Act No. 440 / 2004 Coll.
Act amending Act No. 227 / 2000 Coll., on electronic signature and amending certain other laws (Act on electronic signature), as amended
Valid
Law
Effective from 26.07.2004
Text versions:
26.07.2004
Zobrazeno prvních 200 z celkem 375 ustanovení tohoto předpisu.
Zobrazit celý předpis →
Pro stažení celého znění použijte tlačítko Stáhnout výše.
440
THE LAW
of 24 June 2004
amending Act No. 227 / 2000 Coll., on electronic signature and amending certain other laws (Act on electronic signature), as amended
Parliament has decided on this law of the Czech Republic:
Act No. 227 / 2000 Coll., on electronic signature and amending certain other laws (Act on electronic signature), as amended by Act No. 226 / 2002 Coll. and Act No. 517 / 2002 Coll., is amended as follows:
1. In Article 1, the words "in accordance with the law of the European Communities (1) 'shall be inserted after the words" amended'.
footnote 1 is replaced by the following:
"(1) Directive 99 / 93 / EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures."
footnote (1) shall be renumbered footnote (1a), including the reference to that footnote.
2. In Section 1, the words "electronic marks' are inserted after the words" electronic signature '.
3. In Section 1, "provision of related services' is replaced by" provision of certification services and related services by providers established in the Czech Republic '.
4.
Definition of certain terms
For the purposes of this Act:
(a) by electronic signature, the data which are attached to, or are logically related to, the data message and which serve as a method for unambiguous verification of the identity of the signatory in relation to the data message;
(b) an electronic signature guaranteed by electronic signature meeting the following requirements:
1. is clearly linked to the signatory;
2. allows identification of the signatory in relation to the data message;
3. has been created and connected to the data message by means of means which the signatory can keep under his sole control;
4. is connected to the data message to which it relates in such a way that any subsequent change of data can be detected;
(c) by electronic means, the particulars which are attached to or are logically related to the data report and which satisfy the following requirements:
1. are clearly associated with the designating person and allow its identification through a qualified system certificate;
2. have been created and connected to the data message by means of means for the creation of electronic tags which the designating person can keep under his sole control;
3. are connected to the data message to which they relate in such a way that any subsequent change of data can be detected;
(d) by means of a data message, electronic data which can be transmitted by means of electronic communication and stored on recording media used in the processing and transmission of data by electronic means;
(e) the signatory is a natural person who holds an electronic signature device and acts on his or her behalf or on behalf of another natural or legal person;
(f) designating a person, a natural person, a legal person or an organisational entity of a State holding a means of creating electronic tags and indicating a data report by electronic means;
(g) by the holder of the certificate, a natural person, a legal person or an organisational entity of the State which has requested the issue of a qualified certificate or a qualified system certificate for itself or for the signatory or the designating person and which has been issued;
(h) by a certification service provider, a natural person, a legal person or an organisational body of a State that issues certificates and keeps records of them, or provides other services related to electronic signatures,
(i) by a qualified certification service provider, a certification service provider that issues qualified certificates or qualified system certificates or qualified time stamps or means for the secure creation of electronic signatures (hereinafter referred to as "qualified certification services") and has complied with the reporting requirements of Section 6;
(j) by an accredited certification service provider, a certification service provider granted accreditation under this law;
(k) a data message issued by a certification service provider by a certificate connects the data for the verification of electronic signatures with the signatory and enables the verification of his identity or links the data for the verification of electronic signs with the designating person and allows the verification of his identity;
(l) by a qualified certificate, a certificate which has the requirements of Section 12 and has been issued by a qualified certification service provider;
(m) by a qualified system certificate, a certificate which has the requirements of § 12a and has been issued by a qualified certification service provider;
(n) data for creating electronic signatures unique data used by the signatory to create electronic signatures;
(o) data for verifying electronic signatures unique data used for verifying electronic signatures;
(p) data for the creation of electronic tags unique data used by the designating person to create electronic tags;
(q) data for the verification of electronic marks unique data used for the verification of electronic marks,
(r) by a qualified time stamp, a data message issued by a qualified certification service provider that reliably links the data in electronic form to the time frame and ensures that the data in electronic form existed before that time;
(s) a means of creating electronic signatures of technical equipment or software used to create electronic signatures;
(t) a means of verifying electronic signatures of technical equipment or software used to verify electronic signatures;
(u) a means of secure creation of electronic signatures, an electronic signature-creation device which complies with the requirements laid down by this law;
(v) a means of secure verification of electronic signatures by means of a means of verification of signature which satisfies the requirements laid down in this law;
(w) an electronic signature tool for technical equipment or software, or components thereof, used to provide certification services or to create or verify electronic signatures;
(x) a means of creating electronic signs of equipment used by the designating person for the creation of electronic tags and which fulfils the other requirements laid down by this law;
(y) an electronic service facility for the public authority to receive and send data messages,
(z) by accreditation of a certificate that the certification service provider fulfils the conditions laid down in this Act for the performance of the activities of an accredited certification service provider. ';
5. In Article 3 (1), the second sentence is added: "Unless proven otherwise, the signatory shall be deemed to have been familiar with the content of the data message before signing the data report. '
6. The following Section 3a is inserted after Section 3:
(1) The use of an electronic tag based on a qualified system certificate and generated by an electronic tag creation device allows verification that the data message has been marked by that electronic tag indicating the person.
(2) Where the designating person has identified the data message, it shall be deemed to have done so by automated means without direct verification of the content of the data message and thereby expressing its will. ';
7. In Section 4, the words "or electronic marks' shall be inserted after the words" electronic signature '.
8. In Section 4, the words "or marked 'shall be inserted after the words" signed'.
9. in Article 5 (1) (b), the word "her" shall be deleted;
10. in Article 5 (1), the comma at the end of point (b) shall be replaced by a dot and point (c) shall be deleted;
11. After Article 5, the following Sections 5a and 5b are inserted:
Obligations of the designating person
(1) The indicating person shall:
(a) treat the device as well as the data for the creation of electronic marks with due care so that their unauthorised use cannot occur;
(b) inform without delay the certification service provider who issued the qualified system certificate that there is a risk of misuse of its data for the creation of electronic brands.
(2) The designating person shall ensure that the means of creating the electronic marks he uses complies with the requirements laid down in this law.
(3) The damage caused by the infringement referred to in paragraph 1 shall be the responsibility of the designating person, even if the damage was not caused, under special legislation, 1a) the liability for defects under special rules shall not be affected. (1a) However, liability shall be waived if it proves that the person who suffered the damage has not performed all the necessary actions to verify that the electronic mark is valid and that his qualified system certificate has not been invalidated.
Obligations of the certificate holder
The certificate holder shall provide accurate, true and complete information to the certification service provider in relation to the qualified certificate and in relation to the qualified system certificate without undue delay. ';
12.
Qualified certification service provider
(1) A qualified certification service provider shall:
(a) ensure that each person can ascertain his or her identity and his or her qualified system certificate on the basis of which he or she identifies the issued qualified certificates or qualified system certificates and lists of certificates which have been invalidated or qualified time stamps;
(b) ensure that the provision of qualified certification services is carried out by persons with the expertise and qualifications necessary for the provision of the qualified certification service and familiar with the relevant security procedures;
(c) use secure systems and secure electronic signature tools, ensure sufficient security of the procedures that support such systems and tools and ensure sufficient cryptographic security of those instruments; systems and tools are considered safe if they comply with the requirements laid down in this Act and the Implementing Decree, or if they comply with the requirements of the technical standards set out in the Commission Decision issued on the basis of Article 3 (5) of Directive 99 / 93 / EC,
(d) use secure systems for the retention of qualified certificates and qualified system certificates or qualified time stamps in verifiable form in such a way that only authorised persons can carry out records or their changes so that the accuracy of the records can be checked and that any technical or programme changes in breach of those security requirements are evident;
(e) have sufficient financial resources or other financial collateral for operation throughout their activities in accordance with the requirements laid down in this Act and taking into account the risk of liability;
(f) prior to the conclusion of a contract for the provision of qualified certification services with a person requesting the provision of services under this Act, inform that person in writing of the precise conditions for the use of qualified certification services, including any restrictions on their use, the conditions for complaints and the resolution of disputes arising and whether or not it is accredited by the Ministry of Informatics (hereinafter referred to as "the Ministry") pursuant to Section 10; this information may be transmitted electronically.
(2) If the certification service provider is not accredited by the Ministry, it shall notify the Ministry at least 30 days before the start of the provision of the qualified certification service that it will provide it and the moment when it commences. At the same time, it shall transmit to the Ministry for verification its qualified system certificate referred to in paragraph 1 (a).
(3) Where a qualified certification service provider who has obtained accreditation under Section 10 of this Act has been withdrawn by the Ministry, it shall inform the bodies to which it provides its qualified certification services and other persons concerned without delay.
(4) A qualified certification service provider provides services under this Act under contract. The contract must be written.
(5) A qualified certification service provider shall keep the information and documentation related to the qualified certification services provided under this Act, in particular:
(a) a contract for the provision of a qualified certification service, including a request for the provision of a service;
(b) a qualified certificate issued, a qualified system certificate issued or a qualified time stamp issued;
(c) a copy of the personal documents submitted signing the persons or documents on the basis of which the identity of the designating persons has been verified;
(d) a certificate of receipt of a qualified certificate or a qualified system certificate by the holder or, where appropriate, his consent to the publication of the qualified certificate in the list of issued qualified certificates;
(e) a declaration by the certificate holder that the information referred to in paragraph 1 (f) has been provided to him;
(f) documents and records related to the life cycle of a qualified certificate or a qualified system certificate, the details of which shall be specified in the implementing decree.
(6) All information and documentation on services provided under this Act is kept by a qualified certification service provider for at least 10 years. The qualified provider shall ensure that the information and documentation stored prior to the loss, misuse, destruction or damage is provided under conditions specified in the Implementing Decree. The information and documentation referred to in the first sentence may be obtained and stored electronically by the qualified certification service provider. Unless otherwise provided for in this law, the handling of information and documentation shall be carried out in accordance with a specific legislature.2)
(7) Staff of a qualified certification service provider, or other natural persons who come into contact with personal data and data for the creation of electronic signatures of signatories and of electronic labels shall be obliged to maintain confidentiality of such data and data and security measures, the disclosure of which would jeopardise the security of such data and data. The obligation of confidentiality shall continue after the end of a work or other similar relationship or after the work concerned has been carried out; the said person may waive the confidentiality of the person in whose interest they are required or the court.
2) Act No. 97 / 1974 Coll., on archiving, as amended. '
13. The following Articles 6a and 6b are inserted after Article 6, including the headings and footnotes No 2a:
Obligations of a qualified certification service provider when issuing qualified certificates and qualified system certificates
(1) A qualified certification service provider issuing qualified certificates or qualified system certificates (hereinafter referred to as "certificates issued as qualified") shall:
(a) ensure that certificates issued by him as qualified include all the formalities laid down by this law;
(b) ensure that the particulars given in certificates issued by him as qualified are accurate, true and complete;
(c) before issuing a certificate as qualified to safely verify by appropriate means the identity of the signing person or the identity of the designating person, or, where appropriate, its special characteristics, if the purpose of such certificate so requires,
(d) determine whether, at the time of the application for the issue of a certificate as qualified, the signatory had data for the creation of electronic signatures corresponding to the data for the verification of electronic signatures or the designating person had data for the creation of electronic marks corresponding to the data for the verification of electronic marks containing the application for the issue of the certificate,
(e) ensure the operation of a secure and publicly available list of certificates issued as qualified, for which the certificate holder has given his consent in accordance with Article 6 (5) (d), and ensure the availability of that list by remote access and the information contained in the list contained in each amendment without undue delay;
(f) ensure the operation of a safe and publicly accessible list of certificates issued as qualified and invalidated, including by remote access;
(g) ensure that the date and time, indicating the time, minutes and seconds in which the certificate issued as qualified is issued or invalidated, can be specified;
(h) take appropriate measures against misuse and falsification of certificates issued as qualified;
(i) provide to third parties, on request, relevant information on the conditions for the use of certificates issued as qualified, including restrictions on their use, and whether or not they are accredited by the Ministry; This information may be provided electronically.
(2) Where a qualified certification service provider issuing certificates as qualified creates electronic signature creation data for the signatory or for the designating person for the creation of electronic marks,
(a) they must ensure the confidentiality of such data before they are transmitted, must not copy and store such data for longer than is necessary;
(b) they must guarantee that these data correspond to the data for verifying electronic signatures or data for verifying electronic marks.
(3) A qualified certification service provider issuing certificates as qualified must immediately invalidate the certificate if the holder, the signatory or the designating person so requests, or if he informs him that there is a risk of misuse of their data to create electronic signatures or electronic signs, or if the certificate has been issued on the basis of false or incorrect data.
(4) A qualified certification service provider shall also immediately invalidate a certificate issued as a qualified, if it is established that the signatory or the designating person has died or died, or has been deprived or restricted by the court of legal capacity, 2a), or if the information on the basis of which the certificate was issued has become untrue.
Obligations of a qualified certification service provider when issuing qualified time stamps
(1) A qualified certification service provider issuing qualified time stamps shall:
(a) ensure that the time stamps issued by him as qualified contain all the formalities laid down by this law;
(b) ensure that the time stamp entered in the qualified time stamp corresponds to the value of the coordinated world time when creating the qualified time stamp;
(c) ensure that the electronic data covered by the application for a qualified time stamp clearly corresponds to the electronic data contained in the qualified time stamp issued;
(d) to take appropriate measures against counterfeiting of qualified time stamps;
(e) provide to third parties, upon request, relevant information on the conditions for the use of qualified time stamps, including restrictions on their use and whether or not they are accredited by the Ministry; This information may be provided electronically.
(2) A qualified certification service provider shall issue a qualified time stamp immediately upon receipt of the request for certification.
2a) § 10 of Act No. 40 / 1964 Coll., Civil Code, as amended. '
14. in Article 7 (1), the word "qualified" shall be inserted after the word "responsible."
15. in Article 7 (1), the words "issuing qualified certificates" shall be deleted;
16. in Article 7 (2), "Provider" is replaced by "Qualified Provider."
17. in Article 7 (2), the word "qualified" shall be deleted;
18. In Article 7 (2), the words "issued as qualified 'shall be inserted after the word" certificate'.
19. in Paragraph 7 (2), the words "under § 12 (1) (i) and (j) and § 12a (h)" shall be inserted after the words "for its use."
20. in Paragraph 9 (2) (b):
"(b) supervise the activities of accredited certification service providers and qualified certification service providers, impose corrective measures and penalties for infringements under this law,";
21. in Paragraph 9 (2) (c):
"(c) keep records of accreditation and changes thereto and records of qualified certification service providers;"
22. in Article 9 (2), the following point (d) is inserted after point (c):
"(d) keeps a register of issued qualified system certificates used by a qualified certification service provider pursuant to Article 6 (1) (a) and verified by the Ministry in accordance with Article 6 (2);"
Points (d) to (f) shall be renumbered as points (e) to (g).
23. in Article 9 (2) (e):
"(e) it shall publish on an ongoing basis an overview of the accreditation awarded, an overview of the qualified certification service providers and their qualified services and the qualified system certificates referred to in point (d), including in a way that allows remote access,";
24. in Paragraph 9 (2) (g), the words "(for example, Sections 10 (7), 13 (2) and 16 (2))" are deleted.
25. in Paragraph 9 (3), the words "issuing qualified certificates" shall be replaced by "and qualified certification service providers."
26. In Article 9, the following paragraph 5 is added:
"(5) An order fine of up to CZK 1 000 000 may be imposed on a qualified certification service provider who has failed to fulfil his obligation to cooperate under paragraph 3."
27. in Article 10 (2) (a):
"(a) in the case of a legal person, the trading firm or the name, registered office or, where applicable, the address of the organisational component of a foreign person in the Czech Republic, and the applicant's identification number, if assigned; in the case of a natural person, the name and, where applicable, the name, surname, addendum, place of establishment, place of business, if different from the place of establishment, and the applicant's identification number, if assigned; ';
28. in Paragraph 10 (2) (d):
"(d) the substantive, personnel and organisational conditions for the activities of a qualified certification service provider pursuant to Sections 6, 6a and 6b of this Act,"
29. in Article 10 (2) (e):
"(e) an indication of which qualified certification services the applicant intends to provide;"
30. in Article 10, paragraphs 5, 6 and 7, including footnote 6, are deleted;
31. the following Section 10a is inserted after Section 10:
Conditions for extending the services of an accredited certification service provider
(1) An accredited certification service provider may extend the provision of qualified certification services to issue qualified certificates, qualified system certificates, qualified time stamps or to issue means for the safe creation of electronic signatures under this Act ("extended services").
(2) The accredited certification service provider shall notify the extension referred to in paragraph 1 to the Ministry in such a way that the Ministry receives the notification at least 4 months before the service is provided.
(3) In the notification, the accredited certification service provider shall demonstrate the factual, personnel and organisational conditions for the provision of extended services.
(4) If the accredited certification service provider fails to demonstrate the facts referred to in paragraph 3, or if those facts are incomplete or inaccurate, the Ministry shall notify the accredited certification service provider that it will not prohibit such defects by the decision to extend the services within the time limit set by it.
(5) The Ministry will prohibit the notified extension if the accredited certification service provider has not complied with all the conditions laid down by this Act for the provision of extended services.
(6) A decision to prohibit the extension of the provision of qualified certification services shall be taken by the Ministry no later than 90 days after receipt of the notification. '
32. In the first sentence of Paragraph 11, the words "for signature 'are inserted after the words" it is possible'.
33. In Section 11, the words "(" the recognised electronic signature ')' shall be added at the end of the sentence.
34. In the third sentence of Article 11, the words "guaranteed electronic signature based on a qualified certificate 'are replaced by" recognised electronic signature'.
35. In Paragraph 11, the sentence "The structure of the data on which a person can be clearly identified shall be added at the end of the sentence, the Ministry shall provide for an implementing act. '.
36. In Paragraph 11, the current text becomes paragraph 1 and the following paragraphs 2 and 3 are added:
"(2) The documents of public authorities in electronic form bearing an electronic mark based on a qualified system certificate issued by an accredited certification service provider or signed by a recognised electronic signature shall have the same legal effects as those issued by those authorities.
(3) The public authority shall receive and send the data messages referred to in paragraph 1 via an electronic mail office. "
37. in Article 12 (1) (b):
"(b) in the case of a legal person, the trading firm or the name and state in which the qualified provider is established; in the case of a natural person, the name, surname or addendum and the State in which the qualified provider is established; ';
38. in Article 12 (1) (c), the words "or names, as the case may be," shall be inserted after the word "name."
39. in Article 12 (1) (f):
"(f) the electronic brand of the certification service provider based on the qualified system certificate of the provider issuing the qualified certificate;"
40. In Article 12, the following paragraph 2 is inserted after paragraph 1:
"(2) The restrictions on the use of the qualified certificate referred to in paragraph 1 (i) and (j) shall be apparent to third parties."
Paragraph 2 shall become paragraph 3.
41. The following Sections 12a and 12b are inserted after Section 12:
Requirements for a qualified system certificate
A qualified system certificate shall include:
(a) an indication that it is issued as a qualified system certificate under this law;
(b) in the case of a legal person, the trading firm or name and the State in which the qualified provider is established; in the case of a natural person, the name, surname or addendum and the State in which the qualified provider is established;
Sign in for notes, favorites and notifications
Regulation Information
| Citation | Act No. 440 / 2004 Coll., amending Act No. 227 / 2000 Coll., on Electronic Signature, and amending certain other laws (Electronic Signature Act), as amended |
|---|---|
| Regulation Type | Law |
| Author | - |
| Collection | Code of Laws |
| Date of Promulgation | 26.07.2004 |
|---|---|
| Effective from | 26.07.2004 |
| Effective until | - |
| Status | Valid |
The regulation text is for informational purposes only.
Comments 0