To promote the growth of electronic commerce, the European Commission will propose legislation to establish a legal framework for electronic signatures, a Commission official who asked not to be identified told journalists yesterday.
"Without a common legal framework for electronic signatures, electronic commerce will never take off," the official said. The proposal focuses on ensuring the identity (authenticity) of the partners in an electronic transaction through a voluntary system of certification aimed at building trust in electronic commerce. The legislation ensures that all types of electronic signatures are recognized as legal across the 15 member states.
The Commission hopes that the proposal will win formal approval by the 15 member states within 18 months. The proposed Directive is also designed to stop individual member states from enacting their own rules which could disrupt the single market for signature products and services, the official explained.
Germany and Italy have introduced very detailed rules regarding the legality of electronic signatures, while Denmark is on the verge of enacting very flexible rules, and most other member states are examining the need for specific rules, according to the Commission.
"Since everyone will use these products and services in the future, it is crucial that they benefit from a single market," the official explained, an objective adoption of the Commission proposal would achieve.
The directive introduces a voluntary certification process for electronic signatures which would give a specific signature automatic recognition as legal. The directive would not prohibit non-certified signatures, but these would only be recognised as legal according to specific contracts.
Electronic signatures coming from outside the European Union would not automatically benefit from legal recognition, but could be used in the EU.
An explanatory memorandum attached to the draft directive states clearly that the certification process "should by no means imply that a non-accredited service is automatically less secure."
Moreover, the legislation stipulates that where a third country has a similar certification process, the EU will recognize these procedures as equivalent under certain circumstances.
As for liability, the proposal states that the certification service provider is liable to its clients for the accuracy of all information in the certificate.
The directive also lists the requirements for the certificate, including the name of the holder and the unique identity code of the certificate, as well as the conditions for becoming a certification service provider, including the ability to verify by appropriate means the identify and capacity to act of the person to which a certificate is issued.
Although the Commission could not provide figures about the expected size of the market for these products and services, as an indication of their importance an official explained that Belgium and France have, for example, decided to introduce digital signatures to identify all participants in their social security and public health systems including doctors and patients.