Presentation on theme: "Workshop on registered electronic mail policies and implementations (ETT 57074) Ankara, 16.3. – 17.3. 2015."— Presentation transcript:
Workshop on registered electronic mail policies and implementations (ETT 57074) Ankara, 16.3. – 17.3. 2015
1. Introduction 2. REM- Electronic delivery of electronic documents 3. Rules in the eIDAS Regulation 4. Legal framework
Importance of electronic mail is growing in private and business communication Email is one of the major tools for electronic business and administration. Especially in business can be used for sending contracts, invoices, proposals, applications, large files and any other documents. In comparison with physical mail, e-mail is very efficient: ◦ fast (delivery in a very short period) ◦ cheap (no postage, without almost any costs ) ◦ environmental friendly (no printing of documents required)
But sending standard email is like sending a postcard written in pencil: ◦ can be easily read by the others (encryption?) ◦ its content can easily be changed (what was the true content?) ◦ Delivery/reception is uncertain (sometimes e-mails are lost, SPAMed…) and can not be proved (the recipient claiming that he/she haven't received it) ◦ was it really the sender who send it to me (authentication?) Although very efficient, in most cases e-mail can not be proof of a transaction nor it would be valid as an evidience in the court.
Solution: „Authentication by third party of who send what to whom and when by email.” This can be further combined by security guarantees (encryption), -> guaranteeing that the content has not been compromised during the delivery. Providers can be private or public entities:
Rules need to be put in place to provide a legal framework Legal aspects which should to be addressed: ◦ Standards/conditions for providing such service ◦ Liability of provider(s) ◦ Personal data protection ◦ legal nature of service (does it have the same effect as a physical registered mail mail?) ◦ Cross-border effect (recognition in foreign countries)
REM is part of trusted services as defined in art. 3 (16) of e IDAS Regulation: “trust service’ means an electronic service normally provided for remuneration which consists of: electronic registered delivery services (a) the creation, verification, and validation of electronic signatures, electronic seals or electronic time stamps, electronic registered delivery services and certificates related to those services, or (b) the creation, verification and validation of certificates for website authentication; or (c)the preservation of electronic signatures, seals or certificates related to those services;
Rules from eIDAS Regulation on trusted services are applicable to REM: Section 1: General provisions (art. 13-16) Liability of TSPs and burden of proof, Conditions for the recognition and acceptance of qualified trust services and qualified certificates provided by providers established in a third country. Accessibility of disabled people to TS. Authorizes MS to lay down the rules on penalties for violators of the regulation.
Section 2: Supervision (17-19) Obligation of MS to appoint a supervisory body with necessary powers and adequate resources. Powers are: ex ante and ex post supervision activities on qualified TSPs and ex post actions in case of non-qualified TSPs obligation of mutual assistance of supervisory bodies (exchange of information, execution of supervisory measures, joint investigations…). It defines the security requirements for all TSP (qualified and non-qualified)
Section 3: Qualified trust services (art. 20-24): The terms and conditions to start providing qualified TS and supervision of qTSPs It sets out the general requirements for qTSP (verification of clients, financial, HRM, organizational, security& privacy issues) Obligation of MS to establish trusted lists and to notify EC on such lists Determines EU trust mark for qTS
Special provisions regarding REM are set out in art. 43 and 44. Legal effect of an electronic registered delivery services (art. 43): 1. Data sent and received using an electronic registered delivery service shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements of the qualified electronic registered delivery service. 2. Data sent and received using a qualified electronic registered delivery service shall enjoy the presumption of the integrity of the data, the sending of that data by the identified sender, its receipt by the identified addressee and the accuracy of the date and time of sending and receipt indicated by the qualified electronic registered delivery service.
Requirements for qualified electronic registered delivery services (art. 44): Qualified electronic registered delivery services shall meet the following requirements: (a)they are provided by one or more qualified trust service provider(s); (b)they ensure with a high level of confidence the identification of the sender; (c)they ensure the identification of the addressee before the delivery of the data; (d)the sending and receiving of data is secured by an advanced electronic signature or an advanced electronic seal of a qualified trust service provider in such a manner as to preclude the possibility of the data being changed undetectably; (e)any change of the data needed for the purpose of sending or receiving the data is clearly indicated to the sender and addressee of the data; (f)the date and time of sending, receiving and any change of data are indicated by a qualified electronic time stamp. In the event of the data being transferred between two or more qualified trust service providers, the requirements in points (a) to (f) shall apply to all the qualified trust service providers.