44; |
| (38) | ‘certificate for website authentication’ means an attestation that makes it possible to authenticate a website and links the website to the natural or legal person to whom the certificate is issued; |
| (39) | ‘qualified certificate for website authentication’ means a certificate for website authentication, which is issued by a qualified trust_service provider and meets the requirements laid down in Annex IV; |
| (40) | ‘ validation_data’ means data that is used to validate an electronic_signature or an electronic_seal; |
| (41) | ‘ validation’ means the process of verifying and confirming that an electronic_signature or a seal is valid. |
Article 7
Eligibility for notification of electronic_identification schemes
An electronic_identification scheme shall be eligible for notification pursuant to Article 9(1) provided that all of the following conditions are met:
| (a) | the electronic_identification means under the electronic_identification scheme are issued:
|
| (b) | the electronic_identification means under the electronic_identification scheme can be used to access at least one service which is provided by a public_sector_body and which requires electronic_identification in the notifying Member State; |
| (c) | the electronic_identification scheme and the electronic_identification means issued thereunder meet the requirements of at least one of the assurance levels set out in the implementing act referred to in Article 8(3); |
| (d) | the notifying Member State ensures that the person identification data uniquely representing the person in question is attributed, in accordance with the technical specifications, standards and procedures for the relevant assurance level set out in the implementing act referred to in Article 8(3), to the natural or legal person referred to in point 1 of Article 3 at the time the electronic_identification means under that scheme is issued; |
| (e) | the party issuing the electronic_identification means under that scheme ensures that the electronic_identification means is attributed to the person referred to in point (d) of this Article in accordance with the technical specifications, standards and procedures for the relevant assurance level set out in the implementing act referred to in Article 8(3); |
| (f) | the notifying Member State ensures the availability of authentication online, so that any relying_party established in the territory of another Member State is able to confirm the person identification data received in electronic form. For relying parties other than public sector bodies the notifying Member State may define terms of access to that authentication. The cross-border authentication shall be provided free of charge when it is carried out in relation to a service online provided by a public_sector_body. Member States shall not impose any specific disproportionate technical requirements on relying parties intending to carry out such authentication, where such requirements prevent or significantly impede the interoperability of the notified electronic_identification schemes; |
| (g) | at least six months prior to the notification pursuant to Article 9(1), the notifying Member State provides the other Member States for the purposes of the obligation under Article 12(5) a description of that scheme in accordance with the procedural arrangements established by the implementing acts referred to in Article 12(7); |
| (h) | the electronic_identification scheme meets the requirements set out in the implementing act referred to in Article 12(8). |
Article 9
Notification
1. The notifying Member State shall notify to the Commission the following information and, without undue delay, any subsequent changes thereto:
| (a) | a description of the electronic_identification scheme, including its assurance levels and the issuer or issuers of electronic_identification means under the scheme; |
| (b) | the applicable supervisory regime and information on the liability regime with respect to the following:
|
| (c) | the authority or authorities responsible for the electronic_identification scheme; |
| (d) | information on the entity or entities which manage the registration of the unique person identification data; |
| (e) | a description of how the requirements set out in the implementing acts referred to in Article 12(8) are met; |
| (f) | a description of the authentication referred to in point (f) of Article 7; |
| (g) | arrangements for suspension or revocation of either the notified electronic_identification scheme or authentication or the compromised parts concerned. |
2. One year from the date of application of the implementing acts referred to in Articles 8(3) and 12(8), the Commission shall publish in the Official Journal of the European Union a list of the electronic_identification schemes which were notified pursuant to paragraph 1 of this Article and the basic information thereon.
3. If the Commission receives a notification after the expiry of the period referred to in paragraph 2, it shall publish in the Official Journal of the European Union the amendments to the list referred to in paragraph 2 within two months from the date of receipt of that notification.
4. A Member State may submit to the Commission a request to remove an electronic_identification scheme notified by that Member State from the list referred to in paragraph 2. The Commission shall publish in the Official Journal of the European Union the corresponding amendments to the list within one month from the date of receipt of the Member State’s request.
5. The Commission may, by means of implementing acts, define the circumstances, formats and procedures of notifications under paragraph 1. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).
Article 12
Cooperation and interoperability
1. The national electronic_identification schemes notified pursuant to Article 9(1) shall be interoperable.
2. For the purposes of paragraph 1, an interoperability framework shall be established.
3. The interoperability framework shall meet the following criteria:
| (a) | it aims to be technology neutral and does not discriminate between any specific national technical solutions for electronic_identification within a Member State; |
| (b) | it follows European and international standards, where possible; |
| (c) | it facilitates the implementation of the principle of privacy by design; and |
| (d) | it ensures that personal data is processed in accordance with Directive 95/46/EC. |
4. The interoperability framework shall consist of:
| (a) | a reference to minimum technical requirements related to the assurance levels under Article 8; |
| (b) | a mapping of national assurance levels of notified electronic_identification schemes to the assurance levels under Article 8; |
| (c) | a reference to minimum technical requirements for interoperability; |
| (d) | a reference to a minimum set of person identification data uniquely representing a natural or legal person, which is available from electronic_identification schemes; |
| (e) | rules of procedure; |
| (f) | arrangements for dispute resolution; and |
| (g) | common operational security standards. |
5. Member States shall cooperate with regard to the following:
| (a) | the interoperability of the electronic_identification schemes notified pursuant to Article 9(1) and the electronic_identification schemes which Member States intend to notify; and |
| (b) | the security of the electronic_identification schemes. |
6. The cooperation between Member States shall consist of:
| (a) | the exchange of information, experience and good practice as regards electronic_identification schemes and in particular technical requirements related to interoperability and assurance levels; |
| (b) | the exchange of information, experience and good practice as regards working with assurance levels of electronic_identification schemes under Article 8; |
| (c) | peer review of electronic_identification schemes falling under this Regulation; and |
| (d) | examination of relevant developments in the electronic_identification sector. |
7. By 18 March 2015, the Commission shall, by means of implementing acts, establish the necessary procedural arrangements to facilitate the cooperation between the Member States referred to in paragraphs 5 and 6 with a view to fostering a high level of trust and security appropriate to the degree of risk.
8. By 18 September 2015, for the purpose of setting uniform conditions for the implementation of the requirement under paragraph 1, the Commission shall, subject to the criteria set out in paragraph 3 and taking into account the results of the cooperation between Member States, adopt implementing acts on the interoperability framework as set out in paragraph 4.
9. The implementing acts referred to in paragraphs 7 and 8 of this Article shall be adopted in accordance with the examination procedure referred to in Article 48(2).
CHAPTER III
TRUST SERVICES
SECTION 1
General provisions
whereas