Niall Curran

E-Commerce Division

Department of Public Enterprisecurrann@tec.irlgov.ie

01 6041044

www.irlgov.ie/tec

"Laws are like sausages, it is better not to see them being made."-Otto von Bismarck

ThemeThemeImplementing the EU Electronic Implementing the EU Electronic

Signature Directive:Signature Directive:

The Irish ExperienceThe Irish Experience

No legal definition. Various level of authentication available –

notaries, sealing, witnessing . Often the validity of a signature will depend on

the context – age, duress, intoxication. No need for standardisation since hyeroglyphics. Disputes over validity of a signature are often left

to the courts to decide.

Hand-written signatures

Electronic Documents

The increasing use of electronic networks to transmit documents, resulted in the need for an electronic equivalent to a written signature.

However, legal systems were all written with hand written signatures in mind.

Hence, the need to update legislation in many jurisdictions to clarify the status of electronic signatures.

Europe’s Response

Germany and Italy enacted prescriptive legislation.

European Commission feared this would result in 15 different E-Sig legal regimes.

Commission proposed a Directive to the Member States.

Purpose of the Directive was to harmonise rules and create a single market for TTP services.

How Directives are made

Commission has sole right to initiate legislative proposals. 15 Member States with different political, cultural and

legal backgrounds negotiate. 626 MEPS debate, amend and vote on the proposals Thousands of lobbyists lobby everyone. Hundreds of committees of national experts monitor the

Commission's executive activities (comitology) e.g Article 9 Committee.

15 national legislatures transpose the Directive to suit their national needs.

Question: Scope for confusion/misunderstanding?

"A camel is a horse designed by committee."-Sir Alec Issigonis

Article 5

To benefit from Art. 5(1) an E-Sig must:1. Comply with the definition of advanced electronic

signatures;2. Be based on a qualified cert., which by definition

complies with Annex I;3. Is created by a secure signature creation device,

which by definition complies with Annex III. To benefit from Art. 5(2) an E-Sig must:1. Be electronic ! Question: What is the difference between 5(1) and

5(2) in a common law jurisdiction?

Accreditaton

Legal recognition of E-Sigs is in no way linked to accreditation in the Directive.

Accreditation is arguably purely a marketing tool for generating trust in a CSP.

Member States are under no obligation to introduce accreditation schemes which are in compliance with the Directive.

Existing accreditation schemes already exist throughout Europe for Standard Certification Bodies and laboratories.

Question: Is there a need for a different accreditation system for CSPs?

Accreditation vs. Supervision?

Recital 13 “…this Directive does not oblige CSPs to apply to be supervised under any applicable accrediation scheme”.

Definition of Voluntary Accreditation: “… the public or private body charged with the elaboration or, and supervision of compliance with, such rights and obligations…”

Article 3 (3): “Each MS shall ensure the establishment of an appropriate system that allows for supervison of CSPs …”

Question: Are supervision and accreditation really the same thing?

How Ireland is interpreting this

Electonic Commerce Bill, 2000 transposes the Directive.

Minimalist approach on legal recognition of E-Sigs.

Electronic equivalent of an “X” is recognisable. This leaves it to the market and the parties to

choose what level of authentication/security to use.

Accreditation

National Accreditation Board is currently running a pilot scheme.

This scheme will develop into a full accrediation scheme.

NAB is leading an initiative to harmonise CSP accrediation within Europe.

NAB already have a legal mandate to do this work.

Section 28 of the Bill allows regulations to set up accreditation schemes, but may never be needed.

Supervision

Is it currently possible to issue a Qualified Cert? If not who is there to supervise? If so the CSP is by definition complying with

Annex II. Question: Do CSPs who comply with Annex II

really need to be supervised? Section 28 of the Bill allows for regulations to set

up a supervision scheme in Ireland. Are we really in a position to set up a supervisory

scheme for a market that does not exist?

Conclusions

EU law can be unclear in its meaning. This gives MS certain flexibility when transposing

(the subsidiarity principle). Accreditaion/supervision should meet a real

regulatory need. No point in regulating a market out of existence

before it has even begun. Ireland intends to introduce a regime which

facilitates the CSP industry, while at the same time engenders trust and confidence among consumers.

In a state-run society the government promises you security.  But it's a false promise predicated on the idea that the opposite of security is risk.  Nothing could be further from the truth.  The opposite of security is insecurity, and the only way to overcome insecurity is to take risks.  The gentle government that promises to hold your hand as you cross the street refuses to let go on the other side. 

Theodore Forstmann