Ga verder naar contentGa verder naar content en skip ook inhoudsopgave
SduIn- en Uitvoer
Home

2010/425/EU: Commission Decision of 28 July 2010 amending Decision 2009/767/EC as regards the establishment, maintenance and publication of trusted lists of certification service providers supervised/accredited by Member States (notified under document C(2010) 5063) Text with EEA relevance

2010/425/EU: Commission Decision of 28 July 2010 amending Decision 2009/767/EC as regards the establishment, maintenance and publication of trusted lists of certification service providers supervised/accredited by Member States (notified under document C(2010) 5063) Text with EEA relevance

THE EUROPEAN COMMISSION,

Having regard to the Treaty on the Functioning of the European Union,

Having regard to Directive 2006/123/EC of the European Parliament and of the Council of 12 December 2006 on services in the internal market(1), and in particular Article 8(3) thereof,

Whereas:

  1. The cross-border use of advanced electronic signatures supported by a qualified certificate and created with or without a secure signature creation device has been facilitated through Commission Decision 2009/767/EC of 16 October 2009 setting out measures facilitating the use of procedures by electronic means through the ‘points of single contact’ under Directive 2006/123/EC of the European Parliament and of the Council on services in the internal market(2) which obliges Member States to make available information necessary for the validation of these electronic signatures. In particular, Member States must make available in their so-called ‘trusted lists’ information on certification service providers issuing qualified certificates to the public in accordance with Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures(3) and supervised/accredited by them and on the services they offer.

  2. A number of practical tests with the European Telecommunications Standards Institute (ETSI) have been organised to allow Member States to check the conformity of their trusted lists with the specifications set out in the Annex to Decision 2009/767/EC. These tests have demonstrated that some technical changes are needed in the technical specifications in the Annex to Decision 2009/767/EC, to ensure functioning and interoperable trusted lists.

  3. These tests also confirmed the need for Member States to make publicly available not only the human readable versions of their trusted lists as required by Decision 2009/767/EC but also the machine processable forms of these. The manual use of the human readable form of the trusted lists can be relatively complex and time consuming when Member States have a high number of certification service providers. The publication of the machine processable forms of trusted lists will facilitate their use by allowing for their automated processing and thereby enhance their use in public electronic services.

  4. In order to facilitate access to the national trusted lists, Member States should notify to the Commission information related to the location and protection of their trusted lists. This information should be made available by the Commission to other Member States in a secure manner.

  5. The results of these practical tests on Member States’ trusted lists should be taken into account in order to allow for an automated use of the lists and to facilitate access to them.

  6. Decision 2009/767/EC should therefore be amended accordingly.

  7. For the purpose of allowing Member States to carry out the required technical changes to their current trusted lists it is appropriate that this Decision applies as of 1 December 2010.

  8. The measures provided for in this Decision are in accordance with the opinion of the Services Directive Committee,

HAS ADOPTED THIS DECISION:

Article 1 Amendments to Decision 2009/767/EC

Decision 2009/767/EC is amended as follows:

  1. Article 2 is amended as follows:

    1. paragraph 2 is replaced by the following:

      ‘2.

      Member States shall establish and publish both a human readable and a machine processable form of the trusted list in accordance with the specifications set out in the Annex.’;

    2. the following paragraph 2a is inserted:

      ‘2a.

      Member States shall sign electronically the machine processable form of their trusted list and they shall, as a minimum, publish the human readable form of the trusted list through a secure channel in order to ensure its authenticity and integrity.’;

    3. paragraph 3 is replaced by the following:

      ‘3.

      Member States shall notify to the Commission the following information:

      1. the body or bodies responsible for the establishment, maintenance and publication of the human readable and machine processable forms of the trusted list;

      2. the locations where the human readable and machine processable forms of the trusted list are published;

      3. the public key certificate used to implement the secure channel through which the human readable form of the trusted list is published or, if the human readable list is electronically signed, the public key certificate used to sign it;

      4. the public key certificate used to electronically sign the machine processable form of the trusted list;

      5. any changes to the information in points (a) to (d).’;

    4. the following paragraph 4 is added:

      ‘4.

      The Commission shall make available to all Member States, through a secure channel to an authenticated web server, the information, referred to in paragraph 3, as notified by Member States, both in a human readable form and in a signed machine processable form.’;

  2. the Annex is amended as set out in the Annex to this Decision.

Article 2 Application

This Decision shall apply from 1 December 2010.

Article 3 Addressees

This Decision is addressed to the Member States.

Done at Brussels, 28 July 2010.

For the Commission

Michel Barnier

Member of the Commission

ANNEX