COURTESY TRANSLATION
|
|
- Rolf Moody
- 8 years ago
- Views:
Transcription
1 PREMIER MINISTRE Secrétariat général de la défense nationale Paris, 7 April /SGDN/DCSSI/SDR Reference : SIG/P/01.1 Direction centrale de la sécurité des systèmes d information PROCEDURE CERTIFICATION OF THE CONFORMITY OF ELECTRONIC SIGNATURE CREATION DEVICES Subject : Certification of the conformity of electronic signature creation devices Application : From 7 April 2003 Circulation : Public COURTESY TRANSLATION 51 boulevard de La Tour-Maubourg PARIS 07 SP
2 Modifications Version Date Modifications 1 7/04/2003 In the light of the opinion issued by the Management Board 2/2 SIG/P/01.1
3 TABLE OF CONTENTS 1. PURPOSE OF THE PROCEDURE CONTEXT Legal context The Two Levels for Electronic Signatures The Simple Electronic Signature The Presumed Reliable Electronic Signature The European Context PROCEDURE FOR AWARDING A CERTIFICATE OF CONFORMITY Requirements Concerning the Secure Electronic Signature Creation Device Insertion in the French Certification Scheme Format of the Certificate of Conformity Conditions for Awarding a Certificate of Conformity Organisms Awarding the Certificate of Conformity Validity of the Certificate of Conformity DCSSI S RECOMMENDATIONS Recommendations Concerning Protection Profiles Recommendation Concerning Cryptographic Algorithms Requirements Concerning Other Protection Profiles or Security Targets Use of Other Certification Standards... 7 APPENDIX A TABLE SHOWING RECOMMENDED PROTECTION PROFILES... 8 APPENDIX B ABBREVIATIONS... 9 APPENDIX C REFERENCES SIG/P/01.1 3/3
4 1. Purpose of the Procedure This procedure defines the procedure for awarding a certificate of conformity to the requirements of article 3.I of French decree no of 30 March 2001, relating to electronic signatures, for secure electronic signature creation devices. 2. Context 2.1. Legal context The European directive of 13 December 1999 on a European framework for electronic signatures was transposed by French law no of 13 March 2000 and application decree no of 30 March French law no defines two levels of electronic signature processes recognised by the law, presented in paragraph 2.2 : simple electronic signatures, presumed reliable electronic signatures. French decree no states the conditions required for an electronic signature to be presumed reliable. One of these conditions is that the secure signature creation device (SSCD) be certified as conforming to the requirements laid down in appendix III of the European Directive and reiterated in art. 3.I of decree no The Two Levels for Electronic Signatures The Simple Electronic Signature Article 4 of French law no of 13 March 2000 defines an electronic signature in the following terms (courtesy translation): If it [the signature] is electronic, it consists in using a reliable means of identification guaranteeing its link with the action to which it is attached. At this level, the electronic signature process is not presumed reliable but the text thus signed in electronic form may not be refused as evidence in court if the process makes it possible to identify the signatory and guarantee the link with the action signed. In the event of a dispute, it is up to the signatory to prove the reliability of the electronic signature process used The Presumed Reliable Electronic Signature Article 4 of French law no of 13 March 2000 specifies that the burden of proof may be inversed in the event of a dispute under certain conditions defined by decree (courtesy translation): This process is presumed reliable, until proven to the contrary, if the electronic signature is created, the identity of the signatory assured and the integrity of the action guaranteed, under terms fixed by order with obligatory consultation of the Council of State. Article 2 of the French decree of 30 March 2001 defines the conditions under which the electronic signature process is considered reliable: the electronic signature is secure, the signature creation device used to establish the electronic signature is secure, verification of the electronic signature is based on use of a qualified electronic certificate. This procedure shall only address the condition stated in the second point. In order for a signature creation device to be recognised as secure, it must fulfil a certain number of requirements described in art. 3.I of decree no (cf. 3.1) and be certified as conforming to these requirements. The purpose of this document is to describe the procedure by which the DCSSI awards certificates of conformity. 4/4 SIG/P/01.1
5 2.3. The European Context The DCSSI bases its work on that of the EESSI (European Electronic Signature Standardization Initiative), a European standardization initiative launched by the European Commission following European Directive 1999/93/EC. The EESSI has produced several documents, some of which have been applied by the DCSSI. In accordance with Directive 1999/93/EC, the European Commission should have published standards in the Official Journal of the European Union, after consultation of the Committee created in article 9 of the directive and composed of Member State representatives. Devices certified as conforming to these standards will be presumed to conform to the requirements the directive. The European Commission has to date not, however, published any decision on this subject. In accordance with article 3.II.2 of decree no (transposition of article 3.4 of the European directive), this certificate of conformity is recognised in each Member State. 3. Procedure for Awarding a Certificate of Conformity 3.1. Requirements Concerning the Secure Electronic Signature Creation Device Article 3.I of French decree no lays down the requirements that the secure electronic signature creation device must fulfil (courtesy translation): A secure electronic signature creation device must: 1. Guarantee via technical means and appropriate procedures that the electronic signature creation data: a. Cannot be established more that once and that its confidentiality is ensured; b. Cannot be discovered by deduction and that the electronic signature is protected against any forgery; c. Can be adequately protected by the signatory against any use by a third party. 2. Not entail any alteration of the content to be signed or prevent the signatory from having full knowledge thereof before signing. The requirements listed above shall hereinafter be referred to as the requirements of the decree. The SSCD shall be considered as consisting of the module making it possible to create the electronic signature creation and verification data and generate the electronic signature. We therefore exclude from the scope of the SSCD the application piloting the afore-mentioned module, the operating system on which the application is installed as well as all devices found in the SSCD s environment. On the other hand, the transmission channel between the SSCD and the electronic signature application must be secure, i.e. the integrity of the data to sign transmitted by the application to the SSCD must be protected, unless the SSCD is in a protected environment (with the service provider s premises). This requirement is only verified during the evaluation of the SSCD if the latter is to be used in an open environment (with the final user) Insertion in the French Certification Scheme In the framework of French decree no , the evaluation of the device must take place in a DCSSIlicensed evaluation facility. These evaluation facilities conduct evaluations following standardised criteria: either the ITSEC (used less and less) or the ISO/IEC standard (also called Common Criteria (CC)). The evaluation ensures that a product conforms to a security target, which itself may conform to a protection profile. The evaluation is conducted prior to the awarding of a certificate of conformity to the decree and must be based on a security target which covers fully the requirements of the decree and which offers an acceptable level of assurance according to the chosen environment Format of the Certificate of Conformity The certificate of conformity awarded by the DCSSI is in the form of a separate document in addition to the CC or ITSEC certificate awarded for the product itself. SIG/P/01.1 5/5
6 The certificate of conformity mentions the functions for which it is awarded and the certification report relating to the CC or ITSEC certification on which it is based. If the sponsor only has part of the device evaluated (electronic signature creation data generation function or electronic signature creation function), it will be awarded a certificate mentioning the function covered by the device. The device must be used with another device that has also obtained a certificate of conformity mentioning the other, complementary function Conditions for Awarding a Certificate of Conformity The evaluation of the module may give rise to two scenarios: The security target, drawn up by the evaluation sponsor, conforms to one of the protection profiles recommended by the DCSSI. In this case, the security target is presumed to conform to the requirements of the decree, and the certificate of conformity may be attributed after the evaluation and certification of the device based on this security target; The sponsor may propose a security target which does not conform to one of the protection profiles recommended by the DCSSI. In this case, it must prove that the target fulfils the requirements of decree no The DCSSI awards the conformity certificate if this proof is supplied and if the device is certified based on this security target. In addition, the certificate of conformity to the decree is only awarded after the DCSSI accepts the algorithms used. Cryptographic analysis is obligatory and is carried out by the DCSSI according to an application note on cryptology for the scheme. If the device has been awarded a CC or ITSEC certificate by another country, the DCSSI reserves the right to conduct an analysis of the algorithms used before awarding the certificate of conformity to decree no Organisms Awarding the Certificate of Conformity Article 3.II of French decree no specifies the terms according to which the electronic signature creation device is certified as conforming to the requirements of the decree, as follows (courtesy translation): A secure electronic signature creation device must be certified as conforming to the requirements defined in I: 1. Either by the Prime Minister, under the terms set forth in decree no of 18 April 2002 relating to evaluation and certification of security provided by information technology products and systems. The awarding of the certificate of conformity is made public. 2. Or by a body appointed to this effect by an EC Member State. Decree no appoints the DCSSI to this effect Validity of the Certificate of Conformity The certificate of conformity to the decree is linked to the CC or ITSEC certificate. However, the state of the art with regard to attacks, for which the CC or ITSEC certificate is awarded, can evolve very quickly. As a result of this, the CC or ITSEC certificate, on the basis of which the certificate of conformity is awarded, must be subject to a monitoring process which is defined in a procedure under the certification scheme. The DCSSI can, therefore, at any time demand an additional evaluation of the device if it considers that the state of the art has significantly changed. The certificate of conformity is revoked in the event of a failure in the monitoring process or of any fact brought to the attention of the DCSSI calling into question the module s conformance to the requirements laid down by the decree. 6/6 SIG/P/01.1
7 4. DCSSI s Recommendations 4.1. Recommendations Concerning Protection Profiles The DCSSI recommends protection profiles, set forth in the table in Appendix A, taking into account the environment in which the target is used and the functions for which they have been written. There are two types of environment: The environment of the final user, The environment of the certification service provider (CSP). On the other hand, a complete secure electronic signature creation device must ensure at least the following functions: Generation of electronic signature creation data (security key) and verification data (public key), Electronic signature creation data. Each of these functions can be executed by a separate module and give rise to a certificate of conformity (cf. 3.3) Recommendation Concerning Cryptographic Algorithms The DCSSI encourages using the document produced by the EESSI on algorithms recommended for electronic signatures entitled Algorithms and Parameters for Secure Electronic Signatures. This guide: Lists existing acceptable algorithms for electronic signatures and the minimum size of keys to use for these algorithms, States the length of validity of the recommended algorithms. For each request for a certificate of conformity to the decree, the DCSSI demands a cryptographic analysis (cf 3.4), which must attain level high Requirements Concerning Other Protection Profiles or Security Targets In the event that the sponsor proposes a target which does not conform to one of the protection profiles recommended by the DCSSI, the proposed security target must observe the following minimum requirements: The security objectives of the target must cover the requirements laid down by the decree; The assurance requirements of the security target must correspond to level EAL 4+. Depending on the environment of the SSCD under evaluation, Level EAL 4 must be supplemented by at least: In an open environment: AVA_MSU.3, AVA_VLA.4, In a protected environment: ADV_IMP.2, AVA_CCA.1, AVA_VLA.4. For an evaluation according to the ITSEC, the assurance level must be E3 high and the assurance components required must be examined on a case-by-case basis through cooperation between the evaluation sponsor and the DCSSI Use of Other Certification Standards If the device concerned has already been certified according to a standard other than the ITSEC or the CC, the DCSSI examines the additional evaluations needed in order to award the certificate of conformity on a case-by-case basis, and the sponsor must supply the DCSSI with all documents necessary in order to carry out this examination, such as the evaluation report. The DCSSI examines situations not covered by this procedure on a case-by-case basis. On the other hand, any dispute or disagreement concerning the awarding of the certificate of conformity to the decree shall be brought to the attention of the certification management board. SIG/P/01.1 7/7
8 Appendix A Table Showing Recommended Protection Profiles Protection profile used PP SSCD type1 Secure Signature Creation Device type1 PP SSCD type2 Secure Signature Creation Device type2 PP SSCD type3 Secure Signature Creation Device type3 PP MCSO Cryptographic Module for CSP Key Generation Services PP CMCKG Crytographic Module for CSP Key Generation Services EESSI standard no. CWA Appendix A CWA Appendix B CWA Appendix C CWA CWA (pending) Environment concerned Electronic signature creation and verification data generation function (1) Electronic signature creation function (2) Conformance to French decree no (art. 3.I) User Yes No Conformance for the function (1) User No Yes Conformance for the function (2) User Yes Yes Conformance Certification service provider Certification service provider Yes Yes Conformance Yes No Conformance for the function (1) 8/8 SIG/P/01.1
9 Appendix B CC CEM CMCKG COFRAC DCSSI IT ITSEC ITSEM MCSO PSC / CSP SSCD Abbreviations Common Criteria Common Evaluation Methodology Cryptographic Module for CSP Key Generation Services Comité Français d Accréditation / French accreditation board Direction Centrale de la Sécurité des Systèmes d Information / Central Directorate for Information Systems Security Instruction Technique / Technical Instruction Information Technology Security Evaluation Criteria Information Technology Security Evaluation Methodology Module for CSP Signing Operation Prestataire de Service de Certification / Certification Service Provider Secure Signature Creation Device / Dispositif sécurisé de création de signature SIG/P/01.1 9/9
10 Appendix C References Directive 1999/93/CE of the European Parliament and Council of 13 December 1999 on a Community framework for electronic signatures. French law of 13 March 2000 Defining the adaptation of the law of proof to information technologies and relating to electronic signatures. French decree of 30 March 2001 Enacted to implement article of the French Civil Code relating to electronic signatures, modified by article 20 of decree French decree of 18 April 2002 Relating to evaluation and certification of security provided by information technology products and systems. CWA CWA CWA ITSEC ISO/IEC European Committee for Standardization CEN/ISS : Security Requirements of Secure Signature Creation Devices (SSCD) SSCD-PP European Committee for Standardization CEN/ISS : Security Requirements of Cryptographic Module for CSP Signing Operations MCSO-PP European Committee for Standardization CEN/ISS : Security Requirements of Cryptographic Module for CSP Key Generation Services CMCKG-PP Information technology security evaluation criteria (ITSEC), version 1.2, June Information technology Security techniques Evaluation criteria for IT security : ISO/IEC :1999(E) : Part 1 : Introduction and general model ; ISO/IEC :1999(E) : Part 2 : Security functional requirements ; ISO/IEC :1999(E) : Part 3 : Security assurance requirements. CC Common Criteria for Information Technology Security Evaluation : Part 1 : Introduction and general model, version 2.1, August 1999 ; Part 2 : Security functional requirements, version 2.1, August 1999 ; Part 3 : Security assurance requirements, version 2.1, August /10 SIG/P/01.1
Courtesy Translation
Direction centrale de la sécurité des systèmes d information Protection Profile Electronic Signature Creation Application Date : July 17th, 2008 Reference : Version : 1.6 Courtesy Translation Courtesy
More informationQualified Electronic Signatures Act (SFS 2000:832)
Qualified Electronic Signatures Act (SFS 2000:832) The following is hereby enacted 1 Introductory provision 1 The purpose of this Act is to facilitate the use of electronic signatures, through provisions
More informationMerchants and Trade - Act No 28/2001 on electronic signatures
This is an official translation. The original Icelandic text published in the Law Gazette is the authoritative text. Merchants and Trade - Act No 28/2001 on electronic signatures Chapter I Objectives and
More informationRubrica legale - ICT Security Maggio 2004 Autore: Daniela Rocca (SG&A) Gianluca Ramunno (Politecnico di Torino)
ubrica legale - ICT Security Maggio 2004 The standardisation effort in CEN/SSS E-Sign workshop In 1999 the European Commission launched the EESSI (Euroepan Electronic Signature Standardisation Initiative)
More information2002 No. 318 ELECTRONIC COMMUNICATIONS. The Electronic Signatures Regulations 2002
STATUTORY INSTRUMENTS 2002 No. 318 ELECTRONIC COMMUNICATIONS The Electronic Signatures Regulations 2002 Made - - - - - 13th February 2002 Laid before Parliament 14th February 2002 Coming into force - -
More informationIn accordance with article 11 of the Law on Electronic Signature (Official Gazette of the Republic of Serbia No. 135/04), REGULATION
In accordance with article 11 of the Law on Electronic Signature (Official Gazette of the Republic of Serbia No. 135/04), the Minister of Telecommunications and Information Society hereby promulgates REGULATION
More informationCERTIMETIERSARTISANAT and C@RTEUROPE ELECTRONIC SIGNATURE SERVICE SUBSCRIPTION CONTRACT SPECIFIC TERMS AND CONDITIONS
CERTIMETIERSARTISANAT and C@RTEUROPE ELECTRONIC SIGNATURE SERVICE SUBSCRIPTION CONTRACT SPECIFIC TERMS AND CONDITIONS Please fill in the form using BLOCK CAPITALS. All fields are mandatory. 1 1. SUBSCRIBER
More informationElectronic Documents Law
Disclaimer: The English language text below is provided by the Translation and Terminology Centre for information only; it confers no rights and imposes no obligations separate from those conferred or
More informationELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION
ELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION This can be a complex subject and the following text offers a brief introduction to Electronic Signatures, followed by more background on the Register of
More informationETSI TS 102 640-3 V1.1.1 (2008-10) Technical Specification
TS 102 640-3 V1.1.1 (2008-10) Technical Specification Electronic Signatures and Infrastructures (ESI); Registered Electronic Mail (REM); Architecture, Formats and Policies; Part 3: Information Security
More informationElectronic Commerce ELECTRONIC COMMERCE ACT 2001. Act. No. 2001-07 Commencement LN. 2001/013 22.3.2001 Assent 14.3.2001
ELECTRONIC COMMERCE ACT 2001 Principal Act Act. No. Commencement LN. 2001/013 22.3.2001 Assent 14.3.2001 Amending enactments Relevant current provisions Commencement date 2001/018 Corrigendum 22.3.2001
More informationDECREE 132 of the National Security Authority. dated from 26 March 2009
DECREE 132 of the National Security Authority dated from 26 March 2009 on the conditions for providing accredited certification services and requirements for an audit, the extent of an audit and the qualification
More informationCourtesy Translation
PREMIER MINISTRE Secretariat General for National Defence French Network and Information Security Agency Certification Report ANSSI-CC-2010/15 OmniPCX Enterprise solution : OmniPCX Enterprise (release
More informationFederal law on certification services in the area of the electronic signature
Law on the electronic signature 94.0 Notice This English translation has no official character. The only authentic texts are the German, French and Italian versions published in the Official Compendium
More informationELECTRONIC SIGNATURES AND ACTS IN ELECTRONIC TOOLS USED IN PUBLIC PROCUREMENT MICHAELA POREMSKÁ *
M. Poremská: Electronic Signatures and Acts in Public Procurement 147 ELECTRONIC SIGNATURES AND ACTS IN ELECTRONIC TOOLS USED IN PUBLIC PROCUREMENT by MICHAELA POREMSKÁ * The contribution analyses a specific
More informationETSI TS 101 456 V1.4.3 (2007-05)
TS 101 456 V1.4.3 (2007-05) Technical Specification Electronic Signatures and Infrastructures (ESI); Policy requirements for certification authorities issuing qualified certificates 2 TS 101 456 V1.4.3
More informationBSI-PP-0004-2002. for. Protection Profile Secure Signature-Creation Device Type 1, Version 1.05. developed by
BSI-PP-0004-2002 for Protection Profile Secure Signature-Creation Device Type 1, Version 1.05 developed by CEN/ISSS Information Society Standardization System, Workshop on Electronic Signatures - Bundesamt
More informationProtection Profile Secure Signature-Creation Device Type 3
Protection Profile Secure Signature-Creation Device Type 3 Version: 1.05, EAL 4+ Wednesday, 25 July 2001 Prepared By: ESIGN Workshop - Expert Group F Prepared For: CEN/ISSS Note: This Protection Profile
More information4. Laying of orders and regulations before Houses of Oireachtas.
Number 27 of 2000 ELECTRONIC COMMERCE ACT, 2000 ARRANGEMENT OF SECTIONS PART 1 Preliminary and General Section 1. Short title and commencement. 2. Interpretation. 3. Regulations. 4. Laying of orders and
More informationQualified mobile electronic signatures: Possible, but worth a try?
Qualified mobile electronic signatures: Possible, but worth a try? Lothar Fritsch 1, Johannes Ranke 2, Heiko Rossnagel 1 Interest level of audience: 3 - for application developers (interested in IT security)
More informationCOMMISSION OF THE EUROPEAN COMMUNITIES
EN EN EN COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, 28.11.2008 COM(2008) 798 final COMMUNICATION FROM THE COMMISSION TO THE COUNCIL, THE EUROPEAN PARLIAMENT, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE
More informationACT. of 15 March 2002
215 ACT of 15 March 2002 on electronic signature and on the amendment and supplementing of certain acts as amended by Act No. 679/2004 Coll., Act No. 25/2006 Coll., Act No. 275/2006 Coll., Act No. 214/2008
More informationProtection Profiles for TSP cryptographic modules Part 1: Overview
Date: 2015-08 prts 419221-1:2015 Protection Profiles for TSP cryptographic modules Part 1: Overview Document type: Technical Specification Document language: E Contents Introduction...3 1 Scope...4 2 References...4
More informationTTP.NL Guidance ETSI TS 101 456
ECP.NL TTP.NL on ETSI TS 101 456 Project TTP.NL on ETSI TS 101 456 30 May 2002 ECP.NL, CCvD-TTP.NL TTP.NL on ETSI TS 101 456 Table of Contents Table of Contents... 2 Foreword... 3 1 Scope... 4 2 References...
More informationELECTRONIC SIGNATURE LAW
ELECTRONIC SIGNATURE LAW (Published in the Official Gazette ref 25355, 2004-01-23) SECTION ONE Purpose, Scope and Definitions Purpose Article 1 The purpose of this Law is to define the principles for the
More informationUKAS Guidance for bodies operating certification of Trust Service Providers seeking approval under tscheme
CIS 3 EDITION 2 February 2014 UKAS Guidance for bodies operating certification of Trust Service Providers seeking approval under tscheme CONTENTS SECTION PAGE 1 Introduction 2 2 Requirements for Certification
More informationETSI TS 102 640-3 V2.1.1 (2010-01) Technical Specification
TS 102 640-3 V2.1.1 (2010-01) Technical Specification Electronic Signatures and Infrastructures (ESI); Registered Electronic Mail (REM); Part 3: Information Security Policy Requirements for REM Management
More informationMutual Recognition Agreement of Information Technology Security Evaluation Certificates
Final Version January 8 th, 2010 Mutual Recognition Agreement of Information Technology Security Evaluation Certificates VERSION 3.0 MANAGEMENT COMMITTEE January 2010 This document supersedes the document
More informationThe Global Standard for Digital Transaction Management. Legal Aspects
The Global Standard for Digital Transaction Management Legal Aspects V.10.0.2014 Definition of electronic signature. According to the Law 59/2003 on Electronic Signatures, it defines an electronic signature
More informationINDEPENDENT AUDIT REPORT BASED ON THE REQUIREMENTS OF ETSI TS 101 456. Aristotle University of Thessaloniki PKI (www.pki.auth.gr) WHOM IT MAY CONCERN
Title INDEPENDENT AUDIT REPORT BASED ON THE REQUIREMENTS OF ETSI TS 101 456 Customer Aristotle University of Thessaloniki PKI (www.pki.auth.gr) To WHOM IT MAY CONCERN Date 18 March 2011 Independent Audit
More informationICCS Convention No. 28 Only the French original is authentic
ICCS Convention No. 28 Convention on the issue of a certificate of nationality adopted at an Extraordinary General Assembly in Strasbourg on 25 March 1999 signed at Lisbon on 14 September 1999 The signatory
More informationThe public official, an implicit model for the certification of private documents
The electronic legal document and the French Commercial Court Registrars, public and ministerial officials Pascal Beder Greffier associé du tribunal de commerce de Paris/Associate Registrar of the Commercial
More informationSSLPost Electronic Document Signing
SSLPost Electronic Document Signing Overview What is a Qualifying Advanced Electronic Signature (QAES)? A Qualifying Advanced Electronic Signature, is a specific type of digital electronic signature, that
More informationLaw Governing Framework Conditions for Electronic Signatures and Amending Other Regulations
Law Governing Framework Conditions for Electronic Signatures and Amending Other Regulations inofficial version for industry consultation for official German text please refer to the Official Journal (Bundesgesetzblatt
More informationREPUBLIC OF LITHUANIA. LAW ON ELECTRONIC SIGNATURE
REPUBLIC OF LITHUANIA. LAW ON ELECTRONIC SIGNATURE CHAPTER I. GENERAL PROVISIONS... 1 ARTICLE 1. Purpose of the Law... 1 ARTICLE 2. Basic Definitions of this Law... 2 CHAPTER II. SIGNATURE CREATION, VERIFICATION,
More informationSUPPLEMENTARY INTERNAL RULES IMPLEMENTING REGULATION (EC) N 45/2001 IN RELATION TO THE DATA PROTECTION OFFICER
SUPPLEMENTARY INTERNAL RULES IMPLEMENTING REGULATION (EC) N 45/2001 IN RELATION TO THE DATA PROTECTION OFFICER 10 September 2009 page 1 / 8 SUPPLEMENTARY INTERNAL RULES IMPLEMENTING REGULATION (EC) N 45/2001
More informationand the President has proclaimed the following Law:
Unofficial translation The Saeima 1 has adopted and the President has proclaimed the following Law: THE INSURANCE CONTRACT LAW Chapter I GENERAL PROVISIONS Article 1. Definitions 1) sum insured - the amount
More informationCROATIAN PARLIAMENT 242
Important Disclaimer The English language text below has been provided by the Translation Centre of the Ministry for European Integration for information only; it confers no rights and imposes no obligations
More informationGRTGAZ NETWORK TRANSMISSION CONTRACT
Page 1 of 9 GRTGAZ NETWORK TRANSMISSION CONTRACT APPENDIX A3 STANDARD EVIDENCE AGREEMENT English translation for information. Disclaimer The present translation is not binding and is provided by GRTgaz
More informationLAW FOR THE ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE
LAW FOR THE ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE Prom. SG. 34/6 Apr 2001, amend. SG. 112/29 Dec 2001, amend. SG. 30/11 Apr 2006, amend. SG. 34/25 Apr 2006, amend. SG. 38/11 May 2007, amend. SG.
More informationLAW. ON ELECTRONIC SIGNATURE (Official Gazette of the Republic of Montenegro 55/03 and 31/05)
LAW ON ELECTRONIC SIGNATURE (Official Gazette of the Republic of Montenegro 55/03 and 31/05) I GENERAL PROVISIONS Article 1 This Law shall regulate the use of electronic signature in legal transactions,
More informationJoint Interpretation Library. Security Evaluation and Certification of Digital Tachographs
Joint Interpretation Library Security Evaluation and Certification of Digital Tachographs JIL interpretation of the Security Certification according to Commission Regulation (EC) 1360/2002, Annex 1B Version
More informationGuidelines for the use of electronic signature
Republic of Albania National Authority for Electronic Certification Guidelines for the use of electronic signature Guide Nr. 001 September 2011 Version 1.3 Guidelines for the use of electronic signature
More information2014-03-17 OBJECTS AND REASONS
2014-03-17 OBJECTS AND REASONS This Bill would amend the Electronic Transactions Act, Cap. 308B to make provision for the improvement of the administration of the Act. 2 Arrangement of Sections 1. 2. 3.
More informationPublic Audit (Wales) Act 2004
Public Audit (Wales) Act 2004 CHAPTER 23 CONTENTS PART 1 AUDITOR GENERAL FOR WALES New functions of the Auditor General for Wales 1 Transfer of functions of Assembly 2 Additional functions of Auditor General
More informationETSI TS 102 042: Electronic Signatures and Infrastructures (ESI): Policy
Abbreviations AIS BGBl BNetzA BSI CC CEM CSP DAR DATech DIN EAL ETR ETSI ISO IT ITSEC ITSEF ITSEM JIL PP SF SigG SigV SOF Anwendungshinweise und Interpretationen zum Schema [Guidance and Interpretations
More informationTHE LAW OF THE REPUBLIC OF ARMENIA ON ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE CHAPTER 1. GENERAL PROVISIONS. Article 1. The subject of the Law
THE LAW OF THE REPUBLIC OF ARMENIA ON ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE CHAPTER 1. GENERAL PROVISIONS Article 1. The subject of the Law 1. This Law regulates relations linked to application
More informationELECTRONIC COMMERCE AND ELECTRONIC SIGNATURE ACT (ZEPEP-UPB1) (Official consolidated text)
ELECTRONIC COMMERCE AND ELECTRONIC SIGNATURE ACT (ZEPEP-UPB1) (Official consolidated text) On basis of article 153 of the National Assembly of Slovenia Rules of Procedure the National Assembly of the Republic
More informationLand Registry. Version 4.0 10/09/2009. Certificate Policy
Land Registry Version 4.0 10/09/2009 Certificate Policy Contents 1 Background 5 2 Scope 6 3 References 6 4 Definitions 7 5 General approach policy and contract responsibilities 9 5.1 Background 9 5.2
More informationDIRECTIVE 2014/32/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
29.3.2014 Official Journal of the European Union L 96/149 DIRECTIVE 2014/32/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 26 February 2014 on the harmonisation of the laws of the Member States relating
More informationOfficial Journal of the European Union. (Acts whose publication is obligatory)
27.12.2006 L 378/1 I (Acts whose publication is obligatory) REGULATION (EC) No 1901/2006 OF THE EUROPEAN PARLIAMT AND OF THE COUNCIL of 12 December 2006 on medicinal products for paediatric use and amending
More informationCHAPTER 1. 1. Verification of non-existence of the grounds for exclusion. Article 1
Government Decree 310/2011 (23 December) on the way of certification of suitability and verification of the non-existence of the grounds for exclusion as well as the definition of public procurement technical
More informationUpdate Update on the Spanish Evaluation and Certification Scheme
Spanish Certification Body Update Update on the Spanish Evaluation and Certification Scheme Head of the Certification Body September 2008 Contents Intro to the CCN & the SP Scheme SP CB Status in CCRA
More informationLAW FOR THE ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE. Chapter two. ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE
LAW FOR THE ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE Prom. SG. 34/6 Apr 2001, amend. SG. 112/29 Dec 2001, amend. SG. 30/11 Apr 2006, amend. SG. 34/25 Apr 2006, amend. SG. 38/11 May 2007 Chapter one.
More informationHaving regard to the Treaty on the Functioning of the European Union, and in particular Article 114 thereof,
28.8.2014 Official Journal of the European Union L 257/73 REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 July 2014 on electronic identification and trust services for electronic
More informationFREE SOFTWARE LICENSING AGREEMENT CeCILL
FREE SOFTWARE LICENSING AGREEMENT CeCILL Notice This Agreement is a free software license that is the result of discussions between its authors in order to ensure compliance with the two main principles
More informationGeneral Requirements for Accreditation of ASNITE. Testing Laboratories of Information Technology. (The 12th Edition) November 1, 2014
TIRP21 General Requirements for Accreditation of ASNITE Testing Laboratories of Information Technology 1/43 (Tentative Translation) Accreditation - Department - TIRP21 ASNITE Test IT Publication Document
More informationELECTRONIC SIGNATURE LAW. (Published in the Official Journal No 25355, 2004-01-23) CHAPTER ONE Purpose, Scope and Definitions
ELECTRONIC SIGNATURE LAW Purpose (Published in the Official Journal No 25355, 2004-01-23) CHAPTER ONE Purpose, Scope and Definitions Article 1 The purpose of this Law is to regulate the legal and technical
More informationThe Mobile Phone Signature in edemocracy and egovernment Applications. Gregor.eibl@bka.gv.at
The Mobile Phone Signature in edemocracy and egovernment Applications Gregor.eibl@bka.gv.at Characteristics of the Citizen Card ( 4 Abs. 1 E-GovG) unique identity authenticity Citizen Card = before authenfication:
More informationMOBILE SECURITY. Enabling Mobile Qualified Signatures with Certification On Demand. Heiko Rossnagel. Abstract. Introduction
Enabling Mobile Qualified Signatures with Certification On Demand Heiko Rossnagel Abstract Despite a legal framework being in place for several years, the market share of qualified electronic signatures
More informationDeveloping a new Protection Profile for (U)SIM UICC platforms. ICCC 2008, Korea, Jiju Septembre 2008 JP.Wary/M.Eznack/C.Loiseaux/R.
Developing a new Protection Profile for (U)SIM UICC platforms ICCC 2008, Korea, Jiju Septembre 2008 JP.Wary/M.Eznack/C.Loiseaux/R.Presty Project Background A Protection Profile for (U)SIM Security Requirements
More informationDIRECTIVES. DIRECTIVE 2009/24/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 April 2009 on the legal protection of computer programs
L 111/16 Official Journal of the European Union 5.5.2009 DIRECTIVES DIRECTIVE 2009/24/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 April 2009 on the legal protection of computer programs (Codified
More informationPursuant to Convention No. 108 of the Council of Europe for the protection of persons with regard to the automated processing of personal data;
Decision No. 2011-316 dated 6 October 2011 adopting a standard for delivering privacy seals in audit procedures covering the protection of persons with regard to the processing of personal data The French
More informationof 28 September 2007 (Status as of 1 April 2010)
English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Ordinance on Data Protection Certification (DPCO) 235.13
More informationREGULATION (EEC) No 2309/93
REGULATION (EEC) No 2309/93 Council Regulation (EEC) No 2309/93 of 22 July 1993 laying down Community procedures for the authorization and supervision of medicinal products for human and veterinary use
More informationCCBE questionnaire on professional indemnity insurance for lawyers requesting registration under the Establishment directive (98/5/CE)
Représentant les avocats d Europe Representing Europe s lawyers CCBE questionnaire on professional indemnity insurance for lawyers requesting registration under the Establishment directive (98/5/CE) Introduction
More informationELECTRONIC TRANSACTIONS LAW N0 (85) OF 2001. Article (1)
We Abdallah II Ibn El Hussein, King of the Hashemite Kingdom of Jordan, after taking cognizance of Paragraph (l) of Article (94) of the Constitution and pursuant to the decision made by the Council of
More informationCeCILL FREE SOFTWARE LICENSE AGREEMENT
CeCILL FREE SOFTWARE LICENSE AGREEMENT Notice This Agreement is a Free Software license agreement that is the result of discussions between its authors in order to ensure compliance with the two main principles
More informationBill. Electronic Signatures 1)
Translation Note: The text has been amended in section 5(2) and is therefore identical to the final text of Act No. 417 of 31 May 2000. Only the Danish version of the text has legal validity. Bill No.
More informationOn Data Protection and the Detailed and Uniform Data Management Regulation
Rector s Directive No. 1/2013 On Data Protection and the Detailed and Uniform Data Management Regulation Budapest, 2013 Version effective as of 31 January 2013 Directives on Data Protection and the Uniform
More informationEstate Planning and the Provision of Electronic Certification Services
No. 248/71 (4) Regulation for the Provision of Electronic Signature Certification Services THE HELLENIC TELECOMMUNICATIONS & POST COMMISSION (EETT) Taking into account: a. Law No. 2867/2000 "Organization
More informationGuidelines on operational functioning of colleges
EIOPA-BoS-14/146 EN Guidelines on operational functioning of colleges EIOPA Westhafen Tower, Westhafenplatz 1-60327 Frankfurt Germany - Tel. + 49 69-951119-20; Fax. + 49 69-951119-19; email: info@eiopa.europa.eu
More informationStandard conditions of the Electricity Distribution Licence
Gas and Electricity Markets Authority ELECTRICITY ACT 1989 Standard conditions of the Electricity Distribution Licence Statutory Consultation: 29 April 2008 SECTION A: STANDARD CONDITIONS FOR ALL ELECTRICITY
More informationCode of Practice on Electronic Invoicing in the EU
CEN/WS einvoicing Phase 3 Date: 2011-11 CEN Workshop AgreementTC WI Secretariat: NEN Code of Practice on Electronic Invoicing in the EU Status: for public review (23 November 2011-23 January 2012) ICS:
More informationKorean National Protection Profile for Voice over IP Firewall V1.0 Certification Report
KECS-CR-16-36 Korean National Protection Profile for Voice over IP Firewall V1.0 Certification Report Certification No.: KECS-PP-0717-2016 2016. 6. 10 IT Security Certification Center History of Creation
More informationJOINT AGREEMENTS. - Cyclistes Professionnels Associés [Associated Professional Riders], hereinafter referred to as CPA,
(version on 01.01.2013) JOINT AGREEMENTS on the working conditions of riders hired by Professional Continental Teams and UCI ProTeams for the year of registration 2013 and the following. Signatories: -
More information2016 No. 696 ELECTRONIC COMMUNICATIONS. The Electronic Identification and Trust Services for Electronic Transactions Regulations 2016
S T A T U T O R Y I N S T R U M E N T S 2016 No. 696 ELECTRONIC COMMUNICATIONS The Electronic Identification and Trust Services for Electronic Transactions Regulations 2016 Made - - - - 30th June 2016
More informationThe Hague Convention on the Civil Aspects of International Child Abduction
The Hague Convention on the Civil Aspects of International Child Abduction The States signatory to the present Convention, Firmly convinced that the interests of children are of paramount importance in
More informationFSSC 22000-Q. Certification module for food quality in compliance with ISO 9001:2008. Quality module REQUIREMENTS
FSSC 22000-Q Certification module for food quality in compliance with ISO 9001:2008 Quality module REQUIREMENTS Foundation for Food Safety Certification Gorinchem, The Netherlands: 2015 Version Control
More informationTrenitalia S.p.A. REGULATIONS FOR ACCESSING THE PURCHASING PORTAL OF TRENITALIA
Trenitalia S.p.A. REGULATIONS FOR ACCESSING THE PURCHASING PORTAL OF TRENITALIA Piazza della Croce Rossa, 1-00161 Roma Trenitalia S.p.A. - Gruppo Ferrovie dello Stato Italiane Società con socio unico soggetta
More informationGuidelines Related To Electronic Communication And Use Of Secure E-mail Central Information Management Unit Office of the Prime Minister
Guidelines Related To Electronic Communication And Use Of Secure E-mail Central Information Management Unit Office of the Prime Minister Central Information Management Unit Office of the Prime Minister
More informationGOVERNMENT OF THE REPUBLIC OF SLOVENIA CENTRE FOR INFORMATICS ELECTRONIC COMMERCE AND ELECTRONIC SIGNATURE ACT
GOVERNMENT OF THE REPUBLIC OF SLOVENIA CENTRE FOR INFORMATICS ELECTRONIC COMMERCE AND ELECTRONIC SIGNATURE ACT LJUBLJANA, JUNE 2000 INTRODUCTION Marin Siliÿ The Act of the electronic commerce and electronic
More informationCertification Report - Firewall Protection Profile and Firewall Protection Profile Extended Package: NAT
Template: CSEC_mall_doc.dot, 7.0 Ärendetyp: 6 Diarienummer: 14FMV10188-21:1 Dokument ID CB-015 HEMLIG/ enligt Offentlighets- och sekretesslagen (2009:400) 2015-06-12 Country of origin: Sweden Försvarets
More informationThe newly adopted Luxembourg Law on electronic archiving. Luxembourg has taken a crucial step towards a paperless office.
The newly adopted Luxembourg Law on electronic archiving Luxembourg has taken a crucial step towards a paperless office. In July 2015, after two years of discussions, the Law relating to electronic archiving
More informationOrdinance on Specialised Waste Management Companies (Entsorgungsfachbetriebeverordnung - EfbV) *) of 10 September 1996
Ordinance on Specialised Waste Management Companies (Entsorgungsfachbetriebeverordnung - EfbV) *) of 10 September 1996 The Federal Government, having heard the parties concerned, and pursuant to Article
More informationPatent Cooperation Treaty (PCT)
(PCT) Done at Washington on June 19, 1970, amended on September 28, 1979, modified on February 3, 1984, and on October 3, 2001 Editor s Note: For details concerning amendments and modifications to the
More informationAGENDA ITEM 15-16 : ELECTRONIC SIGNATURE
SCREENING CHAPTER 10 Country Session: 13- Content Legislation Main Points of Turkish Electronic Signature Legislation Electronic Certificate Service Providers and Market Standardization Aspect of Electronic
More informationSecure Signature Creation Device Protect & Sign Personal Signature, version 4.1
Zentrum für sichere Informationstechnologie Austria Secure Information Technology Center Austria A-1030 Wien, Seidlgasse 22 / 9 Tel.: (+43 1) 503 19 63 0 Fax: (+43 1) 503 19 63 66 A-8010 Graz, Inffeldgasse
More informationon Electronic Signature and change to some other laws (Electronic Signature Act) The Parliament has hereby agreed on this Act of the Czech Republic:
227/2000 Coll. ACT of 29 th June 2000 on Electronic Signature and change to some other laws (Electronic Signature Act) Amendment: 226/2002 Coll. Amendment: 517/2002 Coll. Amendment :440/2004 Coll. Amendment:
More informationThe E-mail Charter Code governing the traceability of e-mail addresses used for the direct or indirect collection of data
Code governing the traceability of e-mail addresses used for the direct or Foreword This «E-mails Collection» charter has been designed and drafted by members of the Collectif des Plateformes d Affiliation
More informationETSI TS 102 640-3 V2.1.2 (2011-09)
TS 102 640-3 V2.1.2 (2011-09) Technical Specification Electronic Signatures and Infrastructures (ESI); Registered Electronic Mail (REM); Part 3: Information Security Policy Requirements for REM Management
More information1 L.R.O. 2001 Electronic Transactions CAP. 308B ELECTRONIC TRANSACTIONS
1 L.R.O. 2001 Electronic Transactions CAP. 308B CHAPTER 308B ELECTRONIC TRANSACTIONS ARRANGEMENT OF SECTIONS SECTION PART I Preliminary 1. Short title. 2. Interpretation. 3. Non-application of Parts II
More informationSmart Open Services for European Patients Open ehealth initiative for a European large scale pilot of patient summary and electronic prescription
Smart Open Services for European Patients Open ehealth initiative for a European large scale pilot of patient summary and electronic prescription Deliverable: Work Package Document WP3.7 D.3.7.2. FINAL
More informationLAW no. 455 on July 18, 2001 on electronic signature
LAW no. 455 on July 18, 2001 on electronic signature The Parliament of Romania adopts this law. CHAPTER I: General Provisions SECTION 1: General Principles Art. 1. This law regulates the legal status of
More informationObligation to publish the annual accounts and consolidated accounts of foreign companies
Department Microeconomic Information Central Balance Sheet Office boulevard de Berlaimont 14 - BE-1000 Brussels tel. +32 2 221 30 01 - fax +32 2 221 32 66 e-mail: centraledesbilans@nbb.be - website: www.nbb.be
More informationFederal Electronic Signature Law. (Signature Law - SigG)
Federal Electronic Signature Law (Signature Law - SigG) Section l Purpose and definitions Purpose and scope 1. (1) The present federal law sets out the legal framework governing the creation and use of
More informationInformative material for MSS service providers on the frequency use authorisation procedure in Hungary and their related obligations
Informative material for MSS service providers on the frequency use authorisation procedure in Hungary and their related obligations 1. Objective of This Informative Material 1 On 13 May 2009, the European
More information14. CONVENTION ON THE SERVICE ABROAD OF JUDICIAL AND EXTRAJUDICIAL DOCUMENTS IN CIVIL OR COMMERCIAL MATTERS 1. (Concluded 15 November 1965)
14. CONVENTION ON THE SERVICE ABROAD OF JUDICIAL AND EXTRAJUDICIAL DOCUMENTS IN CIVIL OR COMMERCIAL MATTERS 1 (Concluded 15 November 1965) The States signatory to the present Convention, Desiring to create
More informationLaw Concerning Electronic Signatures and Certification Services (Unofficial Translation)
Law Concerning Electronic Signatures and Certification Services (Unofficial Translation) Contents Chapter 1: General provisions (Article 1 and Article 2) Chapter 2: Presumption of the authenticity of an
More informationProtocol No. 14 to the Convention for the Protection of Human Rights and Fundamental Freedoms, amending the control system of the Convention
Protocol No. 14 to the Convention for the Protection of Human Rights and Fundamental Freedoms, amending the control system of the Convention Strasbourg, 13.V.2004 Convention Protocol Protocols: No. 4 No.
More information