51998AR0332

Opinion of the Committee of the Regions on the 'Proposal for a European Parliament and Council Directive on a common framework for electronic signatures` (1999/C 93/06)

THE COMMITTEE OF THE REGIONS,

having regard to the proposal for a European Parliament and Council Directive on a common framework for electronic signatures (COM(1998) 297 final - 98/0191 COD) ();

having regard to the Council's decision of 30 July 1998 to consult the Committee of the Regions on this subject in accordance with the first paragraph of Article 198c of the Treaty establishing the European Community;

having regard to the decision of its Bureau of 16 September 1998 to instruct Commission 3 for Trans-European Networks, Transport and Information Society to draw up the relevant opinion;

having regard to its Opinion (CdR 350/97 fin) () on the Communication from the Commission to the Council, the European Parliament, the Economic and Social Committee and the Committee of the Regions on a European initiative in electronic commerce (COM(97) 157 final);

having regard to the Draft Opinion (CdR 332/98 rev.) adopted by Commission 3 on 27 November 1998 (rapporteur: Mr Koivisto),

unanimously adopted the following opinion at its 27th plenary session on 13 and 14 January 1999 (meeting of 14 January).

1. Introduction

The Committee of the Regions

1.1. welcomes the Commission's proposal for a directive and notes that the proposal takes into account the general principles set out by the Committee in, inter alia, its opinion on the initiative in electronic commerce;

1.2. emphasizes the need, with regard to both the internal market and the regions, to work towards procedures which are as uniform as possible on a global level;

1.3. endorses the Commission's view that the provision of certification services should not be subject to prior authorization;

1.4. underlines, in particular, the need to develop legislation governing services provided by public administrations in such a way that electronic signatures are accepted in the same manner as hand written signatures;

1.5. agrees with the Commission that it is important that laws on electronic signatures are neutral with respect to the technology used;

1.6. notes that the explanatory memorandum in the Commission proposal focuses exclusively on the needs of electronic commerce, although electronic signatures and certification services are also of great importance for the development of new services provided by public administrations at local and regional level;

1.7. feels that, for the time being, the freedom to provide certification services and the possibility to use closed systems will nevertheless secure the development of public services based on electronic signatures at local and regional level;

1.8. considers that it is necessary for the development of services provided by public administrations to examine and define in more detail the relation between the general scope of the directive and the closed systems referred to in the proposal;

1.9. hopes that the Commission will take appropriate steps should the methods used in applying electronic signatures in public administration in Europe diverge to the extent that citizens' freedom of movement is hampered;

1.10. calls on the Commission to monitor the situation and, where necessary, take appropriate action, if the easier use of electronic signatures leads to increasingly frequent demands for precise recognition in the public and private sectors even though this is not necessary from the point of view of the transaction or service concerned;

1.11. considers it essential for the adoption of electronic signatures within a suitably short time frame that Commission resources are used specifically to increase awareness of the opportunities offered by electronic signatures and to implement applications and services based upon them.

2. Aim and scope of the proposed directive

2.1. The proposed directive aims at ensuring the proper functioning of the internal market in the field of electronic signatures by creating a harmonized and appropriate legal framework for the use of electronic signatures within the European Community and establishing a set of criteria which form the basis for the legal recognition of electronic signatures.

2.2. According to the proposal, global electronic communication and commerce are dependent upon the progressive adaptation of national and international laws to the rapidly evolving technological infrastructure. Even though in many cases application of existing laws could provide satisfactory solutions, it may be necessary to adapt these laws in response to new technologies in order to avoid inappropriate and undesirable effects. Although digital signatures produced using cryptographic techniques are currently regarded as an important type of electronic signature, the Commission believes that a European regulatory framework must be flexible enough to cover other techniques that may be used to provide authentication.

2.3. Electronic signature technology has obvious applications in closed environments as well, e.g. in firms' local area networks or bank systems. Certificates and electronic signatures are also used for authorization purposes, e.g. to access a private account. In national law, the principle of contractual freedom enables contracting parties to agree among themselves on the terms and conditions under which they do business, e.g. on whether or not they accept electronic signatures. There is no obvious need for regulation in these areas.

2.4. Given the range of services and their potential application, the Commission feels that certification service providers should be allowed to offer their services without being required to obtain prior authorization. Service providers may, however, wish to benefit from the legal validity associated with electronic signatures by participating in voluntary accreditation schemes linked to common requirements. According to the Commission, accreditation should be seen as a public service which is available to certification service providers who wish to offer high quality services. Under no circumstances, however, should this imply that a non-accredited service is automatically less secure.

2.5. A certification service provider may offer a wide range of services. The proposed directive focuses particularly on certification services in connection with electronic signatures. Certificates can be used for a variety of purposes and can contain different items of information. They may contain conventional identifiers such as name, address, registration number or social security number, VAT or tax identification number, or specific attributes of the signatory, e.g. authority to act on behalf of a company, creditworthiness, the existence of payment guarantees or the holding of specific permits or licences. Thus a wide variety of certificates may exist and be used for many different purposes. However, a legal framework is needed mainly so that certificates can be used for authentication of electronic signatures.

2.6. The legal effects of electronic signatures are a key element in an open but trustworthy system for electronic signatures. In the view of the Commission, application of the proposed directive would contribute to the harmonization of the legal framework within the Community by ensuring that an electronic signature is not denied legal validity solely on the grounds that it is in electronic form, or not based upon a qualified certificate, or not based upon a certificate issued by an accredited certification service provider. It would also ensure that electronic signatures are recognized legally in the same way as hand written signatures. Moreover, national arrangements concerning the admission of evidence in legal proceedings would be required to recognize the use of electronic signatures.

2.7. The legal recognition of electronic signatures should be based upon objective, transparent, non-discriminatory and proportional criteria and not be linked to any authorization or accreditation of the service provider involved. Common requirements for certification service providers would support the cross-border recognition of signatures and certificates within the European Community. According to the proposal, these requirements must be applicable to certification service providers, irrespective of the type of accreditation scheme employed in individual Member States. Since technological progress or market development might call for adaptations, the requirements may need to be revised from time to time. The Commission may propose revised sets of requirements on the basis of advice it receives in the future.

2.8. Common liability rules would support the trust-building process for both consumers and businesses that rely on certificates and for service providers, and thus would promote the wide acceptance of electronic signatures.

2.9. Cooperative mechanisms supporting the cross-border recognition of signatures and certificates with third countries are important for the development of international electronic commerce. In particular, enabling certification service providers within the Community to vouch for certificates to the same degree that they guarantee their own certificates could facilitate cross-border services in a simple but efficient way.

3. Specific comments

3.1. The Committee of the Regions notes that it has already highlighted the key importance for the expansion of electronic commerce of the existence of a coherent legal and regulatory framework at both European and global level, in, inter alia, its earlier opinion on the European initiative in electronic commerce. The Committee therefore welcomes the Commission's proposal, and hopes that the directive will be enacted and implemented swiftly, in part so as to avoid divergence in national legislation and in procedures applied in the business sector and public administration.

3.2. The Committee calls on the Commission to take active steps to seek to ensure that the legal and regulatory approach towards electronic signatures set out in the proposal also gains acceptance at global level. Failing that, the Commission should endeavour to adapt the proposed directive to the provisions of the most general of the current international initiatives in this area. Otherwise a situation could arise where SMEs, in particular, encounter insurmountable problems in seeking to develop commercial relations with regions outside the internal market. Naturally, a balance must be struck between meeting this objective and the speedy adoption of electronic signatures within the European Union.

3.3. The Committee would also draw attention to the fact that a legal and regulatory framework for electronic signatures which is accepted over an area larger than the EU can make an important contribution to efforts to shorten adjustment periods for new regions in connection with enlargement and help to speed up the development of infrastructure within these regions.

3.4. The Committee of the Regions endorses the Commission's view, as cogently argued in the proposal, that certification services should not be subject to prior authorization and that service providers should be under no obligation to join an accreditation scheme.

3.5. The Committee also agrees with the Commission on the need to ensure that electronic signatures are recognized legally in the same manner as hand written signatures, and would stress particularly the key role to be played by public administrations in revising the rules governing their own activities.

3.6. The Committee feels that the development of new services now under way in local and regional administrations and the business sector requires that the general rules governing the use of electronic signatures should, as far as possible, be independent of the particular technology applied.

3.7. The Committee notes that the proposal's explanatory memorandum focuses on creating conditions conducive to electronic commerce. Although electronic commerce is important, several projects are under way in various EU regions which are aimed at developing the services provided by local and regional administrations, an essential component of which is electronic recognition of the parties involved. The Committee of the Regions deplores the fact that there is no mention in the explanatory memorandum of what, from the point of view of citizens, is a development of particular importance.

3.8. In the short run, however, the freedom to provide certification services and the possibility to use closed systems will ensure that development projects in local and regional administration can be implemented in accordance with relevant needs. The Committee of the Regions nevertheless hopes that the Commission will monitor the development of the use of electronic signatures in public services in Europe and, where necessary, take appropriate action in the event that divergence in the methods applied poses a real obstacle to implementation of the principle of citizens' freedom of movement.

3.9. The Committee of the Regions would draw the Commission's attention to the fact that the proposal does not state explicitly what the essential difference is between the general scope of the directive and the closed systems mentioned in the proposal. As an example of an area where application is unclear, the Committee cites services which a municipality offers local inhabitants and which require the use of either a hand written signature or an electronic signature.

3.10. The Committee endorses the Commission's views on the need to ensure a high level of data protection, especially in the provision of certification services. The Committee nevertheless expects the Commission, and particularly the Electronic Signature Committee which it is proposed to set up, to also monitor, from the point of view of privacy protection, that the technical ease of using electronic signatures does not lead to the introduction of recognition in transactions where it is not absolutely necessary. Such a development could be regarded as posing a threat to, for example, transparency in administrative dealings by requiring recognition in situations where anonymity is appropriate. Similarly, in electronic commerce, it would be enough in most cases to verify that a payment is effected by the client and received by the supplier.

3.11. The Committee considers that it is important that the use of electronic signatures increases quickly. The existence of a sufficient volume of transactions is essential both for commercial certification services and the expansion of electronic commerce. Moreover, the widespread adoption of electronic signatures would lower the cost of public services. It is particularly important from the regional point of view that resources available under the Fifth Framework Programme and other resources available to the Commission are used to increase awareness of the practical opportunities offered by electronic signatures and to support implementation of European applications and services that will boost the use of electronic signatures.

Brussels, 14 January 1999.

The President of the Committee of the Regions

Manfred DAMMEYER

() OJ C 325, 23.10.1998, p. 5.

() OJ C 180, 11.6.1998, p. 19.