Judicial Studies Board - Publications: Digital Signature Guidelines, July 2000

Appendix 2
Articles 2, 5, 6 and Annexes I,II, III, and IV of European Directive on a Community framework for electronic signatures.

Article 2

Definitions

For the purpose of this Directive:

1. “electronic signature” means data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication;

2. “advanced electronic signature” means an electronic signature, which meets the following requirements:

(a) it is uniquely linked to the signatory;
(b) it is capable of identifying the signatory;
(c) it is created using means that the signatory can maintain under his sole control; and
(d) it is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable;

3. “signatory” means a person who holds a signaturecreation device and acts either on his own behalf or on behalf of the natural or legal person or entity he represents;

4. “signature-creation data” means unique data, such as codes or private cryptographic keys, which are used by the signatory to create an electronic signature;

5. “signature-creation device” means configured software or hardware used to implement the signaturecreation data;

6. “secure-signature-creation device” means a signature- creation device which meets the requirements laid down in Annex III;

7. “signature-verification-data” means data, such as codes or public cryptographic keys, which are used for the purpose of verifying an electronic signature;

8. “signature-verification device” means configured software or hardware used to implement the signature- verification-data;

9. “certificate” means an electronic attestation, which links signature-verification data to a person and confirms the identity of that person;

10. “qualified certificate” means a certificate which meets the requirements laid down in Annex I and is provided by a certification-service-provider who fulfils the requirements laid down in Annex II;

11. “certification-service-provider” means an entity or a legal or natural person who issues certificates or provides other services related to electronic signatures;

12. “electronic-signature-product” means hardware or software, or relevant components thereof, which are intended to be used by a certification-serviceprovider for the provision of electronic-signature services or are intended to be used for the creation or verification of electronic signatures;

13. “voluntary accreditation” means any permission, setting out rights and obligations specific to the provision of certification services, to be granted upon request by the certification-service-provider concerned, by the public or private body charged with the elaboration of, and supervision of compliance with, such rights and obligations, where the certification-service-provider is not entitled to exercise the rights stemming from the permission until it has received the decision by the body.

Article 5
Legal effects of electronic signatures

1. Member States shall ensure that advanced electronic signatures which are based on a qualified certificate and which are created by a secure-signature- creation device:

(a) satisfy the legal requirements of a signature in relation to data in electronic form in the same manner as a handwritten signature satisfies those requirements in relation to paperbased data; and
(b) are admissible as evidence in legal proceedings.

2. Member States shall ensure that an electronic signature is not denied legal effectiveness and admissibility as evidence in legal proceedings solely on the grounds that it is:

in electronic form, or
not based upon a qualified certificate, or
not based upon a qualified certificate issued by an accredited certification-service-provider, or
not created by a secure signature-creation device.

Article 6

Liability

1. As a minimum, Member States shall ensure that by issuing a certificate as a qualified certificate to the public or by guaranteeing such a certificate to the public a certification-service-provider is liable for damage caused to any entity or legal or natural person who reasonably relies on that certificate:

(a) as regards the accuracy at the time of issuance of all information contained in the qualified certificate and as regards the fact that the certificate contains all the information required to be considered a qualified certificate;
(b) for assurance that at the time of the issuance of the certificate, the signatory identified in the qualified certificate held the signaturecreation data corresponding to the signatureverification data given or identified in the certificate;
(c) for assurance that the signature-creation data and the signature-verification data can be used in a complementary manner in cases where the certification-service-provider generates them both; unless the certification-service- provider proves that he has not acted negligently.

2. As a minimum Member States shall ensure that a certification-service-provider who has issued a certificate as a qualified certificate to the public is liable for damage caused to any entity or legal or natural person who reasonably relies on the certificate for failure to register revocation of the certificate unless the certification-service-provider proves that he has not acted negligently.

3. Member States shall ensure that a certification-service- provider may indicate in a qualified certificate limitations on the use of that certificate, provided that the limitations are recognisable to third parties. The certification-service-provider shall not be liable for damage arising from use of a qualified certificate which exceeds the limitations placed on it.

4. Member States shall ensure that a certification-service- provider may indicate in the qualified certificate a limit on the value of transactions for which the certificate can be used, provided that the limit is recognisable to third parties. The certification-service- provider shall not be liable for damage arising from the use of a qualified certificate which exceeds the limit on the value of transactions placed on it.

5. The provisions of paragraphs 1 to 4 shall be without prejudice to Council Directive 3/13/EEC of 5 April 1 3 on unfair terms in consumer contracts.