2009/767/ESOprava rozhodnutí Komise 2009/767/ES ze dne 16. října 2009 , kterým se stanovují opatření pro usnadnění užití postupů s využitím elektronických prostředků prostřednictvím „jednotných kontaktních míst“ podle směrnice Evropského parlamentu a Rady 2006/123/ES o službách na vnitřním trhu ( Úř. věst. L 274 ze dne 20.10.2009 )
| Publikováno: | Úř. věst. L 4, 7.1.2011, s. 6-8 | Druh předpisu: | Oprava |
| Přijato: | 7. ledna 2011 | Autor předpisu: | Evropská komise |
| Platnost od: | 7. ledna 2011 | Nabývá účinnosti: | 7. ledna 2011 |
| Platnost předpisu: | Ano | Pozbývá platnosti: | |
Text předpisu s celou hlavičkou je dostupný pouze pro registrované uživatele.
Oprava rozhodnutí Komise 2009/767/ES ze dne 16. října 2009, kterým se stanovují opatření pro usnadnění užití postupů s využitím elektronických prostředků prostřednictvím „jednotných kontaktních míst“ podle směrnice Evropského parlamentu a Rady 2006/123/ES o službách na vnitřním trhu
( Úřední věstník Evropské unie L 274 ze dne 20. října 2009 )
Uvedené odkazy se vztahují ke znění zveřejněnému v Úř. věst. L 299, 14.11.2009, s. 18.
|
1. |
Strana 32, příloha, kapitola I, pole „Scheme information URI (bod 5.3.7)“, první odrážka, znění společného textu začínající slovy „Tento seznam je provedením „Důvěryhodného seznamu ověřovatelů, nad nimiž je vykonáván dohled nebo kteří jsou akreditováni“ [název příslušného členského státu] v podobě TSL…“ a končící slovy „… jsou do tohoto provedení v podobě TSL zařazeni dobrovolně na vnitrostátní úrovni“ se nahrazuje tímto: |
„ „The present list is the TSL implementation of [name of the relevant Member State] “Trusted List of supervised/accredited Certification Service Providers” providing information about the supervision/accreditation status of certification services from Certification Service Providers (CSPs) who are supervised/accredited by [name of the relevant Member State] for compliance with the relevant provisions of Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures.
The Trusted List aims at:
|
— |
listing and providing reliable information on the supervision/accreditation status of certification services from Certification Service Providers, who are supervised/accredited by [name of the relevant Member State] for compliance with the relevant provisions laid down in Directive 1999/93/EC; |
|
— |
facilitating the validation of electronic signatures supported by those listed supervised/accredited certification services from the listed CSPs. |
The Trusted List of a Member State provides a minimum of information on supervised/accredited CSPs issuing Qualified Certificates in accordance with the provisions laid down in Directive 1999/93/EC (Art. 3,3, 3.2 and Art. 7.1(a)), including information on the QC supporting the electronic signature and whether the signature is or not created by a Secure Signature Creation Device.
The CSPs issuing Qualified Certificates (QCs) listed here are supervised by [name of the relevant Member State] and may also be accredited for compliance with the provisions laid down in Directive 1999/93/EC, including with the requirements of Annex I (requirements for QCs), and those of Annex II (requirements for CSPs issuing QCs). The applicable ‚supervision‘ system (respectively ‚voluntary accreditation‘ system) is defined and must meet the relevant requirements of Directive 1999/93/EC, in particular those laid down in Art. 3,3, Art. 8,1, Art. 11 (respectively, Art. 2,13, Art. 3,2, Art 7.1(a), Art. 8,1, Art. 11)
Additional information on other supervised/accredited CSPs not issuing QCs but providing services related to electronic signatures (e.g. CSP providing Time Stamping Services and issuing Time Stamp Tokens, CSP issuing non-Qualified certificates, etc.) are included in the Trusted List and the present TSL implementation at a national level on a voluntary basis.“ “
|
2. |
Strana 33 až 35, příloha, kapitola I, pole „Scheme type/community/rules (bod 5.3.9)“, znění popisného textu uvedené v uvozovkách a začínající nadpisem „Účast v systému“ a končící slovy „… v příloze rozhodnutí Komise [odkaz na toto rozhodnutí].“ se nahrazuje tímto: |
„Participation in a scheme
Each Member State must create a “Trusted List of supervised/accredited Certification Service Providers” providing information about the supervision/accreditation status of certification services from Certification Service Providers (CSPs) who are supervised/accredited by the relevant Member State for compliance with the relevant provisions of Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures.
The present TSL implementation of such Trusted Lists is also to be referred to in the list of links (pointers) towards each Member State’s TSL implementation of their Trusted List, compiled by the European Commission.
Policy/rules for the assessment of the listed services
The Trusted List of a Member State must provide a minimum of information on supervised/accredited CSPs issuing Qualified Certificates in accordance with the provisions laid down in Directive 1999/93/EC (Art. 3.3, 3,2 and Art. 7.1(a)), including information on the Qualified Certificate (QC) supporting the electronic signature and whether the signature is or not created by a Secure Signature Creation Device.
The CSPs issuing Qualified Certificates (QCs) must be supervised by the Member State in which they are established (if they are established in a Member State), and may also be accredited, for compliance with the provisions laid down in Directive 1999/93/EC, including with the requirements of Annex I (requirements for QCs), and those of Annex II (requirements for CSPs issuing QCs). CSPs issuing QCs that are accredited in a Member State must still fall under the appropriate supervision system of that Member State unless they are not established in that Member State. The applicable “supervision” system (respectively “voluntary accreditation” system) is defined and must meet the relevant requirements of Directive 1999/93/EC, in particular those laid down in Art. 3,3, Art. 8,1, Art. 11 (respectively, Art.2.13, Art. 3,2, Art 7.1(a), Art. 8,1, Art. 11).
Additional information on other supervised/accredited CSPs not issuing QCs but providing services related to electronic signatures (e.g. CSP providing Time Stamping Services and issuing Time Stamp Tokens, CSP issuing non-Qualified certificates, etc.) may be included in the Trusted List and the present TSL implementation at a national level on a voluntary basis.
CSPs not issuing QCs but providing ancillary services, may fall under a “voluntary accreditation” system (as defined in and in compliance with Directive 1999/93/EC) and/or under a nationally defined “recognised approval scheme” implemented on a national basis for the supervision of compliance with the provisions laid down in Directive 1999/93/EC and possibly with national provisions with regard to the provision of certification services (in the sense of Art. 2,11 of the Directive). Some of the physical or binary (logical) objects generated or issued as a result of the provision of a certification service may be entitled to receive a specific “qualification” on the basis of their compliance with the provisions and requirements laid down at national level but the meaning of such a “qualification” is likely to be limited solely to the national level.
Interpretation of the TSL implementation of the Trusted List
The general user guidelines for electronic signature applications, services or products relying on a TSL implementation of a Trusted List according to the Annex of Commission Decision 2009/767/EC are as follows:
A “CA/QC” “Service type identifier” (Sti) entry (similarly a CA/QC entry further qualified as being a “RootCA/QC” through the use of “Service information extension” (Sie) additionalServiceInformation extension)
|
— |
indicates that from the “Service digital identifier” (Sdi) identified CA (similarly within the CA hierarchy starting from the “Sdi” identified RootCA) from the corresponding CSP (see associated TSP information fields), all issued end-entity certificates are Qualified Certificates (QCs) provided that it is claimed as such in the certificate through the use of appropriate ETSI TS 101 862 defined QcStatements (i.e. QcC, QcSSCD) and/or ETSI TS 101 456 defined QCP(+) OIDs (and this is guaranteed by the issuing CSP and ensured by the Member State Supervisory/Accreditation Body) Note: if no “Sie” “Qualification” information is present or if an end-entity certificate that is claimed to be a QC is not “further identified” through a related Sie entry, then the “machine-processable” information to be found in the QC is supervised/accredited to be accurate. That means that the usage (or not) of the appropriate ETSI defined QcStatements (i.e. QcC, QcSSCD) and/or ETSI defined QCP(+) OIDs is ensured to be in accordance with what it is claimed by the CSP issuing QCs. |
|
— |
and IF“Sie” “Qualification” information is present, then in addition to the above default usage interpretation rule, those certificates that are identified through the use of this Sie Qualification entry, which is constructed on the principle of a sequence of “filters” further identifying a set of certificates, must be considered according to the associated qualifiers providing some additional information regarding SSCD support and/or “Legal person as subject” (e.g. those certificates containing a specific OID in the Certificate Policy extension, and/or having a specific “Key usage” pattern, and/or filtered through the use of a specific value to appear in one specific certificate field or extension, etc.). Those qualifiers are part of the following set of “qualifiers” used to compensate for the lack of information in the corresponding QC content, and that are used respectively:
|
The general interpretation rule for any other “Sti” type entry is that the listed service named according to the “Sn” field value and uniquely identified by the “Sdi” field value has a current supervision/accreditation status according to the “Scs” field value as from the date indicated in the “Current status starting date and time”. Specific interpretation rules for any additional information with regard to a listed service (e.g. “Service information extensions” field) may be found, when applicable, in the Member State specific URI as part of the present “Scheme type/community/rules” field.
Please refer to the Technical specifications for a Common Template for the “Trusted List of supervised/accredited Certification Service Providers” in the Annex of Commission Decision 2009/767/EC for further details on the fields, description and meaning for the TSL implementation of the Member States' Trusted Lists.”
|
3. |
Strana 40, příloha, kapitola I, pole „Service current status (bod 5.5.4)“, sedm odrážek uvedených návětím „Toto pole je povinné a specifikuje identifikátor stavu služby prostřednictvím jednoho z těchto URI“ se nahrazuje tímto: |
|
„— |
Under Supervision (pod dohledem) (http://uri.etsi.org/TrstSvc/eSigDir-1999-93-EC-TrustedList/Svcstatus/undersupervision); |
|
— |
Supervision of Service in Cessation (dohled nad ukončovanou službou) (http://uri.etsi.org/TrstSvc/eSigDir-1999-93-EC-TrustedList/Svcstatus/supervisionincessation); |
|
— |
Supervision Ceased (dohled ukončen) (http://uri.etsi.org/TrstSvc/eSigDir-1999-93-EC-TrustedList/Svcstatus/supervisionceased); |
|
— |
Supervision Revoked (dohled odvolán) (http://uri.etsi.org/TrstSvc/eSigDir-1999-93-EC-TrustedList/Svcstatus/supervisionrevoked); |
|
— |
Accredited (akreditována) (http://uri.etsi.org/TrstSvc/Svcstatus/eSigDir-1999-93-EC-TrustedList/Svcstatus/accredited); |
|
— |
Accreditation Ceased (akreditace ukončena) (http://uri.etsi.org/TrstSvc/eSigDir-1999-93-EC-TrustedList/Svcstatus/accreditationceased); |
|
— |
Accreditation Revoked (akreditace odvolána) (http://uri.etsi.org/TrstSvc/eSigDir-1999-93-EC-TrustedList/Svcstatus/accreditationrevoked).“ |
|
4. |
Strana 44, příloha, kapitola I, pole „Service information extensions (bod 5.6.6)“, text začínající nadpisem „TSP(1) Služba(1) Historie(2)“ a končící třemi tečkami nad nadpisem „Signed TSL“ se nahrazuje tímto: |
Stejně pro TSP(1) Service(1) History(2) (před History 1)
…
TSP(1) Service(2)
Stejně pro TSP(1) Service 2 (podle potřeby)
TSP(1)Service(2)History(1)
…
TSP(2) Information
Stejně pro TSP 2 (podle potřeby)
Stejně pro TSP 2 Service 1
Stejně pro TSP 2 Service 1 History 1
…“