EIDAS 2014/0910 EN

1. Each Member State shall establish, maintain and publish trusted lists, including information related to the qualified trust_service providers for which it is responsible, together with information related to the qualified trust_services provided by them.

2. Member States shall establish, maintain and publish, in a secured manner, the electronically signed or sealed trusted lists referred to in paragraph 1 in a form suitable for automated processing.

3. Member States shall notify to the Commission, without undue delay, information on the body responsible for establishing, maintaining and publishing national trusted lists, and details of where such lists are published, the certificates used to sign or seal the trusted lists and any changes thereto.

4. The Commission shall make available to the public, through a secure channel, the information referred to in paragraph 3 in electronically signed or sealed form suitable for automated processing.

5. By 18 September 2015 the Commission shall, by means of implementing acts, specify the information referred to in paragraph 1 and define the technical specifications and formats for trusted lists applicable for the purposes of paragraphs 1 to 4. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).

Article 44

Requirements for qualified electronic_registered_delivery_services

1. Qualified electronic_registered_delivery_services shall meet the following requirements:

(a)	they are provided by one or more qualified trust_service provider(s);

(b)	they ensure with a high level of confidence the identification of the sender;

(c)	they ensure the identification of the addressee before the delivery of the data;

(d)	the sending and receiving of data is secured by an advanced electronic_signature or an advanced electronic_seal of a qualified trust_service provider in such a manner as to preclude the possibility of the data being changed undetectably;

(e)	any change of the data needed for the purpose of sending or receiving the data is clearly indicated to the sender and addressee of the data;

(f)	the date and time of sending, receiving and any change of data are indicated by a qualified electronic_time_stamp.

In the event of the data being transferred between two or more qualified trust_service providers, the requirements in points (a) to (f) shall apply to all the qualified trust_service providers.

2. The Commission may, by means of implementing acts, establish reference numbers of standards for processes for sending and receiving data. Compliance with the requirements laid down in paragraph 1 shall be presumed where the process for sending and receiving data meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).

SECTION 8

Website authentication

Article 51

Transitional measures

1. secure signature creation devices of which the conformity has been determined in accordance with Article 3(4) of Directive 1999/93/EC shall be considered as qualified electronic_signature creation devices under this Regulation.

2. Qualified certificates issued to natural persons under Directive 1999/93/EC shall be considered as qualified certificates for electronic_signatures under this Regulation until they expire.

3. A certification-service-provider issuing qualified certificates under Directive 1999/93/EC shall submit a conformity assessment report to the supervisory body as soon as possible but not later than 1 July 2017. Until the submission of such a conformity assessment report and the completion of its assessment by the supervisory body, that certification-service-provider shall be considered as qualified trust_service provider under this Regulation.

4. If a certification-service-provider issuing qualified certificates under Directive 1999/93/EC does not submit a conformity assessment report to the supervisory body within the time limit referred to in paragraph 3, that certification-service-provider shall not be considered as qualified trust_service provider under this Regulation from 2 July 2017.

whereas

(2) This Regulation seeks to enhance trust in electronic transactions in the internal market by providing a common foundation for secure electronic interaction between citizens, businesses and public authorities, thereby increasing the effectiveness of public and private online services, electronic business and electronic commerce in the Union.

- = -

(3) Directive 1999/93/EC of the European Parliament and of the Council (3), dealt with electronic_signatures without delivering a comprehensive cross-border and cross-sector framework for secure, trustworthy and easy-to-use electronic transactions.
This Regulation enhances and expands the acquis of that Directive.

- = -

(5) In its conclusions of 4 February 2011 and of 23 October 2011, the European Council invited the Commission to create a digital single market by 2015, to make rapid progress in key areas of the digital economy and to promote a fully integrated digital single market by facilitating the cross-border use of online services, with particular attention to facilitating secure electronic_identification and authentication.

- = -

(12) One of the objectives of this Regulation is to remove existing barriers to the cross-border use of electronic_identification means used in the Member States to authenticate, for at least public services.
This Regulation does not aim to intervene with regard to electronic identity management systems and related infrastructures established in Member States.
The aim of this Regulation is to ensure that for access to cross-border online services offered by Member States, secure electronic_identification and authentication is possible.

- = -

(52) The creation of remote electronic_signatures, where the electronic_signature creation environment is managed by a trust_service provider on behalf of the signatory, is set to increase in the light of its multiple economic benefits.
However, in order to ensure that such electronic_signatures receive the same legal recognition as electronic_signatures created in an entirely user-managed environment, remote electronic_signature service providers should apply specific management and administrative security procedures and use trustworthy systems and products, including secure electronic communication channels, in order to guarantee that the electronic_signature creation environment is reliable and is used under the sole control of the signatory.
Where a qualified electronic_signature has been created using a remote electronic_signature creation device, the requirements applicable to qualified trust_service providers set out in this Regulation should apply.

- = -

(74) To ensure legal certainty for market operators already using qualified certificates issued to natural persons in compliance with Directive 1999/93/EC, it is necessary to provide for a sufficient period of time for transitional purposes.
Similarly, transitional measures should be established for secure signature creation devices, the conformity of which has been determined in accordance with Directive 1999/93/EC, as well as for certification service providers issuing qualified certificates before 1 July 2016.
Finally, it is also necessary to provide the Commission with the means to adopt the implementing acts and delegated acts before that date.

- = -

keyboard_tab EIDAS 2014/0910 EN

EIDAS 2014/0910 EN