- > Commission Decision (2000/709/EC), of 6.11.2000
- > Commission decision (2000/709/EC), of 6 November 2000 - on the minimum criteria to be taken into account by Member States when designating bodies in accordance with Article 3(no. 4) of Directive 1999/93/EC of the European Parliament and of the Council on a Community framework for electronic signatures
- > B. Electronic signatures
- > II. Electronic commerce
- > EUROPEAN UNION LAW
- > Legislation
- > Home Page
of 6 November 2000
on the minimum criteria to be taken into account by Member States when designating bodies in accordance with Article 3(4) of Directive 1999/93/EC of the European Parliament and of the Council on a Community framework for electronic signatures
(notified under document number C(2000) 3179)
(Text with EEA relevance)
THE COMMISSION OF THE EUROPEAN COMMUNITIES,
Having regard to the Treaty establishing the European Community,
Having regard to Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures (1), and in particular Article 3(4) thereof,
(1) On 13 December 1999, the European Parliament and the Council adopted the Directive 1999/93/EC on a Community framework for electronic signatures.
(2) Annex III to Directive 1999/93/EC contains the requirements for secure signature-creation-devices. According to Article 3(4) of the Directive, the conformity of secure signature-creation-devices with the requirements laid down in Annex III shall be determined by appropriate public or private bodies designated by Member States and the Commission shall establish criteria for Member States to determine whether a body should be designated for performing such conformity assessments.
(3) The establishment of the above criteria by the Commission has to be made after consultation of the "Electronic Signature Committee" set up under Article 9(1) of Directive 1999/93/EC.
(4) The measures provided for in this Decision are in accordance with the opinion of the "Electronic Signature Committee",
HAS ADOPTED THIS DECISION:
The purpose of this Decision is to establish the criteria for Member States to determine whether a national body should be designated as responsible for the conformity assessments of secure signature-creation-devices.
Where a designated body is part of an organisation involved in activities other than conformance assessment of secure signature-creation-devices with the requirements laid down in Annex III to Directive 1999/93/EC it must be identifiable within that organisation. Different activities must be clearly distinguished.
The body and its staff must not engage in any activities that may conflict with their independence of judgement and integrity in relation to their task. In particular, the body must be independent of the parties involved. Therefore, the body, its executive officer and the staff responsible for carrying out the conformance assessment tasks must not be a designer, manufacturer, supplier or installer of secure signature-creation-devices, or a certification service provider issuing certificates to the public, nor the authorised representative of any of such parties.
In addition, they must be financially independent and not become directly involved in the design, construction, marketing or maintenance of secure signature-creation-devices, nor represent the parties engaged in these activities. This does not preclude the possibility of exchange of technical information between the manufacturer and the designated body.
The body and its personnel must be able to determine the conformity of secure signature-creation-devices with the requirements laid down in Annex III to Directive 1999/93/EC with a high degree of professional integrity, reliability and sufficient technical competence.
The body shall be transparent in its conformity assessment practices and shall record all relevant information concerning these practices. All interested parties must have access to the services of the body. The procedures under which the body operates must be administered in a non-discriminatory manner.
The body must have at its disposal the necessary staff and facilities to enable it to perform properly and swiftly the technical and administrative work associated with the task for which it has been designated.
The personnel responsible for conformity assessment must have:
- sound technical and vocational training, particularly in the field of electronic signature technologies and the related IT security aspects,
- satisfactory knowledge of the requirements of the conformity assessments they carry out and adequate experience to carry out such assessments.
The impartiality of staff shall be guaranteed. Their remuneration shall not depend on the number of conformity assessments carried out nor on the results of such conformity assessments.
The body must have adequate arrangements to cover liabilities arising from its activities, for example, by obtaining appropriate insurance.
The body must have adequate arrangements to ensure the confidentiality of the information obtained in carrying out its tasks under Directive 1999/93/EC or any provision of national law giving effect thereto, except vis-a-vis the competent authorities of the designating Member State.
Where a designated body arranges for the carrying out of a part of the conformity assessments by another party, it must ensure and be able to demonstrate that this party is competent to perform the service in question. The designated body must take full responsibility for the work carried out under those arrangements. The final decision remains with the designated body.
This Decision is addressed to the Member States.
Done at Brussels, 6 November 2000.
For the Commission
Member of the Commission
1 OJ L 13, 19.1.2000, p. 12.