Forwarded From: "Jay D. Dyson" <jdysonat_private> ]If only the U.S. would follow suit, eh? - Jay] - ---------- Forwarded message ---------- From: "Axel H. Horns" <Horns@t-online.de> Yesterday, the board of the EU Commission has passed a draft proposal for an EU directive on digital signatures: http://europa.eu.int/comm/dg15/en/media/infso/sign.htm - ------------------------------ CUT ---------------------------------- Electronic commerce: Commission proposes electronic signatures Directive A proposal for a Directive establishing a legal framework for the use of electronic signatures has been put forward on 13 May 1998 by the European Commission, on the initiative of Telecommunications Commissioner Martin Bangemann and Single Market Commissioner Mario Monti. By laying down minimum rules concerning security and liability, the proposal would ensure electronic signatures were legally recognised throughout the EU on the basis of the Single Market principles of free movement of services and home country control. The proposal would therefore create a framework for secure on-line transactions throughout the Single Market and so stimulate investment in electronic commerce services with ensuing benefits for the EU in terms of growth, competitiveness and employment. Electronic commerce has the potential to become a key stimulus for the world's economy into the next century. But secure transactions are essential if this potential is to be realised in Europe. Once adopted, this Directive will remove one of the main remaining obstacles to the widespread take-up of electronic commerce. The proposal is timely because most Member States have yet to set up a legislative framework for electronic signatures. It will therefore ensure a harmonious legal framework for the Single Market from the outset rather than having to counter potentially disparate national initiatives. Electronic signatures allow someone receiving data received over electronic networks to determine the origin of the data (identity) and to verify whether the data has been altered or not (integrity). The data is accompanied by a certificate, issued by a certification service provider, which allows the recipient of a message to check the identity of the sender. The main elements of the proposed Directive are the following: Essential requirements: the proposal would define essential requirements for electronic signature certificates and certification services so as to ensure minimum levels of security and allow their free movement throughout the Single Market. These requirements would include personal reliability, use of trustworthy systems and a ban on storing private signature keys. Liability: the proposal would establish minimum liability rules for service providers, who would in particular be liable for the validity of a certificate's content. This approach will ensure the free movement of certificates and certification services within the Single Market, build consumer trust and stimulate operators to develop secure systems and signatures without restrictive and inflexible regulation. Legal recognition: the proposal would stipulate that an electronic signature could not be legally discriminated against solely on the grounds that it is in electronic form, as the legal effects of electronic signatures are essential for an open and trustworthy system for electronic signatures. If a certificate and the service provider met certain essential requirements, electronic signatures based on their service would benefit from an automatic assumption that they were legally recognised in the same manner as hand-written signatures. Furthermore they could be used as evidence in legal proceedings. A technology-neutral framework: given the pace of technological innovation, the proposal provides for legal recognition of electronic signatures irrespective of the technology used (e.g. digital signatures using asymmetric cryptography or biometrics). Scope: the proposal concerns the supply of certificates to the public aimed at identifying the sender of an electronic message, but does not apply to closed user groups such as corporate Intranets or banking systems, where a trust relation already exists and where there is therefore no obvious need for regulation. Certification: certification services could be offered in principle without prior authorisation, in view of the fact that technology and the market are evolving rapidly and as market forces will encourage high levels of security to satisfy consumers' concerns. Member States would be free to set up voluntary accreditation schemes for certification service providers in order to indicate special security measures or levels. Certification service providers wishing users of their certificates to benefit from a legal recognition of signatures based on their certificates would, however, have to fulfil certain essential requirements. International dimension: in order to facilitate electronic commerce at the world level, the proposal includes mechanisms for co-operation with third countries on mutual recognition of certificates on the basis of bilateral and multilateral agreements. The proposed Directive comes as a follow up to the Communication on "Ensuring security and trust in electronic communication - Towards a European framework for digital signatures and encryption", adopted by the Commission in October 1997. The Communication identified the lack of security on electronic networks as being one of the major obstacles impeding the rapid development of electronic commerce. The proposal was also foreseen under the Action Plan for the Single Market endorsed by the Amsterdam European Council. - ------------------------------ CUT ---------------------------------- For the full text, see http://europa.eu.int/comm/dg15/en/media/infso/com297en.pdf Axel H. Horns -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:53:18 PDT