[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
EU Draft Directive fur Use of DigSig
- To: debate@fitug.de
- Subject: EU Draft Directive fur Use of DigSig
- From: Horns@t-online.de (Axel H. Horns)
- Date: Thu, 14 May 1998 09:13:16 +0100
- Comment: This message comes from the debate mailing list.
- Comments: Authenticated sender is <089000098030-0001@pop.btx.dtag.de>
- Organization: Private Site
- Priority: normal
- Sender: owner-debate@fitug.de
Die EU-Kommission hat gestern einen Vorschlag fuer eine Direktive zur
Digitalen Signatur verabschiedet:
http://europa.eu.int/comm/dg15/en/media/infso/sign.htm
------------------------------ CUT ----------------------------------
Electronic commerce: Commission proposes
electronic signatures Directive
A proposal for a Directive establishing a legal framework for the
use of electronic signatures has been put forward on 13 May 1998
by the European Commission, on the initiative of
Telecommunications Commissioner Martin Bangemann and Single
Market Commissioner Mario Monti. By laying down minimum rules
concerning security and liability, the proposal would ensure
electronic signatures were legally recognised throughout the EU
on the basis of the Single Market principles of free movement of
services and home country control. The proposal would therefore
create a framework for secure on-line transactions throughout the
Single Market and so stimulate investment in electronic commerce
services with ensuing benefits for the EU in terms of growth,
competitiveness and employment.
Electronic commerce has the potential to become a key stimulus
for the world's economy into the next century. But secure
transactions are essential if this potential is to be realised in
Europe. Once adopted, this Directive will remove one of the main
remaining obstacles to the widespread take-up of electronic
commerce. The proposal is timely because most Member States have
yet to set up a legislative framework for electronic signatures.
It will therefore ensure a harmonious legal framework for the
Single Market from the outset rather than having to counter
potentially disparate national initiatives.
Electronic signatures allow someone receiving data received over
electronic networks to determine the origin of the data
(identity) and to verify whether the data has been altered or not
(integrity). The data is accompanied by a certificate, issued by
a certification service provider, which allows the recipient of a
message to check the identity of the sender.
The main elements of the proposed Directive are the following:
Essential requirements: the proposal would define essential
requirements for electronic signature certificates and
certification services so as to ensure minimum levels of
security and allow their free movement throughout the Single
Market. These requirements would include personal
reliability, use of trustworthy systems and a ban on storing
private signature keys. Liability: the proposal would
establish minimum liability rules for service providers, who
would in particular be liable for the validity of a
certificate's content. This approach will ensure the free
movement of certificates and certification services within
the Single Market, build consumer trust and stimulate
operators to develop secure systems and signatures without
restrictive and inflexible regulation. Legal recognition:
the proposal would stipulate that an electronic signature
could not be legally discriminated against solely on the
grounds that it is in electronic form, as the legal effects
of electronic signatures are essential for an open and
trustworthy system for electronic signatures. If a
certificate and the service provider met certain essential
requirements, electronic signatures based on their service
would benefit from an automatic assumption that they were
legally recognised in the same manner as hand-written
signatures. Furthermore they could be used as evidence in
legal proceedings. A technology-neutral framework: given the
pace of technological innovation, the proposal provides for
legal recognition of electronic signatures irrespective of
the technology used (e.g. digital signatures using
asymmetric cryptography or biometrics). Scope: the proposal
concerns the supply of certificates to the public aimed at
identifying the sender of an electronic message, but does
not apply to closed user groups such as corporate Intranets
or banking systems, where a trust relation already exists
and where there is therefore no obvious need for regulation.
Certification: certification services could be offered in
principle without prior authorisation, in view of the fact
that technology and the market are evolving rapidly and as
market forces will encourage high levels of security to
satisfy consumers' concerns. Member States would be free to
set up voluntary accreditation schemes for certification
service providers in order to indicate special security
measures or levels. Certification service providers wishing
users of their certificates to benefit from a legal
recognition of signatures based on their certificates would,
however, have to fulfil certain essential requirements.
International dimension: in order to facilitate electronic
commerce at the world level, the proposal includes
mechanisms for co-operation with third countries on mutual
recognition of certificates on the basis of bilateral and
multilateral agreements.
The proposed Directive comes as a follow up to the Communication
on "Ensuring security and trust in electronic communication -
Towards a European framework for digital signatures and
encryption", adopted by the Commission in October 1997. The
Communication identified the lack of security on electronic
networks as being one of the major obstacles impeding the rapid
development of electronic commerce. The proposal was also
foreseen under the Action Plan for the Single Market endorsed by
the Amsterdam European Council.
------------------------------ CUT ----------------------------------
Der Volltext des Proposals findet sich unter
http://europa.eu.int/comm/dg15/en/media/infso/com297en.pdf
Axel H. Horns