51998AP0507

A4-0507/98

Proposal for a European Parliament and Council Directive on a common framework for electronic signatures (COM(98)0297 - C4-0376/98 - 98/0191(COD))

The proposal was approved with the following amendments:

(Amendment 1)

Recital 3

>Original text>

(3) Whereas on 1 December 1997, the Council invited the Commission to submit as soon as possible a proposal for a Directive of the European Parliament and the Council on digital signatures;

>Text following EP vote>

(3)

Whereas on 1 December 1997, the Council invited the Commission to submit as soon as possible a proposal for a Directive of the European Parliament and the Council on electronic signatures;

(Amendment 2)

Recital 4

>Original text>

(4) Whereas electronic communication and commerce necessitate electronic signatures and related services allowing data authentication; whereas divergent rules with respect to legal recognition of electronic signatures and the accreditation of certification service providers in the Member States may create a significant barrier to the use of electronic communications and electronic commerce and thus hinder the development of the internal market; whereas divergent actions in the Member States indicate the need for harmonisation at Community level;

>Text following EP vote>

(4)

Whereas electronic communication and commerce necessitate electronic signatures and related services allowing data authentication; whereas divergent rules with respect to legal recognition of electronic signatures and the accreditation of certification service providers in the Member States may create a significant barrier to the use of electronic communications and electronic commerce; whereas clear common framework conditions for electronic signatures, on the other hand, will strengthen confidence in and general acceptance of the new technologies; whereas divergent actions in the Member States must not be allowed to hinder the free movement of goods and services in the internal market;

(Amendment 3)

Recital 6

>Original text>

(6) Whereas the rapid technological development and the global character of the Internet necessitate an approach which is open to various technologies and services capable of authenticating data electronically; whereas, however, digital signatures based on public-key cryptography are currently the most recognised form of electronic signature;

>Text following EP vote>

(6)

Whereas the rapid technological development and the global character of the Internet necessitate an approach which is open to various technologies and services capable of authenticating data electronically;

(Amendment 4)

Recital 6a (new)

>Original text>

>Text following EP vote>

(6a) Whereas the Commission will review this Directive before 2003, partly to ensure that the advance of technology or changes to the legal environment have not created barriers to achieving the aims stated in this Directive; whereas it will examine the implications of associated technical areas such as confidentiality, and submit a report to the European Parliament and the Council on this subject;

(Amendment 5)

Recital 10a (new)

>Original text>

>Text following EP vote>

(10a) Whereas the internal market comprises also the free movement of persons, as a result of which citizens of, and residents in, the European Union increasingly need to deal with authorities in Member States other than the one in which they reside; whereas, for such reasons, the European Parliament has decided to accept the electronic filing of petitions; whereas the availability of electronic communication could be of great service in this respect, provided that national rules on additional requirements do not pose obstacles to the possibilities thus offered for improved access to administration;

(Amendment 6)

Recital 12

>Original text>

(12) Whereas the development of international electronic commerce requires cross-border mechanisms which involve non-member countries; whereas those mechanisms should be developed at a business level; whereas in order to ensure interoperability at a global level, agreements on multilateral rules with non-member countries on mutual recognition of certification services could be beneficial;

>Text following EP vote>

(12)

Whereas the development of international electronic commerce requires cross-border mechanisms which involve non-member countries; whereas those mechanisms should be developed at a business level; whereas in order to ensure interoperability at a global level, agreements on multilateral rules with non-member countries on mutual recognition of certification services could be beneficial; whereas any such agreement would have to respect the right of the European Union and its Member States to maintain and further develop existing rules on data protection;

(Amendment 7)

Recital 12a (new)

>Original text>

>Text following EP vote>

(12a) Whereas such agreements should also cover the issues of data protection and respect for privacy;

(Amendment 9)

Recital 13a (new)

>Original text>

>Text following EP vote>

(13a) Whereas this Directive is without prejudice to existing national provisions concerned with public policy or public security or relating to provision of confidentiality services;

(Amendment 10)

Recital 14

>Original text>

(14) Whereas for the purposes of the application of this Directive, the Commission should be assisted by a consultative Committee;

>Text following EP vote>

(14)

Whereas for the purposes of the application of this Directive, the Commission should be assisted by a contact Committee;

(Amendment 11)

Article 1

>Original text>

This Directive covers the legal recognition of electronic signatures.

>Text following EP vote>

This Directive covers the legal recognition of electronic signatures.

It establishes a legal framework for certain certification services made available to the public.

>Original text>

It does not cover other aspects related to the conclusion and validity of contracts or other non-contractual formalities requiring signatures.

>Text following EP vote>

It does not cover other aspects related to the conclusion and validity of contracts or other non-contractual formalities requiring signatures.

>Original text>

It establishes a legal framework for certain certification services made available to the public.

>Text following EP vote>

Deleted

(Amendment 12)

Article 2(1), introductory paragraph

>Original text>

1. 'electronic signature' means a signature in digital form in, or attached to, or logically associated with, data which is used by a signatory to indicate his approval of the content of that data and meets the following requirements:

>Text following EP vote>

1.

'electronic signature' means a signature in electronic form in, or attached to, or logically associated with, data which is used by a signatory to indicate his approval of the content of that data and meets the following requirements:

(Amendment 13)

Article 2(2)

>Original text>

2. 'signatory' means a person who creates an electronic signature;

>Text following EP vote>

2.

'signatory' means a natural person who, signing on his/her own behalf or on behalf of a legal entity, creates an electronic signature;

(Amendment 14)

Article 2(5)

>Original text>

5. 'qualified certificate' means a digital attestation which links a signature verification device to a person, confirms the identity of that person and meets the requirements laid down in Annex I;

>Text following EP vote>

5.

'qualified certificate' means an electronic attestation which links a signature verification device to a person, confirms the identity of that person and meets the requirements laid down in Annex I;

(Amendment 15)

Article 2(6)

>Original text>

6. 'certification service provider' means a person who, or an entity which, issues certificates or provides other services related to electronic signatures to the public;

>Text following EP vote>

6.

'certification service provider' means a person who, or an independent entity which, issues certificates or provides other services related to electronic signatures to the public;

(Amendment 16)

Article 3(2)

>Original text>

2. Without prejudice to the provisions of paragraph 1, Member States may introduce or maintain voluntary accreditation schemes aiming at enhanced levels of certification service provision. All conditions related to such schemes must be objective, transparent, proportionate and non-discriminatory. Member States may not limit the number of certification service providers for reasons which fall under the scope of this Directive.

>Text following EP vote>

2.

Without prejudice to the provisions of paragraph 1, Member States may introduce or maintain voluntary accreditation schemes aiming at enhanced levels of certification service provision. Member States may also recognise accreditation schemes managed by organisations independent of Member States' administrations whose objective is to improve levels of certification service provision. All conditions related to such schemes must be objective, transparent, proportionate and non-discriminatory. Member States may not limit the number of certification service providers for reasons which fall under the scope of this Directive.

(Amendment 17)

Article 3(4)

>Original text>

4. Member States may make the use of electronic signatures in the public sector subject to additional requirements. Such requirements shall be objective, transparent, proportionate, and non-discriminatory, and shall only relate to the specific characteristics of the application concerned.

>Text following EP vote>

4.

Member States may make the use of electronic signatures in the public sector subject to additional requirements. Such requirements shall be objective, transparent, proportionate, and non-discriminatory, and shall only relate to the specific characteristics of the application concerned. Such requirements may not constitute an obstacle to cross-border services for citizens in the fields of social security benefits and pensions, for example.

(Amendment 18)

Article 5

>Original text>

1. Member States shall ensure that an electronic signature is not denied legal effects, validity and enforceability solely on the grounds that the signature is in an electronic form, or is not based on a qualified certificate, or is not based on a certificate issued by an accredited certification service provider.

>Text following EP vote>

1.

Member States shall ensure that electronic signatures which are based on a qualified certificate issued by a certification service provider which fulfils the requirements set out in Annex II are, on the one hand, recognised as satisfying the legal requirements of a handwritten signature, and on the other, admissible as evidence in legal proceedings in the same manner as handwritten signatures.

>Original text>

2. Member States shall ensure that electronic signatures which are based on a qualified certificate issued by a certification service provider which fulfils the requirements set out in Annex II are, on the one hand, recognised as satisfying the legal requirements of a handwritten signature, and on the other, admissible as evidence in legal proceedings in the same manner as handwritten signatures.

>Text following EP vote>

2.

Member States shall ensure that an electronic signature is not denied legal effects, validity and enforceability solely on the grounds that the signature is in an electronic form, or is not based on a qualified certificate, or is not based on a certificate issued by an accredited certification service provider.

(Amendment 20)

Article 6(1)(b)

>Original text>

(b) compliance with all the requirements of this Directive in issuing the qualified certificate;

>Text following EP vote>

(b)

compliance with all the requirements of Annex I to this Directive in issuing the qualified certificate;

(Amendment 21)

Article 6(3)

>Original text>

3. Member States shall ensure that a certification service provider may indicate in the qualified certificate limits on the uses of a certain certificate. The certification service provider shall not be liable for damages arising from a contrary use of a qualified certificate which includes limits on its uses.

>Text following EP vote>

3.

Member States shall ensure that a certification service provider may indicate in the qualified certificate limits on the uses of a certain certificate. The limit must be sufficiently recognisable to third parties. The certification service provider shall not be liable for damages arising from a contrary use of a qualified certificate which includes limits on its uses.

(Amendment 22)

Article 6(4)

>Original text>

4. Member States shall ensure that a certification service provider may indicate in the qualified certificate a limit on the value of transactions for which the certificate is valid. The certification service provider shall not be liable for damages in excess of that value limit.

>Text following EP vote>

4.

Member States shall ensure that a certification service provider may indicate in the qualified certificate a limit on the value of transactions for which the certificate is valid. The limit must be sufficiently recognisable to third parties. The certification service provider shall not be liable for damages in excess of that value limit.

(Amendment 23)

Article 6(5a) (new)

>Original text>

>Text following EP vote>

5a. Member States shall ensure that certification service providers confine themselves to the tasks laid down in their statutes, which means that they must neither constitute an additional means of verifying information exchanged by electronic means nor be subjected to any form of administrative control.

(Amendment 24)

Article 7(2)

>Original text>

2. In order to facilitate cross-border certification services with non-member countries and legal recognition of electronic signatures originating in non-member countries, the Commission will make proposals where appropriate to achieve the effective implementation of standards and international agreements applicable to certification services. In particular and where necessary, it will submit proposals to the Council for appropriate mandates for the negotiation of bilateral and multilateral agreements with non-member countries and international organisations. The Council shall decide by qualified majority.

>Text following EP vote>

2.

In order to facilitate cross-border certification services with non-member countries and legal recognition of electronic signatures originating in non-member countries, the Commission will make proposals where appropriate to achieve the effective implementation of standards and international agreements applicable to certification services. In particular and where necessary it will submit proposals to the European Parliament and the Council for the negotiation of bilateral and multilateral agreements with non-member countries and international organisations.

(Amendment 25)

Article 8(2)

>Original text>

2. Member States shall ensure that a certification service provider may collect personal data only directly from the data subject and only in so far as it is necessary for the purposes of issuing a certificate. The data may not be collected or processed for other purposes without the consent of the data subject.

>Text following EP vote>

2.

Member States shall ensure that a certification service provider may collect personal data only directly from the data subject, or with the latter's consent, and only in so far as it is necessary for the purposes of issuing a certificate. The data may not be collected or processed for other purposes without the consent of the data subject.

(Amendment 26)

Article 8(3)

>Original text>

3. Member States shall ensure that, at the signatory's request, the certification service provider indicates in the certificate a pseudonym instead of the signatory's name.

>Text following EP vote>

3.

Member States shall ensure that, at the signatory's request, the certification service provider indicates in the certificate a pseudonym instead of the signatory's name provided that this is permitted by their national legislation in non-electronic commercial relations.

(Amendment 27)

Article 8(4)

>Original text>

4. Member States shall ensure that, in the case of persons using pseudonyms, the certification service provider shall transmit the data concerning the identity of those persons to public authorities on request and with the consent of the data subject. Where according to national law the transfer of the data revealing the identity of the data subject is necessary for the investigation of criminal offences relating to the use of electronic signatures under a pseudonym, the transfer shall be recorded and the data subject informed of the transfer of the data relating to him as soon as possible after the investigation has been completed.

>Text following EP vote>

4.

Where, in line with Directive 95/46/EC and according to national law, the transfer of the data revealing the identity of the data subject/signatory to public authorities is necessary for the investigation of criminal offences relating to the use of electronic signatures with pseudonym certificates or necessary for legal claims related to transactions performed using electronic signatures with pseudonym certificates, the transfer shall be recorded and the data subject informed of the transfer.

(Amendment 28)

Article 9

>Original text>

The Commission shall be assisted by a Committee, called the 'Electronic Signature Committee' (hereinafter referred to as 'the Committee'), of an advisory nature composed of the representatives of the Member States and chaired by the representative of the Commission.

>Text following EP vote>

A Contact Committee, chaired by a representative of the Commission and also including representatives of the Member States, shall help to ensure that there is consistency in the implementation of the requirements laid down in Annexes I and II.

>Original text>

The representative of the Commission shall submit to the Committee a draft of the measures to be taken. The Committee shall deliver its opinion on the draft, within a time limit which the Chairman may lay down according to the urgency of the matter, if necessary by taking a vote.

>Text following EP vote>

The Committee shall, in particular, consult industry, users and consumer groups. It shall lay down its rules of procedure.

>Original text>

The opinion shall be recorded in the minutes; in addition, each Member State shall have the right to ask to have its position recorded in the minutes.

>Text following EP vote>

The Committee can also be consulted on the need to develop the requirements in Annex I or II and on the development in the field of generally recognised standards for electronic signatures products pursuant to Article 3(3).

>Original text>

The Commission shall take the utmost account of the opinion delivered by the Committee. It shall inform the Committee of the manner in which its opinion has been taken into account.

>Text following EP vote>

In addition, agenda, draft measures, time limits, implementing measures and minutes (including votes) of the Committee shall be made public and fully transparent in such a way that interested parties can contribute to the work of the Committee at any time.

(Amendment 29)

Article 10

>Original text>

Article 10

Consultation of the Committee

The Committee shall be consulted, where necessary, on the requirements for certification service providers laid down in Annex II and on generally recognised standards for electronic signature products pursuant to Article 3(3).

>Text following EP vote>

Deleted

(Amendment 30)

Article 11

>Original text>

1. Member States shall supply the Commission with the following information:

>Text following EP vote>

1.

Member States shall supply the Commission with the following information:

>Original text>

(a) information on voluntary national accreditation regimes, including any additional requirements pursuant to Article 3(4);

>Text following EP vote>

(a)

information on voluntary national accreditation regimes, including any additional requirements pursuant to Article 3(4);

>Original text>

(b) the names and addresses of the national bodies responsible for accreditation and supervision;

>Text following EP vote>

(b)

the names and addresses of the national recognised bodies responsible for accreditation and supervision;

>Original text>

(c) the names and addresses of accredited national certification service providers.

>Text following EP vote>

(c)

the names and addresses of accredited national certification service providers.

>Original text>

2. Any information supplied under paragraph 1 and changes in respect of that information shall be notified by the Member States as soon as possible.

>Text following EP vote>

2.

Any information supplied under paragraph 1 and changes in respect of that information shall be notified by the Member States and recognised bodies within one month.

(Amendment 31)

Annex I(b)

>Original text>

(b) the unmistakable name of the holder or an unmistakable pseudonym which shall be identified as such;

>Text following EP vote>

(b)

the name of the holder or a pseudonym which shall be identified as such;

(Amendment 32)

Annex I(f)

>Original text>

(f) the unique identity code of the certificate;

>Text following EP vote>

(f)

the identity code of the certificate;

(Amendment 33)

Annex I(i)

>Original text>

(i) limitations on the certification service provider¨s liability and on the value of transactions for which the certificate is valid, if applicable.

>Text following EP vote>

(i)

limitations on the use of the certificate and on the value of transactions for which the certificate is valid, if applicable.

(Amendment 34)

Annex II(e)

>Original text>

(e) use trustworthy systems, and use electronic signature products that ensure protection against modification of the products so that they cannot be used to perform functions other than those for which they have been designed; they must also use electronic signature products that ensure the technical and cryptographic security of the certification processes supported by the products;

>Text following EP vote>

(e)

use trustworthy systems, and use electronic signature products that ensure protection against modification of the products; they must also use electronic signature products that ensure the technical and cryptographic security of the certification processes supported by the products;

Legislative resolution embodying Parliament's opinion on the proposal for a European Parliament and Council Directive on a common framework for electronic signatures (COM(98)0297 - C4-0376/98 - 98/0191(COD))(Codecision procedure: first reading)

The European Parliament,

- having regard to the Commission proposal to Parliament and the Council COM(98)0297 - 98/0191(COD) ((OJ C 325, 23.10.1998, p. 5)),

- having regard to Articles 189b(2), 57, 66 and 100a of the EC Treaty, pursuant to which the Commission submitted the proposal to Parliament (C4-0376/98),

- having regard to Rule 58 of its Rules of Procedure,

- having regard to the report of the Committee on Legal Affairs and Citizens' Rights and the opinions of the Committee on Economic and Monetary Affairs and Industrial Policy and the Committee on Civil Liberties and Internal Affairs (A4-0507/98),

1. Approves the Commission proposal, subject to Parliament's amendments;

2. Calls on the Commission to alter its proposal accordingly, pursuant to Article 189a(2) of the EC Treaty;

3. Calls on the Council to incorporate Parliament's amendments in the common position that it adopts in accordance with Article 189b(2) of the EC Treaty;

4. Points out that the Commission is required to submit to Parliament any modification it may intend to make to its proposal as amended by Parliament;

5. Instructs its President to forward this opinion to the Council and Commission.