[ISN] EU Commission adopts Daft Directive on Digital Signatures

From: mea culpa (jerichoat_private)
Date: Thu May 14 1998 - 21:38:50 PDT

  • Next message: mea culpa: "Re: [ISN] MOD Gain Access To Network Topology Maps"

    Forwarded From: "Jay D. Dyson" <jdysonat_private>
    ]If only the U.S. would follow suit, eh? - Jay]
    - ---------- Forwarded message ----------
    From: "Axel H. Horns" <Horns@t-online.de>
    Yesterday, the board of the EU Commission has passed a draft proposal
    for an EU directive on digital signatures:
    - ------------------------------ CUT ----------------------------------
         Electronic commerce: Commission proposes
         electronic signatures Directive 
         A proposal for a Directive establishing a legal framework for the
         use of electronic signatures has been put forward on 13 May 1998
         by the European Commission, on the initiative of
         Telecommunications Commissioner Martin Bangemann and Single
         Market Commissioner Mario Monti. By laying down minimum rules
         concerning security and liability, the proposal would ensure
         electronic signatures were legally recognised throughout the EU
         on the basis of the Single Market principles of free movement of
         services and home country control. The proposal would therefore
         create a framework for secure on-line transactions throughout the
         Single Market and so stimulate investment in electronic commerce
         services with ensuing benefits for the EU in terms of growth,
         competitiveness and employment.
         Electronic commerce has the potential to become a key stimulus
         for the world's economy into the next century. But secure
         transactions are essential if this potential is to be realised in
         Europe. Once adopted, this Directive will remove one of the main
         remaining obstacles to the widespread take-up of electronic
         commerce. The proposal is timely because most Member States have
         yet to set up a legislative framework for electronic signatures.
         It will therefore ensure a harmonious legal framework for the
         Single Market from the outset rather than having to counter
         potentially disparate national initiatives.
         Electronic signatures allow someone receiving data received over
         electronic networks to determine the origin of the data
         (identity) and to verify whether the data has been altered or not
         (integrity). The data is accompanied by a certificate, issued by
         a certification service provider, which allows the recipient of a
         message to check the identity of the sender.
         The main elements of the proposed Directive are the following: 
              Essential requirements: the proposal would define essential
              requirements for electronic signature certificates and
              certification services so as to ensure minimum levels of
              security and allow their free movement throughout the Single
              Market. These requirements would include personal
              reliability, use of trustworthy systems and a ban on storing
              private signature keys. Liability: the proposal would
              establish minimum liability rules for service providers, who
              would in particular be liable for the validity of a
              certificate's content. This approach will ensure the free
              movement of certificates and certification services within
              the Single Market, build consumer trust and stimulate
              operators to develop secure systems and signatures without
              restrictive and inflexible regulation. Legal recognition:
              the proposal would stipulate that an electronic signature
              could not be legally discriminated against solely on the
              grounds that it is in electronic form, as the legal effects
              of electronic signatures are essential for an open and
              trustworthy system for electronic signatures. If a
              certificate and the service provider met certain essential
              requirements, electronic signatures based on their service
              would benefit from an automatic assumption that they were
              legally recognised in the same manner as hand-written
              signatures. Furthermore they could be used as evidence in
              legal proceedings. A technology-neutral framework: given the
              pace of technological innovation, the proposal provides for
              legal recognition of electronic signatures irrespective of
              the technology used (e.g. digital signatures using
              asymmetric cryptography or biometrics). Scope: the proposal
              concerns the supply of certificates to the public aimed at
              identifying the sender of an electronic message, but does
              not apply to closed user groups such as corporate Intranets
              or banking systems, where a trust relation already exists
              and where there is therefore no obvious need for regulation.
              Certification: certification services could be offered in
              principle without prior authorisation, in view of the fact
              that technology and the market are evolving rapidly and as
              market forces will encourage high levels of security to
              satisfy consumers' concerns. Member States would be free to
              set up voluntary accreditation schemes for certification
              service providers in order to indicate special security
              measures or levels. Certification service providers wishing
              users of their certificates to benefit from a legal
              recognition of signatures based on their certificates would,
              however, have to fulfil certain essential requirements.
              International dimension: in order to facilitate electronic
              commerce at the world level, the proposal includes
              mechanisms for co-operation with third countries on mutual
              recognition of certificates on the basis of bilateral and
              multilateral agreements. 
         The proposed Directive comes as a follow up to the Communication
         on "Ensuring security and trust in electronic communication -
         Towards a European framework for digital signatures and
         encryption", adopted by the Commission in October 1997. The
         Communication identified the lack of security on electronic
         networks as being one of the major obstacles impeding the rapid
         development of electronic commerce. The proposal was also
         foreseen under the Action Plan for the Single Market endorsed by
         the Amsterdam European Council. 
    - ------------------------------ CUT ----------------------------------
    For the full text, see
    Axel H. Horns
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:53:18 PDT