When does the new electronic certificate law come into effect?
The new electronic signature law or Law 6/2020, of November 11, entered into force on November 13, 2020, the day after its publication in the Official State Gazette. Regulating certain aspects of electronic trust services, as a complement to Regulation (EU) No. 910/2014 of the European Parliament and of the Council, of July 23, 2014, regarding electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93 / EC. And giving continuity to the measures that the government (within the framework of Royal Decree 11/2020 and in Additional Provision 11) provisionally established the past state of alarm, always within the state of alarm, for the issuance of certificates and stamps, qualified electronics. One of them is to contemplate identification by videoconference, as a fully legal means to digitally obtain qualified electronic certificates.
Who is affected by the new electronic certificate law?
The new law affects all public and private providers of electronic trust services established in Spain. Likewise, it will apply to providers resident or domiciled in another state who has a permanent establishment located in Spain, provided that they offer services not supervised by the competent authority of another country of the European Union, in addition to their users and that their modus operandi in the use of this type of services has been modified.
What is the objective of the new electronic certificate law?
The main objective pursued with the new electronic signature law is to finally have a regulation that conforms to Regulation (EU) No. 910/2014 of the European Parliament and of the Council, of July 23, 2014, regarding the Electronic identification and trust services for electronic transactions in the internal market (eIDAS), although this has been directly applicable since July 1, 2016.
The new regulation aims to establish the legal framework that contains the essential regulation to cover those aspects provided for in Regulation (EU) 910/2014, as is the case, among others, of the risk forecasting regime of qualified providers, the sanctioning regime, the verification of the identity and attributes of the applicants for a qualified certificate, the inclusion of additional requirements at the national level for qualified certificates such as national identifiers, or their maximum validity period, as well as the conditions for the suspension of the certificates.
In short, finally, a guarantee that establishes the legal between the qualified electronic signature and the handwritten signature.
How does the new law on electronic certificates affect?
Validity of qualified electronic certificates
One of the most significant novelties in relation to electronic certificates is that service providers are no longer allowed the so-called “chaining” in the renewal of qualified certificates using a valid one, more than once, for security reasons in legal traffic. The issuance and content of the qualified certificates establish a period of validity will be fixed in attention to the characteristics and technology used to generate the data for the creation of the signature, seal, or website authentication, etc.
New identification methods and requirements
Another novelty refers to the identity of the holder of the qualified certificates and the way it is recorded. The new regulations enable the possibility of verifying the identity of the natural person requesting a qualified certificate, this will require their appearance before those in charge of verifying it and it will be accredited by means of the National Identity Document, passport or other means admitted by Law. The person requesting a qualified certificate may be dispensed with if their signature in the request for issuance of a qualified certificate has been legitimized in the presence of a notary or meets the conditions and technical requirements for remote identity verification and, if appropriate, other specific attributes of the person requesting a qualified certificate, through other identification methods such as videoconferencing or video-identification that provide equivalent security in terms of reliability to physical presence as assessed by a conformity assessment body.
The same rule applies to tax identification of legal persons or persons without legal personality who are qualified certificate holders; they must use a code that identifies them univocally and permanently over time, as recorded in official records. On the other hand, if the certificates admit a representation relationship, they will include the identity of the represented natural or legal person, as well as an indication of the document that reliably certifies the powers of the signer to act on behalf of the person or entity to whom represent.
The new law on electronic certificates and the maximum of Data Protection
The new law on electronic certificates updates the regulation of the obligations and responsibilities of trusted electronic service providers, they are required to publish truthful information in accordance with the new standard and Regulation (EU) 910/2014, as well as not store or copy, by itself or through a third party, the signature, seal or website authentication data of the natural or legal person to whom they have provided their services, except in the case of their management on behalf of the owner. As well as the obligation on the part of the providers of these services, whether they are qualified or not, to adopt the appropriate technical and organizational measures to manage the risks to the security of the trust services they provide, as well as to notify the supervisory body of any breach of security or loss of integrity that has a significant impact on the trust service provided.
What regulation does the new law on electronic certificates replace?
This Law repeals Law 59/2003, of December 19, on electronic signatures, and with it those provisions incompatible with Regulation (EU) 910/2014. Article 25 of Law 34/2002, of July 11, on services of the information society and electronic commerce and finally the Order of the Ministry of Development of February 21, 2000, by which the Regulation of accreditation of certification and certification service providers for certain electronic signature products.
Do you have more questions about the new law on electronic certificates?
If you are interested in knowing more about Digital Certificates, we encourage you to contact us. We will be delighted to help you.