keyboard_tab EIDAS 2014/0910 EN
BG CS DA DE EL EN ES ET FI FR GA HR HU IT LV LT MT NL PL PT RO SK SL SV print pdf
- 2 Article 12 Cooperation and interoperability
- 1 Article 21 Initiation of a qualified trust service
- 1 Article 22 Trusted lists
- 1 Article 27 Electronic signatures in public services
- 1 Article 37 Electronic seals in public services
CHAPTER I
GENERAL PROVISIONS
CHAPTER II
ELECTRONIC IDENTIFICATION
CHAPTER III
TRUST SERVICES
SECTION 1
General provisions
SECTION 2
Supervision
SECTION 3
Qualified trust services
SECTION 4
Electronic signatures
SECTION 5
Electronic seals
SECTION 6
Electronic time stamps
SECTION 7
Electronic registered delivery services
SECTION 8
Website authentication
CHAPTER IV
ELECTRONIC DOCUMENTS
CHAPTER V
DELEGATIONS OF POWER AND IMPLEMENTING PROVISIONS
CHAPTER VI
FINAL PROVISIONS
- electronic identification
- electronic identification means
- person identification data
- electronic identification scheme
- authentication
- relying party
- public sector body
- body governed by public law
- signatory
- electronic signature
- advanced electronic signature
- qualified electronic signature
- electronic signature creation data
- certificate for electronic signature
- qualified certificate for electronic signature
- trust service
- qualified trust service
- conformity assessment body
- trust service provider
- qualified trust service provider
- product
- electronic signature creation device
- qualified electronic signature creation device
- creator of a seal
- electronic seal
- advanced electronic seal
- qualified electronic seal
- electronic seal creation data
- certificate for electronic seal
- qualified certificate for electronic seal
- electronic seal creation device
- qualified electronic seal creation device
- electronic time stamp
- qualified electronic time stamp
- electronic document
- electronic registered delivery service
- qualified electronic registered delivery service
- certificate for website authentication
- qualified certificate for website authentication
- validation data
- validation
- shall 43
- article 32
- referred 26
- qualified 25
- acts 21
- implementing 19
- advanced 18
- trust_service 17
- member 15
- electronic_identification 14
- the 13
- paragraph 13
- state 11
- accordance 11
- commission 10
- formats 10
- electronic_signatures 9
- procedure 9
- states 9
- reference 9
- lists 9
- means 9
- schemes 9
- under 9
- examination 8
- provider 8
- requirements 8
- standards 8
- trusted 8
- interoperability 8
- electronic_seals 8
- legal 8
- providers 7
- national 7
- information 7
- body 7
- adopted 7
- natural 6
- certificate 6
- based 6
- damage 6
- trust_services 6
- public_sector_body 6
- offered 6
- service 6
- electronic_seal 6
- online 6
- person 6
- paragraphs 6
- methods 6
Article 11
Liability
1. The notifying Member State shall be liable for damage caused intentionally or negligently to any natural or legal person due to a failure to comply with its obligations under points (d) and (f) of Article 7 in a cross-border transaction.
2. The party issuing the electronic_identification means shall be liable for damage caused intentionally or negligently to any natural or legal person due to a failure to comply with the obligation referred to in point (e) of Article 7 in a cross-border transaction.
3. The party operating the authentication procedure shall be liable for damage caused intentionally or negligently to any natural or legal person due to a failure to ensure the correct operation of the authentication referred to in point (f) of Article 7 in a cross-border transaction.
4. paragraphs 1, 2 and 3 shall be applied in accordance with national rules on liability.
5. paragraphs 1, 2 and 3 are without prejudice to the liability under national law of parties to a transaction in which electronic_identification means falling under the electronic_identification scheme notified pursuant to Article 9(1) are used.
Article 12
Cooperation and interoperability
1. The national electronic_identification schemes notified pursuant to Article 9(1) shall be interoperable.
2. For the purposes of paragraph 1, an interoperability framework shall be established.
3. The interoperability framework shall meet the following criteria:
| (a) | it aims to be technology neutral and does not discriminate between any specific national technical solutions for electronic_identification within a Member State; |
| (b) | it follows European and international standards, where possible; |
| (c) | it facilitates the implementation of the principle of privacy by design; and |
| (d) | it ensures that personal data is processed in accordance with Directive 95/46/EC. |
4. The interoperability framework shall consist of:
| (a) | a reference to minimum technical requirements related to the assurance levels under Article 8; |
| (b) | a mapping of national assurance levels of notified electronic_identification schemes to the assurance levels under Article 8; |
| (c) | a reference to minimum technical requirements for interoperability; |
| (d) | a reference to a minimum set of person_identification_data uniquely representing a natural or legal person, which is available from electronic_identification schemes; |
| (e) | rules of procedure; |
| (f) | arrangements for dispute resolution; and |
| (g) | common operational security standards. |
5. Member States shall cooperate with regard to the following:
| (a) | the interoperability of the electronic_identification schemes notified pursuant to Article 9(1) and the electronic_identification schemes which Member States intend to notify; and |
| (b) | the security of the electronic_identification schemes. |
6. The cooperation between Member States shall consist of:
| (a) | the exchange of information, experience and good practice as regards electronic_identification schemes and in particular technical requirements related to interoperability and assurance levels; |
| (b) | the exchange of information, experience and good practice as regards working with assurance levels of electronic_identification schemes under Article 8; |
| (c) | peer review of electronic_identification schemes falling under this Regulation; and |
| (d) | examination of relevant developments in the electronic_identification sector. |
7. By 18 March 2015, the Commission shall, by means of implementing acts, establish the necessary procedural arrangements to facilitate the cooperation between the Member States referred to in paragraphs 5 and 6 with a view to fostering a high level of trust and security appropriate to the degree of risk.
8. By 18 September 2015, for the purpose of setting uniform conditions for the implementation of the requirement under paragraph 1, the Commission shall, subject to the criteria set out in paragraph 3 and taking into account the results of the cooperation between Member States, adopt implementing acts on the interoperability framework as set out in paragraph 4.
9. The implementing acts referred to in paragraphs 7 and 8 of this Article shall be adopted in accordance with the examination procedure referred to in Article 48(2).
CHAPTER III
TRUST SERVICES
SECTION 1
General provisions
Article 13
Liability and burden of proof
1. Without prejudice to paragraph 2, trust_service providers shall be liable for damage caused intentionally or negligently to any natural or legal person due to a failure to comply with the obligations under this Regulation.
The burden of proving intention or negligence of a non-qualified trust_service provider shall lie with the natural or legal person claiming the damage referred to in the first subparagraph.
The intention or negligence of a qualified trust_service provider shall be presumed unless that qualified trust_service provider proves that the damage referred to in the first subparagraph occurred without the intention or negligence of that qualified trust_service provider.
2. Where trust_service providers duly inform their customers in advance of the limitations on the use of the services they provide and where those limitations are recognisable to third parties, trust_service providers shall not be liable for damages arising from the use of services exceeding the indicated limitations.
3. paragraphs 1 and 2 shall be applied in accordance with national rules on liability.
Article 21
Initiation of a qualified trust_service
1. Where trust_service providers, without qualified status, intend to start providing qualified trust_services, they shall submit to the supervisory body a notification of their intention together with a conformity assessment report issued by a conformity_assessment_body.
2. The supervisory body shall verify whether the trust_service provider and the trust_services provided by it comply with the requirements laid down in this Regulation, and in particular, with the requirements for qualified trust_service providers and for the qualified trust_services they provide.
If the supervisory body concludes that the trust_service provider and the trust_services provided by it comply with the requirements referred to in the first subparagraph, the supervisory body shall grant qualified status to the trust_service provider and the trust_services it provides and inform the body referred to in Article 22(3) for the purposes of updating the trusted lists referred to in Article 22(1), not later than three months after notification in accordance with paragraph 1 of this Article.
If the verification is not concluded within three months of notification, the supervisory body shall inform the trust_service provider specifying the reasons for the delay and the period within which the verification is to be concluded.
3. Qualified trust_service providers may begin to provide the qualified trust_service after the qualified status has been indicated in the trusted lists referred to in Article 22(1).
4. The Commission may, by means of implementing acts, define the formats and procedures for the purpose of paragraphs 1 and 2. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).
Article 22
Trusted lists
1. Each Member State shall establish, maintain and publish trusted lists, including information related to the qualified trust_service providers for which it is responsible, together with information related to the qualified trust_services provided by them.
2. Member States shall establish, maintain and publish, in a secured manner, the electronically signed or sealed trusted lists referred to in paragraph 1 in a form suitable for automated processing.
3. Member States shall notify to the Commission, without undue delay, information on the body responsible for establishing, maintaining and publishing national trusted lists, and details of where such lists are published, the certificates used to sign or seal the trusted lists and any changes thereto.
4. The Commission shall make available to the public, through a secure channel, the information referred to in paragraph 3 in electronically signed or sealed form suitable for automated processing.
5. By 18 September 2015 the Commission shall, by means of implementing acts, specify the information referred to in paragraph 1 and define the technical specifications and formats for trusted lists applicable for the purposes of paragraphs 1 to 4. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).
Article 27
Electronic signatures in public services
1. If a Member State requires an advanced electronic_signature to use an online service offered by, or on behalf of, a public_sector_body, that Member State shall recognise advanced electronic_signatures, advanced electronic_signatures based on a qualified certificate for electronic_signatures, and qualified electronic_signatures in at least the formats or using methods defined in the implementing acts referred to in paragraph 5.
2. If a Member State requires an advanced electronic_signature based on a qualified certificate to use an online service offered by, or on behalf of, a public_sector_body, that Member State shall recognise advanced electronic_signatures based on a qualified certificate and qualified electronic_signatures in at least the formats or using methods defined in the implementing acts referred to in paragraph 5.
3. Member States shall not request for cross-border use in an online service offered by a public_sector_body an electronic_signature at a higher security level than the qualified electronic_signature.
4. The Commission may, by means of implementing acts, establish reference numbers of standards for advanced electronic_signatures. Compliance with the requirements for advanced electronic_signatures referred to in paragraphs 1 and 2 of this Article and in Article 26 shall be presumed when an advanced electronic_signature meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).
5. By 18 September 2015, and taking into account existing practices, standards and Union legal acts, the Commission shall, by means of implementing acts, define reference formats of advanced electronic_signatures or reference methods where alternative formats are used. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).
Article 37
Electronic seals in public services
1. If a Member State requires an advanced electronic_seal in order to use an online service offered by, or on behalf of, a public_sector_body, that Member State shall recognise advanced electronic_seals, advanced electronic_seals based on a qualified certificate for electronic_seals and qualified electronic_seals at least in the formats or using methods defined in the implementing acts referred to in paragraph 5.
2. If a Member State requires an advanced electronic_seal based on a qualified certificate in order to use an online service offered by, or on behalf of, a public_sector_body, that Member State shall recognise advanced electronic_seals based on a qualified certificate and qualified electronic_seal at least in the formats or using methods defined in the implementing acts referred to in paragraph 5.
3. Member States shall not request for the cross-border use in an online service offered by a public_sector_body an electronic_seal at a higher security level than the qualified electronic_seal.
4. The Commission may, by means of implementing acts, establish reference numbers of standards for advanced electronic_seals. Compliance with the requirements for advanced electronic_seals referred to in paragraphs 1 and 2 of this Article and Article 36 shall be presumed when an advanced electronic_seal meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).
5. By 18 September 2015, and taking into account existing practices, standards and legal acts of the Union, the Commission shall, by means of implementing acts, define reference formats of advanced electronic_seals or reference methods where alternative formats are used. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).
whereas