Introduction to Cyberlaw handout 5 – electronic documents DIRECTIVE 1999/93/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 13 December 1999 on a Community framework for electronic signatures Article 2 Definitions For the purpose of this Directive: 1. ‘electronic signature’ means data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication; 2. ‘advanced electronic signature’ means an electronic signature which meets the following requirements: (a) it is uniquely linked to the signatory; (b) it is capable of identifying the signatory; (c) it is created using means that the signatory can maintain under his sole control; and (d) it is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable; 3. ‘signatory’ means a person who holds a signature-creation device and acts either on his own behalf or on behalf of the natural or legal person or entity he represents; 4. ‘signature-creation data’ means unique data, such as codes or private cryptographic keys, which are used by the signatory to create an electronic signature; 5. ‘signature-creation device’ means configured software or hardware used to implement the signature-creation data; 6. ‘secure-signature-creation device’ means a signature-creation device which meets the requirements laid down in Annex III; 7. ‘signature-verification-data’ means data, such as codes or public cryptographic keys, which are used for the purpose of verifying an electronic signature; 8. ‘signature-verification device’ means configured software or hardware used to implement the signature-verification-data; 9. ‘certificate’ means an electronic attestation which links signature-verification data to a person and confirms the identity of that person; 10. ‘qualified certificate’ means a certificate which meets the requirements laid down in Annex I and is provided by a certification-service-provider who fulfils the requirements laid down in Annex II; 11. ‘certification-service-provider’ means an entity or a legal or natural person who issues certificates or provides other services related to electronic signatures; 12. ‘electronic-signature product’ means hardware or software, or relevant components thereof, which are intended to be used by a certification-service-provider for the provision of electronic-signature services or are intended to be used for the creation or verification of electronic signatures; 13. ‘voluntary accreditation’ means any permission, setting out rights and obligations specific to the provision of certification services, to be granted upon request by the certification-service-provider concerned, by the public or private body charged with the elaboration of, and supervision of compliance with, such rights and obligations, where the certification-service-provider is not entitled to exercise the rights stemming from the permission until it has received the decision by the body. REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC Article 3 Definitions For the purposes of this Regulation, the following definitions apply: (1) ‘electronic identification’ means the process of using person identification data in electronic form uniquely representing either a natural or legal person, or a natural person representing a legal person; (2) ‘electronic identification means’ means a material and/or immaterial unit containing person identification data and which is used for authentication for an online service; (3) ‘person identification data’ means a set of data enabling the identity of a natural or legal person, or a natural person representing a legal person to be established; (4) ‘electronic identification scheme’ means a system for electronic identification under which electronic identification means are issued to natural or legal persons, or natural persons representing legal persons; (5) ‘authentication’ means an electronic process that enables the electronic identification of a natural or legal person, or the origin and integrity of data in electronic form to be confirmed; (6) ‘relying party’ means a natural or legal person that relies upon an electronic identification or a trust service; (7) ‘public sector body’ means a state, regional or local authority, a body governed by public law or an association formed by one or several such authorities or one or several such bodies governed by public law, or a private entity mandated by at least one of those authorities, bodies or associations to provide public services, when acting under such a mandate; (8) ‘body governed by public law’ means a body defined in point (4) of Article 2(1) of Directive 2014/24/EU of the European Parliament and of the Council (15); (9) ‘signatory’ means a natural person who creates an electronic signature; (10) ‘electronic signature’ means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign; (11) ‘advanced electronic signature’ means an electronic signature which meets the requirements set out in Article 26; (12) ‘qualified electronic signature’ means an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures; (13) ‘electronic signature creation data’ means unique data which is used by the signatory to create an electronic signature; (14) ‘certificate for electronic signature’ means an electronic attestation which links electronic signature validation data to a natural person and confirms at least the name or the pseudonym of that person; (15) ‘qualified certificate for electronic signature’ means a certificate for electronic signatures, that is issued by a qualified trust service provider and meets the requirements laid down in Annex I; (16) ‘trust service’ means an electronic service normally provided for remuneration which consists of: (a) the creation, verification, and validation of electronic signatures, electronic seals or electronic time stamps, electronic registered delivery services and certificates related to those services, or (b) the creation, verification and validation of certificates for website authentication; or (c) the preservation of electronic signatures, seals or certificates related to those services; (17) ‘qualified trust service’ means a trust service that meets the applicable requirements laid down in this Regulation; (18) ‘conformity assessment body’ means a body defined in point 13 of Article 2 of Regulation (EC) No 765/2008, which is accredited in accordance with that Regulation as competent to carry out conformity assessment of a qualified trust service provider and the qualified trust services it provides; (19) ‘trust service provider’ means a natural or a legal person who provides one or more trust services either as a qualified or as a non-qualified trust service provider; (20) ‘qualified trust service provider’ means a trust service provider who provides one or more qualified trust services and is granted the qualified status by the supervisory body; (21) ‘product’ means hardware or software, or relevant components of hardware or software, which are intended to be used for the provision of trust services; (22) ‘electronic signature creation device’ means configured software or hardware used to create an electronic signature; (23) ‘qualified electronic signature creation device’ means an electronic signature creation device that meets the requirements laid down in Annex II; (24) ‘creator of a seal’ means a legal person who creates an electronic seal; (25) ‘electronic seal’ means data in electronic form, which is attached to or logically associated with other data in electronic form to ensure the latter’s origin and integrity; (26) ‘advanced electronic seal’ means an electronic seal, which meets the requirements set out in Article 36; (27) ‘qualified electronic seal’ means an advanced electronic seal, which is created by a qualified electronic seal creation device, and that is based on a qualified certificate for electronic seal; (28) ‘electronic seal creation data’ means unique data, which is used by the creator of the electronic seal to create an electronic seal; (29) ‘certificate for electronic seal’ means an electronic attestation that links electronic seal validation data to a legal person and confirms the name of that person; (30) ‘qualified certificate for electronic seal’ means a certificate for an electronic seal, that is issued by a qualified trust service provider and meets the requirements laid down in Annex III; (31) ‘electronic seal creation device’ means configured software or hardware used to create an electronic seal; (32) ‘qualified electronic seal creation device’ means an electronic seal creation device that meets mutatis mutandis the requirements laid down in Annex II; (33) ‘electronic time stamp’ means data in electronic form which binds other data in electronic form to a particular time establishing evidence that the latter data existed at that time; (34) ‘qualified electronic time stamp’ means an electronic time stamp which meets the requirements laid down in Article 42; (35) ‘electronic document’ means any content stored in electronic form, in particular text or sound, visual or audiovisual recording; (36) ‘electronic registered delivery service’ means a service that makes it possible to transmit data between third parties by electronic means and provides evidence relating to the handling of the transmitted data, including proof of sending and receiving the data, and that protects transmitted data against the risk of loss, theft, damage or any unauthorised alterations; (37)‘qualified electronic registered delivery service’ means an electronic registered delivery service which meets the requirements laid down in Article 44; (38) ‘certificate for website authentication’ means an attestation that makes it possible to authenticate a website and links the website to the natural or legal person to whom the certificate is issued; (39) ‘qualified certificate for website authentication’ means a certificate for website authentication, which is issued by a qualified trust service provider and meets the requirements laid down in Annex IV; (40) ‘validation data’ means data that is used to validate an electronic signature or an electronic seal; (41) ‘validation’ means the process of verifying and confirming that an electronic signature or a seal is valid.