POLICIES:: eSignature :: Action Plan :: Undertakings
Main undertakings under the Action Plan
The Action Plan contains actions to enhance the cross-border interoperability of e-signatures and e-identification. The main initiatives mentioned in the Action Plan that have been or are being undertaken are listed hereafter and detailed out in the next chapter of this report.
1. To update Decision 2003/511/EC on generally recognised e-signature standards.
2. To rationalise e-signature standards.
6. To study the feasibility of a European federated validation service.
7. To update country profiles on national e-ID applications.
Remarks on methodology
The Action Plan called on Member States to provide relevant information to the Commission services to enable it to carry out the above actions. Exchanges between Member States and the Commission have taken place within the IDABC expert group on e-signature, IDABC eID Interoperability expert group and the expert group on the implementation of the Services Directive.
Participants of the large scale projects STORK, PEPPOL, and SPOCS (funded by the Competitiveness & Innovation Programme) have also been involved in the exchange of information.
- Update of Decision
2003/511/EC
The Action Plan envisaged the update of Decision 2003/511/EC establishing standards for some e-signature products and the analysis of its possible extension to more products. Originally the Decision fostered the use of e-signatures by publishing three "generally recognised standards" for e-signature products in compliance with article 3.5 of the e-signature Directive. The usage of these standards to produce an e-signature was an essential condition to grant legal presumption of equivalence to a handwritten signature.
The first standard is about the security requirements to be matched by a certification service provider issuing qualified certificates; the second standard defines security requirements for the hardware used the provider, and the third standard defines the security requirements of secure signature creation devices such as smartcards used by the signatory. As these standards have become obsolete, they have to be updated together with the Decision that refers to them.
CEN, the owner of the three standards, is currently working on their update. Further information on the process of updating Decision will be posted on the Commission's website when appropriate.
Extending the Decision to other e-signature products is envisaged in the context of the rationalisation of e-signature standards.
- Rationalisation of
e-signature standards
The current set of European standards related to e-signatures is too complex to use. There is a multiplicity of standards but a lack of usage guidelines and business orientation which are detrimental to e-signatures interoperability.
To address the issue, the Commission has submitted in January 2010, a four-year “mandate” to CEN and ETSI to enhance the current set of standards by developing a rationalised European e-signature standardisation framework.
Work has started beginning of 2011. The rationalized framework should be delivered in 2014.
-
"Trusted List” of qualified signature certificate providers
The objective of the creation of Member States' Trusted Lists of Certification Service Providers issuing qualified certificates announced in the Action Plan was to increase trust in e-signatures originating from other Member States and to facilitate their validation, in particular when used across borders. A "trusted list" provides in a standardised way information about supervised/accredited status of certification service providers and their services that is necessary for a relying party to verify an advanced e-signature supported by a qualified certificate.
The common way of establishing "trusted lists" in Member States is defined in Decision 2009/767/EC, adopted in the context of the implementation of the Services Directive. To facilitate access to Member States' trusted lists, the Commission has created a central list of links to the national lists. Decision 2009/767/EC was updated on 28.7.2010 to facilitate the automated use of trusted lists and to further enhance trust in them.
In parallel, ETSI has updated its standard on trusted lists (TS102 231 Provision of harmonized trust-service status information) in July 2009 and December 2009; it defines the technicalities of the common template for national "trusted lists".
-
Implementation guidelines for e-signatures
Due to the lack of an overall guidance document helping developers and users to appropriately handle existing e-signature standards identified in the Action Plan it was necessary to provide guidelines to help stakeholders to implement qualified e-signatures or advanced e-signatures based on qualified certificates in an interoperable way.
The 5th work package of the CROBIES study (study on cross-border interoperability of electronic signatures), has delivered a draft proposal for guidelines. The Commission has forwarded the document to the European Standardisation Organisations for consideration in the context of the rationalisation of e-signature standards.
-
Mutual recognition of e-signatures in eGovernment applications
The Commission has published updated country profiles on mutual recognition of e-signatures for e-government applications in Europe. This study analyses the requirements in terms of interoperability of e-signatures for different e-Government applications and services.
The study was launched in January 2009 and concluded in December 2009. Member States assessed the findings. Click here for the consolidated report and individual country profiles.
- Feasibility
of a European federated e-signature validation service
The Commission has published a study on the legal, operational and technical feasibility of a European federated e-signature validation service.
The study was launched in January 2009 and concluded in March 2010. Member States assessed the findings. Click here for the final report .
The study reviewed existing validation services in EU and elsewhere to assess if they could serve as examples at EU level. The study concluded that a European system may be difficult to implement but suggested that solving validation issues require a revision of the e-signature Directive.
However, the approach to provide national e-signature validation tools is gaining momentum in the context of a discussion between EU Member States and the Commission on the use of common signature formats to ensure that Points of Single Contact implemented in the context of the Service Directive will be able to handle incoming signatures from other Member States. A Commission Decision is in course of negotiation. Moreover, the large scale project PEPPOL is currently testing a federated approach to validation.
- e-ID
Interoperability for Pan European e-Government Services
The Commission published updated country profiles on e-ID interoperability for pan European e-government services to keep up with developments in the use of e-ID in the Member States.
The study was launched in January 2009 and concluded in December 2009. Click here for the consolidated report and individual country profiles. Member States assessed the findings.
- Commission’s
Electronic Signature Service Infrastructure (ESSI)
The Commission is working on an Electronic Signature Service Infrastructure (ESSI) to facilitate the introduction of e-signatures in its internal and external exchanges. It will be a key requirement for dematerialisation of the Commission processes, as foreseen in its “Rules for the provisions on electronic and digitised documents”.
ESSI comprises on one hand the set-up of a technical platform to enable the use of e-signatures by the Commission's business processes (planned to be available in 2010) and the provisioning of signature certificates to the Commission staff on the other hand.
Conclusion
The work performed since November 2008 when the Action Plan was adopted, has already resulted in concrete actions. New follow-up activities will take place in the context of the Digital Agenda for Europe.
Last updated: 23.2.2011