Skip to content
Legislation

Commission Implementing Decision (EU) 2015/1506, of 08.09.2015

Commission Implementing Decision (EU) 2015/1506, of 8 September 2015, laying down specifications relating to formats of advanced electronic signatures and advanced seals to be recognised by public sector bodies pursuant to Articles 27(5) and 37(5) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market.
Commission Implementing Decision (EU) 2015/1506, of 8 September 2015 http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32015D1506

This information is the property of http://eur-lex.europa.eu/
Does not replace consultation of the Official version of the document

European Commission

Implementing Decision


COMMISSION IMPLEMENTING DECISION (EU) 2015/1506

of 8 September 2015

laying down specifications relating to formats of advanced electronic signatures and advanced seals to be recognised by public sector bodies pursuant to Articles 27(5) and 37(5) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market

(Text with EEA relevance)

THE EUROPEAN COMMISSION,

Having regard to the Treaty on the Functioning of the European Union,

Having regard to Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC1, and in particular Article 27(5) and 37(5) thereof,

Whereas:

(1) Member States need to put in place the necessary technical means allowing them to process electronically signed documents that are required when using an online service offered by, or on behalf of, a public sector body.

(2) Regulation (EU) No 910/2014 obliges Member States requiring an advanced electronic signature or seal for the use of an online service offered by, or on behalf of, a public sector body, to recognise advanced electronic signatures and seals, advanced electronic signatures and seals based on a qualified certificate and qualified electronic signatures and seals in specific formats, or alternative formats validated pursuant to specific reference methods.

(3) To define the specific formats and reference methods, existing practices, standards and Union legal acts should be taken into account.

(4) Commission Implementing Decision 2014/148/EU2 has defined a number of the most common advanced electronic signature formats to be supported technically by the Member States, where advanced electronic signatures are required for an online administrative procedure. Establishing the reference formats aims at facilitating the cross-border validation of electronic signatures and at improving the cross-border interoperability of electronic procedures.

(5) The standards listed in the Annex to this Decision are the existing standards for formats of advanced electronic signatures. Due to the ongoing revision by the standardisation bodies of the long term archival forms of the referenced formats, standards detailing long-term archiving are excluded from the scope of this Decision. When the new version of the referenced standards is available, references to the standards and the clauses on long term archiving will be revised.

(6) Advanced electronic signatures and advanced electronic seals are similar from the technical point of view. Therefore, the standards for formats of advanced electronic signatures should apply mutatis mutandis to formats for advanced electronic seals.

(7) Where other electronic signature or seal formats than those commonly technically supported are used to sign or seal, validation means that allow the electronic signatures or seals to be verified across borders should be provided. In order to allow the receiving Member States to be able to rely on those validation tools of another Member State, it is necessary to provide easily accessible information on those validation tools by including the information in the electronic documents, in the electronic signatures or in the electronic document containers.

(8) Where electronic signature or seal validation possibilities suitable for automated processing are available in a Member State's public services, such validation possibilities should be made available and provided to the receiving Member State. Nonetheless, this Decision should not impede the application of Articles 27(1) and (2) and 37(1) and (2) of Regulation (EU) No 910/2014 when the automated processing of validation possibilities for alternative methods is not possible.

(9) In order to provide for comparable requirements for validation and to increase trust in the validation possibilities provided by Member States for other electronic signature or seal formats than those commonly supported, the requirements set out in this Decision for the validation tools, draw from the requirements for the validation of qualified electronic signatures and seals referred to in Articles 32 and 40 of Regulation (EU) No 910/2014.

(10) The measures provided for in this Decision are in accordance with the opinion of the Committee established by Article 48 of Regulation (EU) No 910/2014,

HAS ADOPTED THIS DECISION:

Article 1

Member States requiring an advanced electronic signature or an advanced electronic signature based on a qualified certificate as provided for in Article 27(1) and (2) of Regulation (EU) No 910/2014, shall recognise XML, CMS or PDF advanced electronic signature at conformance level B, T or LT level or using an associated signature container, where those signatures comply with the technical specifications listed in the Annex.

Article 2

1. Member States requiring an advanced electronic signature or an advanced electronic signature based on a qualified certificate as provided for in Article 27(1) and (2) of Regulation (EU) No 910/2014, shall recognise other formats of electronic signatures than those referred to in Article 1 of this Decision, provided that the Member State where the trust service provider used by the signatory is established offers other Member States signature validation possibilities, suitable, where possible, for automated processing.

2. The signature validation possibilities shall:

(a) allow other Member States to validate the received electronic signatures online, free of charge and in a way that is understandable for non-native speakers;

(b) be indicated in the signed document, in the electronic signature or in the electronic document container; and

(c) confirm the validity of an advanced electronic signature provided that:

(1) the certificate that supports the advanced electronic signature was valid at the time of signing, and when the advanced electronic signature is supported by a qualified certificate, the qualified certificate that supports the advanced electronic signature was, at the time of signing, a qualified certificate for electronic signature complying with Annex I of Regulation (EU) No 910/2014 and that it was issued by a qualified trust service provider;

(2) the signature validation data corresponds to the data provided to the relying party;

(3) the unique set of data representing the signatory is correctly provided to the relying party;

(4) the use of any pseudonym is clearly indicated to the relying party if a pseudonym was used at the time of signing;

(5) when the advanced electronic signature is created by a qualified electronic signature creation device, the use of any such device is clearly indicated to the relying party;

(6) the integrity of the signed data has not been compromised;

(7) the requirements provided for in Article 26 of Regulation (EU) No 910/2014 were met at the time of signing;

(8) the system used for validating the advanced electronic signature provides to the relying party the correct result of the validation process and allows the relying party to detect any security relevant issues.

Article 3

Member States requiring an advanced electronic seal or an advanced electronic seal based on a qualified certificate as provided for in Article 37(1) and (2) of Regulation (EU) No 910/2014, shall recognise XML, CMS or PDF advanced electronic seal at conformance level B, T or LT or using an associated seal container where those comply with the technical specifications listed in the Annex.

Article 4

1. Member States requiring an advanced electronic seal or an advanced electronic seal based on a qualified certificate as provided for in Article 37(1) and (2) of Regulation (EU) No 910/2014, shall recognise other formats of electronic seals than those referred to in Article 3 of this Decision, provided that the Member State where the trust service provider used by the creator of the seal is established offers other Member States seal validation possibilities, suitable, where possible, for automated processing.

2. The seal validation possibilities shall:

(a) allow other Member States to validate the received electronic seals online, free of charge and in a way that is understandable for non-native speakers;

(b) be indicated in the sealed document, in the electronic seal or in the electronic document container

(c) confirm the validity of an advanced electronic seal provided that:

(1) the certificate that supports the advanced electronic seal was valid at the time of sealing, and when the advanced electronic seal is supported by a qualified certificate, the qualified certificate that supports the advanced electronic seal was, at the time of sealing, a qualified certificate for electronic seal complying with Annex III of Regulation (EU) No 910/2014 and that it was issued by a qualified trust service provider;

(2) the seal validation data corresponds to the data provided to the relying party;

(3) the unique set of data representing the creator of the seal is correctly provided to the relying party;

(4) the use of any pseudonym is clearly indicated to the relying party if a pseudonym was used at the time of sealing;

(5) when the advanced electronic seal is created by a qualified electronic seal creation device, the use of any such device is clearly indicated to the relying party;

(6) the integrity of the sealed data has not been compromised;

(7) the requirements provided for in Article 36 of Regulation (EU) No 910/2014 were met at the time of sealing;

(8) the system used for validating the advanced electronic seal provides to the relying party the correct result of the validation process and allows the relying party to detect any security relevant issues.

Article 5

This Decision shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

This Decision shall be binding in its entirety and directly applicable in all Member States.

Done at Brussels, 8 September 2015.

For the Commission

The President

Jean-Claude JUNCKER

ANNEX

List of technical specifications for XML, CMS or PDF advanced electronic signatures and the associated signature container

Advanced electronic signatures mentioned in Article 1 of the Decision must comply with one of the following ETSI technical specifications with the exception of clause 9 thereof:

XAdES Baseline Profile

ETSI TS 103171 v.2.1.1.3

CAdES Baseline Profile

ETSI TS 103173 v.2.2.1.4

PAdES Baseline Profile

ETSI TS 103172 v.2.2.2.5

Associated signature container mentioned in Article 1 of the Decision must comply with the following ETSI technical specifications:

Associated Signature Container Baseline Profile

ETSI TS 103174 v.2.2.1.6

List of technical specifications for XML, CMS or PDF advanced electronic seals and the associated seal container

Advanced electronic seals mentioned in Article 3 of the Decision must comply with one of the following ETSI technical specifications, with the exception of clause 9 thereof:

XAdES Baseline Profile

ETSI TS 103171 v.2.1.1

CAdES Baseline Profile

ETSI TS 103173 v.2.2.1

PAdES Baseline Profile

ETSI TS 103172 v.2.2.2

Associated seal container mentioned in Article 3 of the Decision must comply with the following ETSI technical specifications:

Associated Seal Container Baseline Profile

ETSI TS 103174 v.2.2.1

Notes
nt_title
 
1 OJ L 257, 28.8.2014, p. 73 http://eur-lex.europa.eu/legal-content/EN/AUTO/?uri=OJ:L:2014:257:TOC.
2 Commission Implementing Decision 2014/148/EU of 17 March 2014 amending Decision 2011/130/EU establishing minimum requirements for the cross-border processing of documents signed electronically by competent authorities under Directive 2006/123/EC of the European Parliament and of the Council on services in the internal market (OJ L 80, 19.3.2014, p. 7 http://eur-lex.europa.eu/legal-content/EN/AUTO/?uri=OJ:L:2014:080:TOC).
3 ETSI TS 103 171 V2.1.1 (2012-03) - Electronic Signatures and Infrastructures (ESI); XAdES Baseline Profile http://www.etsi.org/deliver/etsi_ts/103100_103199/103171/02.01.01_60/ts_103171v020101p.pdf.
4 ETSI TS 103 173 V2.2.1 (2013-04) - Electronic Signatures and Infrastructures (ESI); CAdES Baseline Profile http://www.etsi.org/deliver/etsi_ts/103100_103199/103173/02.02.01_60/ts_103173v020201p.pdf.
5 ETSI TS 103 172 V2.2.2 (2013-04) - Electronic Signatures and Infrastructures (ESI); PAdES Baseline Profile http://www.etsi.org/deliver/etsi_ts/103100_103199/103172/02.02.02_60/ts_103172v020202p.pdf.
6 ETSI TS 103 174 V2.2.1 (2013-06) - Electronic Signatures and Infrastructures (ESI); ASiC Baseline Profile http://www.etsi.org/deliver/etsi_ts/103100_103199/103174/02.02.01_60/ts_103174v020201p.pdf.
ANACOM's consumer web portal (Portal do Consumidor)
Simulate and compare television, Internet and telephone tariffs.
NET.mede
Access our interactive map to view data on coverage, services and statistics.

Rua Ramalho Ortigão, 51

1099-099 Lisbon
SEE ON MAP
Email: info@anacom.pt
Call free: 800 206 665
Other contacts