| 28.8.2014 | SL | Uradni list Evropske unije | L 257/73 | 28.8.2014 | EN | Official Journal of the European Union | L 257/73 |
| UREDBA (EU) št. 910/2014 EVROPSKEGA PARLAMENTA IN SVETA | REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL |
| z dne 23. julija 2014 | of 23 July 2014 |
| o elektronski identifikaciji in storitvah zaupanja za elektronske transakcije na notranjem trgu in o razveljavitvi Direktive 1999/93/ES | on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC |
| EVROPSKI PARLAMENT IN SVET EVROPSKE UNIJE STA – | THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION, |
| ob upoštevanju Pogodbe o delovanju Evropske unije in zlasti člena 114 Pogodbe, | Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 thereof, |
| ob upoštevanju predloga Evropske komisije, | Having regard to the proposal from the European Commission, |
| po posredovanju osnutka zakonodajnega akta nacionalnim parlamentom, | After transmission of the draft legislative act to the national parliaments, |
| ob upoštevanju mnenja Evropskega ekonomsko-socialnega odbora (1), | Having regard to the opinion of the European Economic and Social Committee (1), |
| v skladu z rednim zakonodajnim postopkom (2), | Acting in accordance with the ordinary legislative procedure (2), |
| ob upoštevanju naslednjega: | Whereas: |
| (1) | Ustvarjanje zaupanja v spletno okolje je ključ do gospodarskega in družbenega razvoja. Zaradi pomanjkanja zaupanja, zlasti občutka, da je pravna varnost pomanjkljiva, potrošniki, podjetja in javni organi oklevajo pri izvajanju elektronskih transakcij in sprejemanju novih storitev. | (1) | Building trust in the online environment is key to economic and social development. Lack of trust, in particular because of a perceived lack of legal certainty, makes consumers, businesses and public authorities hesitate to carry out transactions electronically and to adopt new services. |
| (2) | Namen te uredbe je okrepiti zaupanje v elektronske transakcije na notranjem trgu, tako da se zagotovi skupni temelj za varne elektronske interakcije med državljani, podjetji in javnimi organi, s čimer bi se povečala učinkovitost javnih in zasebnih spletnih storitev, elektronskega poslovanja ter elektronskega trgovanja v Uniji. | (2) | This Regulation seeks to enhance trust in electronic transactions in the internal market by providing a common foundation for secure electronic interaction between citizens, businesses and public authorities, thereby increasing the effectiveness of public and private online services, electronic business and electronic commerce in the Union. |
| (3) | Direktiva Evropskega parlamenta in Sveta 1999/93/ES (3) je obravnavala elektronske podpise, ni pa zagotovila celovitega čezmejnega in medsektorskega okvira za varne in zaupanja vredne elektronske transakcije, ki bi bile enostavne za uporabo. Ta uredba krepi in razširja področje uporabe navedene direktive. | (3) | Directive 1999/93/EC of the European Parliament and of the Council (3), dealt with electronic signatures without delivering a comprehensive cross-border and cross-sector framework for secure, trustworthy and easy-to-use electronic transactions. This Regulation enhances and expands the acquis of that Directive. |
| (4) | Komisija je v sporočilu z dne 26. avgusta 2010 z naslovom „Evropska digitalna agenda“ opredelila razdrobljenost digitalnega trga, pomanjkanje interoperabilnosti in naraščanje kibernetske kriminalitete kot glavne ovire za uspešen krog digitalnega gospodarstva. V poročilu o državljanstvu EU iz leta 2010 z naslovom „Odpravljanje ovir za pravice državljanov EU“ je nadalje izpostavila, da je treba odpraviti glavne težave, ki državljanom Unije preprečujejo, da bi koristili ugodnosti enotnega digitalnega trga in čezmejnih digitalnih storitev. | (4) | The Commission communication of 26 August 2010 entitled ‘A Digital Agenda for Europe’ identified the fragmentation of the digital market, the lack of interoperability and the rise in cybercrime as major obstacles to the virtuous cycle of the digital economy. In its EU Citizenship Report 2010, entitled ‘Dismantling the obstacles to EU citizens’ rights’, the Commission further highlighted the need to solve the main problems that prevent Union citizens from enjoying the benefits of a digital single market and cross-border digital services. |
| (5) | Evropski svet je v svojih sklepih z dne 4. februarja 2011 in 23. oktobra 2011 Komisijo pozval, da do leta 2015 vzpostavi enotni digitalni trg, da bi se zagotovil hiter napredek na ključnih področjih digitalnega gospodarstva in se z lajšanjem čezmejne uporabe spletnih storitev, zlasti omogočanjem varne elektronske identifikacije in avtentikacije, spodbudil popolnoma povezan enotni digitalni trg. | (5) | In its conclusions of 4 February 2011 and of 23 October 2011, the European Council invited the Commission to create a digital single market by 2015, to make rapid progress in key areas of the digital economy and to promote a fully integrated digital single market by facilitating the cross-border use of online services, with particular attention to facilitating secure electronic identification and authentication. |
| (6) | V svojih sklepih z dne 27. maja 2011 je Svet Komisijo pozval, da prispeva k enotnemu digitalnemu trgu, tako da oblikuje ustrezne pogoje za čezmejno vzajemno priznavanje ključnih dejavnikov, kot so elektronska identifikacija, elektronski dokumenti, elektronski podpisi in storitve elektronske dostave, ter za interoperabilne storitve e-uprave po vsej Evropski uniji. | (6) | In its conclusions of 27 May 2011, the Council invited the Commission to contribute to the digital single market by creating appropriate conditions for the mutual recognition of key enablers across borders, such as electronic identification, electronic documents, electronic signatures and electronic delivery services, and for interoperable e-government services across the European Union. |
| (7) | Evropski parlament je v svoji resoluciji z dne 21. septembra 2010 o dokončnem oblikovanju notranjega trga za elektronsko poslovanje (4) poudaril pomen varnosti elektronskih storitev, zlasti elektronskih podpisov, in potrebo po vzpostavitvi infrastrukture javnih ključev na vseevropski ravni ter pozval Komisijo, da vzpostavi evropski portal za organe potrjevanja, da se zagotovi čezmejna interoperabilnost elektronskih podpisov in izboljša varnost transakcij prek spleta. | (7) | The European Parliament, in its resolution of 21 September 2010 on completing the internal market for e-commerce (4), stressed the importance of the security of electronic services, especially of electronic signatures, and of the need to create a public key infrastructure at pan-European level, and called on the Commission to set up a European validation authorities gateway to ensure the cross-border interoperability of electronic signatures and to increase the security of transactions carried out using the internet. |
| (8) | V skladu z Direktivo 2006/123/ES Evropskega parlamenta in Sveta (5) morajo države članice vzpostaviti „enotne kontaktne točke“, s katerimi zagotovijo, da se vsi postopki in formalnosti v zvezi z dostopom do storitvene dejavnosti in opravljanjem te dejavnosti lahko enostavno zaključijo na daljavo in po elektronski poti prek ustrezne enotne kontaktne točke pri ustreznih pristojnih organih. Številne spletne storitve, dostopne prek enotnih kontaktnih točk, zahtevajo elektronsko identifikacijo, avtentikacijo in podpis. | (8) | Directive 2006/123/EC of the European Parliament and of the Council (5) requires Member States to establish ‘points of single contact’ (PSCs) to ensure that all procedures and formalities relating to access to a service activity and to the exercise thereof can be easily completed, at a distance and by electronic means, through the appropriate PSC with the appropriate authorities. Many online services accessible through PSCs require electronic identification, authentication and signature. |
| (9) | V večini primerov državljani ne morejo uporabljati svoje elektronske identifikacije za svojo avtentikacijo v drugi državi članici, ker nacionalne sheme elektronske identifikacije iz njihove države niso priznane v drugih državah članicah. Ta elektronska ovira ponudnikom storitev preprečuje, da bi v celoti izkoristili ugodnosti notranjega trga. Vzajemno priznana sredstva elektronske identifikacije bodo poenostavila čezmejno zagotavljanje številnih storitev na notranjem trgu in podjetjem omogočila čezmejno poslovanje brez številnih ovir pri interakciji z javnimi organi. | (9) | In most cases, citizens cannot use their electronic identification to authenticate themselves in another Member State because the national electronic identification schemes in their country are not recognised in other Member States. That electronic barrier excludes service providers from enjoying the full benefits of the internal market. Mutually recognised electronic identification means will facilitate cross-border provision of numerous services in the internal market and enable businesses to operate on a cross-border basis without facing many obstacles in interactions with public authorities. |
| (10) | Direktiva 2011/24/EU Evropskega parlamenta in Sveta (6) vzpostavlja mrežo nacionalnih organov, pristojnih za e-zdravje. Da bi se izboljšali varnost in neprekinjenost čezmejnega zdravstvenega varstva, mora mreža pripraviti smernice za čezmejni dostop do elektronskih zdravstvenih podatkov in storitev ter podpreti skupne ukrepe „za identifikacijo in avtentikacijo, na podlagi katerih se olajša prenosljivost podatkov v čezmejnem zdravstvenem varstvu“. Vzajemno priznavanje elektronske identifikacije in avtentikacije je ključno pri uresničevanju čezmejnega zdravstvenega varstva evropskih državljanov. Kadar ljudje potujejo zaradi zdravljenja, morajo biti njihovi zdravstveni podatki dostopni v državi zdravljenja. To zahteva trden in varen okvir za elektronsko identifikacijo, v katerega se zaupa. | (10) | Directive 2011/24/EU of the European Parliament and of the Council (6) set up a network of national authorities responsible for e-health. To enhance the safety and the continuity of cross-border healthcare, the network is required to produce guidelines on cross-border access to electronic health data and services, including by supporting ‘common identification and authentication measures to facilitate transferability of data in cross-border healthcare’. Mutual recognition of electronic identification and authentication is key to making cross-border healthcare for European citizens a reality. When people travel for treatment, their medical data need to be accessible in the country of treatment. That requires a solid, safe and trusted electronic identification framework. |
| (11) | To uredbo bi bilo treba uporabljati ob doslednem spoštovanju načel glede varstva osebnih podatkov iz Direktive 95/46/ES Evropskega parlamenta in Sveta (7). V zvezi s tem bi morala avtentikacija za spletno storitev, ob upoštevanju načela vzajemnega priznavanja iz te uredbe, zajemati obdelavo le tistih identifikacijskih podatkov, ki so ustrezni in relevantni ter niso pretirani za odobritev dostopa do te spletne storitve. Poleg tega bi morali tudi ponudniki storitev zaupanja in nadzorni organi spoštovati zahteve iz Direktive 95/46/ES v zvezi z zaupnostjo in varnostjo obdelave. | (11) | This Regulation should be applied in full compliance with the principles relating to the protection of personal data provided for in Directive 95/46/EC of the European Parliament and of the Council (7). In this respect, having regard to the principle of mutual recognition established by this Regulation, authentication for an online service should concern processing of only those identification data that are adequate, relevant and not excessive to grant access to that service online. Furthermore, requirements under Directive 95/46/EC concerning confidentiality and security of processing should be respected by trust service providers and supervisory bodies. |
| (12) | Eden od ciljev te uredbe je odpraviti obstoječe ovire za čezmejno uporabo sredstev elektronske identifikacije, ki se v državah članicah uporabljajo za avtentikacijo, vsaj za javne storitve. Namen te uredbe ni posegati v elektronske sisteme za upravljanje identitete in z njimi povezane infrastrukture, vzpostavljene v državah članicah. Cilj te uredbe je zagotoviti, da je za dostop do čezmejnih spletnih storitev, ki jih zagotavljajo države članice, mogoča varna elektronska identifikacija in avtentikacija. | (12) | One of the objectives of this Regulation is to remove existing barriers to the cross-border use of electronic identification means used in the Member States to authenticate, for at least public services. This Regulation does not aim to intervene with regard to electronic identity management systems and related infrastructures established in Member States. The aim of this Regulation is to ensure that for access to cross-border online services offered by Member States, secure electronic identification and authentication is possible. |
| (13) | Države članice bi morale imeti možnost, da še naprej prosto uporabljajo ali uvajajo sredstva za namene elektronske identifikacije za dostop do spletnih storitev. Prav tako bi morale imeti možnost, da se same odločijo, ali bodo v zagotavljanje teh sredstev vključile zasebni sektor. Države članice ne bi smele biti zavezane k priglasitvi shem elektronske identifikacije Komisiji. Kar zadeva sheme elektronske identifikacije, ki se na nacionalni ravni uporabljajo za dostop vsaj do javnih spletnih storitev ali posebnih storitev, se lahko države članice same odločijo, ali bodo Komisiji priglasile vse sheme, samo nekatere ali nobene. | (13) | Member States should remain free to use or to introduce means for the purposes of electronic identification for accessing online services. They should also be able to decide whether to involve the private sector in the provision of those means. Member States should not be obliged to notify their electronic identification schemes to the Commission. The choice to notify the Commission of all, some or none of the electronic identification schemes used at national level to access at least public online services or specific services is up to Member States. |
| (14) | V uredbi je treba določiti nekaj pogojev v zvezi s tem, katera sredstva elektronske identifikacije je treba priznati in kako se sheme elektronske identifikacije priglasijo. Ti pogoji bi državam članicam morali pomagati pri krepitvi potrebnega zaupanja v sheme elektronske identifikacije drugih držav članic in vzajemnem priznavanju sredstev elektronske identifikacije, ki spadajo v priglašene sheme. Načelo vzajemnega priznavanja bi se moralo uporabljati, če shema elektronske identifikacije države članice priglasiteljice izpolnjuje pogoje priglasitve, priglasitev pa je bila objavljena v Uradnem listu Evropske unije. Načelo vzajemnega priznavanja pa bi se moralo nanašati le na avtentikacijo za spletno storitev. Dostop do teh spletnih storitev in njihova končna dostava prosilcu bi morala biti tesno povezana s pravico do prejema takšnih storitev pod pogoji iz nacionalne zakonodaje. | (14) | Some conditions need to be set out in this Regulation with regard to which electronic identification means have to be recognised and how the electronic identification schemes should be notified. Those conditions should help Member States to build the necessary trust in each other’s electronic identification schemes and to mutually recognise electronic identification means falling under their notified schemes. The principle of mutual recognition should apply if the notifying Member State’s electronic identification scheme meets the conditions of notification and the notification was published in the Official Journal of the European Union. However, the principle of mutual recognition should only relate to authentication for an online service. The access to those online services and their final delivery to the applicant should be closely linked to the right to receive such services under the conditions set out in national legislation. |
| (15) | Obveznost priznavanja sredstev elektronske identifikacije bi morala zadevati le tista sredstva, katerih raven zanesljivosti identitete ustreza ravni, ki je enaka ali višja od zahtevane ravni za zadevno spletno storitev. Poleg tega bi bilo treba to obveznost uporabljati le, kadar zadevni organ javnega sektorja uporablja „srednjo“ ali „visoko“ raven zanesljivosti glede dostopa do te spletne storitve. Države članice bi morale imeti v skladu s pravom Unije možnost, da priznajo sredstva elektronske identifikacije z nižjimi ravnmi zanesljivosti identitete. | (15) | The obligation to recognise electronic identification means should relate only to those means the identity assurance level of which corresponds to the level equal to or higher than the level required for the online service in question. In addition, that obligation should only apply when the public sector body in question uses the assurance level ‘substantial’ or ‘high’ in relation to accessing that service online. Member States should remain free, in accordance with Union law, to recognise electronic identification means having lower identity assurance levels. |
| (16) | Ravni zanesljivosti bi morale označevati stopnjo zaupanja, ki jo sredstvo elektronske identifikacije zagotavlja pri ugotavljanju identitete osebe, s čimer se zagotovi, da je oseba, ki izkazuje določeno identiteto, dejansko oseba, ki ji je bila ta identiteta dodeljena. Raven zanesljivosti je odvisna od stopnje zaupanja v izkazano ali zagotavljano identiteto osebe, ki jo zagotavlja sredstvo elektronske identifikacije, pri čemer se upoštevajo postopki (na primer dokazovanje in preverjanje identitete ter avtentikacija), upravljanje (na primer subjekt, ki izda sredstvo elektronske identifikacije in postopek za izdajo takšnega sredstva) in opravljen tehnični nadzor. Obstajajo različne tehnične opredelitve in opisi ravni zanesljivosti, ki so rezultat vse-evropskih pilotnih projektov, financiranih s sredstvi Unije, standardizacije in mednarodnih dejavnosti. Zlasti vse-evropski pilotni projekt STORK in ISO 29115 se med drugim sklicujeta na ravni 2, 3 in 4, ki bi jih bilo treba v celoti upoštevati pri določanju minimalnih tehničnih zahtev, standardov in postopkov za nizko, srednjo in visoko raven zanesljivosti v smislu te uredbe, pri čemer se zagotavlja skladna uporaba te uredbe, zlasti kar zadeva visoko raven zanesljivosti, povezano z dokazovanjem identitete ob izdaji kvalificiranih potrdil. Opredeljene zahteve bi morale biti tehnološko nevtralne. Dopustiti bi bilo treba možnost, da se potrebne varnostne zahteve izpolnijo z uporabo različnih tehnologij. | (16) | Assurance levels should characterise the degree of confidence in electronic identification means in establishing the identity of a person, thus providing assurance that the person claiming a particular identity is in fact the person to which that identity was assigned. The assurance level depends on the degree of confidence that electronic identification means provides in claimed or asserted identity of a person taking into account processes (for example, identity proofing and verification, and authentication), management activities (for example, the entity issuing electronic identification means and the procedure to issue such means) and technical controls implemented. Various technical definitions and descriptions of assurance levels exist as the result of Union-funded Large-Scale Pilots, standardisation and international activities. In particular, the Large-Scale Pilot STORK and ISO 29115 refer, inter alia, to levels 2, 3 and 4, which should be taken into utmost account in establishing minimum technical requirements, standards and procedures for the assurances levels low, substantial and high within the meaning of this Regulation, while ensuring consistent application of this Regulation in particular with regard to assurance level high related to identity proofing for issuing qualified certificates. The requirements established should be technology-neutral. It should be possible to achieve the necessary security requirements through different technologies. |
| (17) | Države članice bi morale spodbujati zasebni sektor, da prostovoljno uporablja sredstva elektronske identifikacije v okviru priglašene sheme za namene identifikacije, kadar je to potrebno za spletne storitve ali elektronske transakcije. Možnost uporabe takšnih sredstev elektronske identifikacije bi zasebnemu sektorju omogočila uporabo elektronske identifikacije in avtentikacije, ki se v številnih državah članicah že uporabljata vsaj za javne storitve, podjetja in državljani pa bi tako imeli lažji dostop do čezmejnih spletnih storitev. Da bi zasebnemu sektorju olajšali čezmejno uporabo takšnih sredstev elektronske identifikacije, bi morala biti možnost avtentikacije, ki jo zagotavlja katera koli država članica, na voljo zanašajočim se strankam iz zasebnega sektorja, ki nimajo sedeža na ozemlju te države članice, pod enakimi pogoji, kot veljajo za zanašajoče se stranke iz zasebnega sektorja, ki imajo sedež v tej državi članici. Zato lahko država članica priglasiteljica za zanašajoče se stranke iz zasebnega sektorja določi pogoje za dostop do sredstva avtentikacije. V takšnih pogojih za dostop je lahko navedeno, ali je sredstvo avtentikacije, povezano s priglašeno shemo, trenutno na voljo zanašajočim se strankam iz zasebnega sektorja. | (17) | Member States should encourage the private sector to voluntarily use electronic identification means under a notified scheme for identification purposes when needed for online services or electronic transactions. The possibility to use such electronic identification means would enable the private sector to rely on electronic identification and authentication already largely used in many Member States at least for public services and to make it easier for businesses and citizens to access their online services across borders. In order to facilitate the use of such electronic identification means across borders by the private sector, the authentication possibility provided by any Member State should be available to private sector relying parties established outside of the territory of that Member State under the same conditions as applied to private sector relying parties established within that Member State. Consequently, with regard to private sector relying parties, the notifying Member State may define terms of access to the authentication means. Such terms of access may inform whether the authentication means related to the notified scheme is presently available to private sector relying parties. |
| (18) | Ta uredba bi morala določati odgovornost države članice priglasiteljice, izdajatelja sredstva elektronske identifikacije, in stranke, ki opravi postopek avtentikacije, v primeru neizpolnjevanja ustreznih obveznosti v skladu s to uredbo. Vendar bi se ta uredba morala uporabljati v skladu z nacionalnimi pravili o odgovornosti. Zato ne vpliva na navedena nacionalna pravila, na primer o opredelitvi škode, ali na ustrezna veljavna postopkovna pravila, tudi o dokaznem bremenu. | (18) | This Regulation should provide for the liability of the notifying Member State, the party issuing the electronic identification means and the party operating the authentication procedure for failure to comply with the relevant obligations under this Regulation. However, this Regulation should be applied in accordance with national rules on liability. Therefore, it does not affect those national rules on, for example, definition of damages or relevant applicable procedural rules, including the burden of proof. |
| (19) | Varnost shem elektronske identifikacije je ključna za zaupanja vredno čezmejno vzajemno priznavanje sredstev elektronske identifikacije. V zvezi s tem bi morale države članice sodelovati pri zagotavljanju varnosti in interoperabilnosti shem elektronske identifikacije na ravni Unije. Če bi za sheme elektronske identifikacije potrebovali posebno strojno ali programsko opremo, ki bi jo uporabljale zanašajoče se stranke na nacionalni ravni, te države članice zaradi čezmejne interoperabilnosti ne bi smele naložiti takšnih zahtev in z njimi povezanih stroškov zanašajočim se strankam, ki nimajo sedeža na njihovem ozemlju. V tem primeru bi bilo treba razpravljati o primernih rešitvah in jih razvijati v interoperabilnostnem okviru. Vendar pa se ni mogoče izogniti tehničnim zahtevam, ki izhajajo iz specifikacij nacionalnih sredstev elektronske identifikacije in bi lahko vplivale na imetnike takšnih elektronskih sredstev (npr. pametnih kartic). | (19) | The security of electronic identification schemes is key to trustworthy cross-border mutual recognition of electronic identification means. In this context, Member States should cooperate with regard to the security and interoperability of the electronic identification schemes at Union level. Whenever electronic identification schemes require specific hardware or software to be used by relying parties at the national level, cross-border interoperability calls for those Member States not to impose such requirements and related costs on relying parties established outside of their territory. In that case appropriate solutions should be discussed and developed within the scope of the interoperability framework. Nevertheless technical requirements stemming from the inherent specifications of national electronic identification means and likely to affect the holders of such electronic means (e.g. smartcards), are unavoidable. |
| (20) | Sodelovanje držav članic bi moralo olajšati tehnično interoperabilnost priglašenih shem elektronske identifikacije ter tako vzpostaviti visoko raven zaupanja in varnosti, ustrezno stopnji tveganja. K takšnemu sodelovanju bi morala prispevati izmenjava informacij in najboljših praks med državami članicami, da se doseže vzajemno priznavanje. | (20) | Cooperation by Member States should facilitate the technical interoperability of the notified electronic identification schemes with a view to fostering a high level of trust and security appropriate to the degree of risk. The exchange of information and the sharing of best practices between Member States with a view to their mutual recognition should help such cooperation. |
| (21) | Ta uredba bi morala določiti tudi splošni pravni okvir za uporabo storitev zaupanja. Ne bi pa smela uvajati splošne obveznosti za njihovo uporabo ali vzpostaviti točke dostopa za vse obstoječe storitve zaupanja. Zlasti ne bi smela urejati zagotavljanja storitev, ki se uporabljajo izključno znotraj zaprtih sistemov med določeno skupino udeležencev, ki ne vplivajo na tretje osebe. Zahteve te uredbe na primer ne bi smele veljati za sisteme, vzpostavljene v podjetjih ali javnih upravah, ki za vodenje notranjih postopkov uporabljajo storitve zaupanja. Zahteve te uredbe bi morale izpolnjevati le storitve zaupanja, ki se zagotavljajo javnosti in vplivajo na tretje osebe. Ta uredba tudi ne bi smela urejati vidikov, povezanih s sklenitvijo in veljavnostjo pogodb ali drugih pravnih obveznosti, če nacionalno pravo ali pravo Unije določa zahteve glede obličnosti. Poleg tega tudi ne bi smela vplivati na nacionalne zahteve glede obličnosti, ki zadevajo javne registre, zlasti trgovinske registre in zemljiške knjige. | (21) | This Regulation should also establish a general legal framework for the use of trust services. However, it should not create a general obligation to use them or to install an access point for all existing trust services. In particular, it should not cover the provision of services used exclusively within closed systems between a defined set of participants, which have no effect on third parties. For example, systems set up in businesses or public administrations to manage internal procedures making use of trust services should not be subject to the requirements of this Regulation. Only trust services provided to the public having effects on third parties should meet the requirements laid down in the Regulation. Neither should this Regulation cover aspects related to the conclusion and validity of contracts or other legal obligations where there are requirements as regards form laid down by national or Union law. In addition, it should not affect national form requirements pertaining to public registers, in particular commercial and land registers. |
| (22) | Da bi spodbujali njihovo splošno čezmejno uporabo, bi moralo biti mogoče storitve zaupanja uporabljati kot dokaz v pravnih postopkih v vseh državah članicah. Pravne učinke storitev zaupanja se lahko določi v nacionalnem pravu, če v tej uredbi ni določeno drugače. | (22) | In order to contribute to their general cross-border use, it should be possible to use trust services as evidence in legal proceedings in all Member States. It is for the national law to define the legal effect of trust services, except if otherwise provided in this Regulation. |
| (23) | Če je v tej uredbi določena obveznost priznavanja storitve zaupanja, se lahko takšna storitev zaupanja zavrne le, če je naslovnik obveznosti ne more prebrati ali preveriti zaradi tehničnih razlogov, ki niso pod njegovim neposrednim nadzorom. Kljub temu pa samo na podlagi te obveznosti ne bi smeli od javnega organa zahtevati, da pridobi strojno in programsko opremo, ki je potrebna za tehnično čitljivost vseh obstoječih storitev zaupanja. | (23) | To the extent that this Regulation creates an obligation to recognise a trust service, such a trust service may only be rejected if the addressee of the obligation is unable to read or verify it due to technical reasons lying outside the immediate control of the addressee. However, that obligation should not in itself require a public body to obtain the hardware and software necessary for the technical readability of all existing trust services. |
| (24) | Države članice lahko v skladu s pravom Unije ohranijo ali uvedejo nacionalne določbe v zvezi s storitvami zaupanja, če te storitve niso v celoti harmonizirane s to uredbo. Za storitve zaupanja, ki so v skladu s to uredbo, pa bi morali dovoliti prosti pretok na notranjem trgu. | (24) | Member States may maintain or introduce national provisions, in conformity with Union law, relating to trust services as far as those services are not fully harmonised by this Regulation. However, trust services that comply with this Regulation should circulate freely in the internal market. |
| (25) | Države članice bi morale še naprej imeti možnost, da same opredelijo druge vrste storitev zaupanja poleg tistih, ki so del zaprtega seznama storitev zaupanja iz te uredbe, da bi jih lahko na nacionalni ravni priznale kot kvalificirane storitve zaupanja. | (25) | Member States should remain free to define other types of trust services in addition to those making part of the closed list of trust services provided for in this Regulation, for the purpose of recognition at national level as qualified trust services. |
| (26) | Zaradi hitrih tehnoloških sprememb bi moral biti s to uredbo sprejet pristop, ki je odprt za inovacije. | (26) | Because of the pace of technological change, this Regulation should adopt an approach which is open to innovation. |
| (27) | Ta uredba bi morala biti tehnološko nevtralna. Pravne učinke, ki jih zagotavlja, bi moralo biti mogoče doseči s katerimi koli tehničnimi sredstvi, če so izpolnjene zahteve iz te uredbe. | (27) | This Regulation should be technology-neutral. The legal effects it grants should be achievable by any technical means provided that the requirements of this Regulation are met. |
| (28) | Da se okrepi zlasti zaupanje malih in srednjih podjetij ter potrošnikov v notranji trg ter spodbudi uporaba storitev zaupanja in izdelkov, bi bilo treba uvesti pojma kvalificiranih storitev zaupanja in ponudnika kvalificiranih storitev zaupanja ter tako določiti zahteve in obveznosti, ki zagotavljajo visoko raven varnosti vseh kvalificiranih storitev zaupanja in izdelkov, ki se uporabljajo ali zagotavljajo. | (28) | To enhance in particular the trust of small and medium-sized enterprises (SMEs) and consumers in the internal market and to promote the use of trust services and products, the notions of qualified trust services and qualified trust service provider should be introduced with a view to indicating requirements and obligations that ensure high-level security of whatever qualified trust services and products are used or provided. |
| (29) | V skladu z obveznostmi iz Konvencije Združenih narodov o pravicah invalidov, ki je bila odobrena s Sklepom Sveta 2010/48/ES (8), zlasti iz člena 9 navedene konvencije, bi bilo treba invalidom omogočiti dostop do storitev zaupanja in izdelkov za končne uporabnike, ki se uporabljajo pri zagotavljanju teh storitev, v enaki meri kot drugim potrošnikom. Zagotavljane storitve zaupanja in izdelki za končne uporabnike, ki se uporabljajo pri zagotavljanju teh storitev, bi zato morali biti dostopni invalidom, če je to izvedljivo. Pri oceni izvedljivosti bi bilo treba med drugim upoštevati tehnične in ekonomske vidike. | (29) | In line with the obligations under the United Nations Convention on the Rights of Persons with Disabilities, approved by Council Decision 2010/48/EC (8), in particular Article 9 of the Convention, persons with disabilities should be able to use trust services and end-user products used in the provision of those services on an equal basis with other consumers. Therefore, where feasible, trust services provided and end-user products used in the provision of those services should be made accessible for persons with disabilities. The feasibility assessment should include, inter alia, technical and economic considerations. |
| (30) | Države članice bi morale imenovati nadzorni organ ali nadzorne organe za izvajanje nadzornih dejavnosti v skladu s to uredbo. Prav tako bi morale imeti možnost, da v dogovoru z drugo državo članico imenujejo nadzorni organ na ozemlju te druge države članice. | (30) | Member States should designate a supervisory body or supervisory bodies to carry out the supervisory activities under this Regulation. Member States should also be able to decide, upon a mutual agreement with another Member State, to designate a supervisory body in the territory of that other Member State. |
| (31) | Nadzorni organi bi morali sodelovati z organi za varstvo podatkov, na primer z obveščanjem o rezultatih revizij ponudnikov kvalificiranih storitev zaupanja, če se zdi, da so bila kršena pravila o varstvu osebnih podatkov. Sporočanje podatkov bi moralo zajemati zlasti varnostne incidente in kršitve varstva osebnih podatkov. | (31) | Supervisory bodies should cooperate with data protection authorities, for example, by informing them about the results of audits of qualified trust service providers, where personal data protection rules appear to have been breached. The provision of information should in particular cover security incidents and personal data breaches. |
| (32) | Vsi ponudniki storitev zaupanja bi morali uporabljati dobro prakso varnosti, ki ustreza tveganjem, povezanim z njihovimi dejavnostmi, da bi okrepili zaupanje uporabnikov v enotni trg. | (32) | It should be incumbent on all trust service providers to apply good security practice appropriate to the risks related to their activities so as to boost users’ trust in the single market. |
| (33) | Določbe o uporabi psevdonimov v potrdilih ne bi smele ovirati držav članic, da zahtevajo identifikacijo oseb v skladu s pravom Unije ali nacionalnim pravom. | (33) | Provisions on the use of pseudonyms in certificates should not prevent Member States from requiring identification of persons pursuant to Union or national law. |
| (34) | Vse države članice bi morale upoštevati skupne bistvene zahteve v zvezi z nadzorom, da se zagotovi primerljiva raven varnosti kvalificiranih storitev zaupanja. Za lažjo dosledno uporabo teh zahtev po vsej Uniji bi morale države članice sprejeti primerljive postopke ter si izmenjevati informacije o nadzornih dejavnostih in najboljših praksah na tem področju. | (34) | All Member States should follow common essential supervision requirements to ensure a comparable security level of qualified trust services. To ease the consistent application of those requirements across the Union, Member States should adopt comparable procedures and should exchange information on their supervision activities and best practices in the field. |
| (35) | Zahteve iz te uredbe bi morale veljati za vse ponudnike storitev zaupanja, zlasti zahteve glede varnosti in odgovornosti, da v zvezi s svojimi postopki in storitvami zagotovijo ustrezno skrbnost, preglednost in odgovornost. Vendar je ob upoštevanju vrste storitev, ki jih zagotavljajo ponudniki storitev zaupanja, v zvezi s temi zahtevami ustrezno razlikovati med ponudniki kvalificiranih in ponudniki nekvalificiranih storitev zaupanja. | (35) | All trust service providers should be subject to the requirements of this Regulation, in particular those on security and liability to ensure due diligence, transparency and accountability of their operations and services. However, taking into account the type of services provided by trust service providers, it is appropriate to distinguish as far as those requirements are concerned between qualified and non-qualified trust service providers. |
| (36) | Vzpostavitev ureditve nadzora za vse ponudnike storitev zaupanja bi morala zagotoviti enake konkurenčne pogoje za varnost in odgovornost v zvezi z njihovimi postopki in storitvami ter s tem prispevati k zaščiti uporabnikov in delovanju notranjega trga. Pri ponudnikih nekvalificiranih storitev zaupanja bi se morale izvajati manj obsežne ter odzivne naknadne nadzorne dejavnosti, ob upoštevanju narave njihovih storitev in postopkov. Nadzorni organ torej ne bi smel imeti splošne obveznosti nadzora ponudnikov nekvalificiranih storitev zaupanja. Ukrepati bi moral le, če je obveščen (na primer s strani ponudnika nekvalificiranih storitev zaupanja samega ali drugega nadzornega organa, z uradnim obvestilom uporabnika ali poslovnega partnerja ali na podlagi svoje lastne preiskave), da ponudnik nekvalificiranih storitev zaupanja ne ravna v skladu z zahtevami iz te uredbe. | (36) | Establishing a supervisory regime for all trust service providers should ensure a level playing field for the security and accountability of their operations and services, thus contributing to the protection of users and to the functioning of the internal market. Non-qualified trust service providers should be subject to a light touch and reactive ex post supervisory activities justified by the nature of their services and operations. The supervisory body should therefore have no general obligation to supervise non-qualified service providers. The supervisory body should only take action when it is informed (for example, by the non-qualified trust service provider itself, by another supervisory body, by a notification from a user or a business partner or on the basis of its own investigation) that a non-qualified trust service provider does not comply with the requirements of this Regulation. |
| (37) | Ta uredba bi morala določiti odgovornost vseh ponudnikov storitev zaupanja. Zlasti vzpostavlja ureditev odgovornosti, v skladu s katero bi morali biti vsi ponudniki storitev zaupanja odgovorni za škodo, ki jo povzročijo fizični ali pravni osebi zaradi neizpolnjevanja obveznosti iz te uredbe. Da bi poenostavili oceno finančnega tveganja, ki bi mu lahko bili izpostavljeni ponudniki storitev zaupanja ali bi moralo biti krito z njihovimi zavarovalnimi policami, ta uredba ponudnikom teh storitev omogoča, da pod določenimi pogoji določijo omejitve glede uporabe storitev, ki jih zagotavljajo, in tako niso odgovorni za škodo zaradi uporabe teh storitev, ki presega takšno omejitev. Potrošniki bi morali biti vnaprej ustrezno obveščeni o omejitvah. Te omejitve bi morale biti prepoznavne za tretje osebe, na primer tako, da se informacije o omejitvah vključijo v splošne pogoje zagotavljane storitve, ali na drug prepoznaven način. Da bi ta načela lahko učinkovala, bi bilo treba to uredbo uporabljati v skladu z nacionalnimi pravili o odgovornosti. Ta uredba tako ne vpliva na navedena nacionalna pravila, na primer o opredelitvi škode, namena (naklepa) in malomarnosti, ali na ustrezna veljavna postopkovna pravila. | (37) | This Regulation should provide for the liability of all trust service providers. In particular, it establishes the liability regime under which all trust service providers should be liable for damage caused to any natural or legal person due to failure to comply with the obligations under this Regulation. In order to facilitate the assessment of financial risk that trust service providers might have to bear or that they should cover by insurance policies, this Regulation allows trust service providers to set limitations, under certain conditions, on the use of the services they provide and not to be liable for damages arising from the use of services exceeding such limitations. Customers should be duly informed about the limitations in advance. Those limitations should be recognisable by a third party, for example by including information about the limitations in the terms and conditions of the service provided or through other recognisable means. For the purposes of giving effect to those principles, this Regulation should be applied in accordance with national rules on liability. Therefore, this Regulation does not affect those national rules on, for example, definition of damages, intention, negligence, or relevant applicable procedural rules. |
| (38) | Prijave kršitev varnosti in ocene varnostnega tveganja so bistvene, da se lahko ob kršitvi varnosti ali izgubi celovitosti zadevnim stranem zagotovijo ustrezne informacije. | (38) | Notification of security breaches and security risk assessments is essential with a view to providing adequate information to concerned parties in the event of a breach of security or loss of integrity. |
| (39) | Da bi Komisija in države članice lahko ocenile učinkovitost mehanizma za prijavo kršitev, ki ga uvaja ta uredba, bi morali nadzorni organi Komisiji ter Agenciji Evropske unije za varnost omrežij in informacij (v nadaljnjem besedilu: agencija ENISA) zagotoviti povzetek informacij. | (39) | To enable the Commission and the Member States to assess the effectiveness of the breach notification mechanism introduced by this Regulation, supervisory bodies should be requested to provide summary information to the Commission and to European Union Agency for Network and Information Security (ENISA). |
| (40) | Da bi Komisija in države članice lahko ocenile učinkovitost mehanizma okrepljenega nadzora, ki ga uvaja ta uredba, bi bilo treba od nadzornih organov zahtevati, da poročajo o svojih dejavnostih. To bi bistveno pripomoglo k boljši izmenjavi dobrih praks med nadzornimi organi ter hkrati zagotovilo preverjanje, da se bistvene zahteve po nadzoru izvajajo dosledno in učinkovito v vseh državah članicah. | (40) | To enable the Commission and the Member States to assess the effectiveness of the enhanced supervision mechanism introduced by this Regulation, supervisory bodies should be requested to report on their activities. This would be instrumental in facilitating the exchange of good practice between supervisory bodies and would ensure the verification of the consistent and efficient implementation of the essential supervision requirements in all Member States. |
| (41) | Da bi zagotovili vzdržnost in trajnost kvalificiranih storitev zaupanja ter okrepili zaupanje uporabnikov v neprekinjenost kvalificiranih storitev zaupanja, bi morali nadzorni organi preveriti obstoj in pravilno uporabo določb o načrtih za prenehanje v primerih, ko ponudniki kvalificiranih storitev zaupanja prenehajo opravljati svoje dejavnosti. | (41) | To ensure sustainability and durability of qualified trust services and to boost users’ confidence in the continuity of qualified trust services, supervisory bodies should verify the existence and the correct application of provisions on termination plans in cases where qualified trust service providers cease their activities. |
| (42) | Da se olajša nadzor ponudnikov kvalificiranih storitev zaupanja, na primer kadar ponudnik zagotavlja storitve na ozemlju druge države članice in tam ni predmet nadzora ali kadar se računalniki ponudnika nahajajo na ozemlju druge države članice in ne v državi, v kateri ima ponudnik sedež, bi bilo treba vzpostaviti sistem medsebojne pomoči med nadzornimi organi v državah članicah. | (42) | To facilitate the supervision of qualified trust service providers, for example, when a provider is providing its services in the territory of another Member State and is not subject to supervision there, or when the computers of a provider are located in the territory of a Member State other than the one where it is established, a mutual assistance system between supervisory bodies in the Member States should be established. |
| (43) | Da se zagotovi skladnost ponudnikov kvalificiranih storitev zaupanja in storitev, ki jih ti zagotavljajo, z zahtevami iz te uredbe, bi moral organ za ugotavljanje skladnosti izvajati ugotavljanje skladnosti, njegova poročila o ugotavljanju skladnosti pa bi ponudniki kvalificiranih storitev zaupanja morali predložiti nadzornemu organu. Kadar nadzorni organ od ponudnika kvalificiranih storitev zaupanja zahteva, da predloži poročilo o priložnostnem ugotavljanju skladnosti, bi moral pri tem spoštovati zlasti načela dobrega upravljanja, vključno z obveznostjo utemeljitve svojih odločitev, in načelo sorazmernosti. Zato bi nadzorni organ moral ustrezno utemeljiti svoje odločitve, s katerimi zahteva priložnostno ugotavljanje skladnosti. | (43) | In order to ensure the compliance of qualified trust service providers and the services they provide with the requirements set out in this Regulation, a conformity assessment should be carried out by a conformity assessment body and the resulting conformity assessment reports should be submitted by the qualified trust service providers to the supervisory body. Whenever the supervisory body requires a qualified trust service provider to submit an ad hoc conformity assessment report, the supervisory body should respect, in particular, the principles of good administration, including the obligation to give reasons for its decisions, as well as the principle of proportionality. Therefore, the supervisory body should duly justify its decision to require an ad hoc conformity assessment. |
| (44) | Namen te uredbe je zagotoviti skladen okvir, ki bo zagotavljal visoko raven varnosti in pravne varnosti storitev zaupanja. Tozadevno bi morala Komisija pri obravnavi ugotavljanja skladnosti izdelkov in storitev po potrebi iskati sinergije z obstoječimi zadevnimi evropskimi in mednarodnimi sistemi, kot je Uredba (ES) št. 765/2008 Evropskega parlamenta in Sveta (9), ki določa zahteve za akreditacijo organov za ugotavljanje skladnosti in nadzor trga izdelkov. | (44) | This Regulation aims to ensure a coherent framework with a view to providing a high level of security and legal certainty of trust services. In this regard, when addressing the conformity assessment of products and services, the Commission should, where appropriate, seek synergies with existing relevant European and international schemes such as the Regulation (EC) No 765/2008 of the European Parliament and of the Council (9) which sets out the requirements for accreditation of conformity assessment bodies and market surveillance of products. |
| (45) | Da se omogoči učinkovit postopek za vključitev ponudnikov kvalificiranih storitev zaupanja in kvalificiranih storitev zaupanja, ki jih ti zagotavljajo, na zanesljive sezname, bi bilo treba spodbujati predhodno sodelovanje med bodočimi ponudniki kvalificiranih storitev zaupanja in pristojnim nadzornim organom, da se spodbudi ustrezna skrbnost, potrebna za začetek zagotavljanja kvalificiranih storitev zaupanja. | (45) | In order to allow an efficient initiation process, which should lead to the inclusion of qualified trust service providers and the qualified trust services they provide into trusted lists, preliminary interactions between prospective qualified trust service providers and the competent supervisory body should be encouraged with a view to facilitating the due diligence leading to the provisioning of qualified trust services. |
| (46) | Zanesljivi seznami so bistveni elementi za krepitev zaupanja med udeleženci na trgu, saj je iz njih razvidno, da je imel ponudnik storitev v trenutku nadzora kvalificiran status. | (46) | Trusted lists are essential elements in the building of trust among market operators as they indicate the qualified status of the service provider at the time of supervision. |
| (47) | Zaupanje v spletne storitve in njihova uporabnost sta ključna, da bi uporabniki izkoristili vse možnosti elektronskih storitev in se nanje zavestno zanesli. Zato bi bilo treba ustvariti znak zaupanja EU, s katerim bi označili kvalificirane storitve zaupanja, ki jih zagotavljajo ponudniki kvalificiranih storitev zaupanja. Na podlagi takšnega znaka zaupanja EU za kvalificirane storitve zaupanja bi se kvalificirane storitve zaupanja jasno razlikovale od drugih storitev zaupanja, kar bi prispevalo k preglednosti na trgu. Uporaba znaka zaupanja EU s strani ponudnikov kvalificiranih storitev zaupanja bi morala biti prostovoljna in ne bi smela nalagati nobenih drugih zahtev, poleg tistih iz te uredbe. | (47) | Confidence in and convenience of online services are essential for users to fully benefit and consciously rely on electronic services. To this end, an EU trust mark should be created to identify the qualified trust services provided by qualified trust service providers. Such an EU trust mark for qualified trust services would clearly differentiate qualified trust services from other trust services thus contributing to transparency in the market. The use of an EU trust mark by qualified trust service providers should be voluntary and should not lead to any requirement other than those provided for in this Regulation. |
| (48) | Čeprav je za zagotavljanje medsebojnega priznavanja elektronskih podpisov potrebna visoka raven varnosti, bi bilo treba v posebnih primerih, denimo v okviru Odločbe Komisije 2009/767/ES (10), sprejeti tudi elektronske podpise z nižjo ravnjo varnosti. | (48) | While a high level of security is needed to ensure mutual recognition of electronic signatures, in specific cases, such as in the context of Commission Decision 2009/767/EC (10), electronic signatures with a lower security assurance should also be accepted. |
| (49) | Ta uredba bi morala vzpostaviti načelo, da se elektronskemu podpisu ne bi smelo odvzeti pravnega učinka, ker je v elektronski obliki ali ker ne izpolnjuje zahtev za kvalificirani elektronski podpis. Vendar pa se pravni učinek elektronskih podpisov opredeli z nacionalnim pravom, razen kar zadeva zahteve iz te uredbe, v skladu s katerimi bi moral imeti kvalificirani elektronski podpis enakovreden pravni učinek kot lastnoročni podpis. | (49) | This Regulation should establish the principle that an electronic signature should not be denied legal effect on the grounds that it is in an electronic form or that it does not meet the requirements of the qualified electronic signature. However, it is for national law to define the legal effect of electronic signatures, except for the requirements provided for in this Regulation according to which a qualified electronic signature should have the equivalent legal effect of a handwritten signature. |
| (50) | Ker pristojni organi v državah članicah trenutno uporabljajo različne formate naprednih elektronskih podpisov za elektronsko podpisovanje dokumentov, bi bilo treba zagotoviti, da lahko države članice, ko prejmejo elektronsko podpisane dokumente, tehnično podpirajo vsaj nekaj formatov naprednih elektronskih podpisov. Podobno bi bilo treba v primeru, ko pristojni organi v državah članicah uporabljajo napredne elektronske žige, zagotoviti, da ti podpirajo vsaj nekaj formatov naprednih elektronskih žigov. | (50) | As competent authorities in the Member States currently use different formats of advanced electronic signatures to sign their documents electronically, it is necessary to ensure that at least a number of advanced electronic signature formats can be technically supported by Member States when they receive documents signed electronically. Similarly, when competent authorities in the Member States use advanced electronic seals, it would be necessary to ensure that they support at least a number of advanced electronic seal formats. |
| (51) | Podpisnik bi moral imeti možnost, da naprave za ustvarjanje kvalificiranega elektronskega podpisa zaupa v oskrbo tretji osebi, če se uvedejo ustrezni mehanizmi in postopki, ki zagotavljajo, da ima podpisnik izključni nadzor nad uporabo svojih podatkov za ustvarjanje elektronskega podpisa in da so pri uporabi naprave izpolnjene zahteve za kvalificiran elektronski podpis. | (51) | It should be possible for the signatory to entrust qualified electronic signature creation devices to the care of a third party, provided that appropriate mechanisms and procedures are implemented to ensure that the signatory has sole control over the use of his electronic signature creation data, and the qualified electronic signature requirements are met by the use of the device. |
| (52) | Ustvarjanje elektronskih podpisov na daljavo, pri katerem okolje za ustvarjanje elektronskega podpisa upravlja ponudnik storitev zaupanja v imenu podpisnika, se bo okrepilo, saj prinaša številne gospodarske koristi. Da se zagotovi enako pravno priznavanje takšnih elektronskih podpisov in elektronskih podpisov, ustvarjenih v okolju, ki ga v celoti upravlja uporabnik, pa bi morali ponudniki storitev elektronskih podpisov na daljavo izvajati posebne varnostne postopke pri vodenju in upravljanju ter uporabljati zaupanja vredne sisteme in izdelke, med drugim varne načine elektronske komunikacije, da se zagotovita zanesljivo okolje za ustvarjanje elektronskega podpisa in uporaba tega okolja pod izključnim nadzorom podpisnika. V primeru kvalificiranega elektronskega podpisa, ustvarjenega z napravo za ustvarjanje elektronskega podpisa na daljavo, bi se morale uporabljati zahteve iz te uredbe, ki se uporabljajo za ponudnike kvalificiranih storitev zaupanja. | (52) | The creation of remote electronic signatures, where the electronic signature creation environment is managed by a trust service provider on behalf of the signatory, is set to increase in the light of its multiple economic benefits. However, in order to ensure that such electronic signatures receive the same legal recognition as electronic signatures created in an entirely user-managed environment, remote electronic signature service providers should apply specific management and administrative security procedures and use trustworthy systems and products, including secure electronic communication channels, in order to guarantee that the electronic signature creation environment is reliable and is used under the sole control of the signatory. Where a qualified electronic signature has been created using a remote electronic signature creation device, the requirements applicable to qualified trust service providers set out in this Regulation should apply. |
| (53) | Začasna razveljavitev kvalificiranih potrdil je uveljavljena operativna praksa ponudnikov storitev zaupanja v več državah članicah, ki se razlikuje od preklica potrdila in pomeni začasno prenehanje njegove veljavnosti. Zaradi pravne varnosti je potrebno, da je vedno jasno navedeno, da je potrdilo začasno razveljavljeno. Ponudniki storitev zaupanja bi zato morali jasno navesti status potrdila, v primeru njegove začasne razveljavitve pa tudi natančno obdobje, za katero je potrdilo začasno razveljavljeno. Ta uredba ponudnikom storitev zaupanja ali državam članicam ne bi smela nalagati uporabe začasne razveljavitve, morala pa bi zagotavljati pravila o preglednosti, kadar in kjer je taka praksa na voljo. | (53) | The suspension of qualified certificates is an established operational practice of trust service providers in a number of Member States, which is different from revocation and entails the temporary loss of validity of a certificate. Legal certainty calls for the suspension status of a certificate to always be clearly indicated. To that end, trust service providers should have the responsibility to clearly indicate the status of the certificate and, if suspended, the precise period of time during which the certificate has been suspended. This Regulation should not impose the use of suspension on trust service providers or Member States, but should provide for transparency rules when and where such a practice is available. |
| (54) | Čezmejna interoperabilnost in priznavanje kvalificiranih potrdil sta predpogoja za čezmejno priznavanje kvalificiranih elektronskih podpisov. Zato za kvalificirana potrdila ne bi smele veljati nobene obvezne zahteve, ki presegajo zahteve iz te uredbe. Vendar bi bilo treba na nacionalni ravni dovoliti vključitev posebnih lastnosti, kot so enolični identifikatorji, v kvalificirana potrdila, če ne ovirajo čezmejne interoperabilnosti in priznavanja kvalificiranih potrdil in elektronskih podpisov. | (54) | Cross-border interoperability and recognition of qualified certificates is a precondition for cross-border recognition of qualified electronic signatures. Therefore, qualified certificates should not be subject to any mandatory requirements exceeding the requirements laid down in this Regulation. However, at national level, the inclusion of specific attributes, such as unique identifiers, in qualified certificates should be allowed, provided that such specific attributes do not hamper cross-border interoperability and recognition of qualified certificates and electronic signatures. |
| (55) | Varnostno certificiranje, kar zadeva informacijsko tehnologijo, na podlagi mednarodnih standardov, kot je ISO 15408 ter s tem povezani načini ocenjevanja in ureditve vzajemnega priznavanja, je pomemben način preverjanja varnosti naprav za ustvarjanje kvalificiranega elektronskega podpisa in bi ga bilo treba spodbujati. Vendar so inovativne rešitve in storitve, kot so mobilno podpisovanje in podpisovanje v oblaku, odvisne od tehničnih in organizacijskih rešitev za naprave za ustvarjanje kvalificiranega elektronskega podpisa, za katere varnostni standardi morda še niso na voljo ali za katere prvi postopek varnostnega certificiranja, kar zadeva informacijsko tehnologijo, še ni zaključen. Raven varnosti takšnih naprav za ustvarjanje kvalificiranega elektronskega podpisa bi se lahko ocenila z alternativnimi postopki, samo kadar takšni varnostni standardi še niso na voljo ali kadar prvi postopek varnostnega certificiranja, kar zadeva informacijsko tehnologijo, še ni zaključen. Ti postopki bi morali biti primerljivi s standardi za varnostno certificiranje, kar zadeva informacijsko tehnologijo, če sta njihovi ravni varnosti enakovredni. K tem postopkom bi lahko prispeval medsebojni strokovni pregled. | (55) | IT security certification based on international standards such as ISO 15408 and related evaluation methods and mutual recognition arrangements is an important tool for verifying the security of qualified electronic signature creation devices and should be promoted. However, innovative solutions and services such as mobile signing and cloud signing rely on technical and organisational solutions for qualified electronic signature creation devices for which security standards may not yet be available or for which the first IT security certification is ongoing. The level of security of such qualified electronic signature creation devices could be evaluated by using alternative processes only where such security standards are not available or where the first IT security certification is ongoing. Those processes should be comparable to the standards for IT security certification insofar as their security levels are equivalent. Those processes could be facilitated by a peer review. |
| (56) | V tej uredbi bi morale biti določene zahteve za naprave za ustvarjanje kvalificiranega elektronskega podpisa, da se zagotovi funkcionalnost naprednih elektronskih podpisov. Ta uredba ne bi smela zajemati celotnega sistemskega okolja, v katerem takšne naprave delujejo. Zato bi moral biti obseg certificiranja naprav za ustvarjanje kvalificiranega elektronskega podpisa omejen na strojno opremo in sistemsko programsko opremo, ki se uporabljata za upravljanje in varovanje podatkov za ustvarjanje podpisa, ki so ustvarjeni, shranjeni ali obdelani v napravi za ustvarjanje podpisa. Kot je opredeljeno v zadevnih standardih, obveznost certificiranja ne bi smela veljati za aplikacije za ustvarjanje podpisa. | (56) | This Regulation should lay down requirements for qualified electronic signature creation devices to ensure the functionality of advanced electronic signatures. This Regulation should not cover the entire system environment in which such devices operate. Therefore, the scope of the certification of qualified signature creation devices should be limited to the hardware and system software used to manage and protect the signature creation data created, stored or processed in the signature creation device. As detailed in relevant standards, the scope of the certification obligation should exclude signature creation applications. |
| (57) | Da se zagotovi pravna varnost glede veljavnosti podpisa, je bistveno opredeliti dele kvalificiranega elektronskega podpisa, ki jih mora zanašajoča se stranka, ki izvaja potrjevanje veljavnosti, oceniti. Poleg tega bi opredelitev zahtev za ponudnike kvalificiranih storitev zaupanja, ki lahko zagotavljajo kvalificirano storitev potrjevanja veljavnosti za zanašajoče se stranke, ki potrjevanja veljavnosti kvalificiranih elektronskih podpisov ne želijo ali ne morejo opravljati same, morala zasebni in javni sektor spodbuditi k naložbam v takšne storitve. Oba elementa bi morala zagotoviti, da je potrjevanje veljavnosti kvalificiranega elektronskega podpisa enostavno in primerno za vse stranke na ravni Unije. | (57) | To ensure legal certainty as regards the validity of the signature, it is essential to specify the components of a qualified electronic signature, which should be assessed by the relying party carrying out the validation. Moreover, specifying the requirements for qualified trust service providers that can provide a qualified validation service to relying parties unwilling or unable to carry out the validation of qualified electronic signatures themselves, should stimulate the private and public sector to invest in such services. Both elements should make qualified electronic signature validation easy and convenient for all parties at Union level. |
| (58) | Če transakcija zahteva kvalificirani elektronski žig pravne osebe, bi moral biti enako sprejemljiv tudi kvalificirani elektronski podpis pooblaščenega zastopnika pravne osebe. | (58) | When a transaction requires a qualified electronic seal from a legal person, a qualified electronic signature from the authorised representative of the legal person should be equally acceptable. |
| (59) | Elektronski žigi bi morali služiti kot dokaz, da je elektronski dokument izdala pravna oseba, ter zagotavljati gotovost, kar zadeva izvor in celovitost dokumenta. | (59) | Electronic seals should serve as evidence that an electronic document was issued by a legal person, ensuring certainty of the document’s origin and integrity. |
| (60) | Ponudniki storitev zaupanja, ki izdajajo kvalificirana potrdila za elektronski žig, bi morali izvajati potrebne ukrepe, da se omogoči ugotovitev identitete fizične osebe, ki zastopa pravno osebo, ki se ji se izda kvalificirani potrdilo za elektronski žig, če je takšna identifikacija potrebna v okviru sodnega ali upravnega postopka na nacionalni ravni. | (60) | Trust service providers issuing qualified certificates for electronic seals should implement the necessary measures in order to be able to establish the identity of the natural person representing the legal person to whom the qualified certificate for the electronic seal is provided, when such identification is necessary at national level in the context of judicial or administrative proceedings. |
| (61) | Ta uredba bi morala zagotoviti dolgoročno hrambo informacij, da se zagotovi pravna veljavnost elektronskih podpisov in elektronskih žigov v daljšem časovnem obdobju ter da se jih lahko potrdi ne glede na prihodnje tehnološke spremembe. | (61) | This Regulation should ensure the long-term preservation of information, in order to ensure the legal validity of electronic signatures and electronic seals over extended periods of time and guarantee that they can be validated irrespective of future technological changes. |
| (62) | Da se zagotovi varnost kvalificiranih elektronskih časovnih žigov, bi moralo biti v tej uredbi določena uporaba naprednega elektronskega žiga ali naprednega elektronskega podpisa ali drugih enakovrednih metod. Predvideti je mogoče, da bi se z inovacijami lahko razvile nove tehnologije, ki bi za časovne žige zagotavljale enakovredno raven varnosti. Če se uporabi druga metoda in ne napredni elektronski žig ali napredni elektronski podpis, bi morala biti naloga ponudnika kvalificiranih storitev zaupanja, da v okviru poročila o ugotavljanju skladnosti dokaže, da takšna metoda zagotavlja enakovredno raven varnosti in izpolnjuje zahteve iz te uredbe. | (62) | In order to ensure the security of qualified electronic time stamps, this Regulation should require the use of an advanced electronic seal or an advanced electronic signature or of other equivalent methods. It is foreseeable that innovation may lead to new technologies that may ensure an equivalent level of security for time stamps. Whenever a method other than an advanced electronic seal or an advanced electronic signature is used, it should be up to the qualified trust service provider to demonstrate, in the conformity assessment report, that such a method ensures an equivalent level of security and complies with the obligations set out in this Regulation. |
| (63) | Elektronski dokumenti so pomembni za nadaljnji razvoj čezmejnih elektronskih transakcij na notranjem trgu. Ta uredba bi morala vzpostaviti načelo, da se elektronskemu dokumentu ne bi smelo odvzeti pravnega učinka, ker je v elektronski obliki, s čimer bi se zagotovilo, da elektronska transakcija ne bo zavrnjena le zato, ker je dokument v elektronski obliki. | (63) | Electronic documents are important for further development of cross-border electronic transactions in the internal market. This Regulation should establish the principle that an electronic document should not be denied legal effect on the grounds that it is in an electronic form in order to ensure that an electronic transaction will not be rejected only on the grounds that a document is in electronic form. |
| (64) | Komisija bi morala pri obravnavi formatov naprednih elektronskih podpisov in žigov izhajati iz obstoječih praks, standardov in zakonodaje, zlasti Sklepa Komisije 2011/130/EU (11). | (64) | When addressing formats of advanced electronic signatures and seals, the Commission should build on existing practices, standards and legislation, in particular Commission Decision 2011/130/EU (11). |
| (65) | Poleg avtentikacije dokumenta, ki ga izda pravna oseba, se lahko elektronski žigi uporabijo tudi pri avtentikaciji digitalnih sredstev pravne osebe, kot so programske kode ali strežniki. | (65) | In addition to authenticating the document issued by the legal person, electronic seals can be used to authenticate any digital asset of the legal person, such as software code or servers. |
| (66) | Nujno je določiti pravni okvir, da se olajša čezmejno priznavanje storitev elektronske priporočene dostave med obstoječimi nacionalnimi pravnimi sistemi. Ta okvir bi lahko ustvaril tudi nove tržne priložnosti za ponudnike storitev zaupanja iz Unije, ki bi lahko ponujali nove vse-evropske storitve elektronske priporočene dostave. | (66) | It is essential to provide for a legal framework to facilitate cross-border recognition between existing national legal systems related to electronic registered delivery services. That framework could also open new market opportunities for Union trust service providers to offer new pan-European electronic registered delivery services. |
| (67) | Storitve za avtentikacijo spletišč obiskovalcu spletišča dajejo zagotovilo, da za tem spletiščem stoji pristen in legitimen subjekt. Te storitve prispevajo h krepitvi zaupanja v poslovanje prek spleta, saj uporabniki zaupajo spletišču, ki je bilo avtenticirano. Zagotavljanje in uporaba storitev za avtentikacijo spletišč sta povsem prostovoljna. Da bi avtentikacija spletišč postala sredstvo za krepitev zaupanja in zagotavljanje boljše izkušnje uporabnikov ter spodbujanje rasti na notranjem trgu, pa bi se moralo s to uredbo določiti minimalne obveznosti glede varnosti in odgovornosti za ponudnike in njihove storitve. V ta namen so bili upoštevani rezultati obstoječih pobud, ki jih je začel zadevni sektor, na primer forum CA/B – Certification Authorities/Browsers Forum. Poleg tega ta uredba ne bi smela ovirati uporabe drugih sredstev ali metod za avtentikacijo spletišč, ki niso zajeti s to uredbo, ponudnikom storitev za avtentikacijo spletišč iz tretjih držav pa ne bi smela preprečevati, da bi svoje storitve zagotavljali strankam v Uniji. Vendar bi se storitve za avtentikacijo spletišč, ki jih zagotavlja ponudnik iz tretje države, morale priznati kot kvalificirane v skladu s to uredbo le, če imata Unija in država sedeža ponudnika sklenjen mednarodni sporazum. | (67) | Website authentication services provide a means by which a visitor to a website can be assured that there is a genuine and legitimate entity standing behind the website. Those services contribute to the building of trust and confidence in conducting business online, as users will have confidence in a website that has been authenticated. The provision and the use of website authentication services are entirely voluntary. However, in order for website authentication to become a means to boosting trust, providing a better experience for the user and furthering growth in the internal market, this Regulation should lay down minimal security and liability obligations for the providers and their services. To that end, the results of existing industry-led initiatives, for example the Certification Authorities/Browsers Forum — CA/B Forum, have been taken into account. In addition, this Regulation should not impede the use of other means or methods to authenticate a website not falling under this Regulation nor should it prevent third country providers of website authentication services from providing their services to customers in the Union. However, a third country provider should only have its website authentication services recognised as qualified in accordance with this Regulation, if an international agreement between the Union and the country of establishment of the provider has been concluded. |
| (68) | Pojem „pravne osebe“ v skladu z določbami Pogodbe o delovanju Evropske unije (PDEU) o ustanavljanju gospodarskim subjektom omogoča, da svobodno izberejo pravno obliko, za katero menijo, da je primerna za izvajanje njihove dejavnosti. Glede na to pojem „pravne osebe“ v smislu PDEU pomeni vse subjekte, ki so ustanovljeni v skladu s pravom države članice ali zanje velja takšno pravo, ne glede na njihovo pravno obliko. | (68) | The concept of ‘legal persons’, according to the provisions of the Treaty on the Functioning of the European Union (TFEU) on establishment, leaves operators free to choose the legal form which they deem suitable for carrying out their activity. Accordingly, ‘legal persons’, within the meaning of the TFEU, means all entities constituted under, or governed by, the law of a Member State, irrespective of their legal form. |
| (69) | Institucije, organe, urade in agencije Unije se spodbudi, da priznajo elektronsko identifikacijo in storitve zaupanja, ki jih zajema ta uredba, v okviru upravnega sodelovanja, ki izkorišča zlasti obstoječe dobre prakse in rezultate tekočih projektov na področjih, ki jih zajema ta uredba. | (69) | The Union institutions, bodies, offices and agencies are encouraged to recognise electronic identification and trust services covered by this Regulation for the purpose of administrative cooperation capitalising, in particular, on existing good practices and the results of ongoing projects in the areas covered by this Regulation. |
| (70) | Da bi se nekateri podrobni tehnični vidiki te uredbe lahko prilagodljivo in hitro dopolnili, bi bilo treba na Komisijo prenesti pooblastilo, da v skladu s členom 290 PDEU sprejme akte v zvezi z merili, ki jih morajo izpolnjevati organi, pristojni za certificiranje naprav za ustvarjanje kvalificiranega elektronskega podpisa. Zlasti je pomembno, da Komisija pri pripravljalnem delu opravi ustrezna posvetovanja, vključno na ravni strokovnjakov. Komisija bi morala pri pripravi in oblikovanju delegiranih aktov zagotoviti, da so ustrezni dokumenti predloženi Evropskemu parlamentu in Svetu istočasno, pravočasno in na ustrezen način. | (70) | In order to complement certain detailed technical aspects of this Regulation in a flexible and rapid manner, the power to adopt acts in accordance with Article 290 TFEU should be delegated to the Commission in respect of criteria to be met by the bodies responsible for the certification of qualified electronic signature creation devices. It is of particular importance that the Commission carry out appropriate consultations during its preparatory work, including at expert level. The Commission, when preparing and drawing up delegated acts, should ensure a simultaneous, timely and appropriate transmission of relevant documents to the European Parliament and to the Council. |
| (71) | Za zagotovitev enotnih pogojev izvajanja te uredbe bi bilo treba na Komisijo prenesti izvedbena pooblastila, zlasti za opredelitev referenčnih številk standardov, katerih uporaba bi predstavljala domnevo skladnosti z določenimi zahtevami iz te uredbe. Ta pooblastila bi se morala izvajati v skladu z Uredbo (EU) št. 182/2011 Evropskega parlamenta in Sveta (12). | (71) | In order to ensure uniform conditions for the implementation of this Regulation, implementing powers should be conferred on the Commission, in particular for specifying reference numbers of standards the use of which would raise a presumption of compliance with certain requirements laid down in this Regulation. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council (12). |
| (72) | Komisija bi morala pri sprejemanju delegiranih ali izvedbenih aktov upoštevati standarde in tehnične specifikacije, ki jih pripravijo evropski in mednarodni organi in organizacije za standardizacijo, zlasti Evropski odbor za standardizacijo (CEN), Evropski inštitut za telekomunikacijske standarde (ETSI), Mednarodna organizacija za standardizacijo (ISO) in Mednarodna telekomunikacijska zveza (ITU), da bi zagotovili visoko raven varnosti in interoperabilnosti elektronske identifikacije in storitev zaupanja. | (72) | When adopting delegated or implementing acts, the Commission should take due account of the standards and technical specifications drawn up by European and international standardisation organisations and bodies, in particular the European Committee for Standardisation (CEN), the European Telecommunications Standards Institute (ETSI), the International Organisation for Standardisation (ISO) and the International Telecommunication Union (ITU), with a view to ensuring a high level of security and interoperability of electronic identification and trust services. |
| (73) | Zaradi pravne varnosti in jasnosti bi bilo treba Direktivo 1999/93/ES razveljaviti. | (73) | For reasons of legal certainty and clarity, Directive 1999/93/EC should be repealed. |
| (74) | Da se udeležencem na trgu, ki že uporabljajo kvalificirana potrdila, izdana fizičnim osebam v skladu z Direktivo 1999/93/ES, zagotovi pravna varnost, je treba omogočiti dovolj dolgo prehodno obdobje. Podobno bi bilo treba prehodne ukrepe določiti tudi za naprave za varno ustvarjanje elektronskega podpisa, katerih skladnost je bila ugotovljena v skladu z Direktivo 1999/93/ES, in overitelje, ki izdajajo kvalificirana potrdila pred 1. julijem 2016. Prav tako je treba Komisiji zagotoviti, da lahko sprejme izvedbene in delegirane akte pred tem datumom. | (74) | To ensure legal certainty for market operators already using qualified certificates issued to natural persons in compliance with Directive 1999/93/EC, it is necessary to provide for a sufficient period of time for transitional purposes. Similarly, transitional measures should be established for secure signature creation devices, the conformity of which has been determined in accordance with Directive 1999/93/EC, as well as for certification service providers issuing qualified certificates before 1 July 2016. Finally, it is also necessary to provide the Commission with the means to adopt the implementing acts and delegated acts before that date. |
| (75) | Datumi začetka uporabe iz te uredbe ne vplivajo na obstoječe obveznosti držav članic na podlagi prava Unije, zlasti Direktive 2006/123/ES. | (75) | The application dates set out in this Regulation do not affect existing obligations that Member States already have under Union law, in particular under Directive 2006/123/EC. |
| (76) | Ker države članice ne morejo zadovoljivo doseči ciljev te uredbe, temveč se zaradi obsega predlaganega ukrepa lažje dosežejo na ravni Unije, lahko Unija sprejme ukrepe v skladu z načelom subsidiarnosti iz člena 5 Pogodbe o Evropski uniji. V skladu z načelom sorazmernosti iz navedenega člena ta uredba ne presega tistega, kar je potrebno za doseganje navedenih ciljev. | (76) | Since the objectives of this Regulation cannot be sufficiently achieved by the Member States but can rather, by reason of the scale of the action, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality, as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve those objectives. |
| (77) | V skladu s členom 28(2) Uredbe (ES) št. 45/2001 Evropskega parlamenta in Sveta (13) je bilo opravljeno posvetovanje z Evropskim nadzornikom za varstvo podatkov, ki je podal mnenje dne 27. septembra 2012 (14) – | (77) | The European Data Protection Supervisor was consulted in accordance with Article 28(2) of Regulation (EC) No 45/2001 of the European Parliament and of the Council (13) and delivered an opinion on 27 September 2012 (14), |
| SPREJELA NASLEDNJO UREDBO: | HAVE ADOPTED THIS REGULATION: |
| POGLAVJE I | CHAPTER I |
| SPLOŠNE DOLOČBE | GENERAL PROVISIONS |
| Člen 1 | Article 1 |
| Predmet urejanja | Subject matter |
| 1. Da se zagotovi pravilno delovanje notranjega trga in doseže ustrezna raven varnosti sredstev elektronske identifikacije in storitev zaupanja, ta uredba: | With a view to ensuring the proper functioning of the internal market while aiming at an adequate level of security of electronic identification means and trust services this Regulation: |
| (a) | določa pogoje, pod katerimi države članice priznajo sredstva elektronske identifikacije fizičnih in pravnih oseb, ki so vključena v priglašeno shemo elektronske identifikacije druge države članice; | (a) | lays down the conditions under which Member States recognise electronic identification means of natural and legal persons falling under a notified electronic identification scheme of another Member State; |
| (b) | določa pravila za storitve zaupanja, zlasti za elektronske transakcije, in | (b) | lays down rules for trust services, in particular for electronic transactions; and |
| (c) | določa pravni okvir za elektronske podpise, elektronske žige, elektronske časovne žige, elektronske dokumente, storitve elektronske priporočene dostave in storitve v zvezi s potrdili za avtentikacijo spletišč. | (c) | establishes a legal framework for electronic signatures, electronic seals, electronic time stamps, electronic documents, electronic registered delivery services and certificate services for website authentication. |
| Člen 2 | Article 2 |
| Področje uporabe | Scope |
| 1. Ta uredba se uporablja za sheme elektronske identifikacije, ki jih priglasi država članica, in za ponudnike storitev zaupanja s sedežem v Uniji. | 1. This Regulation applies to electronic identification schemes that have been notified by a Member State, and to trust service providers that are established in the Union. |
| 2. Ta uredba se ne uporablja za zagotavljanje storitev zaupanja, ki se uporabljajo izključno znotraj zaprtih sistemov, ki obstajajo na podlagi nacionalnega prava ali dogovorov med določeno skupino udeležencev. | 2. This Regulation does not apply to the provision of trust services that are used exclusively within closed systems resulting from national law or from agreements between a defined set of participants. |
| 3. Ta uredba ne vpliva na nacionalno pravo ali pravo Unije, povezano s sklenitvijo in veljavnostjo pogodb ali drugimi pravnimi ali postopkovnimi obveznostmi glede obličnosti. | 3. This Regulation does not affect national or Union law related to the conclusion and validity of contracts or other legal or procedural obligations relating to form. |
| Člen 3 | Article 3 |
| Opredelitev pojmov | Definitions |
| V tej uredbi se uporabljajo naslednje opredelitve pojmov: | For the purposes of this Regulation, the following definitions apply: |
| 1. | „elektronska identifikacija“ pomeni postopek uporabe identifikacijskih podatkov osebe v elektronski obliki, ki enolično predstavljajo bodisi fizično ali pravno osebo bodisi fizično osebo, ki zastopa pravno osebo; | (1) | ‘electronic identification’ means the process of using person identification data in electronic form uniquely representing either a natural or legal person, or a natural person representing a legal person; |
| 2. | „sredstvo elektronske identifikacije“ pomeni materialno in/ali nematerialno enoto, ki vsebuje identifikacijske podatke osebe in se uporablja za avtentikacijo pri spletnih storitvah; | (2) | ‘electronic identification means’ means a material and/or immaterial unit containing person identification data and which is used for authentication for an online service; |
| 3. | „identifikacijski podatki osebe“ pomeni niz podatkov, ki omogočajo, da se določi identiteta fizične ali pravne osebe ali fizične osebe, ki zastopa pravno osebo; | (3) | ‘person identification data’ means a set of data enabling the identity of a natural or legal person, or a natural person representing a legal person to be established; |
| 4. | „shema elektronske identifikacije“ pomeni sistem za elektronsko identifikacijo, v okviru katerega se fizični ali pravni osebi ali fizični osebi, ki zastopa pravno osebo, izdajo sredstva elektronske identifikacije; | (4) | ‘electronic identification scheme’ means a system for electronic identification under which electronic identification means are issued to natural or legal persons, or natural persons representing legal persons; |
| 5. | „avtentikacija“ pomeni elektronski postopek, ki omogoča potrditev elektronske identifikacije fizične ali pravne osebe ali izvora in celovitosti podatkov v elektronski obliki; | (5) | ‘authentication’ means an electronic process that enables the electronic identification of a natural or legal person, or the origin and integrity of data in electronic form to be confirmed; |
| 6. | „zanašajoča se stranka“ pomeni fizično ali pravno osebo, ki se zanaša na elektronsko identifikacijo ali storitev zaupanja; | (6) | ‘relying party’ means a natural or legal person that relies upon an electronic identification or a trust service; |
| 7. | „organ javnega sektorja“ pomeni državni, regionalni ali lokalni organ, osebo javnega prava ali združenje, ki jo/ga ustanovi eden ali več takšnih organov ali ena ali več takšnih oseb javnega prava, ali zasebni subjekt, ki ga je vsaj eden od teh organov, oseb ali združenj pooblastil za zagotavljanje javnih storitev, kadar deluje v okviru tega pooblastila; | (7) | ‘public sector body’ means a state, regional or local authority, a body governed by public law or an association formed by one or several such authorities or one or several such bodies governed by public law, or a private entity mandated by at least one of those authorities, bodies or associations to provide public services, when acting under such a mandate; |
| 8. | „oseba javnega prava“, pomeni osebo, opredeljeno v točki 4 člena 2(1) Direktive 2014/24/EU Evropskega parlamenta in Sveta (15); | (8) | ‘body governed by public law’ means a body defined in point (4) of Article 2(1) of Directive 2014/24/EU of the European Parliament and of the Council (15); |
| 9. | „podpisnik“ pomeni fizično osebo, ki ustvari elektronski podpis; | (9) | ‘signatory’ means a natural person who creates an electronic signature; |
| 10. | „elektronski podpis“ pomeni niz podatkov v elektronski obliki, ki so dodani k drugim podatkom v elektronski obliki ali so z njimi logično povezani in jih podpisnik uporablja za podpisovanje; | (10) | ‘electronic signature’ means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign; |
| 11. | „napredni elektronski podpis“ pomeni elektronski podpis, ki izpolnjuje zahteve iz člena 26; | (11) | ‘advanced electronic signature’ means an electronic signature which meets the requirements set out in Article 26; |
| 12. | „kvalificirani elektronski podpis“ pomeni napredni elektronski podpis, ki se ustvari z napravo za ustvarjanje kvalificiranega elektronskega podpisa in temelji na kvalificiranem potrdilu za elektronske podpise; | (12) | ‘qualified electronic signature’ means an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures; |
| 13. | „podatki za ustvarjanje elektronskega podpisa“ pomeni enolične podatke, ki jih podpisnik uporablja za ustvarjanje elektronskega podpisa; | (13) | ‘electronic signature creation data’ means unique data which is used by the signatory to create an electronic signature; |
| 14. | „potrdilo za elektronski podpis“ pomeni elektronsko potrdilo, ki povezuje podatke za potrjevanje veljavnosti elektronskega podpisa s fizično osebo in potrjuje vsaj ime ali psevdonim te osebe; | (14) | ‘certificate for electronic signature’ means an electronic attestation which links electronic signature validation data to a natural person and confirms at least the name or the pseudonym of that person; |
| 15. | „kvalificirano potrdilo za elektronski podpis“ pomeni potrdilo za elektronske podpise, ki ga izda ponudnik kvalificiranih storitev zaupanja in izpolnjuje zahteve iz Priloge I; | (15) | ‘qualified certificate for electronic signature’ means a certificate for electronic signatures, that is issued by a qualified trust service provider and meets the requirements laid down in Annex I; |
| 16. | „storitev zaupanja“ pomeni elektronsko storitev, ki se praviloma opravlja za plačilo in vključuje: | (a) | ustvarjanje, preverjanje in potrjevanje veljavnosti elektronskih podpisov, elektronskih žigov ali elektronskih časovnih žigov, storitev elektronske priporočene dostave in potrdil, povezanih s temi storitvami, ali | (b) | ustvarjanje, preverjanje in potrjevanje veljavnosti potrdil za avtentikacijo spletišč ali | (c) | hrambo elektronskih podpisov, žigov ali potrdil, povezanih s temi storitvami; | (16) | ‘trust service’ means an electronic service normally provided for remuneration which consists of: | (a) | the creation, verification, and validation of electronic signatures, electronic seals or electronic time stamps, electronic registered delivery services and certificates related to those services, or | (b) | the creation, verification and validation of certificates for website authentication; or | (c) | the preservation of electronic signatures, seals or certificates related to those services; |
| 17. | „kvalificirana storitev zaupanja“ pomeni storitev zaupanja, ki izpolnjuje zadevne zahteve iz te uredbe; | (17) | ‘qualified trust service’ means a trust service that meets the applicable requirements laid down in this Regulation; |
| 18. | „organ za ugotavljanje skladnosti“ pomeni organ, opredeljen v točki 13 člena 2 Uredbe (ES) št. 765/2008, ki je akreditiran v skladu z navedeno uredbo in je pristojen za ugotavljanje skladnosti ponudnika kvalificiranih storitev zaupanja in kvalificiranih storitev zaupanja, ki jih ta zagotavlja; | (18) | ‘conformity assessment body’ means a body defined in point 13 of Article 2 of Regulation (EC) No 765/2008, which is accredited in accordance with that Regulation as competent to carry out conformity assessment of a qualified trust service provider and the qualified trust services it provides; |
| 19. | „ponudnik storitev zaupanja“ pomeni fizično ali pravno osebo, ki zagotavlja eno ali več storitev zaupanja, kot ponudnik kvalificiranih ali nekvalificiranih storitev zaupanja; | (19) | ‘trust service provider’ means a natural or a legal person who provides one or more trust services either as a qualified or as a non-qualified trust service provider; |
| 20. | „ponudnik kvalificiranih storitev zaupanja“ pomeni ponudnika storitev zaupanja, ki zagotavlja eno ali več kvalificiranih storitev zaupanja in mu nadzorni organ dodeli kvalificirani status; | (20) | ‘qualified trust service provider’ means a trust service provider who provides one or more qualified trust services and is granted the qualified status by the supervisory body; |
| 21. | „izdelek“ pomeni strojno ali programsko opremo ali ustrezne sestavne dele strojne ali programske opreme, katerih uporaba je namenjena zagotavljanju storitev zaupanja; | (21) | ‘product’ means hardware or software, or relevant components of hardware or software, which are intended to be used for the provision of trust services; |
| 22. | „naprava za ustvarjanje elektronskega podpisa“ pomeni konfigurirano programsko ali strojno opremo, ki se uporablja za ustvarjanje elektronskega podpisa; | (22) | ‘electronic signature creation device’ means configured software or hardware used to create an electronic signature; |
| 23. | „naprava za ustvarjanje kvalificiranega elektronskega podpisa“ pomeni napravo za ustvarjanje elektronskega podpisa, ki izpolnjuje zahteve iz Priloge II; | (23) | ‘qualified electronic signature creation device’ means an electronic signature creation device that meets the requirements laid down in Annex II; |
| 24. | „ustvarjalec žiga“ pomeni pravno osebo, ki ustvari elektronski žig; | (24) | ‘creator of a seal’ means a legal person who creates an electronic seal; |
| 25. | „elektronski žig“ pomeni niz podatkov v elektronski obliki, ki so dodani k drugim podatkom v elektronski obliki ali so z njimi logično povezani, da se zagotovita izvor in celovitost povezanih podatkov; | (25) | ‘electronic seal’ means data in electronic form, which is attached to or logically associated with other data in electronic form to ensure the latter’s origin and integrity; |
| 26. | „napredni elektronski žig“ pomeni elektronski žig, ki izpolnjuje zahteve iz člena 36; | (26) | ‘advanced electronic seal’ means an electronic seal, which meets the requirements set out in Article 36; |
| 27. | „kvalificirani elektronski žig“ pomeni napredni elektronski žig, ki se ustvari z napravo za ustvarjanje kvalificiranega elektronskega žiga in temelji na kvalificiranem potrdilu za elektronski žig; | (27) | ‘qualified electronic seal’ means an advanced electronic seal, which is created by a qualified electronic seal creation device, and that is based on a qualified certificate for electronic seal; |
| 28. | „podatki za ustvarjanje elektronskega žiga“ pomenijo enolične podatke, ki jih ustvarjalec elektronskega žiga uporabi za ustvarjanje elektronskega žiga; | (28) | ‘electronic seal creation data’ means unique data, which is used by the creator of the electronic seal to create an electronic seal; |
| 29. | „potrdilo za elektronski žig“ pomeni elektronsko potrdilo, ki povezuje podatke za potrjevanje veljavnosti elektronskega žiga s pravno osebo in potrjuje ime te osebe; | (29) | ‘certificate for electronic seal’ means an electronic attestation that links electronic seal validation data to a legal person and confirms the name of that person; |
| 30. | „kvalificirano potrdilo za elektronski žig“ pomeni potrdilo za elektronski žig, ki ga izda ponudnik kvalificiranih storitev zaupanja in izpolnjuje zahteve iz Priloge III; | (30) | ‘qualified certificate for electronic seal’ means a certificate for an electronic seal, that is issued by a qualified trust service provider and meets the requirements laid down in Annex III; |
| 31. | „naprava za ustvarjanje elektronskega žiga“ pomeni konfigurirano programsko ali strojno opremo, ki se uporablja za ustvarjanje elektronskega žiga; | (31) | ‘electronic seal creation device’ means configured software or hardware used to create an electronic seal; |
| 32. | „naprava za ustvarjanje kvalificiranega elektronskega žiga“ pomeni napravo za ustvarjanje elektronskega žiga, ki smiselno izpolnjuje zahteve iz Priloge II; | (32) | ‘qualified electronic seal creation device’ means an electronic seal creation device that meets mutatis mutandis the requirements laid down in Annex II; |
| 33. | „elektronski časovni žig“ pomeni podatke v elektronski obliki, ki druge podatke v elektronski obliki povezujejo z določenim trenutkom in tako zagotavljajo dokaz, da so slednji podatki v tistem trenutku obstajali; | (33) | ‘electronic time stamp’ means data in electronic form which binds other data in electronic form to a particular time establishing evidence that the latter data existed at that time; |
| 34. | „kvalificirani elektronski časovni žig“ pomeni elektronski časovni žig, ki izpolnjuje zahteve iz člena 42; | (34) | ‘qualified electronic time stamp’ means an electronic time stamp which meets the requirements laid down in Article 42; |
| 35. | „elektronski dokument“ pomeni kakršno koli vsebino, shranjeno v elektronski obliki, zlasti besedilo ali zvočni, vizualni ali avdiovizualni zapis; | (35) | ‘electronic document’ means any content stored in electronic form, in particular text or sound, visual or audiovisual recording; |
| 36. | „storitev elektronske priporočene dostave“ pomeni storitev, ki omogoča prenos podatkov med tretjimi stranmi z elektronskimi sredstvi, zagotavlja dokaze o ravnanju s prenesenimi podatki, vključno z dokazilom o oddaji in prejemu podatkov, ter prenesene podatke varuje pred izgubo, krajo, poškodbo ali kakršno koli nepooblaščeno spremembo; | (36) | ‘electronic registered delivery service’ means a service that makes it possible to transmit data between third parties by electronic means and provides evidence relating to the handling of the transmitted data, including proof of sending and receiving the data, and that protects transmitted data against the risk of loss, theft, damage or any unauthorised alterations; |
| 37. | „kvalificirana storitev elektronske priporočene dostave“ pomeni storitev elektronske priporočene dostave, ki izpolnjuje zahteve iz člena 44; | (37) | ‘qualified electronic registered delivery service’ means an electronic registered delivery service which meets the requirements laid down in Article 44; |
| 38. | „potrdilo za avtentikacijo spletišč“ pomeni potrdilo, ki omogoča avtentikacijo spletišča in spletišče povezuje s fizično ali pravno osebo, ki se ji izda potrdilo; | (38) | ‘certificate for website authentication’ means an attestation that makes it possible to authenticate a website and links the website to the natural or legal person to whom the certificate is issued; |
| 39. | „kvalificirano potrdilo za avtentikacijo spletišč“ pomeni potrdilo za avtentikacijo spletišč, ki ga izda ponudnik kvalificiranih storitev zaupanja in izpolnjuje zahteve iz Priloge IV; | (39) | ‘qualified certificate for website authentication’ means a certificate for website authentication, which is issued by a qualified trust service provider and meets the requirements laid down in Annex IV; |
| 40. | „podatki za potrjevanje veljavnosti“ pomeni podatke, ki se uporabljajo za potrjevanje veljavnosti elektronskega podpisa ali elektronskega žiga; | (40) | ‘validation data’ means data that is used to validate an electronic signature or an electronic seal; |
| 41. | „potrjevanje veljavnosti“ pomeni postopek preverjanja in potrditve, da je elektronski podpis ali žig veljaven. | (41) | ‘validation’ means the process of verifying and confirming that an electronic signature or a seal is valid. |
| Člen 4 | Article 4 |
| Načelo notranjega trga | Internal market principle |
| 1. Za zagotavljanje storitev zaupanja, ki jih na ozemlju države članice zagotavlja ponudnik storitev zaupanja s sedežem v drugi državi članici, ne veljajo nobene omejitve iz razlogov, ki spadajo na področje uporabe te uredbe. | 1. There shall be no restriction on the provision of trust services in the territory of a Member State by a trust service provider established in another Member State for reasons that fall within the fields covered by this Regulation. |
| 2. Za izdelke in storitve zaupanja, ki so skladni s to uredbo, se dovoli prosti pretok na notranjem trgu. | 2. Products and trust services that comply with this Regulation shall be permitted to circulate freely in the internal market. |
| Člen 5 | Article 5 |
| Obdelava in varstvo podatkov | Data processing and protection |
| 1. Obdelava osebnih podatkov se izvaja v skladu z Direktivo 95/46/ES. | 1. Processing of personal data shall be carried out in accordance with Directive 95/46/EC. |
| 2. Brez poseganja v pravni učinek psevdonimov v skladu nacionalnim pravom, uporaba psevdonimov v elektronskih transakcijah ni prepovedana. | 2. Without prejudice to the legal effect given to pseudonyms under national law, the use of pseudonyms in electronic transactions shall not be prohibited. |
| POGLAVJE II | CHAPTER II |
| ELEKTRONSKA IDENTIFIKACIJA | ELECTRONIC IDENTIFICATION |
| Člen 6 | Article 6 |
| Vzajemno priznavanje | Mutual recognition |
| 1. Če nacionalno pravo ali upravna praksa za dostop do storitve, ki jo prek spleta zagotavlja organ javnega sektorja v eni državi članici, predpisuje elektronsko identifikacijo z uporabo sredstva elektronske identifikacije in avtentikacije, se sredstvo elektronske identifikacije, izdano v drugi državi članici, prizna v prvi državi članici za namene čezmejne avtentikacije za to spletno storitev, če so izpolnjeni naslednji pogoji: | 1. When an electronic identification using an electronic identification means and authentication is required under national law or by administrative practice to access a service provided by a public sector body online in one Member State, the electronic identification means issued in another Member State shall be recognised in the first Member State for the purposes of cross-border authentication for that service online, provided that the following conditions are met: |
| (a) | sredstvo elektronske identifikacije je izdano v okviru sheme elektronske identifikacije, navedene na seznamu, ki ga Komisija objavi v skladu s členom 9; | (a) | the electronic identification means is issued under an electronic identification scheme that is included in the list published by the Commission pursuant to Article 9; |
| (b) | raven zanesljivosti takšnega sredstva elektronske identifikacije ustreza ravni zanesljivosti, ki je enaka ali višja od ravni zanesljivosti, ki jo zahteva zadevni organ javnega sektorja pri dostopu do spletne storitve v prvi državi članici, pod pogojem, da raven zanesljivosti takšnega sredstva elektronske identifikacije ustreza srednji ali visoki ravni zanesljivosti; | (b) | the assurance level of the electronic identification means corresponds to an assurance level equal to or higher than the assurance level required by the relevant public sector body to access that service online in the first Member State, provided that the assurance level of that electronic identification means corresponds to the assurance level substantial or high; |
| (c) | zadevni organ javnega sektorja uporablja srednjo ali visoko raven zanesljivosti v zvezi z dostopom do te spletne storitve. | (c) | the relevant public sector body uses the assurance level substantial or high in relation to accessing that service online. |
| Takšno priznanje se opravi najpozneje 12 mesecev po tem, ko Komisija objavi seznam iz točke (a) prvega pododstavka. | Such recognition shall take place no later than 12 months after the Commission publishes the list referred to in point (a) of the first subparagraph. |
| 2. Organi javnega sektorja lahko za namene čezmejne avtentikacije za storitve, ki jih zagotavljajo prek spleta, priznajo sredstvo elektronske identifikacije, ki se izda v okviru sheme elektronske identifikacije, navedene na seznamu, ki ga Komisija objavi v skladu s členom 9, in ustreza nizki ravni zanesljivosti. | 2. An electronic identification means which is issued under an electronic identification scheme included in the list published by the Commission pursuant to Article 9 and which corresponds to the assurance level low may be recognised by public sector bodies for the purposes of cross-border authentication for the service provided online by those bodies. |
| Člen 7 | Article 7 |
| Upravičenost do priglasitve shem elektronske identifikacije | Eligibility for notification of electronic identification schemes |
| Shema elektronske identifikacije je upravičena do priglasitve v skladu s členom 9(1), če so izpolnjeni vsi naslednji pogoji: | An electronic identification scheme shall be eligible for notification pursuant to Article 9(1) provided that all of the following conditions are met: |
| (a) | sredstva elektronske identifikacije v okviru sheme elektronske identifikacije se izdajo: | (i) | s strani države članice priglasiteljice; | (ii) | po pooblastilu države članice priglasiteljice, ali | (iii) | neodvisno od države članice priglasiteljice, vendar jih ta država članica priznava; | (a) | the electronic identification means under the electronic identification scheme are issued: | (i) | by the notifying Member State; | (ii) | under a mandate from the notifying Member State; or | (iii) | independently of the notifying Member State and are recognised by that Member State; |
| (b) | sredstva elektronske identifikacije v okviru sheme elektronske identifikacije se lahko uporabljajo za dostop do vsaj ene storitve, ki jo zagotavlja organ javnega sektorja in za katero se v državi članici priglasiteljici zahteva elektronska identifikacija; | (b) | the electronic identification means under the electronic identification scheme can be used to access at least one service which is provided by a public sector body and which requires electronic identification in the notifying Member State; |
| (c) | shema elektronske identifikacije in sredstva elektronske identifikacije, izdana v okviru te sheme, izpolnjujejo zahteve vsaj ene od ravni zanesljivosti, določenih v izvedbenem aktu iz člena 8(3); | (c) | the electronic identification scheme and the electronic identification means issued thereunder meet the requirements of at least one of the assurance levels set out in the implementing act referred to in Article 8(3); |
| (d) | država članica priglasiteljica zagotovi, da se identifikacijski podatki osebe, ki enolično predstavljajo zadevno osebo, dodelijo fizični ali pravni osebi iz točke 1 člena 3 v skladu s tehničnimi specifikacijami, standardi in postopki za ustrezno raven zanesljivosti, določenimi v izvedbenem aktu iz člena 8(3), ob izdaji sredstva elektronske identifikacije v okviru navedene sheme; | (d) | the notifying Member State ensures that the person identification data uniquely representing the person in question is attributed, in accordance with the technical specifications, standards and procedures for the relevant assurance level set out in the implementing act referred to in Article 8(3), to the natural or legal person referred to in point 1 of Article 3 at the time the electronic identification means under that scheme is issued; |
| (e) | izdajatelj sredstva elektronske identifikacije v okviru navedene sheme, zagotovi, da se sredstvo elektronske identifikacije dodeli osebi iz točke (d) tega člena v skladu s tehničnimi specifikacijami, standardi in postopki za ustrezno raven zanesljivosti, določenimi v izvedbenem aktu iz člena 8(3); | (e) | the party issuing the electronic identification means under that scheme ensures that the electronic identification means is attributed to the person referred to in point (d) of this Article in accordance with the technical specifications, standards and procedures for the relevant assurance level set out in the implementing act referred to in Article 8(3); |
| (f) | država članica priglasiteljica zagotovi, da je avtentikacija na voljo prek spleta, tako da lahko vsaka zanašajoča se stranka s sedežem na ozemlju druge države članice potrdi identifikacijske podatke osebe, prejete v elektronski obliki. | Za zanašajoče se stranke, ki niso organi javnega sektorja, lahko država članica priglasiteljica določi pogoje dostopa do navedene avtentikacije. Čezmejna avtentikacija je brezplačna, če se opravi v povezavi s spletno storitvijo, ki jo zagotavlja organ javnega sektorja. | Države članice ne uvedejo nobenih posebnih nesorazmernih tehničnih zahtev za zanašajoče se stranke, ki nameravajo opraviti tako avtentikacijo, če takšne zahteve preprečujejo ali znatno ovirajo interoperabilnost priglašenih shem elektronske identifikacije; | (f) | the notifying Member State ensures the availability of authentication online, so that any relying party established in the territory of another Member State is able to confirm the person identification data received in electronic form. | For relying parties other than public sector bodies the notifying Member State may define terms of access to that authentication. The cross-border authentication shall be provided free of charge when it is carried out in relation to a service online provided by a public sector body. | Member States shall not impose any specific disproportionate technical requirements on relying parties intending to carry out such authentication, where such requirements prevent or significantly impede the interoperability of the notified electronic identification schemes; |
| (g) | vsaj šest mesecev pred priglasitvijo v skladu s členom 9(1) država članica priglasiteljica zagotovi drugim državam članicam v skladu z obveznostjo iz člena 12(5) opis te sheme v skladu s postopkovno ureditvijo, določeno z izvedbenim aktom iz člena 12(7); | (g) | at least six months prior to the notification pursuant to Article 9(1), the notifying Member State provides the other Member States for the purposes of the obligation under Article 12(5) a description of that scheme in accordance with the procedural arrangements established by the implementing acts referred to in Article 12(7); |
| (h) | shema elektronske identifikacije izpolnjuje zahteve izvedbenega akta iz člena 12(8). | (h) | the electronic identification scheme meets the requirements set out in the implementing act referred to in Article 12(8). |
| Člen 8 | Article 8 |
| Ravni zanesljivosti shem elektronske identifikacije | Assurance levels of electronic identification schemes |
| 1. Shema elektronske identifikacije, priglašena v skladu s členom 9(1), določa nizko, srednjo in/ali visoko raven zanesljivosti, dodeljeno sredstvom elektronske identifikacije, izdanim v okviru te sheme. | 1. An electronic identification scheme notified pursuant to Article 9(1) shall specify assurance levels low, substantial and/or high for electronic identification means issued under that scheme. |
| 2. Nizka, srednja in visoka raven zanesljivosti izpolnjujejo naslednja merila: | 2. The assurance levels low, substantial and high shall meet respectively the following criteria: |
| (a) | nizka raven zanesljivosti se nanaša na sredstvo elektronske identifikacije v okviru sheme elektronske identifikacije, ki zagotavlja omejeno stopnjo zaupanja v izkazano ali zagotavljano identiteto osebe in za katero je značilno sklicevanje na zadevne tehnične specifikacije, standarde in postopke, vključno s tehničnim nadzorom, katerih namen je zmanjšati nevarnost zlorabe ali spreminjanja identitete; | (a) | assurance level low shall refer to an electronic identification means in the context of an electronic identification scheme, which provides a limited degree of confidence in the claimed or asserted identity of a person, and is characterised with reference to technical specifications, standards and procedures related thereto, including technical controls, the purpose of which is to decrease the risk of misuse or alteration of the identity; |
| (b) | srednja raven zanesljivosti se nanaša na sredstvo elektronske identifikacije v okviru sheme elektronske identifikacije, ki zagotavlja srednjo stopnjo zaupanja v izkazano ali zagotavljano identiteto osebe in za katero je značilno sklicevanje na zadevne tehnične specifikacije, standarde in postopke, vključno s tehničnim nadzorom, katerih namen je znatno zmanjšati nevarnost zlorabe ali spreminjanja identitete; | (b) | assurance level substantial shall refer to an electronic identification means in the context of an electronic identification scheme, which provides a substantial degree of confidence in the claimed or asserted identity of a person, and is characterised with reference to technical specifications, standards and procedures related thereto, including technical controls, the purpose of which is to decrease substantially the risk of misuse or alteration of the identity; |
| (c) | visoka raven zanesljivosti se nanaša na sredstvo elektronske identifikacije v okviru sheme elektronske identifikacije, ki zagotavlja višjo stopnjo zaupanja v izkazano ali zagotavljano identiteto osebe kot sredstva elektronske identifikacije srednje ravni zanesljivosti in za katero je značilno sklicevanje na zadevne tehnične specifikacije, standarde in postopke, vključno s tehničnim nadzorom, katerih namen je preprečiti nevarnost zlorabe ali spreminjanja identitete. | (c) | assurance level high shall refer to an electronic identification means in the context of an electronic identification scheme, which provides a higher degree of confidence in the claimed or asserted identity of a person than electronic identification means with the assurance level substantial, and is characterised with reference to technical specifications, standards and procedures related thereto, including technical controls, the purpose of which is to prevent misuse or alteration of the identity. |
| 3. Do 18. septembra 2015 ter ob upoštevanju ustreznih mednarodnih standardov in odstavka 2 Komisija z izvedbenimi akti določi minimalne tehnične specifikacije, standarde in postopke, na podlagi katerih se določijo nizka, srednja in visoka raven zanesljivosti za sredstva elektronske identifikacije za namene odstavka 1. | 3. By 18 September 2015, taking into account relevant international standards and subject to paragraph 2, the Commission shall, by means of implementing acts, set out minimum technical specifications, standards and procedures with reference to which assurance levels low, substantial and high are specified for electronic identification means for the purposes of paragraph 1. |
| Te minimalne tehnične specifikacije, standardi in postopki se določijo ob sklicevanju na zanesljivost in kakovost naslednjih elementov: | Those minimum technical specifications, standards and procedures shall be set out by reference to the reliability and quality of the following elements: |
| (a) | postopka za dokazovanje in preverjanje identitete fizičnih ali pravnih oseb, ki zaprosijo za izdajo sredstva elektronske identifikacije; | (a) | the procedure to prove and verify the identity of natural or legal persons applying for the issuance of electronic identification means; |
| (b) | postopka za izdajo zahtevanega sredstva elektronske identifikacije; | (b) | the procedure for the issuance of the requested electronic identification means; |
| (c) | mehanizma avtentikacije, prek katerega fizična ali pravna oseba uporablja sredstvo elektronske identifikacije, da odvisni stranki potrdi svojo identiteto; | (c) | the authentication mechanism, through which the natural or legal person uses the electronic identification means to confirm its identity to a relying party; |
| (d) | izdajatelja sredstva elektronske identifikacije; | (d) | the entity issuing the electronic identification means; |
| (e) | katerega koli drugega organa, vključenega v postopek izdaje sredstva elektronske identifikacije, ter | (e) | any other body involved in the application for the issuance of the electronic identification means; and |
| (f) | tehničnih in varnostnih specifikacij izdanega sredstva elektronske identifikacije. | (f) | the technical and security specifications of the issued electronic identification means. |
| Komisija izvedbene akte sprejme v skladu s postopkom pregleda iz člena 48(2). | Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2). |
| Člen 9 | Article 9 |
| Priglasitev | Notification |
| 1. Država članica priglasiteljica priglasi Komisiji naslednje informacije, brez nepotrebnega odlašanja pa tudi vse njihove naknadne spremembe: | 1. The notifying Member State shall notify to the Commission the following information and, without undue delay, any subsequent changes thereto: |
| (a) | opis sheme elektronske identifikacije, vključno z njenimi ravnmi zanesljivosti in izdajateljem oziroma izdajatelji sredstva elektronske identifikacije v okviru sheme; | (a) | a description of the electronic identification scheme, including its assurance levels and the issuer or issuers of electronic identification means under the scheme; |
| (b) | veljavno ureditev nadzora in informacije o ureditvi odgovornosti v zvezi s/z: | (i) | izdajateljem sredstva elektronske identifikacije, in | (ii) | stranko, ki opravi postopek avtentikacije; | (b) | the applicable supervisory regime and information on the liability regime with respect to the following: | (i) | the party issuing the electronic identification means; and | (ii) | the party operating the authentication procedure; |
| (c) | organ ali organe, pristojne za shemo elektronske identifikacije; | (c) | the authority or authorities responsible for the electronic identification scheme; |
| (d) | informacije o subjektu ali subjektih, ki urejajo registracijo enoličnih identifikacijskih podatkov osebe; | (d) | information on the entity or entities which manage the registration of the unique person identification data; |
| (e) | opis, kako se izpolnjujejo zahteve, določene v izvedbenih aktih iz člena 12(8); | (e) | a description of how the requirements set out in the implementing acts referred to in Article 12(8) are met; |
| (f) | opis avtentikacije iz točke (f) člena 7; | (f) | a description of the authentication referred to in point (f) of Article 7; |
| (g) | ureditev začasne razveljavitve ali preklica priglašene elektronske identifikacijske sheme, avtentikacije ali zadevnih ogroženih delov. | (g) | arrangements for suspension or revocation of either the notified electronic identification scheme or authentication or the compromised parts concerned. |
| 2. Eno leto po začetku uporabe izvedbenih aktov iz členov 8(3) in 12(8) Komisija v Uradnem listu Evropske unije objavi seznam shem elektronske identifikacije, priglašenih v skladu z odstavkom 1 tega člena, in osnovne informacije o njih. | 2. One year from the date of application of the implementing acts referred to in Articles 8(3) and 12(8), the Commission shall publish in the Official Journal of the European Union a list of the electronic identification schemes which were notified pursuant to paragraph 1 of this Article and the basic information thereon. |
| 3. Če Komisija prejme priglasitev po izteku obdobja iz odstavka 2, v Uradnem listu Evropske unije objavi spremembe seznama iz odstavka 2 v dveh mesecih po datumu prejema priglasitve. | 3. If the Commission receives a notification after the expiry of the period referred to in paragraph 2, it shall publish in the Official Journal of the European Union the amendments to the list referred to in paragraph 2 within two months from the date of receipt of that notification. |
| 4. Država članica lahko Komisiji predloži zahtevek, da se s seznama iz odstavka 2 umakne shema elektronske identifikacije, ki jo je ta država članica priglasila. Komisija objavi ustrezne spremembe seznama članice v Uradnem listu Evropske unije v enem mesecu po datumu prejema zahtevka države članice. | 4. A Member State may submit to the Commission a request to remove an electronic identification scheme notified by that Member State from the list referred to in paragraph 2. The Commission shall publish in the Official Journal of the European Union the corresponding amendments to the list within one month from the date of receipt of the Member State’s request. |
| 5. Komisija lahko z izvedbenimi akti določi okoliščine, formate in postopke priglasitve iz odstavka 1. Ti izvedbeni akti se sprejmejo v skladu s postopkom pregleda iz člena 48(2). | 5. The Commission may, by means of implementing acts, define the circumstances, formats and procedures of notifications under paragraph 1. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2). |
| Člen 10 | Article 10 |
| Kršitev varnosti | Security breach |
| 1. Ob kršitvi ali delnem ogrožanju bodisi sheme elektronske identifikacije, priglašene v skladu s členom 9(1), ali avtentikacije iz točke (f) člena 7 na način, ki vpliva na zanesljivost čezmejne avtentikacije te sheme, država članica priglasiteljica brez odlašanja začasno razveljavi ali prekliče to čezmejno avtentikacijo ali zadevne ogrožene dele ter o tem obvesti druge države članice in Komisijo. | 1. Where either the electronic identification scheme notified pursuant to Article 9(1) or the authentication referred to in point (f) of Article 7 is breached or partly compromised in a manner that affects the reliability of the cross-border authentication of that scheme, the notifying Member State shall, without delay, suspend or revoke that cross-border authentication or the compromised parts concerned, and shall inform other Member States and the Commission. |
| 2. Ko je kršitev ali ogrožanje iz odstavka 1 odpravljeno, država članica priglasiteljica ponovno vzpostavi čezmejno avtentikacijo in o tem brez nepotrebnega odlašanja obvesti druge države članice in Komisijo. | 2. When the breach or compromise referred to in paragraph 1 is remedied, the notifying Member State shall re-establish the cross-border authentication and shall inform other Member States and the Commission without undue delay. |
| 3. Če se kršitev ali ogrožanje iz odstavka 1 ne odpravi v treh mesecih po začasni razveljavitvi ali preklicu, država članica priglasiteljica uradno obvesti druge države članice in Komisijo o umiku sheme elektronske identifikacije. | 3. If the breach or compromise referred to in paragraph 1 is not remedied within three months of the suspension or revocation, the notifying Member State shall notify other Member States and the Commission of the withdrawal of the electronic identification scheme. |
| Komisija v Uradnem listu Evropske unije objavi ustrezne spremembe seznama iz člena 9(2) brez nepotrebnega odlašanja. | The Commission shall publish in the Official Journal of the European Union the corresponding amendments to the list referred to in Article 9(2) without undue delay. |
| Člen 11 | Article 11 |
| Odgovornost | Liability |
| 1. Država članica priglasiteljica je odgovorna za škodo, ki je namenoma ali iz malomarnosti povzročena fizični ali pravni osebi zaradi neizpolnjevanja obveznosti iz točk (d) in (f) člena 7 pri opravljanju čezmejne transakcije. | 1. The notifying Member State shall be liable for damage caused intentionally or negligently to any natural or legal person due to a failure to comply with its obligations under points (d) and (f) of Article 7 in a cross-border transaction. |
| 2. Izdajatelj sredstva elektronske identifikacije je odgovoren za škodo, ki jo namenoma ali iz malomarnosti povzroči fizični ali pravni osebi zaradi neizpolnjevanja obveznosti iz točke (e) člena 7 pri opravljanju čezmejne transakcije. | 2. The party issuing the electronic identification means shall be liable for damage caused intentionally or negligently to any natural or legal person due to a failure to comply with the obligation referred to in point (e) of Article 7 in a cross-border transaction. |
| 3. Stranka, ki opravi postopek avtentikacije, je odgovorna za škodo, ki jo namenoma ali iz malomarnosti povzroči kateri koli fizični ali pravni osebi, če pri opravljanju čezmejne transakcije ne zagotovi pravilnega delovanja avtentikacije iz točke (f) člena 7. | 3. The party operating the authentication procedure shall be liable for damage caused intentionally or negligently to any natural or legal person due to a failure to ensure the correct operation of the authentication referred to in point (f) of Article 7 in a cross-border transaction. |
| 4. Odstavki 1, 2 in 3 se uporabljajo v skladu z nacionalnimi pravili o odgovornosti. | 4. Paragraphs 1, 2 and 3 shall be applied in accordance with national rules on liability. |
| 5. Odstavki 1, 2 in 3 ne posegajo v odgovornost, ki jo imajo v skladu z nacionalnim pravom stranke transakcije, pri kateri se uporabljajo sredstva elektronske identifikacije, ki so del sheme elektronske identifikacije, priglašene v skladu s členom 9(1). | 5. Paragraphs 1, 2 and 3 are without prejudice to the liability under national law of parties to a transaction in which electronic identification means falling under the electronic identification scheme notified pursuant to Article 9(1) are used. |
| Člen 12 | Article 12 |
| Sodelovanje in interoperabilnost | Cooperation and interoperability |
| 1. Nacionalne sheme elektronske identifikacije, priglašene v skladu s členom 9(1), so interoperabilne. | 1. The national electronic identification schemes notified pursuant to Article 9(1) shall be interoperable. |
| 2. Za namene odstavka 1 se vzpostavi interoperabilnostni okvir. | 2. For the purposes of paragraph 1, an interoperability framework shall be established. |
| 3. Interoperabilnostni okvir izpolnjuje naslednja merila: | 3. The interoperability framework shall meet the following criteria: |
| (a) | prizadeva si biti tehnološko nevtralen in ne diskriminira med posebnimi nacionalnimi tehničnimi rešitvami za elektronsko identifikacijo znotraj države članice; | (a) | it aims to be technology neutral and does not discriminate between any specific national technical solutions for electronic identification within a Member State; |
| (b) | upošteva evropske in mednarodne standarde, kadar je mogoče; | (b) | it follows European and international standards, where possible; |
| (c) | lajša izvajanje načela vgrajene zasebnosti, in | (c) | it facilitates the implementation of the principle of privacy by design; and |
| (d) | zagotavlja, da so osebni podatki obdelani v skladu z Direktivo 95/46/ES. | (d) | it ensures that personal data is processed in accordance with Directive 95/46/EC. |
| 4. Interoperabilnostni okvir sestavljajo: | 4. The interoperability framework shall consist of: |
| (a) | sklicevanje na minimalne tehnične zahteve, povezane z ravnmi zanesljivosti iz člena 8; | (a) | a reference to minimum technical requirements related to the assurance levels under Article 8; |
| (b) | določitev nacionalnih ravni zanesljivosti priglašenih shem elektronske identifikacije glede na ravni zanesljivosti iz člena 8; | (b) | a mapping of national assurance levels of notified electronic identification schemes to the assurance levels under Article 8; |
| (c) | sklicevanje na minimalne tehnične zahteve glede interoperabilnosti; | (c) | a reference to minimum technical requirements for interoperability; |
| (d) | sklicevanje na minimalni niz identifikacijskih podatkov osebe, ki enolično predstavljajo fizično ali pravno osebo in so dostopni v okviru shem elektronske identifikacije; | (d) | a reference to a minimum set of person identification data uniquely representing a natural or legal person, which is available from electronic identification schemes; |
| (e) | poslovnik; | (e) | rules of procedure; |
| (f) | ureditev za reševanje sporov, in | (f) | arrangements for dispute resolution; and |
| (g) | skupni varnostni standardi delovanja. | (g) | common operational security standards. |
| 5. Države članice sodelujejo na naslednjih področjih: | 5. Member States shall cooperate with regard to the following: |
| (a) | interoperabilnost shem elektronske identifikacije, priglašenih v skladu s členom 9(1), in shem elektronske identifikacije, ki jih države članice nameravajo priglasiti, ter | (a) | the interoperability of the electronic identification schemes notified pursuant to Article 9(1) and the electronic identification schemes which Member States intend to notify; and |
| (b) | varnost shem elektronske identifikacije. | (b) | the security of the electronic identification schemes. |
| 6. Sodelovanje med državami članicami vključuje: | 6. The cooperation between Member States shall consist of: |
| (a) | izmenjavo informacij, izkušenj in dobrih praks v zvezi s shemami elektronske identifikacije in zlasti tehničnimi zahtevami, povezanimi z interoperabilnostjo in ravnmi zanesljivosti; | (a) | the exchange of information, experience and good practice as regards electronic identification schemes and in particular technical requirements related to interoperability and assurance levels; |
| (b) | izmenjavo informacij, izkušenj in dobrih praks v zvezi z delom z ravnmi zanesljivosti za sheme elektronske identifikacije iz člena 8; | (b) | the exchange of information, experience and good practice as regards working with assurance levels of electronic identification schemes under Article 8; |
| (c) | medsebojni strokovni pregled shem elektronske identifikacije, zajetih s to uredbo, in | (c) | peer review of electronic identification schemes falling under this Regulation; and |
| (d) | preverjanje zadevnega razvoja v sektorju elektronske identifikacije. | (d) | examination of relevant developments in the electronic identification sector. |
| 7. Komisija do 18. marca 2015 z izvedbenimi akti določi potrebno postopkovno ureditev za lažje sodelovanje med državami članicami, določeno v odstavkih 5 in 6, da se spodbudi visoka raven zaupanja in varnosti, ki ustreza stopnji nevarnosti. | 7. By 18 March 2015, the Commission shall, by means of implementing acts, establish the necessary procedural arrangements to facilitate the cooperation between the Member States referred to in paragraphs 5 and 6 with a view to fostering a high level of trust and security appropriate to the degree of risk. |
| 8. Komisija do 18. septembra 2015 za določitev enotnih pogojev izvajanja zahteve iz odstavka 1 sprejme izvedbene akte o interoperabilnostnem okviru, opredeljenem v odstavku 4, pri tem pa upošteva merila iz odstavka 3 in rezultate sodelovanja med državami članicami. | 8. By 18 September 2015, for the purpose of setting uniform conditions for the implementation of the requirement under paragraph 1, the Commission shall, subject to the criteria set out in paragraph 3 and taking into account the results of the cooperation between Member States, adopt implementing acts on the interoperability framework as set out in paragraph 4. |
| 9. Izvedbeni akti iz odstavkov 7 in 8 tega člena se sprejmejo v skladu s postopkom pregleda iz člena 48(2). | 9. The implementing acts referred to in paragraphs 7 and 8 of this Article shall be adopted in accordance with the examination procedure referred to in Article 48(2). |
| POGLAVJE IIII | CHAPTER III |
| STORITVE ZAUPANJA | TRUST SERVICES |
| ODDELEK 1 | SECTION 1 |
| Splošne določbe | General provisions |
| Člen 13 | Article 13 |
| Odgovornost in dokazno breme | Liability and burden of proof |
| 1. Brez poseganja v odstavek 2 so ponudniki storitev zaupanja odgovorni za škodo, ki je namenoma ali iz malomarnosti povzročena fizični ali pravni osebi zaradi neizpolnjevanja obveznosti po tej uredbi. | 1. Without prejudice to paragraph 2, trust service providers shall be liable for damage caused intentionally or negligently to any natural or legal person due to a failure to comply with the obligations under this Regulation. |
| Dokazno breme o namenu (naklepu) ali malomarnosti ponudnika nekvalificiranih storitev zaupanja nosi fizična ali pravna oseba, ki zatrjuje škodo iz prvega pododstavka. | The burden of proving intention or negligence of a non-qualified trust service provider shall lie with the natural or legal person claiming the damage referred to in the first subparagraph. |
| Domneva se, da je ponudnik kvalificiranih storitev zaupanja škodo povzročil namenoma ali iz malomarnosti, razen če dokaže, da škode iz prvega pododstavka ni povzročil namenoma ali iz malomarnosti. | The intention or negligence of a qualified trust service provider shall be presumed unless that qualified trust service provider proves that the damage referred to in the first subparagraph occurred without the intention or negligence of that qualified trust service provider. |
| 2. Kadar ponudniki storitev zaupanja svoje stranke ustrezno vnaprej obvestijo o omejitvah uporabe storitev, ki jih zagotavljajo, in kadar tretja stranka te omejitve lahko prepozna, ponudniki storitev zaupanja niso odgovorni za škodo, ki izhaja iz uporabe storitev, ki presega navedene omejitve. | 2. Where trust service providers duly inform their customers in advance of the limitations on the use of the services they provide and where those limitations are recognisable to third parties, trust service providers shall not be liable for damages arising from the use of services exceeding the indicated limitations. |
| 3. Odstavka 1 in 2 se uporabljata v skladu z nacionalnimi pravili o odgovornosti. | 3. Paragraphs 1 and 2 shall be applied in accordance with national rules on liability. |
| Člen 14 | Article 14 |
| Mednarodni vidiki | International aspects |
| 1. Storitve zaupanja, ki jih zagotavljajo ponudniki storitev zaupanja s sedežem v tretji državi, so pravno enakovredne kvalificiranim storitvam zaupanja, ki jih zagotavljajo ponudniki kvalificiranih storitev zaupanja s sedežem v Uniji, kadar se storitve zaupanja iz tretje države priznajo na podlagi sporazuma, sklenjenega med Unijo in zadevno tretjo državo ali mednarodno organizacijo v skladu s členom 218 PDEU. | 1. Trust services provided by trust service providers established in a third country shall be recognised as legally equivalent to qualified trust services provided by qualified trust service providers established in the Union where the trust services originating from the third country are recognised under an agreement concluded between the Union and the third country in question or an international organisation in accordance with Article 218 TFEU. |
| 2. Sporazumi iz odstavka 1 zagotavljajo zlasti, da: | 2. Agreements referred to in paragraph 1 shall ensure, in particular, that: |
| (a) | ponudniki storitev zaupanja v tretji državi ali mednarodnih organizacijah, s katerimi je sklenjen sporazum, in storitve zaupanja, ki jih zagotavljajo, izpolnjujejo zahteve, ki veljajo za ponudnike kvalificiranih storitev zaupanja s sedežem v Uniji in za kvalificirane storitve zaupanja, ki jih zagotavljajo; | (a) | the requirements applicable to qualified trust service providers established in the Union and the qualified trust services they provide are met by the trust service providers in the third country or international organisations with which the agreement is concluded, and by the trust services they provide; |
| (b) | so kvalificirane storitve zaupanja, ki jih zagotavljajo ponudniki kvalificiranih storitev zaupanja s sedežem v Uniji, pravno enakovredne storitvam zaupanja, ki jih zagotavljajo ponudniki storitev zaupanja v tretji državi ali mednarodni organizaciji, s katero je sklenjen sporazum. | (b) | the qualified trust services provided by qualified trust service providers established in the Union are recognised as legally equivalent to trust services provided by trust service providers in the third country or international organisation with which the agreement is concluded. |
| Člen 15 | Article 15 |
| Dostopnost za invalide | Accessibility for persons with disabilities |
| Če je izvedljivo, so ponujene storitve zaupanja in izdelki za končne uporabnike, ki se uporabljajo pri zagotavljanju teh storitev, dostopni invalidom. | Where feasible, trust services provided and end-user products used in the provision of those services shall be made accessible for persons with disabilities. |
| Člen 16 | Article 16 |
| Kazni | Penalties |
| Države članice določijo pravila o kaznih, ki se uporabljajo za kršitve te uredbe. Kazni so učinkovite, sorazmerne in odvračilne. | Member States shall lay down the rules on penalties applicable to infringements of this Regulation. The penalties provided for shall be effective, proportionate and dissuasive. |
| ODDELEK 2 | SECTION 2 |
| Nadzor | Supervision |
| Člen 17 | Article 17 |
| Nadzorni organ | Supervisory body |
| 1. Države članice imenujejo nadzorni organ s sedežem na njihovem ozemlju ali – po medsebojnem dogovoru z drugo državo članico – nadzorni organ s sedežem v tej drugi državi članici. Ta organ je odgovoren za nadzorne naloge v državi članici, ki organ imenuje. | 1. Member States shall designate a supervisory body established in their territory or, upon mutual agreement with another Member State, a supervisory body established in that other Member State. That body shall be responsible for supervisory tasks in the designating Member State. |
| Nadzorni organi imajo potrebna pooblastila in ustrezne vire za opravljanje svojih nalog. | Supervisory bodies shall be given the necessary powers and adequate resources for the exercise of their tasks. |
| 2. Države članice Komisijo uradno obvestijo o imenu in naslovu svojih imenovanih nadzornih organov. | 2. Member States shall notify to the Commission the names and the addresses of their respective designated supervisory bodies. |
| 3. Vloga nadzornega organa je: | 3. The role of the supervisory body shall be the following: |
| (a) | nadzirati ponudnike kvalificiranih storitev zaupanja s sedežem na ozemlju države članice, ki organ imenuje, da na podlagi predhodnih in naknadnih nadzornih dejavnosti zagotovijo, da ti ponudniki in kvalificirane storitve zaupanja, ki jih zagotavljajo, izpolnjujejo zahteve iz te uredbe; | (a) | to supervise qualified trust service providers established in the territory of the designating Member State to ensure, through ex ante and ex post supervisory activities, that those qualified trust service providers and the qualified trust services that they provide meet the requirements laid down in this Regulation; |
| (b) | po potrebi sprejeti ukrepe v zvezi s ponudniki nekvalificiranih storitev zaupanja s sedežem na ozemlju države članice, ki organ imenuje, na podlagi naknadnega nadzora, kadar je obveščen, da ti ponudniki ali storitve zaupanja, ki jih zagotavljajo, domnevno ne izpolnjujejo zahtev iz te uredbe. | (b) | to take action if necessary, in relation to non-qualified trust service providers established in the territory of the designating Member State, through ex post supervisory activities, when informed that those non-qualified trust service providers or the trust services they provide allegedly do not meet the requirements laid down in this Regulation. |
| 4. Za namene odstavka 3 in ob upoštevanju omejitev iz navedenega odstavka naloge nadzornega organa vključujejo zlasti: | 4. For the purposes of paragraph 3 and subject to the limitations provided therein, the tasks of the supervisory body shall include in particular: |
| (a) | sodelovanje z drugimi nadzornimi organi in zagotavljanje pomoči tem organom v skladu s členom 18; | (a) | to cooperate with other supervisory bodies and provide them with assistance in accordance with Article 18; |
| (b) | analizo poročil o ugotavljanju skladnosti iz členov 20(1) in 21(1); | (b) | to analyse the conformity assessment reports referred to in Articles 20(1) and 21(1); |
| (c) | obveščanje drugih nadzornih organov in javnosti o kršitvah varnosti ali izgubi celovitosti v skladu s členom 19(2); | (c) | to inform other supervisory bodies and the public about breaches of security or loss of integrity in accordance with Article 19(2); |
| (d) | poročanje Komisiji o svojih glavnih dejavnostih v skladu z odstavkom 6 tega člena; | (d) | to report to the Commission about its main activities in accordance with paragraph 6 of this Article; |
| (e) | izvajanje revizij ali izdajanje zahtevkov organu za ugotavljanje skladnosti, da opravi ugotavljanje skladnosti ponudnikov kvalificiranih storitev zaupanja v skladu s členom 20(2); | (e) | to carry out audits or request a conformity assessment body to perform a conformity assessment of the qualified trust service providers in accordance with Article 20(2); |
| (f) | sodelovanje z organi za varstvo podatkov, zlasti obveščanje teh organov o rezultatih revizij ponudnikov kvalificiranih storitev zaupanja brez nepotrebnega odlašanja, če se zdi, da so bila kršena pravila o varstvu osebnih podatkov; | (f) | to cooperate with the data protection authorities, in particular, by informing them without undue delay, about the results of audits of qualified trust service providers, where personal data protection rules appear to have been breached; |
| (g) | odobritev kvalificiranega statusa ponudnikom storitev zaupanja in storitvam, ki jih zagotavljajo, ter odvzem takšnega statusa v skladu s členoma 20 in 21; | (g) | to grant qualified status to trust service providers and to the services they provide and to withdraw this status in accordance with Articles 20 and 21; |
| (h) | obveščanje organa, odgovornega za nacionalni zanesljiv seznam iz člena 22(3), o odločitvah glede odobritve ali odvzema kvalificiranega statusa, razen v primeru, ko je ta organ tudi nadzorni organ; | (h) | to inform the body responsible for the national trusted list referred to in Article 22(3) about its decisions to grant or to withdraw qualified status, unless that body is also the supervisory body; |
| (i) | preverjanje obstoja in pravilne uporabe določb o načrtih za prenehanje zagotavljanja storitve v primerih, ko ponudnik kvalificiranih storitev zaupanja preneha opravljati svoje dejavnosti, vključno z načinom, kako so te informacije dostopne v skladu s točko (h) člena 24(2); | (i) | to verify the existence and correct application of provisions on termination plans in cases where the qualified trust service provider ceases its activities, including how information is kept accessible in accordance with point (h) of Article 24(2); |
| (j) | izdajanje zahtevkov ponudnikom storitev zaupanja, da odpravijo morebitno neizpolnjevanje zahtev iz te uredbe. | (j) | to require that trust service providers remedy any failure to fulfil the requirements laid down in this Regulation. |
| 5. Države članice lahko zahtevajo, da nadzorni organ vzpostavi, vzdržuje in posodablja infrastrukturo zaupanja v skladu s pogoji iz nacionalnega prava. | 5. Member States may require the supervisory body to establish, maintain and update a trust infrastructure in accordance with the conditions under national law. |
| 6. Vsako leto do 31. marca vsak nadzorni organ Komisiji predloži poročilo o svojih glavnih dejavnostih v predhodnem koledarskem letu, skupaj s povzetkom uradnih obvestil o kršitvah, ki jih je prejel od ponudnikov storitev zaupanja v skladu s členom 19(2). | 6. By 31 March each year, each supervisory body shall submit to the Commission a report on its previous calendar year’s main activities together with a summary of breach notifications received from trust service providers in accordance with Article 19(2). |
| 7. Komisija zagotovi, da je letno poročilo iz odstavka 6 na voljo državam članicam. | 7. The Commission shall make the annual report referred to in paragraph 6 available to Member States. |
| 8. Komisija lahko z izvedbenimi akti opredeli oblike in postopke, ki se nanašajo na poročilo iz odstavka 6. Ti izvedbeni akti se sprejmejo v skladu s postopkom pregleda iz člena 48(2). | 8. The Commission may, by means of implementing acts, define the formats and procedures for the report referred to in paragraph 6. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2). |
| Člen 18 | Article 18 |
| Medsebojna pomoč | Mutual assistance |
| 1. Nadzorni organi sodelujejo z namenom izmenjave dobre prakse. | 1. Supervisory bodies shall cooperate with a view to exchanging good practice. |
| Nadzorni organ na podlagi prejema utemeljenega zahtevka drugega nadzornega organa temu organu zagotovi pomoč, da se lahko dejavnosti nadzornih organov opravijo na skladen način. Medsebojna pomoč lahko vključuje zlasti zahtevke za informacije in nadzorne ukrepe, kot so zahtevki za opravljanje inšpekcijskih pregledov, ki se nanašajo na poročila o ugotavljanju skladnosti iz členov 20 in 21. | A supervisory body shall, upon receipt of a justified request from another supervisory body, provide that body with assistance so that the activities of supervisory bodies can be carried out in a consistent manner. Mutual assistance may cover, in particular, information requests and supervisory measures, such as requests to carry out inspections related to the conformity assessment reports as referred to in Articles 20 and 21. |
| 2. Nadzorni organ, na katerega se naslovi zahtevek za pomoč, lahko ta zahtevek zavrne zaradi katerega koli od naslednjih razlogov: | 2. A supervisory body to which a request for assistance is addressed may refuse that request on any of the following grounds: |
| (a) | nadzorni organ ni pristojen za zagotavljanje zahtevane pomoči; | (a) | the supervisory body is not competent to provide the requested assistance; |
| (b) | zahtevana pomoč ni sorazmerna z nadzornimi dejavnostmi nadzornega organa, ki jih opravlja v skladu s členom 17; | (b) | the requested assistance is not proportionate to supervisory activities of the supervisory body carried out in accordance with Article 17; |
| (c) | zagotovitev zahtevane pomoči ne bi bila skladna s to uredbo. | (c) | providing the requested assistance would be incompatible with this Regulation. |
| 3. Države članice lahko svojim nadzornim organom po potrebi dovolijo, da opravljajo skupne preiskave, v katerih sodeluje osebje nadzornih organov drugih držav članic. Zadevne države članice se v skladu s svojim nacionalnim pravom dogovorijo o ureditvi in postopkih takšnih skupnih ukrepov in jih tudi vzpostavijo. | 3. Where appropriate, Member States may authorise their respective supervisory bodies to carry out joint investigations in which staff from other Member States’ supervisory bodies is involved. The arrangements and procedures for such joint actions shall be agreed upon and established by the Member States concerned in accordance with their national law. |
| Člen 19 | Article 19 |
| Varnostne zahteve za ponudnike storitev zaupanja | Security requirements applicable to trust service providers |
| 1. Ponudniki kvalificiranih in nekvalificiranih storitev zaupanja sprejmejo ustrezne tehnične in organizacijske ukrepe za obvladovanje nevarnosti, povezanih z varnostjo storitev zaupanja, ki jih zagotavljajo. Ti ukrepi ob upoštevanju najnovejših tehnoloških dosežkov zagotavljajo, da je raven varnosti sorazmerna s stopnjo nevarnosti. Sprejmejo se zlasti zato, da bi preprečili in čim bolj zmanjšali vpliv varnostnih incidentov ter deležnike obvestili o škodljivih učinkih takih incidentov. | 1. Qualified and non-qualified trust service providers shall take appropriate technical and organisational measures to manage the risks posed to the security of the trust services they provide. Having regard to the latest technological developments, those measures shall ensure that the level of security is commensurate to the degree of risk. In particular, measures shall be taken to prevent and minimise the impact of security incidents and inform stakeholders of the adverse effects of any such incidents. |
| 2. Ponudniki kvalificiranih in nekvalificiranih storitev zaupanja o vsaki kršitvi varnosti ali izgubi celovitosti, ki znatno vpliva na zagotovljeno storitev zaupanja ali na osebne podatke, vsebovane v njej, brez nepotrebnega odlašanja, v vsakem primeru pa v 24 urah po ugotovitvi, uradno obvestijo nadzorni organ, po potrebi pa tudi druge pristojne organe, kot je pristojni nacionalni organ za varnost informacij ali organ za varstvo podatkov. | 2. Qualified and non-qualified trust service providers shall, without undue delay but in any event within 24 hours after having become aware of it, notify the supervisory body and, where applicable, other relevant bodies, such as the competent national body for information security or the data protection authority, of any breach of security or loss of integrity that has a significant impact on the trust service provided or on the personal data maintained therein. |
| Kadar je verjetno, da bo kršitev varnosti ali izguba celovitosti negativno vplivala na fizično ali pravno osebo, ki ji je bila zagotovljena storitev zaupanja, ponudnik storitev zaupanja o kršitvi varnosti ali izgubi celovitosti brez nepotrebnega odlašanja uradno obvesti tudi fizično ali pravno osebo. | Where the breach of security or loss of integrity is likely to adversely affect a natural or legal person to whom the trusted service has been provided, the trust service provider shall also notify the natural or legal person of the breach of security or loss of integrity without undue delay. |
| Uradno obveščeni nadzorni organ po potrebi obvesti nadzorne organe drugih zadevnih držav članic in agencijo ENISA, zlasti če kršitev varnosti ali izguba celovitosti zadeva dve ali več držav članic. | Where appropriate, in particular if a breach of security or loss of integrity concerns two or more Member States, the notified supervisory body shall inform the supervisory bodies in other Member States concerned and ENISA. |
| Uradno obveščeni nadzorni organ o tem obvesti javnost ali to zahteva od ponudnika storitev zaupanja, kadar ugotovi, da je razkritje kršitve varnosti ali izgube celovitosti v javnem interesu. | The notified supervisory body shall inform the public or require the trust service provider to do so, where it determines that disclosure of the breach of security or loss of integrity is in the public interest. |
| 3. Nadzorni organ agenciji ENISA enkrat na leto predloži povzetek uradnih obvestil o kršitvi varnosti in izgubi celovitosti, ki jih je prejel od ponudnikov storitev zaupanja. | 3. The supervisory body shall provide ENISA once a year with a summary of notifications of breach of security and loss of integrity received from trust service providers. |
| 4. Komisija lahko z izvedbenimi akti: | 4. The Commission may, by means of implementing acts,: |
| (a) | dodatno opredeli ukrepe iz odstavka 1 ter | (a) | further specify the measures referred to in paragraph 1; and |
| (b) | določi oblike in postopke, vključno z roki, ki se uporabljajo za namene odstavka 2. | (b) | define the formats and procedures, including deadlines, applicable for the purpose of paragraph 2. |
| Ti izvedbeni akti se sprejmejo v skladu s postopkom pregleda iz člena 48(2). | Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2). |
| ODDELEK 3 | SECTION 3 |
| Kvalificirane storitve zaupanja | Qualified trust services |
| Člen 20 | Article 20 |
| Nadzor ponudnikov kvalificiranih storitev zaupanja | Supervision of qualified trust service providers |
| 1. Ponudnike kvalificiranih storitev zaupanja na njihove lastne stroške vsaj vsakih 24 mesecev revidira organ za ugotavljanje skladnosti. Namen revizije je potrditi, ali ponudniki kvalificiranih storitev zaupanja in kvalificirane storitve zaupanja, ki jih zagotavljajo, izpolnjujejo zahteve iz te uredbe. Ponudniki kvalificiranih storitev zaupanja zadevno poročilo o ugotavljanju skladnosti predložijo nadzornemu organu v treh delovnih dneh po njegovem prejemu. | 1. Qualified trust service providers shall be audited at their own expense at least every 24 months by a conformity assessment body. The purpose of the audit shall be to confirm that the qualified trust service providers and the qualified trust services provided by them fulfil the requirements laid down in this Regulation. The qualified trust service providers shall submit the resulting conformity assessment report to the supervisory body within the period of three working days after receiving it. |
| 2. Brez poseganja v odstavek 1 lahko nadzorni organ – na stroške teh ponudnikov kvalificiranih storitev zaupanja – kadar koli revidira ponudnike kvalificiranih storitev zaupanja ali zahteva, da organ za ugotavljanje skladnosti opravi ugotavljanje skladnosti teh ponudnikov, da se potrdi, da ponudniki in kvalificirane storitve zaupanja, ki jih zagotavljajo, izpolnjujejo zahteve iz te uredbe. V primeru, da so bila pravila o varstvu osebnih podatkov kršena, nadzorni organ obvesti organe za varstvo podatkov o rezultatih svojih revizij. | 2. Without prejudice to paragraph 1, the supervisory body may at any time audit or request a conformity assessment body to perform a conformity assessment of the qualified trust service providers, at the expense of those trust service providers, to confirm that they and the qualified trust services provided by them fulfil the requirements laid down in this Regulation. Where personal data protection rules appear to have been breached, the supervisory body shall inform the data protection authorities of the results of its audits. |
| 3. Kadar nadzorni organ zahteva, da ponudnik kvalificiranih storitev zaupanja odpravi vsakršno neizpolnjevanje zahtev iz te uredbe, ta ponudnik pa ne sprejme ustreznih ukrepov – po potrebi v roku, ki ga določi nadzorni organ – lahko nadzorni organ ob upoštevanju zlasti obsega, trajanja in posledic takšnega neizpolnjevanja temu ponudniku ali zadevnim storitvam, ki jih ponudnik zagotavlja, odvzame kvalificirani status ter o tem obvesti organ iz člena 22(3), da se posodobijo zanesljivi seznami iz člena 22(1). Nadzorni organ obvesti ponudnika kvalificiranih storitev zaupanja o odvzemu kvalificiranega statusa temu ponudniku ali zadevnim storitvam. | 3. Where the supervisory body requires the qualified trust service provider to remedy any failure to fulfil requirements under this Regulation and where that provider does not act accordingly, and if applicable within a time limit set by the supervisory body, the supervisory body, taking into account, in particular, the extent, duration and consequences of that failure, may withdraw the qualified status of that provider or of the affected service it provides and inform the body referred to in Article 22(3) for the purposes of updating the trusted lists referred to in Article 22(1). The supervisory body shall inform the qualified trust service provider of the withdrawal of its qualified status or of the qualified status of the service concerned. |
| 4. Komisija lahko z izvedbenimi akti določi referenčne številke naslednjih standardov: | 4. The Commission may, by means of implementing acts, establish reference number of the following standards: |
| (a) | akreditacija organov za ugotavljanje skladnosti in za poročila o ugotavljanju skladnosti iz odstavka 1; | (a) | accreditation of the conformity assessment bodies and for the conformity assessment report referred to in paragraph 1; |
| (b) | pravila o reviziji, na podlagi katerih bodo organi za ugotavljanje skladnosti opravili ugotavljanje skladnosti ponudnikov kvalificiranih storitev zaupanja iz odstavka 1. | (b) | auditing rules under which conformity assessment bodies will carry out their conformity assessment of the qualified trust service providers as referred to in paragraph 1. |
| Ti izvedbeni akti se sprejmejo v skladu s postopkom pregleda iz člena 48(2). | Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2). |
| Člen 21 | Article 21 |
| Začetek zagotavljanja kvalificirane storitve zaupanja | Initiation of a qualified trust service |
| 1. Kadar nameravajo ponudniki storitev zaupanja brez kvalificiranega statusa začeti zagotavljati kvalificirane storitve zaupanja, svojo namero priglasijo nadzornemu organu ter mu predložijo poročilo o ugotavljanju skladnosti, ki ga izda organ za ugotavljanje skladnosti. | 1. Where trust service providers, without qualified status, intend to start providing qualified trust services, they shall submit to the supervisory body a notification of their intention together with a conformity assessment report issued by a conformity assessment body. |
| 2. Nadzorni organ preveri, ali ponudnik storitev zaupanja in storitve zaupanja, ki jih ta zagotavlja, izpolnjujejo zahteve iz te uredbe, zlasti zahteve za ponudnike kvalificiranih storitev zaupanja in za kvalificirane storitve zaupanja, ki jih ti zagotavljajo. | 2. The supervisory body shall verify whether the trust service provider and the trust services provided by it comply with the requirements laid down in this Regulation, and in particular, with the requirements for qualified trust service providers and for the qualified trust services they provide. |
| Če nadzorni organ ugotovi, da ponudnik storitev zaupanja in storitve zaupanja, ki jih ti zagotavljajo, izpolnjuje zahteve iz prvega pododstavka, najpozneje tri mesece po priglasitvi v skladu z odstavkom 1 tega člena ponudniku storitev zaupanja in storitvam zaupanja, ki jih ta zagotavlja, podeli kvalificirani status ter obvesti organ iz člena 22(3), da se posodobijo zanesljivi seznami iz člena 22(1). | If the supervisory body concludes that the trust service provider and the trust services provided by it comply with the requirements referred to in the first subparagraph, the supervisory body shall grant qualified status to the trust service provider and the trust services it provides and inform the body referred to in Article 22(3) for the purposes of updating the trusted lists referred to in Article 22(1), not later than three months after notification in accordance with paragraph 1 of this Article. |
| Če nadzorni organ preverjanja ne konča v treh mesecih od priglasitve, o tem obvesti ponudnika storitev zaupanja ter navede razloge za zamudo in rok, v katerem bo preverjanje končano. | If the verification is not concluded within three months of notification, the supervisory body shall inform the trust service provider specifying the reasons for the delay and the period within which the verification is to be concluded. |
| 3. Ponudniki kvalificiranih storitev zaupanja lahko začnejo zagotavljati kvalificirane storitve zaupanja, potem ko je kvalificirani status naveden na zanesljivem seznamu iz člena 22(1). | 3. Qualified trust service providers may begin to provide the qualified trust service after the qualified status has been indicated in the trusted lists referred to in Article 22(1). |
| 4. Komisija lahko z izvedbenimi akti določi oblike in postopke za namene odstavkov 1 in 2. Ti izvedbeni akti se sprejmejo v skladu s postopkom pregleda iz člena 48(2). | 4. The Commission may, by means of implementing acts, define the formats and procedures for the purpose of paragraphs 1 and 2. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2). |
| Člen 22 | Article 22 |
| Zanesljivi seznami | Trusted lists |
| 1. Vsaka država članica sestavi, vodi in objavi zanesljive sezname, vključno z informacijami o ponudnikih kvalificiranih storitev zaupanja, za katere je odgovorna, skupaj z informacijami o kvalificiranih storitvah zaupanja, ki jih ti ponudniki zagotavljajo. | 1. Each Member State shall establish, maintain and publish trusted lists, including information related to the qualified trust service providers for which it is responsible, together with information related to the qualified trust services provided by them. |
| 2. Države članice v obliki, primerni za avtomatizirano obdelavo, na varen način sestavijo, vodijo in objavijo elektronsko podpisane ali ožigosane zanesljive sezname ponudnikov storitev zaupanja iz odstavka 1. | 2. Member States shall establish, maintain and publish, in a secured manner, the electronically signed or sealed trusted lists referred to in paragraph 1 in a form suitable for automated processing. |
| 3. Države članice Komisijo brez nepotrebnega odlašanja uradno obvestijo o vseh informacijah o organu, ki je pristojen za sestavljanje, vodenje in objavljanje nacionalnih zanesljivih seznamov, ter podrobnosti o tem, kje so taki seznami objavljeni, o potrdilih, uporabljenih za podpisovanje ali ožigosanje zanesljivih seznamov, ter o vseh njihovih spremembah. | 3. Member States shall notify to the Commission, without undue delay, information on the body responsible for establishing, maintaining and publishing national trusted lists, and details of where such lists are published, the certificates used to sign or seal the trusted lists and any changes thereto. |
| 4. Komisija na varen način in v elektronsko podpisani ali ožigosani obliki, primerni za avtomatizirano obdelavo, da informacije iz odstavka 3 na voljo javnosti. | 4. The Commission shall make available to the public, through a secure channel, the information referred to in paragraph 3 in electronically signed or sealed form suitable for automated processing. |
| 5. Komisija do 18. septembra 2015 z izvedbenimi akti določi informacije iz odstavka 1 ter opredeli tehnične specifikacije in oblike za zanesljive sezname, ki se uporabljajo za namene odstavkov 1 do 4. Ti izvedbeni akti se sprejmejo v skladu s postopkom pregleda iz člena 48(2). | 5. By 18 September 2015 the Commission shall, by means of implementing acts, specify the information referred to in paragraph 1 and define the technical specifications and formats for trusted lists applicable for the purposes of paragraphs 1 to 4. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2). |
| Člen 23 | Article 23 |
| Znak zaupanja EU za kvalificirane storitve zaupanja | EU trust mark for qualified trust services |
| 1. Potem ko je na zanesljivem seznamu iz člena 22(1) naveden kvalificirani status iz drugega pododstavka člena 21(2), lahko ponudnik kvalificiranih storitev zaupanja uporabi znak zaupanja EU in tako na preprost, prepoznaven in jasen način označi kvalificirane storitve zaupanja, ki jih zagotavlja. | 1. After the qualified status referred to in the second subparagraph of Article 21(2) has been indicated in the trusted list referred to in Article 22(1), qualified trust service providers may use the EU trust mark to indicate in a simple, recognisable and clear manner the qualified trust services they provide. |
| 2. Ponudnik kvalificiranih storitev zaupanja pri uporabi znaka zaupanja EU za kvalificirane storitve zaupanja iz odstavka 1 zagotovi, da je na njegovem spletišču navedena povezava do ustreznega zanesljivega seznama. | 2. When using the EU trust mark for the qualified trust services referred to in paragraph 1, qualified trust service providers shall ensure that a link to the relevant trusted list is made available on their website. |
| 3. Komisija do 1. julija 2015 z izvedbenimi akti določi specifikacije glede oblike in zlasti predstavitve, sestave, velikosti in zasnove znaka zaupanja EU za kvalificirane storitve zaupanja. Ti izvedbeni akti se sprejmejo v skladu s postopkom pregleda iz člena 48(2). | 3. By 1 July 2015 the Commission shall, by means of implementing acts, provide for specifications with regard to the form, and in particular the presentation, composition, size and design of the EU trust mark for qualified trust services. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2). |
| Člen 24 | Article 24 |
| Zahteve za ponudnike kvalificiranih storitev zaupanja | Requirements for qualified trust service providers |
| 1. Ob izdaji kvalificiranega potrdila za storitev zaupanja ponudnik kvalificiranih storitev zaupanja z ustreznimi sredstvi in v skladu z nacionalnim pravom preveri identiteto in po potrebi druge posebne lastnosti fizične ali pravne osebe, za katero se izdaja kvalificirano potrdilo. | 1. When issuing a qualified certificate for a trust service, a qualified trust service provider shall verify, by appropriate means and in accordance with national law, the identity and, if applicable, any specific attributes of the natural or legal person to whom the qualified certificate is issued. |
| Ponudnik kvalificiranih storitev zaupanja podatke iz prvega pododstavka preveri bodisi neposredno ali prek tretje osebe v skladu z nacionalnim pravom: | The information referred to in the first subparagraph shall be verified by the qualified trust service provider either directly or by relying on a third party in accordance with national law: |
| (a) | s fizično prisotnostjo fizične osebe ali pooblaščenega predstavnika pravne osebe ali | (a) | by the physical presence of the natural person or of an authorised representative of the legal person; or |
| (b) | na daljavo, s pomočjo sredstev elektronske identifikacije, v zvezi s katerimi je bila pred izdajo kvalificiranega potrdila zagotovljena fizična prisotnost fizične osebe ali pooblaščenega predstavnika pravne osebe in ki izpolnjujejo zahteve iz člena 8 v zvezi s „srednjo“ ali „visoko“ ravnjo zanesljivosti, ali | (b) | remotely, using electronic identification means, for which prior to the issuance of the qualified certificate, a physical presence of the natural person or of an authorised representative of the legal person was ensured and which meets the requirements set out in Article 8 with regard to the assurance levels ‘substantial’ or ‘high’; or |
| (c) | s potrdilom kvalificiranega elektronskega podpisa ali kvalificiranega elektronskega žiga, izdanega v skladu s točko (a) ali (b), ali | (c) | by means of a certificate of a qualified electronic signature or of a qualified electronic seal issued in compliance with point (a) or (b); or |
| (d) | s pomočjo drugih načinov identifikacije, ki so priznani na nacionalni ravni in zagotavljajo enakovredno zanesljivost kakor fizična prisotnost. Enakovredno zanesljivost potrdi organ za ugotavljanje skladnosti. | (d) | by using other identification methods recognised at national level which provide equivalent assurance in terms of reliability to physical presence. The equivalent assurance shall be confirmed by a conformity assessment body. |
| 2. Ponudnik kvalificiranih storitev zaupanja, ki zagotavlja kvalificirane storitve zaupanja: | 2. A qualified trust service provider providing qualified trust services shall: |
| (a) | obvesti nadzorni organ o vsaki spremembi pri zagotavljanju svojih kvalificiranih storitev zaupanja ter o nameri o prenehanju opravljanja teh dejavnosti; | (a) | inform the supervisory body of any change in the provision of its qualified trust services and an intention to cease those activities; |
| (b) | zaposluje osebje in po potrebi podizvajalce, ki imajo potrebno strokovno znanje, izkušnje in kvalifikacije ter so zanesljivi in ki so se udeležili ustreznega usposabljanja v zvezi z varnostjo in pravili o varstvu osebnih podatkov ter uporabljajo upravne in upravljavske postopke, ki so v skladu z evropskimi ali mednarodnimi standardi; | (b) | employ staff and, if applicable, subcontractors who possess the necessary expertise, reliability, experience, and qualifications and who have received appropriate training regarding security and personal data protection rules and shall apply administrative and management procedures which correspond to European or international standards; |
| (c) | kar zadeva tveganje odškodninske odgovornosti v skladu s členom 13, ohranja zadostna finančna sredstva in/ali pridobi ustrezno zavarovanje odgovornosti v skladu z nacionalnim pravom; | (c) | with regard to the risk of liability for damages in accordance with Article 13, maintain sufficient financial resources and/or obtain appropriate liability insurance, in accordance with national law; |
| (d) | pred vstopom v pogodbeno razmerje vsako osebo, ki želi uporabljati kvalificirano storitev zaupanja, jasno in razumljivo obvesti o natančnih splošnih pogojih uporabe zadevne storitve, tudi o morebitnih omejitvah njene uporabe; | (d) | before entering into a contractual relationship, inform, in a clear and comprehensive manner, any person seeking to use a qualified trust service of the precise terms and conditions regarding the use of that service, including any limitations on its use; |
| (e) | uporablja zaupanja vredne sisteme in izdelke, ki so zaščiteni pred spreminjanjem ter zagotavljajo tehnično varnost in zanesljivost postopkov, pri katerih se uporabljajo; | (e) | use trustworthy systems and products that are protected against modification and ensure the technical security and reliability of the processes supported by them; |
| (f) | uporablja zaupanja vredne sisteme za shranjevanje podatkov, ki jih prejme, v preverljivi obliki, tako da: | (i) | so ti javno dostopni samo, če je bila pridobljena privolitev osebe, na katero se podatki nanašajo, | (ii) | lahko le pooblaščene osebe vnašajo podatke in spreminjajo shranjene podatke, | (iii) | se lahko preveri avtentičnost podatkov; | (f) | use trustworthy systems to store data provided to it, in a verifiable form so that: | (i) | they are publicly available for retrieval only where the consent of the person to whom the data relates has been obtained, | (ii) | only authorised persons can make entries and changes to the stored data, | (iii) | the data can be checked for authenticity; |
| (g) | sprejme ustrezne ukrepe proti ponarejanju in kraji podatkov; | (g) | take appropriate measures against forgery and theft of data; |
| (h) | v ustreznem časovnem obdobju, tudi potem, ko je ponudnik kvalificiranih storitev zaupanja prenehal opravljati dejavnosti, beleži vse pomembne informacije o podatkih, ki jih je izdal in prejel ponudnik kvalificiranih storitev zaupanja, in ohranja dostop do njih, zlasti da se zagotovijo dokazi v pravnih postopkih in neprekinjenost storitve. Beleženje je lahko elektronsko; | (h) | record and keep accessible for an appropriate period of time, including after the activities of the qualified trust service provider have ceased, all relevant information concerning data issued and received by the qualified trust service provider, in particular, for the purpose of providing evidence in legal proceedings and for the purpose of ensuring continuity of the service. Such recording may be done electronically; |
| (i) | ima posodobljen načrt za prenehanje zagotavljanja storitve, da se zagotovi neprekinjenost storitve v skladu z določbami, ki jih preveri nadzorni organ v skladu s točko (i) člena 17(4); | (i) | have an up-to-date termination plan to ensure continuity of service in accordance with provisions verified by the supervisory body under point (i) of Article 17(4); |
| (j) | zagotovi zakonito obdelavo osebnih podatkov v skladu z Direktivo 95/46/ES; | (j) | ensure lawful processing of personal data in accordance with Directive 95/46/EC; |
| (k) | v primeru ponudnikov kvalificiranih storitev zaupanja, ki izdajajo kvalificirana potrdila, vzpostavi in posodablja podatkovno zbirko potrdil. | (k) | in case of qualified trust service providers issuing qualified certificates, establish and keep updated a certificate database. |
| 3. Če ponudnik kvalificiranih storitev zaupanja, ki izdaja kvalificirana potrdila, sklene, da se potrdilo prekliče, tak preklic zabeleži v svoji podatkovni zbirki potrdil in pravočasno, v vsakem primeru pa v 24 urah po prejetju zahtevka, objavi, da je potrdilo preklicano. Preklic začne učinkovati takoj po objavi. | 3. If a qualified trust service provider issuing qualified certificates decides to revoke a certificate, it shall register such revocation in its certificate database and publish the revocation status of the certificate in a timely manner, and in any event within 24 hours after the receipt of the request. The revocation shall become effective immediately upon its publication. |
| 4. V zvezi z odstavkom 3 ponudniki kvalificiranih storitev zaupanja, ki izdajajo kvalificirana potrdila, vsaki zanašajoči se stranki zagotovijo informacije o veljavnosti ali preklicu kvalificiranih potrdil, ki so jih izdali. Te informacije so vsaj za posamezna potrdila na voljo kadar koli in tudi po izteku veljavnosti potrdila, in sicer na zanesljiv, brezplačen in učinkovit avtomatiziran način. | 4. With regard to paragraph 3, qualified trust service providers issuing qualified certificates shall provide to any relying party information on the validity or revocation status of qualified certificates issued by them. This information shall be made available at least on a per certificate basis at any time and beyond the validity period of the certificate in an automated manner that is reliable, free of charge and efficient. |
| 5. Komisija lahko z izvedbenimi akti določi referenčne številke standardov za zaupanja vredne sisteme in izdelke, ki izpolnjujejo zahteve iz točk (e) in (f) odstavka 2 tega člena. Zahteve iz tega člena veljajo za izpolnjene, kadar zaupanja vredni sistemi in izdelki izpolnjujejo te standarde. Ti izvedbeni akti se sprejmejo v skladu s postopkom pregleda iz člena 48(2). | 5. The Commission may, by means of implementing acts, establish reference numbers of standards for trustworthy systems and products, which comply with the requirements under points (e) and (f) of paragraph 2 of this Article. Compliance with the requirements laid down in this Article shall be presumed where trustworthy systems and products meet those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2). |
| ODDELEK 4 | SECTION 4 |
| Elektronski podpisi | Electronic signatures |
| Člen 25 | Article 25 |
| Pravni učinki elektronskih podpisov | Legal effects of electronic signatures |
| 1. Elektronskemu podpisu se ne odvzameta pravni učinek in dopustnost kot dokaz v pravnih postopkih le zato, ker je v elektronski obliki ali ker ne izpolnjuje zahtev za kvalificirani elektronski podpis. | 1. An electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic signatures. |
| 2. Kvalificirani elektronski podpis ima enakovreden pravni učinek kot lastnoročni podpis. | 2. A qualified electronic signature shall have the equivalent legal effect of a handwritten signature. |
| 3. Kvalificirani elektronski podpis, ki temelji na kvalificiranem potrdilu, izdanem v eni državi članici, se prizna kot kvalificirani elektronski podpis v vseh drugih državah članicah. | 3. A qualified electronic signature based on a qualified certificate issued in one Member State shall be recognised as a qualified electronic signature in all other Member States. |
| Člen 26 | Article 26 |
| Zahteve za napredne elektronske podpise | Requirements for advanced electronic signatures |
| Napredni elektronski podpis izpolnjuje naslednje zahteve: | An advanced electronic signature shall meet the following requirements: |
| (a) | enolično je povezan s podpisnikom; | (a) | it is uniquely linked to the signatory; |
| (b) | z njim je mogoče identificirati podpisnika; | (b) | it is capable of identifying the signatory; |
| (c) | ustvari se na podlagi podatkov za ustvarjanje elektronskega podpisa, ki jih podpisnik z visoko stopnjo zaupanja lahko uporablja izključno pod svojim nadzorom, in | (c) | it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and |
| (d) | s podatki, ki so na ta način podpisani, je povezan tako, da je opazna vsaka naknadna sprememba podatkov. | (d) | it is linked to the data signed therewith in such a way that any subsequent change in the data is detectable. |
| Člen 27 | Article 27 |
| Elektronski podpisi pri javnih storitvah | Electronic signatures in public services |
| 1. Če država članica za uporabo spletne storit ve, ki jo zagotavlja organ javnega sektorja ali se zagotavlja v njegovem imenu, zahteva napredni elektronski podpis, ta država članica prizna napredne elektronske podpise, napredne elektronske podpise, ki temeljijo na kvalificiranem potrdilu za elektronske podpise, in kvalificirane elektronske podpise, ki so vsaj v formatih ali uporabljajo metode, ki so opredeljeni v izvedbenih aktih iz odstavka 5. | 1. If a Member State requires an advanced electronic signature to use an online service offered by, or on behalf of, a public sector body, that Member State shall recognise advanced electronic signatures, advanced electronic signatures based on a qualified certificate for electronic signatures, and qualified electronic signatures in at least the formats or using methods defined in the implementing acts referred to in paragraph 5. |
| 2. Če država članica za uporabo spletne storitve, ki jo zagotavlja organ javnega sektorja ali se zagotavlja v njegovem imenu, zahteva napredni elektronski podpis, ki temelji na kvalificiranem potrdilu, ta država članica prizna napredne elektronske podpise, ki temeljijo na kvalificiranem potrdilu, in kvalificirane elektronske podpise, ki so vsaj v formatih ali uporabljajo metode, ki so opredeljeni v izvedbenih aktih iz odstavka 5. | 2. If a Member State requires an advanced electronic signature based on a qualified certificate to use an online service offered by, or on behalf of, a public sector body, that Member State shall recognise advanced electronic signatures based on a qualified certificate and qualified electronic signatures in at least the formats or using methods defined in the implementing acts referred to in paragraph 5. |
| 3. Države članice za čezmejno uporabo spletne storitve, ki jo zagotavlja organ javnega sektorja, ne zahtevajo elektronskega podpisa z višjo ravnjo varnosti, kot jo ima kvalificirani elektronski podpis. | 3. Member States shall not request for cross-border use in an online service offered by a public sector body an electronic signature at a higher security level than the qualified electronic signature. |
| 4. Komisija lahko z izvedbenimi akti določi referenčne številke standardov za napredne elektronske podpise. Zahteve za napredne elektronske podpise iz odstavkov 1 in 2 tega člena ter iz člena 26 veljajo za izpolnjene, če napredni elektronski podpis izpolnjuje te standarde. Ti izvedbeni akti se sprejmejo v skladu s postopkom pregleda iz člena 48(2). | 4. The Commission may, by means of implementing acts, establish reference numbers of standards for advanced electronic signatures. Compliance with the requirements for advanced electronic signatures referred to in paragraphs 1 and 2 of this Article and in Article 26 shall be presumed when an advanced electronic signature meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2). |
| 5. Komisija do 18. septembra 2015 in ob upoštevanju obstoječih praks, standardov in pravnih aktov Unije z izvedbenimi akti opredeli referenčne formate naprednih elektronskih podpisov ali referenčne metode, če se uporabijo alternativne oblike. Ti izvedbeni akti se sprejmejo v skladu s postopkom pregleda iz člena 48(2). | 5. By 18 September 2015, and taking into account existing practices, standards and Union legal acts, the Commission shall, by means of implementing acts, define reference formats of advanced electronic signatures or reference methods where alternative formats are used. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2). |
| Člen 28 | Article 28 |
| Kvalificirana potrdila za elektronske podpise | Qualified certificates for electronic signatures |
| 1. Kvalificirana potrdila za elektronske podpise morajo izpolnjevati zahteve iz Priloge I. | 1. Qualified certificates for electronic signatures shall meet the requirements laid down in Annex I. |
| 2. Za kvalificirana potrdila za elektronski podpise ne veljajo nobene obvezne zahteve, ki presegajo zahteve iz Priloge I. | 2. Qualified certificates for electronic signatures shall not be subject to any mandatory requirement exceeding the requirements laid down in Annex I. |
| 3. Kvalificirana potrdila za elektronske podpise lahko vključujejo neobvezne dodatne posebne lastnosti. Te lastnosti ne vplivajo na interoperabilnost in priznanje kvalificiranih elektronskih podpisov. | 3. Qualified certificates for electronic signatures may include non-mandatory additional specific attributes. Those attributes shall not affect the interoperability and recognition of qualified electronic signatures. |
| 4. Če je bilo kvalificirano potrdilo za elektronski podpis po prvotnem aktiviranju preklicano, preneha veljati v trenutku njegovega preklica, status pa se mu v nobenem primeru ne povrne v prejšnje stanje. | 4. If a qualified certificate for electronic signatures has been revoked after initial activation, it shall lose its validity from the moment of its revocation, and its status shall not in any circumstances be reverted. |
| 5. Države članice lahko določijo nacionalna pravila o začasni razveljavitvi kvalificiranega potrdila za elektronski podpis, pri čemer morata biti izpolnjena naslednja pogoja: | 5. Subject to the following conditions, Member States may lay down national rules on temporary suspension of a qualified certificate for electronic signature: |
| (a) | če je kvalificirano potrdilo za elektronski podpis začasno razveljavljeno, to potrdilo za obdobje začasne razveljavitve preneha veljati, | (a) | if a qualified certificate for electronic signature has been temporarily suspended that certificate shall lose its validity for the period of suspension; |
| (b) | obdobje začasne razveljavitve se jasno navede v podatkovni zbirki potrdil, v tem obdobju pa mora biti iz storitve, ki zagotavlja informacije o statusu potrdila, razvidno, da je kvalificirano potrdilo začasno razveljavljeno. | (b) | the period of suspension shall be clearly indicated in the certificate database and the suspension status shall be visible, during the period of suspension, from the service providing information on the status of the certificate. |
| 6. Komisija lahko z izvedbenimi akti določi referenčne številke standardov za kvalificirana potrdila za elektronski podpis. Zahteve iz Priloge I veljajo za izpolnjene, če kvalificirano potrdilo za elektronski podpis izpolnjuje navedene standarde. Ti izvedbeni akti se sprejmejo v skladu s postopkom pregleda iz člena 48(2). | 6. The Commission may, by means of implementing acts, establish reference numbers of standards for qualified certificates for electronic signature. Compliance with the requirements laid down in Annex I shall be presumed where a qualified certificate for electronic signature meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2). |
| Člen 29 | Article 29 |
| Zahteve za naprave za ustvarjanje kvalificiranega elektronskega podpisa | Requirements for qualified electronic signature creation devices |
| 1. Naprave za ustvarjanje kvalificiranega elektronskega podpisa morajo izpolnjevati zahteve iz Priloge II. | 1. Qualified electronic signature creation devices shall meet the requirements laid down in Annex II. |
| 2. Komisija lahko z izvedbenimi akti določi referenčne številke standardov za naprave za ustvarjanje kvalificiranega elektronskega podpisa. Zahteve iz Priloge II veljajo za izpolnjene, če naprava za ustvarjanje kvalificiranega elektronskega podpisa izpolnjuje navedene standarde. Ti izvedbeni akti se sprejmejo v skladu s postopkom pregleda iz člena 48(2). | 2. The Commission may, by means of implementing acts, establish reference numbers of standards for qualified electronic signature creation devices. Compliance with the requirements laid down in Annex II shall be presumed where a qualified electronic signature creation device meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2). |
| Člen 30 | Article 30 |
| Certificiranje naprav za ustvarjanje kvalificiranega elektronskega podpisa | Certification of qualified electronic signature creation devices |
| 1. Skladnost naprav za ustvarjanje kvalificiranega elektronskega podpisa z zahtevami iz Priloge II certificirajo ustrezni javni ali zasebni organi, ki jih imenujejo države članice. | 1. Conformity of qualified electronic signature creation devices with the requirements laid down in Annex II shall be certified by appropriate public or private bodies designated by Member States. |
| 2. Države članice Komisijo uradno obvestijo o imenih in naslovih javnega ali zasebnega organa iz odstavka 1. Komisija da te informacije na voljo državam članicam. | 2. Member States shall notify to the Commission the names and addresses of the public or private body referred to in paragraph 1. The Commission shall make that information available to Member States. |
| 3. Certificiranje iz odstavka 1 se izvede na podlagi: | 3. The certification referred to in paragraph 1 shall be based on one of the following: |
| (a) | postopka varnostne ocene, izvedenega v skladu z enim od standardov za ocenjevanje varnosti izdelkov informacijske tehnologije s seznama, vzpostavljenega v skladu z drugim pododstavkom, ali | (a) | a security evaluation process carried out in accordance with one of the standards for the security assessment of information technology products included in the list established in accordance with the second subparagraph; or |
| (b) | postopka, ki ni postopek iz točke (a), če uporablja primerljive ravni varnosti ter če javni ali zasebni organ iz odstavka 1 o njem uradno obvesti Komisijo. Ta postopek se lahko uporabi le, če standardov iz točke (a) ni ali če postopek varnostne ocene iz točke (a) še poteka. | (b) | a process other than the process referred to in point (a), provided that it uses comparable security levels and provided that the public or private body referred to in paragraph 1 notifies that process to the Commission. That process may be used only in the absence of standards referred to in point (a) or when a security evaluation process referred to in point (a) is ongoing. |
| Komisija z izvedbenimi akti vzpostavi seznam standardov za oceno varnosti izdelkov informacijske tehnologije iz točke (a). Ti izvedbeni akti se sprejmejo v skladu s postopkom pregleda iz člena 48(2). | The Commission shall, by means of implementing acts, establish a list of standards for the security assessment of information technology products referred to in point (a). Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2). |
| 4. Na Komisijo se prenese pooblastilo za sprejemanje delegiranih aktov v skladu s členom 47, v zvezi z določitvijo posebnih meril, ki jih morajo izpolnjevati imenovani organi iz odstavka 1 tega člena. | 4. The Commission shall be empowered to adopt delegated acts in accordance with Article 47 concerning the establishment of specific criteria to be met by the designated bodies referred to in paragraph 1 of this Article. |
| Člen 31 | Article 31 |
| Objava seznama certificiranih naprav za ustvarjanje kvalificiranega elektronskega podpisa | Publication of a list of certified qualified electronic signature creation devices |
| 1. Države članice Komisijo brez nepotrebnega odlašanja, najpozneje pa en mesec po zaključku postopka certificiranja, uradno obvestijo o informacijah o napravah za ustvarjanje kvalificiranega elektronskega podpisa, ki so jih certificirali organi iz člena 30(1). Komisijo brez nepotrebnega odlašanja, najpozneje pa en mesec po razveljavitvi certificiranja, uradno obvestijo tudi o informacijah o napravah za ustvarjanje elektronskega podpisa, ki niso več certificirane. | 1. Member States shall notify to the Commission without undue delay and no later than one month after the certification is concluded, information on qualified electronic signature creation devices that have been certified by the bodies referred to in Article 30(1). They shall also notify to the Commission, without undue delay and no later than one month after the certification is cancelled, information on electronic signature creation devices that are no longer certified. |
| 2. Komisija na podlagi prejetih informacij pripravi, objavi in vodi seznam certificiranih naprav za ustvarjanje kvalificiranega elektronskega podpisa. | 2. On the basis of the information received, the Commission shall establish, publish and maintain a list of certified qualified electronic signature creation devices. |
| 3. Komisija lahko z izvedbenimi akti določi formate in postopke, ki se uporabljajo za namene odstavka 1. Ti izvedbeni akti se sprejmejo v skladu s postopkom pregleda iz člena 48(2). | 3. The Commission may, by means of implementing acts, define formats and procedures applicable for the purpose of paragraph 1. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2). |
| Člen 32 | Article 32 |
| Zahteve za potrjevanje veljavnosti kvalificiranih elektronskih podpisov | Requirements for the validation of qualified electronic signatures |
| 1. S postopkom potrjevanja veljavnosti kvalificiranega elektronskega podpisa se potrdi veljavnost kvalificiranega elektronskega podpisa pod pogojem, da: | 1. The process for the validation of a qualified electronic signature shall confirm the validity of a qualified electronic signature provided that: |
| (a) | je bilo potrdilo, na katerem temelji podpis, v času podpisa kvalificirano potrdilo za elektronski podpis, ki je skladno s Prilogo I; | (a) | the certificate that supports the signature was, at the time of signing, a qualified certificate for electronic signature complying with Annex I; |
| (b) | je kvalificirano potrdilo izdal ponudnik kvalificiranih storitev zaupanja in je bil veljaven v času podpisa; | (b) | the qualified certificate was issued by a qualified trust service provider and was valid at the time of signing; |
| (c) | podatki za potrjevanje veljavnosti podpisa ustrezajo podatkom, predloženim zanašajočim se strankam; | (c) | the signature validation data corresponds to the data provided to the relying party; |
| (d) | je enolični nabor podatkov, ki predstavlja podpisnika potrdila, pravilno predložen zanašajočim se strankam; | (d) | the unique set of data representing the signatory in the certificate is correctly provided to the relying party; |
| (e) | je zanašajoči se stranki jasno sporočeno, če je bil v času podpisa uporabljen psevdonim; | (e) | the use of any pseudonym is clearly indicated to the relying party if a pseudonym was used at the time of signing; |
| (f) | je bil elektronski podpis ustvarjen z napravo za ustvarjanje kvalificiranega elektronskega podpisa; | (f) | the electronic signature was created by a qualified electronic signature creation device; |
| (g) | celovitost podpisanih podatkov ni ogrožena; | (g) | the integrity of the signed data has not been compromised; |
| (h) | so bile v času podpisa izpolnjene zahteve iz člena 26. | (h) | the requirements provided for in Article 26 were met at the time of signing. |
| 2. Sistem za potrjevanje veljavnosti kvalificiranega elektronskega podpisa zanašajoči se stranki zagotavlja pravilne rezultate postopka potrjevanja veljavnosti in ji omogoča odkrivanje vseh zadevnih varnostnih vprašanj. | 2. The system used for validating the qualified electronic signature shall provide to the relying party the correct result of the validation process and shall allow the relying party to detect any security relevant issues. |
| 3. Komisija lahko z izvedbenimi akti določi referenčne številke standardov za potrjevanje veljavnosti kvalificiranih elektronskih podpisov. Zahteve iz odstavka 1 veljajo za izpolnjene, če so pri potrjevanju veljavnosti kvalificiranih elektronskih podpisov izpolnjeni ti standardi. Ti izvedbeni akti se sprejmejo v skladu s postopkom pregleda iz člena 48(2). | 3. The Commission may, by means of implementing acts, establish reference numbers of standards for the validation of qualified electronic signatures. Compliance with the requirements laid down in paragraph 1 shall be presumed where the validation of qualified electronic signatures meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2). |
| Člen 33 | Article 33 |
| Kvalificirana storitev potrjevanja veljavnosti kvalificiranih elektronskih podpisov | Qualified validation service for qualified electronic signatures |
| 1. Kvalificirano storitev potrjevanja veljavnosti kvalificiranih elektronskih podpisov lahko zagotavlja le ponudnik kvalificiranih storitev zaupanja, ki: | 1. A qualified validation service for qualified electronic signatures may only be provided by a qualified trust service provider who: |
| (a) | potrjevanje veljavnosti opravi v skladu s členom 32(1) in | (a) | provides validation in compliance with Article 32(1); and |
| (b) | zanašajočim se strankam omogoči, da prejmejo rezultat postopka potrjevanja veljavnosti na zanesljiv in učinkovit avtomatiziran način, ki je označen z naprednim elektronskim podpisom ali naprednim elektronskim žigom ponudnika kvalificiranih storitev potrjevanja veljavnosti. | (b) | allows relying parties to receive the result of the validation process in an automated manner, which is reliable, efficient and bears the advanced electronic signature or advanced electronic seal of the provider of the qualified validation service. |
| 2. Komisija lahko z izvedbenimi akti določi referenčne številke standardov za kvalificirano storitev potrjevanja veljavnosti iz odstavka 1. Zahteve iz odstavka 1 veljajo za izpolnjene, če storitev potrjevanja veljavnosti kvalificiranih elektronskih podpisov izpolnjuje te standarde. Ti izvedbeni akti se sprejmejo v skladu s postopkom pregleda iz člena 48(2). | 2. The Commission may, by means of implementing acts, establish reference numbers of standards for qualified validation service referred to in paragraph 1. Compliance with the requirements laid down in paragraph 1 shall be presumed where the validation service for a qualified electronic signature meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2). |
| Člen 34 | Article 34 |
| Kvalificirana storitev hrambe kvalificiranih elektronskih podpisov | Qualified preservation service for qualified electronic signatures |
| 1. Kvalificirano storitev hrambe kvalificiranih elektronskih podpisov lahko zagotavlja le ponudnik kvalificiranih storitev zaupanja, ki uporablja postopke in tehnologije, s katerimi se zanesljivost kvalificiranega elektronskega podpisa lahko podaljša tudi po izteku obdobja tehnološke veljavnosti. | 1. A qualified preservation service for qualified electronic signatures may only be provided by a qualified trust service provider that uses procedures and technologies capable of extending the trustworthiness of the qualified electronic signature beyond the technological validity period. |
| 2. Komisija lahko z izvedbenimi akti določi referenčne številke standardov za kvalificirano storitev hrambe kvalificiranih elektronskih podpisov. Zahteve iz odstavka 1 veljajo za izpolnjene, če ureditve za kvalificirano storitev hrambe kvalificiranih elektronskih podpisov izpolnjujejo te standarde. Ti izvedbeni akti se sprejmejo v skladu s postopkom pregleda iz člena 48(2). | 2. The Commission may, by means of implementing acts, establish reference numbers of standards for the qualified preservation service for qualified electronic signatures. Compliance with the requirements laid down in paragraph 1 shall be presumed where the arrangements for the qualified preservation service for qualified electronic signatures meet those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2). |
| ODDELEK 5 | SECTION 5 |
| Elektronski žigi | Electronic seals |
| Člen 35 | Article 35 |
| Pravni učinki elektronskih žigov | Legal effects of electronic seals |
| 1. Elektronskemu žigu se ne odvzameta pravni učinek in dopustnost kot dokaz v pravnih postopkih le zato, ker je v elektronski obliki ali ne izpolnjuje zahtev za kvalificirane elektronske žige. | 1. An electronic seal shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic seals. |
| 2. V zvezi s kvalificiranim elektronskim žigom se domneva celovitost podatkov in pravilnost izvora teh podatkov, s katerimi je kvalificirani elektronski žig povezan. | 2. A qualified electronic seal shall enjoy the presumption of integrity of the data and of correctness of the origin of that data to which the qualified electronic seal is linked. |
| 3. Kvalificirani elektronski žig, ki temelji na kvalificiranem potrdilu, izdanem v eni državi članici, se prizna kot kvalificirani elektronski žig v vseh drugih državah članicah. | 3. A qualified electronic seal based on a qualified certificate issued in one Member State shall be recognised as a qualified electronic seal in all other Member States. |
| Člen 36 | Article 36 |
| Zahteve za napredne elektronske žige | Requirements for advanced electronic seals |
| Napredni elektronski žig izpolnjuje naslednje zahteve: | An advanced electronic seal shall meet the following requirements: |
| (a) | enolično je povezan z ustvarjalcem žiga; | (a) | it is uniquely linked to the creator of the seal; |
| (b) | z njim je mogoče identificirati ustvarjalca žiga; | (b) | it is capable of identifying the creator of the seal; |
| (c) | ustvari se na podlagi podatkov za ustvarjanje elektronskega žiga, ki jih ustvarjalec žiga z visoko stopnjo zaupanja in pod svojim nadzorom lahko uporablja za ustvarjanje elektronskega žiga, in | (c) | it is created using electronic seal creation data that the creator of the seal can, with a high level of confidence under its control, use for electronic seal creation; and |
| (d) | povezan je s podatki, na katere se nanaša, in sicer tako, da je mogoče zaslediti vsako naknadno spremembo teh podatkov. | (d) | it is linked to the data to which it relates in such a way that any subsequent change in the data is detectable. |
| Člen 37 | Article 37 |
| Elektronski žigi pri javnih storitvah | Electronic seals in public services |
| 1. Če država članica za uporabo spletne storitve, ki jo zagotavlja organ javnega sektorja ali se zagotavlja v njegovem imenu, zahteva napredni elektronski žig, ta država članica prizna napredne elektronske žige, napredne elektronske žige, ki temeljijo na kvalificiranem potrdilu za elektronske žige, in kvalificirane elektronske žige, ki so vsaj v formatih ali uporabljajo metode, ki so opredeljeni v izvedbenih aktih iz odstavka 5. | 1. If a Member State requires an advanced electronic seal in order to use an online service offered by, or on behalf of, a public sector body, that Member State shall recognise advanced electronic seals, advanced electronic seals based on a qualified certificate for electronic seals and qualified electronic seals at least in the formats or using methods defined in the implementing acts referred to in paragraph 5. |
| 2. Če država članica za uporabo spletne storitve, ki jo zagotavlja organ javnega sektorja ali se zagotavlja v njegovem imenu, zahteva napredni elektronski žig, ki temelji na kvalificiranem potrdilu, ta država članica prizna napredne elektronske žige, ki temeljijo na kvalificiranem potrdilu, in kvalificirane elektronske žige, ki so vsaj v formatih ali uporabljajo metode, ki so opredeljeni v izvedbenih aktih iz odstavka 5. | 2. If a Member State requires an advanced electronic seal based on a qualified certificate in order to use an online service offered by, or on behalf of, a public sector body, that Member State shall recognise advanced electronic seals based on a qualified certificate and qualified electronic seal at least in the formats or using methods defined in the implementing acts referred to in paragraph 5. |
| 3. Države članice za čezmejni dostop do spletne storitve, ki jo zagotavlja organ javnega sektorja, ne zahtevajo elektronskega žiga z višjo ravnjo varnosti, kot jo ima kvalificirani elektronski žig. | 3. Member States shall not request for the cross-border use in an online service offered by a public sector body an electronic seal at a higher security level than the qualified electronic seal. |
| 4. Komisija lahko z izvedbenimi akti določi referenčne številke standardov za napredne elektronske žige. Zahteve za napredne elektronske žige iz odstavkov 1 in 2 tega člena ter iz člena 36 veljajo za izpolnjene, če napredni elektronski žig izpolnjuje te standarde. Ti izvedbeni akti se sprejmejo v skladu s postopkom pregleda iz člena 48(2). | 4. The Commission may, by means of implementing acts, establish reference numbers of standards for advanced electronic seals. Compliance with the requirements for advanced electronic seals referred to in paragraphs 1 and 2 of this Article and Article 36 shall be presumed when an advanced electronic seal meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2). |
| 5. Komisija do 18. septembra 2015 in ob upoštevanju obstoječih praks, standardov in pravnih aktov Unije z izvedbenimi akti določi referenčne formate naprednih elektronskih žigov ali referenčne metode, če so uporabljene alternativne oblike. Ti izvedbeni akti se sprejmejo v skladu s postopkom pregleda iz člena 48(2). | 5. By 18 September 2015, and taking into account existing practices, standards and legal acts of the Union, the Commission shall, by means of implementing acts, define reference formats of advanced electronic seals or reference methods where alternative formats are used. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2). |
| Člen 38 | Article 38 |
| Kvalificirana potrdila za elektronske žige | Qualified certificates for electronic seals |
| 1. Kvalificirana potrdila za elektronske žige morajo izpolnjevati zahteve iz Priloge III. | 1. Qualified certificates for electronic seals shall meet the requirements laid down in Annex III. |
| 2. Za kvalificirana potrdila za elektronske žige ne veljajo nobene obvezne zahteve, ki presegajo zahteve iz Priloge III. | 2. Qualified certificates for electronic seals shall not be subject to any mandatory requirements exceeding the requirements laid down in Annex III. |
| 3. Kvalificirana potrdila za elektronske žige lahko vključujejo neobvezne dodatne posebne lastnosti. Te lastnosti ne vplivajo na interoperabilnost in priznanje kvalificiranih elektronskih žigov. | 3. Qualified certificates for electronic seals may include non-mandatory additional specific attributes. Those attributes shall not affect the interoperability and recognition of qualified electronic seals. |
| 4. Če je bilo kvalificirano potrdilo za elektronski žig po prvotnem aktiviranju preklicano, preneha veljati v trenutku njegovega preklica, status pa se mu v nobenem primeru ne povrne v prejšnje stanje. | 4. If a qualified certificate for an electronic seal has been revoked after initial activation, it shall lose its validity from the moment of its revocation, and its status shall not in any circumstances be reverted. |
| 5. Države članice lahko določijo nacionalna pravila o začasni razveljavitvi kvalificiranih potrdil za elektronske žige, pri čemer morata biti izpolnjena naslednja pogoja: | 5. Subject to the following conditions, Member States may lay down national rules on temporary suspension of qualified certificates for electronic seals: |
| (a) | če je kvalificirano potrdilo za elektronski žig začasno razveljavljeno, ta potrdilo v obdobju začasne razveljavitve preneha veljati; | (a) | if a qualified certificate for electronic seal has been temporarily suspended, that certificate shall lose its validity for the period of suspension; |
| (b) | obdobje začasne razveljavitve se jasno navede v podatkovni zbirki potrdil, v tem obdobju pa mora biti iz storitve, ki zagotavlja informacije o statusu potrdila, razvidno, da je kvalificirano potrdilo začasno razveljavljeno. | (b) | the period of suspension shall be clearly indicated in the certificate database and the suspension status shall be visible, during the period of suspension, from the service providing information on the status of the certificate. |
| 6. Komisija lahko z izvedbenimi akti določi referenčne številke standardov za kvalificirana potrdila za elektronske žige. Zahteve iz Priloge III veljajo za izpolnjene, če kvalificirano potrdilo za elektronski žig izpolnjuje navedene standarde. Ti izvedbeni akti se sprejmejo v skladu s postopkom pregleda iz člena 48(2). | 6. The Commission may, by means of implementing acts, establish reference numbers of standards for qualified certificates for electronic seals. Compliance with the requirements laid down in Annex III shall be presumed where a qualified certificate for electronic seal meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2). |
| Člen 39 | Article 39 |
| Naprave za ustvarjanje kvalificiranega elektronskega žiga | Qualified electronic seal creation devices |
| 1. Člen 29 se smiselno uporablja za zahteve za naprave za ustvarjanje kvalificiranega elektronskega žiga. | 1. Article 29 shall apply mutatis mutandis to requirements for qualified electronic seal creation devices. |
| 2. Člen 30 se smiselno uporablja za certificiranje naprav za ustvarjanje kvalificiranega elektronskega žiga. | 2. Article 30 shall apply mutatis mutandis to the certification of qualified electronic seal creation devices. |
| 3. Člen 31 se smiselno uporablja za objavo seznama certificiranih naprav za ustvarjanje kvalificiranega elektronskega žiga. | 3. Article 31 shall apply mutatis mutandis to the publication of a list of certified qualified electronic seal creation devices. |
| Člen 40 | Article 40 |
| Potrjevanje veljavnosti in hramba kvalificiranih elektronskih žigov | Validation and preservation of qualified electronic seals |
| Členi 32, 33 in 34 se smiselno uporabljajo za potrjevanje veljavnosti in hrambo kvalificiranih elektronskih žigov. | Articles 32, 33 and 34 shall apply mutatis mutandis to the validation and preservation of qualified electronic seals. |
| ODDELEK 6 | SECTION 6 |
| Elektronski časovni žig | Electronic time stamps |
| Člen 41 | Article 41 |
| Pravni učinek elektronskih časovnih žigov | Legal effect of electronic time stamps |
| 1. Elektronskemu časovnemu žigu se ne odvzameta pravni učinek in dopustnost kot dokaz v pravnih postopkih le zato, ker je v elektronski obliki ali ne izpolnjuje zahtev za kvalificirani elektronski časovni žig. | 1. An electronic time stamp shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements of the qualified electronic time stamp. |
| 2. V zvezi s kvalificiranim elektronskim časovnim žigom se domneva pravilnost navedenega datuma in časa ter celovitost podatkov, s katerimi sta datum in čas povezana. | 2. A qualified electronic time stamp shall enjoy the presumption of the accuracy of the date and the time it indicates and the integrity of the data to which the date and time are bound. |
| 3. Kvalificirani elektronski časovni žig, izdan v eni državi članici, se prizna kot kvalificirani elektronski časovni žig v vseh državah članicah. | 3. A qualified electronic time stamp issued in one Member State shall be recognised as a qualified electronic time stamp in all Member States. |
| Člen 42 | Article 42 |
| Zahteve za kvalificirane elektronske časovne žige | Requirements for qualified electronic time stamps |
| 1. Kvalificirani elektronski časovni žig izpolnjuje naslednje zahteve: | 1. A qualified electronic time stamp shall meet the following requirements: |
| (a) | datum in čas povezuje s podatki tako, da je mogoče razumno izključiti možnost spremembe podatkov, ne da bi bila ta sprememba zaznana; | (a) | it binds the date and time to data in such a manner as to reasonably preclude the possibility of the data being changed undetectably; |
| (b) | temelji na točnem časovnem viru, povezanem z univerzalnim koordiniranim časom; | (b) | it is based on an accurate time source linked to Coordinated Universal Time; and |
| (c) | podpisan je z naprednim elektronskim podpisom ali ožigosan z naprednim elektronskim žigom ponudnika kvalificiranih storitev zaupanja ali z drugo enakovredno metodo. | (c) | it is signed using an advanced electronic signature or sealed with an advanced electronic seal of the qualified trust service provider, or by some equivalent method. |
| 2. Komisija lahko z izvedbenimi akti določi referenčne številke standardov za povezovanje datuma in časa s podatki in za točne časovne vire. Skladnost z zahtevami iz odstavka 1 velja za izpolnjeno, če povezava datuma in časa s podatki in točen časovni vir izpolnjujeta navedene standarde. Ti izvedbeni akti se sprejmejo v skladu s postopkom pregleda iz člena 48(2). | 2. The Commission may, by means of implementing acts, establish reference numbers of standards for the binding of date and time to data and for accurate time sources. Compliance with the requirements laid down in paragraph 1 shall be presumed where the binding of date and time to data and the accurate time source meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2). |
| ODDELEK 7 | SECTION 7 |
| Storitev elektronske priporočene dostave | Electronic registered delivery services |
| Člen 43 | Article 43 |
| Pravni učinek storitve elektronske priporočene dostave | Legal effect of an electronic registered delivery service |
| 1. Podatkom, poslanim in prejetim s storitvijo elektronske priporočene dostave, se ne odvzameta pravni učinek in dopustnost kot dokaz v pravnih postopkih le zato, ker so v elektronski obliki ali ne izpolnjujejo zahtev za kvalificirano storitev elektronske priporočene dostave. | 1. Data sent and received using an electronic registered delivery service shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements of the qualified electronic registered delivery service. |
| 2. V zvezi s podatki, poslanimi in prejetimi s storitvijo kvalificirane elektronske priporočene dostave, se domneva, da so podatki celoviti, da jih je poslal njihov pošiljatelj in prejel njihov naslovnik, katerih identiteta je ugotovljena, ter da so točni glede datuma in časa oddaje in prejema podatkov, navedenih v okviru kvalificirane storitve elektronske priporočene dostave. | 2. Data sent and received using a qualified electronic registered delivery service shall enjoy the presumption of the integrity of the data, the sending of that data by the identified sender, its receipt by the identified addressee and the accuracy of the date and time of sending and receipt indicated by the qualified electronic registered delivery service. |
| Člen 44 | Article 44 |
| Zahteve za kvalificirane storitve elektronske priporočene dostave | Requirements for qualified electronic registered delivery services |
| 1. Kvalificirane storitve elektronske priporočene dostave izpolnjujejo naslednje zahteve: | 1. Qualified electronic registered delivery services shall meet the following requirements: |
| (a) | zagotavlja jih eden ali več ponudnikov kvalificiranih storitev zaupanja; | (a) | they are provided by one or more qualified trust service provider(s); |
| (b) | z visoko stopnjo zaupanja zagotavljajo identifikacijo pošiljatelja; | (b) | they ensure with a high level of confidence the identification of the sender; |
| (c) | zagotavljajo identifikacijo naslovnika pred dostavo podatkov; | (c) | they ensure the identification of the addressee before the delivery of the data; |
| (d) | oddaja in prejem podatkov je zavarovano z naprednim elektronskim podpisom ali naprednim elektronskim žigom ponudnika kvalificiranih storitev zaupanja, tako da je izključena možnost spremembe podatkov, ne da bi bila ta sprememba zaznana; | (d) | the sending and receiving of data is secured by an advanced electronic signature or an advanced electronic seal of a qualified trust service provider in such a manner as to preclude the possibility of the data being changed undetectably; |
| (e) | vsaka sprememba podatkov, potrebna za pošiljanje ali prejem podatkov, se jasno sporoči pošiljatelju in naslovniku podatkov; | (e) | any change of the data needed for the purpose of sending or receiving the data is clearly indicated to the sender and addressee of the data; |
| (f) | s kvalificiranim elektronskim časovnim žigom se navedeta datum in čas oddaje, prejema in vseh sprememb podatkov; | (f) | the date and time of sending, receiving and any change of data are indicated by a qualified electronic time stamp. |
| Pri prenašanju podatkov med dvema ali več ponudniki kvalificiranih storitev zaupanja veljajo zahteve iz točk (a) do (f) za vse ponudnike kvalificiranih storitev zaupanja. | In the event of the data being transferred between two or more qualified trust service providers, the requirements in points (a) to (f) shall apply to all the qualified trust service providers. |
| 2. Komisija lahko z izvedbenimi akti določi referenčne številke standardov za postopke pošiljanja in prejemanja podatkov. Zahteve iz odstavka 1 veljajo za izpolnjene, če postopek pošiljanja in prejemanja podatkov izpolnjuje navedene standarde. Ti izvedbeni akti se sprejmejo v skladu s postopkom pregleda iz člena 48(2). | 2. The Commission may, by means of implementing acts, establish reference numbers of standards for processes for sending and receiving data. Compliance with the requirements laid down in paragraph 1 shall be presumed where the process for sending and receiving data meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2). |
| ODDELEK 8 | SECTION 8 |
| Avtentikacija spletišč | Website authentication |
| Člen 45 | Article 45 |
| Zahteve za kvalificirana potrdila za avtentikacijo spletišč | Requirements for qualified certificates for website authentication |
| 1. Kvalificirana potrdila za avtentikacijo spletišč izpolnjujejo zahteve iz Priloge IV. | 1. Qualified certificates for website authentication shall meet the requirements laid down in Annex IV. |
| 2. Komisija lahko z izvedbenimi akti določi referenčne številke standardov za kvalificirana potrdila za avtentikacijo spletišč. Zahteve iz Priloge IV se štejejo za izpolnjene, če kvalificirano potrdilo za avtentikacijo spletišč izpolnjuje navedene standarde. Ti izvedbeni akti se sprejmejo v skladu s postopkom pregleda iz člena 48(2). | 2. The Commission may, by means of implementing acts, establish reference numbers of standards for qualified certificates for website authentication. Compliance with the requirements laid down in Annex IV shall be presumed where a qualified certificate for website authentication meets those standards. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2). |
| POGLAVJE IV | CHAPTER IV |
| ELEKTRONSKI DOKUMENTI | ELECTRONIC DOCUMENTS |
| Člen 46 | Article 46 |
| Pravni učinki elektronskih dokumentov | Legal effects of electronic documents |
| Elektronskemu dokumentu se ne odvzameta pravni učinek in dopustnost kot dokaz v pravnih postopkih le zato, ker je v elektronski obliki. | An electronic document shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in electronic form. |
| POGLAVJE V | CHAPTER V |
| PRENOS POOBLASTILA IN IZVEDBENE DOLOČBE | DELEGATIONS OF POWER AND IMPLEMENTING PROVISIONS |
| Člen 47 | Article 47 |
| Izvajanje pooblastila | Exercise of the delegation |
| 1. Pooblastilo za sprejemanje delegiranih aktov je preneseno na Komisijo pod pogoji, določenimi v tem členu. | 1. The power to adopt delegated acts is conferred on the Commission subject to the conditions laid down in this Article. |
| 2. Pooblastilo za sprejemanje delegiranih aktov iz člena 30(4) se prenese na Komisijo za nedoločen čas od 17. septembra 2014. | 2. The power to adopt delegated acts referred to in Article 30(4) shall be conferred on the Commission for an indeterminate period of time from 17 September 2014. |
| 3. Pooblastilo iz člena 30(4) lahko kadar koli prekliče Evropski parlament ali Svet. Z odločitvijo o preklicu preneha veljati prenos pooblastila, naveden v tej odločitvi. Odločitev začne učinkovati dan po njeni objavi v Uradnem listu Evropske unije ali na poznejši dan, ki je v njej določen. Odločitev ne vpliva na veljavnost že veljavnih delegiranih aktov. | 3. The delegation of power referred to in Article 30(4) may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision. It shall take effect the day following the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force. |
| 4. Takoj ko Komisija sprejme delegirani akt, o tem istočasno uradno obvesti Evropski parlament in Svet. | 4. As soon as it adopts a delegated act, the Commission shall notify it simultaneously to the European Parliament and to the Council. |
| 5. Delegirani akt, sprejet v skladu s členom 30(4), začne veljati le, če niti Evropski parlament niti Svet ne nasprotuje delegiranemu aktu v roku dveh mesecev od uradnega obvestila Evropskemu parlamentu in Svetu o tem aktu ali če sta pred iztekom tega roka tako Evropski parlament kot Svet obvestila Komisijo, da mu ne bosta nasprotovala. Ta rok se na pobudo Evropskega parlamenta ali Sveta podaljša za dva meseca. | 5. A delegated act adopted pursuant to Article 30(4) shall enter into force only if no objection has been expressed either by the European Parliament or the Council within a period of two months of notification of that act to the European Parliament and the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by two months at the initiative of the European Parliament or of the Council. |
| Člen 48 | Article 48 |
| Postopek v odboru | Committee procedure |
| 1. Komisiji pomaga odbor. Ta odbor je odbor v smislu Uredbe (EU) št. 182/2011. | 1. The Commission shall be assisted by a committee. That committee shall be a committee within the meaning of Regulation (EU) No 182/2011. |
| 2. Pri sklicevanju na ta odstavek se uporablja člen 5 Uredbe (EU) št. 182/2011. | 2. Where reference is made to this paragraph, Article 5 of Regulation (EU) No 182/2011 shall apply. |
| POGLAVJE VI | CHAPTER VI |
| KONČNE DOLOČBE | FINAL PROVISIONS |
| Člen 49 | Article 49 |
| Pregled | Review |
| Komisija pregleda uporabo te uredbe in poroča Evropskemu parlamentu in Svetu najpozneje 1. julija 2020. Komisija oceni zlasti, ali bi bilo ustrezno spremeniti področje uporabe te uredbe ali njene posebne določbe, vključno s členi 6, točko (f) člena 7 in členi 34, 43, 44 in 45, pri tem pa upošteva izkušnje, pridobljene pri uporabi te uredbe, pa tudi tehnološke, tržne in pravne spremembe. | The Commission shall review the application of this Regulation and shall report to the European Parliament and to the Council no later than 1 July 2020. The Commission shall evaluate in particular whether it is appropriate to modify the scope of this Regulation or its specific provisions, including Article 6, point (f) of Article 7 and Articles 34, 43, 44 and 45, taking into account the experience gained in the application of this Regulation, as well as technological, market and legal developments. |
| Poročilu iz prvega odstavka se po potrebi priložijo zakonodajni predlogi. | The report referred to in the first paragraph shall be accompanied, where appropriate, by legislative proposals. |
| Komisija poleg tega Evropskemu parlamentu in Svetu vsaka štiri leta po predložitvi poročila iz prvega odstavka predloži poročilo o napredku pri doseganju ciljev te uredbe. | In addition, the Commission shall submit a report to the European Parliament and the Council every four years after the report referred to in the first paragraph on the progress towards achieving the objectives of this Regulation. |
| Člen 50 | Article 50 |
| Razveljavitev | Repeal |
| 1. Direktiva 1999/93/ES se razveljavi z učinkom od 1. julija 2016. | 1. Directive 1999/93/EC is repealed with effect from 1 July 2016. |
| 2. Sklicevanje na razveljavljeno direktivo se razume kot sklicevanje na to uredbo. | 2. References to the repealed Directive shall be construed as references to this Regulation. |
| Člen 51 | Article 51 |
| Prehodni ukrepi | Transitional measures |
| 1. Naprave za varno ustvarjanje podpisa, katerih skladnost je bila ugotovljena v skladu s členom 3(4) Direktive 1999/93/ES, se štejejo za naprave za ustvarjanje kvalificiranega elektronskega podpisa na podlagi te uredbe. | 1. Secure signature creation devices of which the conformity has been determined in accordance with Article 3(4) of Directive 1999/93/EC shall be considered as qualified electronic signature creation devices under this Regulation. |
| 2. Kvalificirana potrdila, izdana fizičnim osebam na podlagi Direktive 1999/93/ES, se štejejo za kvalificirana potrdila za elektronske podpise po tej uredbi do izteka njihove veljavnosti. | 2. Qualified certificates issued to natural persons under Directive 1999/93/EC shall be considered as qualified certificates for electronic signatures under this Regulation until they expire. |
| 3. Overitelj, ki izdaja kvalificirana potrdila na podlagi Direktive 1999/93/ES, nadzornemu organu čim prej oziroma najpozneje do 1. julija 2017 predloži poročilo o ugotavljanju skladnosti. Dokler overitelj ne predloži zadevnega poročila o ugotavljanju skladnosti in nadzorni organ ne zaključi ocene skladnosti, se ta overitelj šteje za ponudnika kvalificiranih storitev zaupanja na podlagi te uredbe. | 3. A certification-service-provider issuing qualified certificates under Directive 1999/93/EC shall submit a conformity assessment report to the supervisory body as soon as possible but not later than 1 July 2017. Until the submission of such a conformity assessment report and the completion of its assessment by the supervisory body, that certification-service-provider shall be considered as qualified trust service provider under this Regulation. |
| 4. Če overitelj, ki izdaja kvalificirana potrdila na podlagi Direktive 1999/93/ES, nadzornemu organu v roku iz odstavka 3 ne predloži poročila o ugotavljanju skladnosti, se ta overitelj od 2. julija 2017 ne šteje za ponudnika kvalificiranih storitev zaupanja na podlagi te uredbe. | 4. If a certification-service-provider issuing qualified certificates under Directive 1999/93/EC does not submit a conformity assessment report to the supervisory body within the time limit referred to in paragraph 3, that certification-service-provider shall not be considered as qualified trust service provider under this Regulation from 2 July 2017. |
| Člen 52 | Article 52 |
| Začetek veljavnosti | Entry into force |
| 1. Ta uredba začne veljati dvajseti dan po objavi v Uradnem listu Evropske unije. | 1. This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union. |
| 2. Ta uredba se uporablja od 1. julija 2016, z naslednjimi izjemami: | 2. This Regulation shall apply from 1 July 2016, except for the following: |
| (a) | členi 8(3), 9(5), 12(2) do (9), 17(8), 19(4), 20(4), 21(4), 22(5), 23(3), 24(5), 27(4) in (5), 28(6), 29(2), 30(3) in (4), 31(3), 32(3), 33(2), 34(2), 37(4) in (5), 38(6), 42(2), 44(2), 45(2), ter člena 47 in 48 se uporabljajo od 17. septembra 2014; | (a) | Articles 8(3), 9(5), 12(2) to (9), 17(8), 19(4), 20(4), 21(4), 22(5), 23(3), 24(5), 27(4) and (5), 28(6), 29(2), 30(3) and (4), 31(3), 32(3), 33(2), 34(2), 37(4) and (5), 38(6), 42(2), 44(2), 45(2), and Articles 47 and 48 shall apply from 17 September 2014; |
| (b) | člen 7, člen 8(1) in (2), členi 9, 10, 11 ter člen 12(1) se uporabljajo od datuma začetka uporabe izvedbenih aktov iz členov 8(3) in 12(8); | (b) | Article 7, Article 8(1) and (2), Articles 9, 10, 11 and Article 12(1) shall apply from the date of application of the implementing acts referred to in Articles 8(3) and 12(8); |
| (c) | člen 6 se začne uporabljati tri leta po datumu začetka uporabe izvedbenih aktov iz členov 8(3) in 12(8). | (c) | Article 6 shall apply from three years as from the date of application of the implementing acts referred to in Articles 8(3) and 12(8). |
| 3. Če se priglašena shema elektronske identifikacije navede na seznamu, ki ga Komisija objavi v skladu s členom 9, pred datumom iz točke (c) odstavka 2 tega člena, se sredstva elektronske identifikacije v okviru te sheme priznajo na podlagi člena 6 najpozneje 12 mesecev po objavi te sheme, vendar ne pred datumom iz točke (c) odstavka 2 tega člena. | 3. Where the notified electronic identification scheme is included in the list published by the Commission pursuant to Article 9 before the date referred to in point (c) of paragraph 2 of this Article, the recognition of the electronic identification means under that scheme pursuant to Article 6 shall take place no later than 12 months after the publication of that scheme but not before the date referred to in point (c) of paragraph 2 of this Article. |
| 4. Ne glede na točko (c) odstavka 2 tega člena lahko država članica sklene, da se sredstva elektronske identifikacije v okviru sheme elektronske identifikacije, ki jo na podlagi člena 9(1) priglasi druga država članica, priznajo v prvi državi članici od datuma začetka uporabe izvedbenih aktov iz členov 8(3) in 12(8). Zadevne države članice obvestijo Komisijo. Komisija te informacije objavi. | 4. Notwithstanding point (c) of paragraph 2 of this Article, a Member State may decide that electronic identification means under electronic identification scheme notified pursuant to Article 9(1) by another Member State are recognised in the first Member State as from the date of application of the implementing acts referred to in Articles 8(3) and 12(8). Member States concerned shall inform the Commission. The Commission shall make this information public. |
| Ta uredba je v celoti zavezujoča in se neposredno uporablja v vseh državah članicah. | This Regulation shall be binding in its entirety and directly applicable in all Member States. |
| V Bruslju, 23. julija 2014 | Done at Brussels, 23 July 2014. |
| Za Parlament | For the Parliament |
| Predsednik | The President |
| M. SCHULZ | M. SCHULZ |
| Za Svet | For the Council |
| Predsednik | The President |
| S. GOZI | S. GOZI |
| (1) UL C 351, 15.11.2012, str. 73. | (1)
OJ C 351, 15.11.2012, p. 73. |
| (2) Stališče Evropskega parlamenta z dne 3. aprila 2014 (še ni objavljeno v Uradnem listu) in odločitev Sveta z dne 23. julija 2014. | (2) Position of the European Parliament of 3 April 2014 (not yet published in the Official Journal) and decision of the Council of 23 July 2014. |
| (3) Direktiva 1999/93/ES Evropskega parlamenta in Sveta z dne 13. decembra 1999 o okviru Skupnosti za elektronski podpis (UL L 13, 19.1.2000, str. 12). | (3) Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures (OJ L 13, 19.1.2000, p. 12). |
| (4) UL C 50 E, 21.2.2012, str. 1. | (4)
OJ C 50 E, 21.2.2012, p. 1. |
| (5) Direktiva 2006/123/ES Evropskega parlamenta in Sveta z dne 12. decembra 2006 o storitvah na notranjem trgu (UL L 376, 27.12.2006, str. 36). | (5) Directive 2006/123/EC of the European Parliament and of the Council of 12 December 2006 on services in the internal market (OJ L 376, 27.12.2006, p. 36). |
| (6) Direktiva 2011/24/EU Evropskega parlamenta in Sveta z dne 9. marca 2011 o uveljavljanju pravic pacientov pri čezmejnem zdravstvenem varstvu (UL L 88, 4.4.2011, str. 45). | (6) Directive 2011/24/EU of the European Parliament and of the Council of 9 March 2011 on the application of patients’ rights in cross-border healthcare (OJ L 88, 4.4.2011, p. 45). |
| (7) Direktiva 95/46/ES Evropskega parlamenta in Sveta z dne 24. oktobra 1995 o varstvu posameznikov pri obdelavi osebnih podatkov in o prostem pretoku takih podatkov (UL L 281, 23.11.1995, str. 31). | (7) Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (OJ L 281, 23.11.1995, p. 31). |
| (8) Sklep Sveta 2010/48/ES z dne 26. novembra 2009 o sklenitvi Konvencije Združenih narodov o pravicah invalidov s strani Evropske skupnosti (UL L 23, 27.1.2010, str. 35). | (8) Council Decision 2010/48/EC of 26 November 2009 concerning the conclusion, by the European Community, of the United Nations Convention on the Rights of Persons with Disabilities (OJ L 23, 27.1.2010, p. 35). |
| (9) Uredba (ES) št. 765/2008 Evropskega parlamenta in Sveta z dne 9. julija 2008 o določitvi zahtev za akreditacijo in nadzor trga v zvezi s trženjem proizvodov ter razveljavitvi Uredbe (EGS) št. 339/93 (UL L 218, 13.8.2008, str. 30). | (9) Regulation (EC) No 765/2008 of the European Parliament and of the Council of 9 July 2008 setting out the requirements for accreditation and market surveillance relating to the marketing of products and repealing Regulation (EEC) No 339/93 (OJ L 218, 13.8.2008, p. 30). |
| (10) Odločba Komisije 2009/767/ES z dne 16. oktobra 2009 o vzpostavitvi ukrepov za pospeševanje uporabe postopkov po elektronski poti s pomočjo „enotnih kontaktnih točk“ po Direktivi 2006/123/ES Evropskega parlamenta in Sveta o storitvah na notranjem trgu (UL L 274, 20.10.2009, str. 36). | (10) Commission Decision 2009/767/EC of 16 October 2009 setting out measures facilitating the use of procedures by electronic means through the ‘points of single contact’ under Directive 2006/123/EC of the European Parliament and of the Council on services in the internal market (OJ L 274, 20.10.2009, p. 36). |
| (11) Sklep Komisije 2011/130/EU z dne 25. februarja 2011 o določitvi minimalnih zahtev glede čezmejne obdelave dokumentov z elektronskim podpisom pristojnih organov v skladu z Direktivo 2006/123/ES Evropskega parlamenta in Sveta o storitvah na notranjem trgu (UL L 53, 26.2.2011, str. 66). | (11) Commission Decision 2011/130/EU of 25 February 2011 establishing minimum requirements for the cross-border processing of documents signed electronically by competent authorities under Directive 2006/123/EC of the European Parliament and of the Council on services in the internal market (OJ L 53, 26.2.2011, p. 66). |
| (12) Uredba (EU) št. 182/2011 Evropskega parlamenta in Sveta z dne 16. februarja 2011 o določitvi splošnih pravil in načel, na podlagi katerih države članice nadzirajo izvajanje izvedbenih pooblastil Komisije (UL L 55, 28.2.2011, str. 13). | (12) Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by the Member States of the Commission’s exercise of implementing powers (OJ L 55, 28.2.2011, p. 13). |
| (13) Uredba (ES) št. 45/2001 Evropskega parlamenta in Svet z dne 18. decembra 2000 o varstvu posameznikov pri obdelavi osebnih podatkov v institucijah in organih Skupnosti in o prostem pretoku takih podatkov (UL L 8, 12,1,2001, str. 1). | (13) Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data (OJ L 8, 12.1.2001, p. 1). |
| (14) UL C 28, 30.1.2013, str. 6. | (14)
OJ C 28, 30.1.2013, p. 6. |
| (15) Direktiva 2014/24/EU Evropskega parlamenta in Sveta z dne 26. februarja 2014 o javnem naročanju in razveljavitvi Direktive 2004/18/ES (UL L 94, 28.3.2014, str. 65). | (15) Directive 2014/24/EU of the European Parliament and of the Council of 26 February 2014 on public procurement and repealing Directive 2004/18/EC (OJ L 94, 28.3.2014, p. 65). |
| PRILOGA I | ANNEX I |
| ZAHTEVE V ZVEZI S KVALIFICIRANIMI POTRDILI ZA ELEKTRONSKE PODPISE | REQUIREMENTS FOR QUALIFIED CERTIFICATES FOR ELECTRONIC SIGNATURES |
| Kvalificirana potrdila za elektronske podpise vsebujejo: | Qualified certificates for electronic signatures shall contain: |
| (a) | navedbo, vsaj v formatu, primernem za avtomatizirano obdelavo, da je bilo potrdilo izdano kot kvalificirano potrdilo za elektronski podpis; | (a) | an indication, at least in a form suitable for automated processing, that the certificate has been issued as a qualified certificate for electronic signature; |
| (b) | nabor podatkov, ki nedvoumno predstavlja ponudnika kvalificiranih storitev zaupanja, ki izdaja kvalificirana potrdila, ter vključuje vsaj državo članico, v kateri ima zadevni ponudnik sedež, in | — | za pravne osebe: ime in po potrebi registrsko številko, kot sta navedena v uradnih evidencah, | — | za fizične osebe: ime osebe; | (b) | a set of data unambiguously representing the qualified trust service provider issuing the qualified certificates including at least, the Member State in which that provider is established and: | — | for a legal person: the name and, where applicable, registration number as stated in the official records, | — | for a natural person: the person’s name; |
| (c) | vsaj ime podpisnika ali psevdonim; če je uporabljen psevdonim, se to jasno navede; | (c) | at least the name of the signatory, or a pseudonym; if a pseudonym is used, it shall be clearly indicated; |
| (d) | podatke za potrjevanje veljavnosti elektronskega podpisa, ki ustrezajo podatkom za ustvarjanje elektronskega podpisa; | (d) | electronic signature validation data that corresponds to the electronic signature creation data; |
| (e) | podrobnosti o začetku in koncu veljavnosti potrdila; | (e) | details of the beginning and end of the certificate’s period of validity; |
| (f) | identifikacijsko šifro potrdila, ki je enolična za ponudnika kvalificiranih storitev zaupanja; | (f) | the certificate identity code, which must be unique for the qualified trust service provider; |
| (g) | napredni elektronski podpis ali napredni elektronski žig ponudnika kvalificiranih storitev zaupanja, ki izdaja potrdilo; | (g) | the advanced electronic signature or advanced electronic seal of the issuing qualified trust service provider; |
| (h) | lokacijo, kjer je potrdilo, ki podpira napredni elektronski podpis ali napredni elektronski žig iz točke (g), na voljo brezplačno; | (h) | the location where the certificate supporting the advanced electronic signature or advanced electronic seal referred to in point (g) is available free of charge; |
| (i) | lokacijo storitev, s katerimi je mogoče preveriti veljavnost kvalificiranega potrdila; | (i) | the location of the services that can be used to enquire about the validity status of the qualified certificate; |
| (j) | če se podatki za ustvarjanje elektronskega podpisa, povezani s podatki za potrjevanje veljavnosti elektronskega podpisa, nahajajo v napravi za ustvarjanje kvalificiranega elektronskega podpisa, se to ustrezno navede vsaj v formatu, primernem za avtomatizirano obdelavo. | (j) | where the electronic signature creation data related to the electronic signature validation data is located in a qualified electronic signature creation device, an appropriate indication of this, at least in a form suitable for automated processing. |
| PRILOGA II | ANNEX II |
| ZAHTEVE V ZVEZI Z NAPRAVAMI ZA USTVARJANJE KVALIFICIRANEGA ELEKTRONSKEGA PODPISA | REQUIREMENTS FOR QUALIFIED ELECTRONIC SIGNATURE CREATION DEVICES |
| 1. | Naprave za ustvarjanje kvalificiranega elektronskega podpisa z ustrezno tehnologijo in postopki zagotavljajo vsaj, da: | (a) | je razumno zagotovljena zaupnost podatkov za ustvarjanje elektronskega podpisa, s katerimi se ustvari elektronski podpis; | (b) | se lahko podatki za ustvarjanje elektronskega podpisa, s katerimi se ustvari elektronski podpis, dejansko pojavijo samo enkrat; | (c) | je razumno zagotovljeno, da do podatkov za ustvarjanje elektronskega podpisa, s katerimi se ustvari elektronski podpis, ni mogoče priti s sklepanjem in da je elektronski podpis z uporabo trenutno razpoložljive tehnologije zanesljivo zaščiten pred ponarejanjem; | (d) | lahko zakoniti podpisnik zanesljivo zaščiti podatke za ustvarjanje elektronskega podpisa, s katerimi se ustvari elektronski podpis, pred tem, da bi jih lahko uporabljali drugi. | 1. | Qualified electronic signature creation devices shall ensure, by appropriate technical and procedural means, that at least: | (a) | the confidentiality of the electronic signature creation data used for electronic signature creation is reasonably assured; | (b) | the electronic signature creation data used for electronic signature creation can practically occur only once; | (c) | the electronic signature creation data used for electronic signature creation cannot, with reasonable assurance, be derived and the electronic signature is reliably protected against forgery using currently available technology; | (d) | the electronic signature creation data used for electronic signature creation can be reliably protected by the legitimate signatory against use by others. |
| 2. | Naprave za ustvarjanje kvalificiranega elektronskega podpisa ne spreminjajo podatkov, ki bodo podpisani, ali preprečijo, da bi se ti podatki podpisniku prikazali pred podpisom. | 2. | Qualified electronic signature creation devices shall not alter the data to be signed or prevent such data from being presented to the signatory prior to signing. |
| 3. | Podatke za ustvarjanje elektronskega podpisa lahko v imenu podpisnika pridobiva ali upravlja le ponudnik kvalificiranih storitev zaupanja. | 3. | Generating or managing electronic signature creation data on behalf of the signatory may only be done by a qualified trust service provider. |
| 4. | Ponudniki kvalificiranih storitev zaupanja, ki v imenu podpisnika upravljajo podatke za ustvarjanje elektronskega podpisa, lahko brez poseganja v točko (d) točke 1 podatke za ustvarjanje elektronskega podpisa podvajajo le za namene varnostne kopije, pod pogojem, da sta izpolnjeni naslednji zahtevi: | (a) | varnost podvojenih naborov podatkov je enaka ravni, ki jo ima varnost prvotnih naborov podatkov; | (b) | število podvojenih naborov podatkov ni večje, kot je to nujno potrebno, da se zagotovi neprekinjenost storitve. | 4. | Without prejudice to point (d) of point 1, qualified trust service providers managing electronic signature creation data on behalf of the signatory may duplicate the electronic signature creation data only for back-up purposes provided the following requirements are met: | (a) | the security of the duplicated datasets must be at the same level as for the original datasets; | (b) | the number of duplicated datasets shall not exceed the minimum needed to ensure continuity of the service. |
| PRILOGA III | ANNEX III |
| ZAHTEVE V ZVEZI S KVALIFICIRANIMI POTRDILI ZA ELEKTRONSKE ŽIGE | REQUIREMENTS FOR QUALIFIED CERTIFICATES FOR ELECTRONIC SEALS |
| Kvalificirana potrdila za elektronske žige vsebujejo: | Qualified certificates for electronic seals shall contain: |
| (a) | navedbo, vsaj v formatu, primernem za avtomatizirano obdelavo, da je bilo potrdilo izdano kot kvalificirano potrdilo za elektronski žig; | (a) | an indication, at least in a form suitable for automated processing, that the certificate has been issued as a qualified certificate for electronic seal; |
| (b) | nabor podatkov, ki nedvoumno predstavlja ponudnika kvalificiranih storitev zaupanja, ki izdaja kvalificirana potrdila, ter vključuje vsaj državo članico, v kateri ima zadevni ponudnik sedež, in | — | za pravne osebe: ime in po potrebi registrsko številko, kot sta navedena v uradnih evidencah, | — | za fizične osebe: ime osebe; | (b) | a set of data unambiguously representing the qualified trust service provider issuing the qualified certificates including at least the Member State in which that provider is established and: | — | for a legal person: the name and, where applicable, registration number as stated in the official records, | — | for a natural person: the person’s name; |
| (c) | vsaj ime ustvarjalca žiga in po potrebi registrsko številko, kot sta navedena v uradnih evidencah; | (c) | at least the name of the creator of the seal and, where applicable, registration number as stated in the official records; |
| (d) | podatke za potrjevanje veljavnosti elektronskega žiga, ki ustrezajo podatkom za ustvarjanje elektronskega žiga; | (d) | electronic seal validation data, which corresponds to the electronic seal creation data; |
| (e) | podrobnosti o začetku in koncu veljavnosti potrdila; | (e) | details of the beginning and end of the certificate’s period of validity; |
| (f) | identifikacijsko šifro potrdila, ki je enolična za ponudnika kvalificiranih storitev zaupanja; | (f) | the certificate identity code, which must be unique for the qualified trust service provider; |
| (g) | napredni elektronski podpis ali napredni elektronski žig ponudnika kvalificiranih storitev zaupanja, ki izdaja potrdilo; | (g) | the advanced electronic signature or advanced electronic seal of the issuing qualified trust service provider; |
| (h) | lokacijo, kjer je potrdilo, ki podpira napredni elektronski podpis ali napredni elektronski žig iz točke (g), na voljo brezplačno; | (h) | the location where the certificate supporting the advanced electronic signature or advanced electronic seal referred to in point (g) is available free of charge; |
| (i) | lokacijo storitev, s katerimi je mogoče preveriti veljavnost kvalificiranega potrdila; | (i) | the location of the services that can be used to enquire as to the validity status of the qualified certificate; |
| (j) | če se podatki za ustvarjanje elektronskega žiga, povezani s podatki za potrjevanje elektronskega žiga, nahajajo v napravi za ustvarjanje kvalificiranega elektronskega žiga, se to ustrezno navede vsaj v formatu, primernem za avtomatizirano obdelavo. | (j) | where the electronic seal creation data related to the electronic seal validation data is located in a qualified electronic seal creation device, an appropriate indication of this, at least in a form suitable for automated processing. |
| PRILOGA IV | ANNEX IV |
| ZAHTEVE ZA KVALIFICIRANA POTRDILA ZA AVTENTIKACIJO SPLETIŠČ | REQUIREMENTS FOR QUALIFIED CERTIFICATES FOR WEBSITE AUTHENTICATION |
| Kvalificirana potrdila za avtentikacijo spletišč vsebujejo: | Qualified certificates for website authentication shall contain: |
| (a) | navedbo, vsaj v formatu, primernem za avtomatizirano obdelavo, da je bilo potrdilo izdano kot kvalificirano potrdilo za avtentikacijo spletišč; | (a) | an indication, at least in a form suitable for automated processing, that the certificate has been issued as a qualified certificate for website authentication; |
| (b) | nabor podatkov, ki nedvoumno predstavlja ponudnika kvalificiranih storitev zaupanja, ki izdaja kvalificirana potrdila, ter vključuje vsaj državo članico, v kateri ima zadevni ponudnik sedež, in | — | za pravne osebe: ime in po potrebi registrsko številko, kot sta navedena v uradnih evidencah, | — | za fizične osebe: ime osebe; | (b) | a set of data unambiguously representing the qualified trust service provider issuing the qualified certificates including at least the Member State in which that provider is established and: | — | for a legal person: the name and, where applicable, registration number as stated in the official records, | — | for a natural person: the person’s name; |
| (c) | za fizične osebe: vsaj ime osebe, za katero se izdaja potrdilo, ali psevdonim. Če je uporabljen psevdonim, se to jasno navede; | za pravne osebe: vsaj ime pravne osebe, za katero se izdaja potrdilo, in po potrebi registrsko številko, kot sta navedena v uradnih evidencah; | (c) | for natural persons: at least the name of the person to whom the certificate has been issued, or a pseudonym. If a pseudonym is used, it shall be clearly indicated; | for legal persons: at least the name of the legal person to whom the certificate is issued and, where applicable, registration number as stated in the official records; |
| (d) | elemente naslova fizične ali pravne osebe, za katero se izdaja potrdilo, vključno vsaj s krajem in državo, po potrebi, kot so navedeni v uradnih evidencah; | (d) | elements of the address, including at least city and State, of the natural or legal person to whom the certificate is issued and, where applicable, as stated in the official records; |
| (e) | ime/imena domene, ki jo upravlja fizična ali pravna oseba, za katero se izdaja potrdilo; | (e) | the domain name(s) operated by the natural or legal person to whom the certificate is issued; |
| (f) | podrobnosti o začetku in koncu obdobja veljavnosti potrdila; | (f) | details of the beginning and end of the certificate’s period of validity; |
| (g) | identifikacijsko šifro potrdila, ki je enolična za ponudnika kvalificiranih storitev zaupanja; | (g) | the certificate identity code, which must be unique for the qualified trust service provider; |
| (h) | napredni elektronski podpis ali napredni elektronski žig ponudnika kvalificiranih storitev zaupanja, ki izdaja potrdilo; | (h) | the advanced electronic signature or advanced electronic seal of the issuing qualified trust service provider; |
| (i) | lokacijo, na kateri je potrdilo, ki podpira napredni elektronski podpis ali napredni elektronski žig iz točke (h), na voljo brezplačno; | (i) | the location where the certificate supporting the advanced electronic signature or advanced electronic seal referred to in point (h) is available free of charge; |
| (j) | lokacijo storitev za preverjanje veljavnosti potrdila, s katerimi je mogoče preveriti veljavnost kvalificiranega potrdila. | (j) | the location of the certificate validity status services that can be used to enquire as to the validity status of the qualified certificate. |
