31.7.2010 |
EN |
Official Journal of the European Union |
L 199/30 |
COMMISSION DECISION
of 28 July 2010
amending Decision 2009/767/EC as regards the establishment, maintenance and publication of trusted lists of certification service providers supervised/accredited by Member States
(notified under document C(2010) 5063)
(Text with EEA relevance)
(2010/425/EU)
THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Directive 2006/123/EC of the European Parliament and of the Council of 12 December 2006 on services in the internal market (1), and in particular Article 8(3) thereof,
Whereas:
(1) |
The cross-border use of advanced electronic signatures supported by a qualified certificate and created with or without a secure signature creation device has been facilitated through Commission Decision 2009/767/EC of 16 October 2009 setting out measures facilitating the use of procedures by electronic means through the ‘points of single contact’ under Directive 2006/123/EC of the European Parliament and of the Council on services in the internal market (2) which obliges Member States to make available information necessary for the validation of these electronic signatures. In particular, Member States must make available in their so-called ‘trusted lists’ information on certification service providers issuing qualified certificates to the public in accordance with Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures (3) and supervised/accredited by them and on the services they offer. |
(2) |
A number of practical tests with the European Telecommunications Standards Institute (ETSI) have been organised to allow Member States to check the conformity of their trusted lists with the specifications set out in the Annex to Decision 2009/767/EC. These tests have demonstrated that some technical changes are needed in the technical specifications in the Annex to Decision 2009/767/EC, to ensure functioning and interoperable trusted lists. |
(3) |
These tests also confirmed the need for Member States to make publicly available not only the human readable versions of their trusted lists as required by Decision 2009/767/EC but also the machine processable forms of these. The manual use of the human readable form of the trusted lists can be relatively complex and time consuming when Member States have a high number of certification service providers. The publication of the machine processable forms of trusted lists will facilitate their use by allowing for their automated processing and thereby enhance their use in public electronic services. |
(4) |
In order to facilitate access to the national trusted lists, Member States should notify to the Commission information related to the location and protection of their trusted lists. This information should be made available by the Commission to other Member States in a secure manner. |
(5) |
The results of these practical tests on Member States’ trusted lists should be taken into account in order to allow for an automated use of the lists and to facilitate access to them. |
(6) |
Decision 2009/767/EC should therefore be amended accordingly. |
(7) |
For the purpose of allowing Member States to carry out the required technical changes to their current trusted lists it is appropriate that this Decision applies as of 1 December 2010. |
(8) |
The measures provided for in this Decision are in accordance with the opinion of the Services Directive Committee, |
HAS ADOPTED THIS DECISION:
Article 1
Amendments to Decision 2009/767/EC
Decision 2009/767/EC is amended as follows:
1. |
Article 2 is amended as follows:
|
2. |
the Annex is amended as set out in the Annex to this Decision. |
Article 2
Application
This Decision shall apply from 1 December 2010.
Article 3
Addressees
This Decision is addressed to the Member States.
Done at Brussels, 28 July 2010.
For the Commission
Michel BARNIER
Member of the Commission
(1) OJ L 376, 27.12.2006, p. 36.
ANNEX
The Annex to Decision 2009/767/EC is amended as follows:
1. |
Chapter I is amended as follows:
|
2. |
Chapter II is replaced by the following: ‘CHAPTER II When establishing their Trusted Lists, Member States will use:
When a Latin script is present (with its proper language code) a transliteration in Latin script with the related language codes specified in the Table below is added.
|
3. |
Chapter III is deleted; |
4. |
in Chapter IV, the following indent is inserted after the introductory phrase ‘The content of the PDF/A based HR form of the TSL implementation of the Trusted List SHOULD comply with the following requirements:’:
|
(*1) In case the human readable TSL implementation of the Trusted List is not signed, its authenticity and integrity MUST be guaranteed by an appropriate communication channel with an equivalent security level. Use of TLS (IETF RFC 5246: “The Transport Layer Security (TLS) Protocol Version 1.2”) is recommended for this purpose and the fingerprint of the certificate of the TLS channel MUST be made available out of band to the TSL users by the Member State.
(*2) ETSI TS 102 778-3 — Electronic Signatures and Infrastructures (ESI): PDF Advanced Electronic Signature Profiles; Part 3: PAdES Enhanced — PAdES-BES and PAdES-EPES Profiles.
(*3) ETSI TS 102 778-2 — Electronic Signatures and Infrastructures (ESI): PDF Advanced Electronic Signature Profiles; Part 2: PAdES Basic — Profile based on ISO 32000-1.
(*4) It is mandatory to protect the Scheme Operator signing certificate with the signature in one of the ways specified by ETSI TS 101 903 and the ds:keyInfo should contain the relevant certificate chain when applicable.’;’
(*5) Latin transliteration: България = Bulgaria; Ελλάδα = Elláda; Κύπρος = Kýpros.’