CEF eSignature: LOTL-Signing with New Certificate
The European Commission today announces a change in the signing certificates of the List of Trusted Lists (LOTL).
Since June 2016, changes to the LOTL's signing certificates are contained in the LOTL itself, as detailed in the Official Journal of the European Union. The Commission will issue a new LOTL signed for the first time with one of these new certificates on 13 November 2017.
The certificates used to sign are changed to phase out the previously used certificates which used the outdated SHA1 hash algorithm. All relying parties are warned to take into account the procedure for updating the LOTL's signing certificates as outlined in the Official Journal of the European Union, if they haven't done so already.
The Regulation (EU) N°910/2014 on electronic identification and trust services for electronic transactions in the internal market (better known as the eIDAS Regulation) lays down a predictable legal framework for people, companies (in particular small and medium-sized enterprises) and public administrations to safely access to services and do transactions online and across borders.
The eIDAS Regulation sets out the requirements for electronic signatures to be recognised as qualified electronic signatures. To be qualified, electronic signatures must – among other requirements – have been created using a qualified signature creation device and using a qualified certificate.
Qualified certificates for electronic signatures and other trust services are provided by (public and private) trust service providers providers which have been granted a qualified status by a national competent authority as indicated in the national 'trusted lists' of the EU Member States, as well as Iceland, Liechtenstein and Norway. Those lists can be accessed through the Trusted List Browser. Many providers of qualified certificates will deliver the corresponding private key on a qualified signature creation device.
As stated in Article 22(4) of the eIDAS Regulation and in Article 4(3,4) of the Commission Implementing Decision 2015/1505/EU, the European Commission makes available the information notified by the Member States. This information is available in an XML document called the List of Trusted Lists or LOTL.
While different levels of electronic signatures may be appropriate in different contexts, only qualified electronic signatures are explicitly recognised to have the equivalent legal effect of hand-written signatures all over the EU.
EU Member States and the European Commission support the adoption of electronic signatures in Europe with the CEF eSignature building block. The deployment of solutions based on this building block in a Member State facilitates the mutual recognition and cross-border interoperability of e-signatures. This means that public administrations and businesses can trust and use e-signatures that are valid and structured in EU-interoperable formats.