Due to the increasing number of electronic transactions, the need occurs to introduce formal regulations that may guarantee their security. As a retort, on 23 July 2014, the eIDAS regulation has taken effect.
Legal framework as the beginning of a new era
It is worth noting that in Poland are two functioning legal acts that are responsible for assuring the safety of electronic transactions, there are:
- Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC
- Act from the 5th September 2016 on trust services and electronic identification
The role of eIDAS regulation is a standardisation of the regulations on electronic transactions in all European Union members. This regulation should guarantee social trust towards online services. The transfer of a large part of everyday activities to the digital space allows faster economic development, with benefits for particular businesses and public administration. The eIDAS regulation supports that kind of progress and provides space for implementing additional domestic regulations.
The role of the Polish act on trust services and electronic identification
The act on trust services and electronic identification controls the functioning of these services in the country by defining the rules of surveillance over the suppliers. Its crucial element is also the refinement of the principles of operation of trust services and electronic identification.
Main terms’ dictionary
It is the European Parliament and European Council regulation on electronic identification and trust services from 23rd of June 2014. It relates to digital transactions in order to standardise these services on the European market.
They are data that serves the natural person to put a signature on a document, and they ensure its integrity and authenticity. The eIDAS regulation says that the following types of electronic signature can be distinguished:
- electronic signature
- advanced electronic signature
- qualified electronic signature
The electronic seal can be used by legal persons, so companies, organisations, or institutions. It consists of data that can be linked or added to the specific document. They ensure its integrity and authenticity – it is, therefore, the assertion that it comes from the given legal person. Besides, “normal” electronic seal to additional types can be distinguished
- advanced electronic seal
- qualified electronic seal
Validation of electronic seal and electronic signature
Validation verifies electronic signature or seal and provides proves of their validity.
Conservation of electronic seal and electronic signature
It is the process that allows for a significant extension of an electronic seal and electronic signature’s reliability. Conservation can be made by trust services.
Electronic time stamping
It is attached to the document as proof that contained in its data have existed before the given time and had not been changed. It is used to prevent unauthorised data manipulation. The electronic timestamp can also be qualified.
It is the process in which a person’s identity is determined based on specific data. Thanks to the electronic identification, we know, among other things, that the person who signs the document is who s/he claims to be and that we send the data to the right persons.
It is the process that allows the electronic identification of a given person or checking the authenticity of the received data.
It is the content hold electronically. It can be, among others, in the form of text, audio, or video.
It is a digital service supplied by the specific trust services provider registered on an open list to which further positions can be added. Trust service will include: issued of certificates, validation, and conservation of electronic signature and electronic steal. If the trust service is termed qualified, it must meet several requirements specified in the eIDAS regulation.
Trust services provider
It is the natural or legal person that provides trust services mentioned above. The qualified trust services provider is subjected to mandatory accredited audits, supervisory organ supervision, and enlisted in the register on the National Certification Center website.
A trusted party is someone who depends on a given trusted service or electronic identification. The trusted party has no contract and does not use direct trust services, but thanks to applied security, the signatures, seals, and other proves of trusted services may be considered reliable.
Registered electronic delivery
It is a service that allows electronic mail to be sent between parties and provides evidence of the use of the data. The security that results from data protection against loss, theft, damage, or unauthorised change is worth emphasising.
It enables to assign the website to a specific person, thus assures its credibility.
We prepared a more extensive dictionary in our report on the identification and certification in digital services.
Date of publication: 9.09.2020