FAQ
FAQ knowledge base. Below are the most important news regarding the event database. For detailed information, click on the topic you are interested in.
"Electronic seal certificate" means an electronic certificate that combines validation data
an electronic seal with a legal person and confirms the name of that person;
"E-signature certificate" means an electronic attestation that associates data used for
validating the electronic signature to a natural person and confirms at least the name or nickname of that
persons;
- Creating, checking and approving electronic signatures, seals or time stamps, electronically registered delivery services and certificates that are associated with these services.
- Creating, checking and validating certificates to be used for website authentication.
- Retention of electronic signatures, seals or certificates related to these services.
- Advanced and qualified electronic signatures associated with a legal or natural person.
- Advanced and qualified electronic seals associated with a legal entity
- Confirmed qualifications for qualified electronic signatures
- Effective preservation of qualified electronic signatures
- Saving time
- Provision of electronic services
- Website authentication
In accordance with Regulation (EC) No 910/2014 (eIDAS) eIDAS, a qualified certificate for electronic signatures refers to a "certificate of electronic signatures issued by a qualified trust service provider"
and meets the requirements of the regulation.
In accordance with the requirements for eIDAS, qualified electronic signature certificates must contain:
- An indication that can be identified by automated processing that the certificate is a qualified certificate for electronic signature
- A data set clearly representing the qualified trust service provider that issued the qualified certificate, including information such as:
- Member State providing the services in which the entity is established
- Name and registration number if the service provider is a legal entity
- Name of the supplier if it is a natural person
- Signatory name or indication if a nickname is used
- Relevant data on the approval of electronic signatures and data on the creation of electronic signatures
- Information that identifies the validity period of the certificate from beginning to end
- Certificate identification key of the trusted trust certificate provider
- Issue of an advanced electronic signature or electronic seal of a trust service provider
- The location where the certificate supporting the advanced electronic signature is available free of charge
- Indication, preferably in the form of automated processing, where the electronic signature validation data associated with the electronic signature verification data is placed in a qualified electronic signature creation device
- have legal effects equivalent to a handwritten signature (Act of September 18.09.2001, XNUMX on electronic signature)
- intended for natural persons, issued on the basis of a contract and after (personal) identity verification at the CA Registration Point
- are used in every case of submitting a declaration of will (including e-invoices), they are not used to encrypt documents
A qualified electronic signature is this
"An advanced electronic signature with a digital certificate that has been encrypted using a secure signature-creation device"
A qualified electronic signature therefore increases the level of security provided by an advanced electronic signature. It is therefore legally equivalent to a handwritten signature.
Provided that the signature meets all the requirements set out in eIDAS for qualified electronic signatures, it can be used in court proceedings as evidence. All EU Member States must recognize this type of signature as valid if it has been produced with a qualified certificate issued from another Member State.
First, let's look at what is a "skilled signature creation device". In line with eIDAS requirements,
- The device must provide:
- Confidentiality of electronic signature data
- Electronic signature creation data for creating electronic signatures can only take place once
- The electronic signature creation data for creating signatures cannot be obtained and the signature is protected against falsification using current available technology
- The electronic signature creation data used to create signatures may be protected by a legitimate signatory against use by others
- The device does not change the data to be signed or prevent the signatory from presenting such data before signing the contract
- Only qualified service providers can generate or manage signing information on behalf of the signer
- Without prejudice to lit. (d) point 1, qualified trust service providers managing electronic signature creation data on behalf of the signer may duplicate electronic signature creation data only for backup purposes, provided that the following requirements are met:
- The security of duplicate datasets must be the same as for original datasets
- The number of duplicate data sets should not exceed the minimum necessary to ensure service continuity
EU Member States must recognize the validity of a qualified electronic signature that has been created using a qualified certificate from another Member State.
A qualified electronic signature is an advanced electronic signature from a qualified digital certificate that was created by a qualified signature creation device (QSCD). In order for an electronic signature to be considered a qualified electronic signature, it must meet three main requirements:
First, the signatory must be connected and clearly identified for signing.
The second point is that the data used to create the signature must be under the control of the signatory.
Finally, it must be able to identify whether the data attached to the signature has been compromised since the message was signed.
Undeniability is the certainty that someone cannot deny the importance of something. Non-repudiation is a legal concept widely used in information security and refers to a service that provides evidence of data origin and data integrity. In other words, non-repudiation makes it very difficult to effectively deny who / where the message is coming from, as well as the authenticity of the message. Digital signatures (in combination with other measures) can offer non-repudiation for online transactions where it is essential to ensure that a party to a contract or communication cannot deny the authenticity of their signature on the document or transmission of the communication in the first place. In this context, non-repudiation refers to the ability to ensure that a party to a contract or communication has to accept the authenticity of their signature in a document or message.
SimplySign is a mobile application thanks to which you can sign all documents functioning in electronic version. As part of this application, there is also a token code generator, which is needed to identify the user in the process of logging into the service. Download SimplySign on your mobile device to use the token code generator that identifies the user in the signature process on a traditional computer: PC / Mac OS.
As part of this application, there is also a module that allows signing documents on a mobile device. We inform:
if you have already installed SimplySign on your mobile device, you do not need to reinstall it.
Download SimplySign Desktop so that you can use key services available on the market such as: Payer, eDeklaracjie, ePUE, etc.
The SimplySign Desktop application emulates connecting a physical cryptographic card and card reader to your computer.
Thanks to this solution you will be able to use SimplySign in applications requiring the use of a physical card.
This application also includes the proCertum SmartSign module that allows signing documents on a traditional computer: PC / Mac OS
- uniquely identifies and connects its signatory
- the private key used to create the electronic signature is under the control of the signatory
- If the data has been compromised after the message was signed, the signature must identify what happened
- revocation of the signature in the event that the accompanying data have changed.
"Person identification data" means a set of data enabling the identification of a natural person or
legal person or a natural person representing a legal person;
REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
on respect for private life and the protection of personal data in communications
electronic and repealing Directive 2002/58 / EC (regulation on
privacy and electronic communications)
(Text with EEA relevance)
THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16
i 114,
Having regard to the proposal from the European Commission,
after transmission of the draft legislative act to the national parliaments,
1. Having regard to the opinion of the European Economic and Social Committee
,
2. Having regard to the opinion of the Committee of the Regions
,
3. Having regard to the opinion of the European Data Protection Supervisor
,
Acting in accordance with the ordinary legislative procedure,
Whereas:
“… Electronic communications data is confidential. Any interference in the data
derived from electronic communications such as listening, eavesdropping, storage,
monitoring, scanning or other type of interception, supervision or
processing of electronic communications data by persons other than
end users, is prohibited,…. "
“… The content of electronic communications is about the quintessence of the fundamental right as it is
respect for private and family life, home and power communication
art. 7 Charter of Fundamental Rights. … This Regulation provides
the ability of providers of electronic data communication services to process
from electronic communications with the informed consent of all
interested end-users…. "
"Electronic signature creation data" means the unique data that the signatory uses for
creating an electronic signature;
Free technical support - 24 H / 7 days a week only for our customers who purchase, activate and install an electronic signature in our office in Gdynia.
We strive to make our programs work reliably. But we are always ready to help in technical matters related to their operation or new versions of the application.
Choose the form of help that is most convenient for you
Phone support
Call Center when you have a problem with installation and start working with the program, as well as in the case of so-called system errors;
Remote Assistance
using a secure TeamViewer program we will connect to your computer and perform the steps necessary to solve the problem;
HERE YOU WILL RECEIVE FAST TECHNICAL ASSISTANCE CONCERNING "CERTUM" CERTIFICATES.
YOU CAN CONTACT US:
- ON THE HOTLINE: 58 5055 910
- CHAT OR EMAIL USING A WIDGET - ON THE RIGHT SIDE OF THE SCREEN.
Thanks to personalized modules of "Team Viewer QS" - the world's # 1 solution in the field of remote technical support, we are able to connect to your computer in a few moments and remove the defect while maintaining all standards related to the security of your data.
Is this solution secure?
Yes it is. The "Team Viewer QS" module is not permanently installed on your computer, it is activated by you when the service is needed, and each connection requires your approval.
In case you are not our client yet, nothing terrible - we will also help.
In this case, you will be charged a small invoice for our efforts, but you will receive professional help.
"Electronic document" means any content stored in electronic form, in particular text or
sound, visual or audiovisual recording;
Directive is a legal act of the European Union which requires member states to achieve a certain result without dictating the way to achieve that result. It can be distinguished from rules that are self-executing and do not require any implementing measures. Directives usually leave Member States some flexibility as to the exact rules to be adopted. Directives can be adopted through various legislative procedures depending on their subject matter.
eIDAS (electronic IDconfirmation, Aauthentication and trust Services) is an EU regulation on identification services and trust in electronic electronic transactions in the internal market. It is a set of standards for electronic identification and trust services for electronic transactions in the European Single Market. It was established in the EU Regulation № 910/2014 of 23 July 2014 on electronic identification and repeals Directive 1999/93 / EC with effect from 30 June 2016. It entered into force on 17 September 2014. It is valid from 1 July 2016.
eIDAS supervises electronic identification and trust services for electronic transactions in the internal market of the European Union. It regulates electronic signatures, electronic transactions, the authorities involved and their embedding processes to provide users with a secure way of doing business on the Internet, such as electronic funds transfer or transactions with public services. Both the signatory and the recipient have access to a higher level of convenience and security. Instead of relying on traditional methods such as mail, fax services or in person to send paper documents, they can now perform transactions across borders, eg Using 1-click "Technology".
eIDAS has created standards in which electronic signatures, qualified digital certificates, electronic seals, time stamps and other evidence of authentication mechanisms enable electronic transactions with the same legal validity as those performed on paper.
The eIDAS regulation entered into force in July 2014. As a measure to facilitate safe and smooth electronic transactions in the European Union. EU Member States are required to recognize electronic signatures that meet eIDAS standards.
"Electronic time stamp" means data in electronic form which binds other data in electronic form
over time, providing evidence that this other data existed at that time;
"Electronic identification" means the process of using electronic data identifying a person,
uniquely representing a natural or legal person, or a natural person representing a legal person;
REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
on respect for private life and the protection of personal data in communications
electronic and repealing Directive 2002/58 / EC (regulation on
privacy and electronic communications)
(Text with EEA relevance)
THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16
i 114,
Having regard to the proposal from the European Commission,
after transmission of the draft legislative act to the national parliaments,
Having regard to the opinion of the European Economic and Social Committee1
,
Having regard to the opinion of the Committee of the Regions2
,
Having regard to the opinion of the European Data Protection Supervisor3
,
Acting in accordance with the ordinary legislative procedure,
Whereas:
"... Article 17
Information on detected security risks
In the event of a particular risk that may compromise the security of the network or services
electronic communications, the electronic communications service provider informs users
end-users with such a threat, and if the risk falls outside the scope of the measures
undertaken by the service provider - informs end users of any
possible remedies, including the likely costs that come with it
bind .... "
It's simple, it's enough for the person representing the entity to get for themselves:
- electronic signature in Certum and will use it to sign the application that will be accepted in the ZSMOPL system,
- Enterprise ID certificate, through which it will sign applications sent to the ZSMOPL system.
- Certificate validity period: 2 years
- Qualified Certificate
- Enterprise ID certificate
- Cryptographic card - StarCos® 3.2
- ACS ACR39T - A1 card reader
- CD with free software:
- to operate the proCertum CardManager card,
- for signing and verifying e-documents / files pro Certum SmartSign
- Qualified time stamp with activation (5000 pieces / month)
According to EIDAS Article 25:
"An electronic signature cannot be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is an electronic form or that it does not meet the requirements for a qualified electronic signature."
This can be interpreted, which means that if you want to prove the validity of a document in a legal setting, you need an advanced or higher level.
According to eIDAS, companies that require a high level of trust and confidence should use advanced or qualified electronic signatures. It is a highly recommended solution for financial sector organizations, government bodies and EU Member States.
If you plan to use document workflows for customer transactions, legal transactions or third-party transactions, remember that the data / data in your document is as trustworthy as the procedures used to secure it.
Finally, it is worth recalling that although eIDAS does not specify the use of digital certificates to obtain advanced signatures, we recommend that you use them and buy them from a trusted and trusted certification authority. Community trust is essential if you want your signatures to be automatically validated and trusted in popular documentation software such as Adobe or Microsoft. That way, when you sign documents, you will have not only compliance, but also a seamless experience for the recipient of the document.
"Qualified electronic seal" means an advanced electronic seal that has been provided for
using a qualified electronic seal creation device and which is based on a qualified one
certificate of electronic seal;
'Qualified electronic signature certificate' means an electronic signature certificate that is issued
by a qualified trust service provider and meets the requirements set out in Annex I;
"Qualified electronic signature" means an advanced electronic signature which is created by means of
qualified electronic signature creation device and which is based on a qualified certificate
electronic signature;
In accordance with the regulation on the eIDAS system, the European Parliament has expressed the need to create a public key infrastructure, thus creating the need for European validation bodies.
Each Member State is required to establish "points of single contact" (PSCs) of existing trust services to ensure that eIDs can be used in cross-border transactions in the public sector, including the ability of EU citizens to benefit from cross-border healthcare.
"Electronic communications metadata" means data processed in
electronic communications networks for the purpose of transmission, distribution or exchange
electronic communications content; including tracking and identification data
Source and destination of the communication case, location data
devices generated in connection with the provision of communications services
electronic and date, time, duration and type of communication;
National Certification Center (NCCert) - the IT system of the National Bank of Poland built to perform the tasks entrusted to the NBP by the minister competent for computerization in accordance with art. 11 of the Act of 5 September 2016 on trust services and electronic identification. root certification authority (so-called root) for the secure electronic signature infrastructure in Poland, run by the Department of Security of the National Bank of Poland.
Activity
The legal basis for NCCert's operation is the authorization issued to the National Bank of Poland by the Minister of Economy and Labor, in accordance with the Act about electronic signature. The new authorization, covering the tasks listed in the Act on trust services and electronic identification, was issued by the Minister of Digitization on October 27, 2016.
In accordance with art. 10 of the Act on trust and electronic identification services, the National Certification Center performs the following tasks:
- create and issue to qualified trust service providers certificates for the verification of advanced electronic signatures or electronic seals referred to in Annex I (a) g, Annex III point g and Annex IV lit. h to Regulation 910/2014, and certificates used to verify other trust services provided by qualified suppliers (so-called trust service provider's certificates);
- publish the certificates referred to in point 1;
- publish lists of revoked certificates referred to in point 1;
- creates data for electronic stamping of certificates referred to in point 1, and certificates for verification of these seals (so-called certificates of the national certification center).
In addition, as part of the National Certification Center, the NBP maintains a register of trust service providers (Article 3 of the Act on trust services) and publishes a trusted list(so-called TSL list), which is a tool supporting cross-border verification of qualified certificates.
The National Certification Center does not provide qualified trust services within the meaning of the Act on trust services and electronic identification (in particular, it does not issue qualified certificates) - this is done by other entities called qualified trust service providers. As of November 17, 2016, there are five qualified trust service providers in Poland. These are:
- Asseco Data Systems SA
- Enigma Systemy Ochrony Information Sp. z o. o
- Eurocert Sp. z o. o
- Krajowa Izba Rozliczeniowa SA
- Polish Security Printing Works SA
In the past, qualified trust services (previously referred to as qualified certification services) were also provided by TP Internet Sp. z o. o., a subsidiary of Telekomunikacja Polska SA and the company Mobicert Sp. z o. o. Both entities lost their entitlement to provide these services and were removed from the register on June 30, 2006 (TP Internet) and November 13, 2013 (Mobicert), respectively.
REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
on respect for private life and the protection of personal data in communications
electronic and repealing Directive 2002/58 / EC (regulation on
privacy and electronic communications)
(Text with EEA relevance)
THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16
i 114,
Having regard to the proposal from the European Commission,
after transmission of the draft legislative act to the national parliaments,
Having regard to the opinion of the European Economic and Social Committee1
,
Having regard to the opinion of the Committee of the Regions2
,
Having regard to the opinion of the European Data Protection Supervisor3
,
Acting in accordance with the ordinary legislative procedure,
Whereas:
“… The content of electronic communications is about the quintessence of the fundamental right as it is
respect for private and family life, home and power communication
Art. 7 Charter of Fundamental Rights. Any interference in the content of communications
Electronic should only be allowed in very clearly defined
conditions and for specific purposes and should be subject to appropriate
safeguards against abuse. This Regulation provides for
the ability of providers of electronic data communication services to process
from electronic communications with the informed consent of all
interested end users. For example, suppliers may offer
services that involve the scanning of e-mails to remove PL 18 PL
some pre-defined material. Due to the sensitive nature of the content
communications in this Regulation presupposes that the processing of such data
regarding content will result in a great threat to the rights and freedoms of persons
physical. Provider of electronic communications services, processing this type of data,
should always consult the supervisory authority prior to processing.
Such consultations should be in accordance with Article 36 paragraph 2 and 3 of the Regulation (EU)
2016/679. This assumption does not include the processing of content data for the purpose
provide the service ordered by the end user when the user
the final consent to such processing and it is carried out for the needs of such
services and for a period absolutely necessary and proportionate for her. After sending
content of electronic communications by the end user and receipt thereof by
target end user or target end users
this content may be saved or stored by the end user,
end users or a third party entrusted by end users
saving or storing such data. Any processing of such data
must be in accordance with Regulation (EU) 2016/679…. "
- Conformity Assessment Body- a body that has been accredited in accordance with Art. 2 of Regulation (EC) No 765/2008 to assess the compliance of the qualified trust service provider and its custody services.
- Trust Service Provider- the trust service provider as a qualified or unqualified trust service provider.
- Qualified trust service provider- an entity that has obtained the status of a supervisory authority to provide qualified trust services
Digital signature creation devices
- Qualified Signature Creation Device (QSCD)- This device qualifies a digital signature through its software and hardware to ensure that the signer has sole control over his private key, that signature creation data is generated and managed by a qualified trust service provider, and that signature creation data is unique. confidential and protected against counterfeiting.
- Secure Signature Creating Device (SSCD)- This device must ensure that the signature creation data involved in creating a signature is unique, protecting against forgery and changes after signature creation.
Trust service providers in accordance with eIDAS
EIDAS digital signatures
According to Regulation (EU) No 910/2014 (eIDAS), a trust service provider (TSP) is defined as " a natural or legal person that provides one or more trust services as a qualified or unqualified trust service provider. "
TSPs are responsible for ensuring the electronic identification of signatories and services using strong authentication mechanisms, digital certificates and electronic signatures. eIDAS defines how trust service providers perform authentication and non-repudiation services and how they are to be regulated and recognized in EU Member States.
Sending documents via the Internet is very cheap, convenient and saves your time. Printing, then completing and signing documents manually. Additionally, you can forget about sealing, enveloping and shipping along with its costs.
The documents are transmitted immediately in a secure manner and you automatically receive an official confirmation of receipt. This is especially important when you have to send large amounts of documents every month.
See how much your company will save by using a qualified electronic signature
| Cost effectiveness | money | time |
|---|---|---|
| SMALL ENTERPRISE
generating around 50 documents per month |
PLN 4487 |
11 days |
| MEDIUM ENTERPRISE
generating around 150 documents per month |
14 667 zł |
32 days |
| LARGE ENTERPRISE
generating around 500 documents per month |
46 917 zł |
96 days |
* Savings for an enterprise with an electronic signature per year
Below we present an example of a list of costs related to sending documents in a small enterprise for Poczta Polska and for a qualified electronic signature.
| Quantity | Quantity | Poczta Polska | Poczta Polska | Electronic signature | |
|---|---|---|---|---|---|
| Sending documents | in month | in year | cost in month | cost per year / 2 years | cost in 2 years |
| Signed corrections of invoices | 3 | 36 | PLN 20.40 | PLN 244.48 / PLN 488.96 | PLN 0 |
| Contract bills signed | 8 | 96 | PLN 54.40 | 652.80 PLN / 1 305.60 PLN | PLN 0 |
| Signed declarations to the Tax Office and the Social Insurance Institution | 2 | 24 | PLN 13.60 | PLN 163.20 / PLN 326.40 | PLN 0 |
| Official correspondence | 2 | 24 | PLN 13.60 | PLN 163.20 / PLN 326.40 | PLN 0 |
| Judicial Correspondence | 1 | 12 | PLN 6.80 | PLN 81.60 / PLN 163.20 | PLN 0 |
| Envelopes for shipment | 5 | 60 | PLN 3,5 | PLN 42.00 / PLN 84 | PLN 0 |
| Signature set | - | - | - | - | PLN 499 |
| Together | 21 | 252 | PLN 112.3 | PLN 1347,28 / PLN 2694.56 | PLN 499 |
* cost of one envelope 0,70 PLN,
* The cost of sending one document Poczta Polska PLN 6,80
* Electronic signature (signature set for 2 years with activation, installation and training, the net price is given)
"Electronic mail" means any electronic message containing
information, such as text, voice, video, sound or image, transmitted over the network
electronic communications, which messages can be stored on the network or
in the associated computing infrastructure or in the recipient's end device
such a message;
"Public sector entity" means a public, regional or local body, public law body or body
an association formed by one or more such bodies or one or more such legal entities
public or private entity at least one of these bodies, entities or one of these
associations have authorized the provision of public services when acting on the basis of such
authorization;
'Electronic signature' means data in electronic form that is attached or logically linked to others
data in electronic form and which are used by the signatory as a signature;
The concept of "legal persons" in accordance with the provisions of the Treaty on the Functioning of the European Union (TFEU) concerning
running a business leaves business entities free to choose the legal form,
which they consider appropriate for carrying out their activities. Therefore, the term "legal persons" within the meaning
TFEU means all entities constituted under or subject to the law of a Member State
this law, regardless of their legal form.
REGULATION (EU) NO 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
of July 23, 2014
on electronic identification and trust services in relation to electronic transactions
on the internal market and repealing Directive 1999/93 / EC
THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114,
Having regard to the proposal from the European Commission,
after transmission of the draft legislative act to the national parliaments,
Having regard to the opinion of the European Economic and Social Committee (1),
Acting in accordance with the ordinary legislative procedure (2),
Whereas:
1. The processing of personal data is carried out in accordance with the provisions of Directive 95/46 / EC.
2. Without prejudice to the legal effect that national law confers on nicknames, use shall not be prohibited
nicknames in electronic transactions.
Ordinance is a legal act of the European Union which becomes immediately feasible as in almost all Member States simultaneously. Regulations can be distinguished from Directives which, in principle, have to be transposed into national law. Regulations can be adopted through a variety of legislative procedures depending on their subject matter.
eIDAS is used throughout the EU. Each Member State supervises its own trust service providers and accepts trust services from other Member States. This ensures competition in the market and the possibility of using competitive trust services.
The rules on electronic identification and trust services will have an impact across the EU. The involvement of financial institutions in the development of these devices will enable customers and financial products to have faster remote services tailored to the needs of electronic transactions. New business models make it possible to directly reach users of electronic services and can lead to lower costs and time needed for direct services and document handling.
REGULATION (EU) NO 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
of July 23, 2014
on electronic identification and trust services in relation to electronic transactions
on the internal market and repealing Directive 1999/93 / EC
THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114,
Having regard to the proposal from the European Commission,
after transmission of the draft legislative act to the national parliaments,
Having regard to the opinion of the European Economic and Social Committee (1),
Acting in accordance with the ordinary legislative procedure (2),
Whereas:
1. The legal effect of an electronic time stamp is not questioned or its admissibility as evidence
in court proceedings solely on the grounds that this tag is in electronic form or does not comply
qualified electronic time stamp requirements.
2. A qualified electronic time stamp shall use the presumption of the accuracy of the date and time it indicates, and
data integrity with which the indicated date and time are connected.
3. A qualified electronic tag issued in one Member State shall be considered qualified
electronic time stamp in all Member States.
'Electronic identification means' means a tangible or intangible unit containing identification data
a person and used for authentication for the online service;
"Relying party" means a natural or legal person that relies on an electronic identification or service
trust;
'Electronic identification system' means an electronic identification system under which funds are spent
electronic identification for natural or legal persons or natural persons representing legal persons;
"Registered Electronic Delivery Service" means a service enabling the transmission of data between parties
third electronically and providing evidence related to the use of transmitted data,
including proof of sending and receiving data, and protecting the transmitted data against the risk of loss, theft,
damage or any unauthorized change;
A trust service is an electronic service that, in addition to website authentication, is responsible for creating, verifying and checking electronic signatures, seals, time stamps, delivery services, and certificates that are used for these services. It is also responsible for preserving these signatures, seals or electronic certificates.
What is a trust service?
A trust service is an electronic service that includes one of the following:
- Creating, checking and approving electronic signatures, seals or time stamps, electronically registered delivery services and certificates that are associated with these services.
- Create, check and validate certificates to be used for website authentication.
- Retention of electronic signatures, seals or certificates related to these services.
For a trust service to be considered a qualified trust service, the trust service must meet the requirements of the eIDAS Regulation. The use of trust services provides a framework of trust for ongoing relationships in electronic transactions between countries and organizations.
'Trust service' means an electronic service usually provided for remuneration and covering:
a) creation, verification and validation of electronic signatures, electronic seals or electronic tags
time, registered electronic delivery services, and certificates related to those services;
and/ or
b) creation, verification and validation of website authentication certificates; or
c) maintenance of electronic signatures, seals or certificates related to these services;
"Interpersonal communication services" includes services
which enable interpersonal and interactive communication even as part of
a minor support function that is inherent in another service.
"Authentication" means an electronic process which enables the electronic identification of a natural person or
legal or confirmation of the origin and integrity of the verified data in electronic form;
'Validation' means the process of verifying and confirming the validity of an electronic signature or stamp.
Qualified certificates for electronic seals include:
a) an indication - at least in a form that allows automatic processing - that the certificate has been issued
as a qualified certificate of an electronic seal;
(b) a set of data that uniquely represents the qualified issuing trust service provider
certificates covering at least the Member State in which the supplier is established, and
- for a legal person: the name and, if applicable, registration number according to the official one
registry
- for a natural person: name and surname of that person;
(c) at least the name of the sender and, if applicable, registration number in accordance with the official one
register;
(d) data for validating the electronic seal which correspond to the data for creating the electronic seal;
e) data on the beginning and end of the period of validity of the certificate;
(f) the certificate identification code, which must be unique for a qualified trust service provider;
(g) an advanced electronic signature or advanced electronic seal of the issuing qualified supplier
trust services;
h) a place where the certificate accompanying the advanced electronic signature is available free of charge
or an advanced electronic seal referred to in point g);
(i) the place of services that can be used to inquire about the validity status of the qualified certificate;
j) if the electronic seal creation data associated with the electronic seal validation data
are in a qualified electronic seal creation device, an appropriate indication
at least in a form that allows automatic processing.
Qualified electronic signature certificates contain the following information:
a) an indication - at least in a form that allows automatic processing - that the certificate has been issued
as a qualified electronic signature certificate;
(b) a set of data that uniquely represents the qualified issuing trust service provider
certificates covering at least the Member State in which the supplier is established, and
- for a legal person: the name and, if applicable, registration number according to the official one
registry
- for a natural person: name and surname of that person;
c) at least the name and surname of the signatory or his nickname; if a nickname is used, this fact is clear
indicated;
d) data for validating the electronic signature which correspond to the data used for creating the electronic signature;
e) data on the beginning and end of the period of validity of the certificate;
(f) the certificate identification code, which must be unique for a qualified trust service provider;
(g) an advanced electronic signature or advanced electronic seal of the issuing qualified supplier
trust services;
h) a place where the certificate accompanying the advanced electronic signature is available free of charge
or an advanced electronic seal referred to in point g);
i) a place of service that can be used to request the validity status of the qualified certificate;
j) where the electronic signature creation data associated with the validation data
the electronic signature are in a qualified electronic signature creation device, as appropriate
indication of this fact at least in a form that allows automatic processing.
REGULATION (EU) NO 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
of July 23, 2014
on electronic identification and trust services in relation to electronic transactions
on the internal market and repealing Directive 1999/93 / EC
THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114,
Having regard to the proposal from the European Commission,
after transmission of the draft legislative act to the national parliaments,
Having regard to the opinion of the European Economic and Social Committee (1),
Acting in accordance with the ordinary legislative procedure (2),
Whereas:
1. A qualified electronic time stamp shall meet the following requirements:
(a) it associates the date and time with the data so as to sufficiently exclude the possibility of undetectable changes in the data;
b) is based on a precise time source linked to coordinated universal time; and
c) it is signed using an advanced electronic signature or bears an advanced electronic seal
a qualified trust service provider or equivalent.
2. The Commission may, by means of implementing acts, establish reference numbers of standards for date binding
and time with data and precise time sources. Where the date and time linkage with data and precise
the source of time meets these standards, presumed compliance with the requirements set out in paragraph 1. These implementing acts
shall be adopted in accordance with the examination procedure referred to in Article 48 paragraph 2.
REGULATION (EU) NO 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
of July 23, 2014
on electronic identification and trust services in relation to electronic transactions
on the internal market and repealing Directive 1999/93 / EC
THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114,
Having regard to the proposal from the European Commission,
after transmission of the draft legislative act to the national parliaments,
Having regard to the opinion of the European Economic and Social Committee (1),
Acting in accordance with the ordinary legislative procedure (2),
Whereas:
1. Qualified electronic registered delivery services shall meet the following requirements:
(a) they are provided by one or more qualified trust service providers;
b) they ensure that the sender is identified with a high degree of certainty;
c) ensure identification of the addressee before providing the data;
d) sending and receiving data is secured by an advanced electronic or advanced signature
the electronic seal of a qualified trust service provider in such a way as to exclude the possibility of undetectable
data changes;
(e) any change to the data necessary for sending or receiving data is clearly indicated to the sender and recipient
data;
f) date and time of sending, receiving and any change of data are indicated by qualified electronic means
timestamp.
For data transfers between at least two qualified trust service providers, the requirements
referred to in point (a) to (f) apply to all qualified trust service providers.
2. The Commission may, by means of implementing acts, establish reference numbers of standards for dispatch procedures
and receiving data. If the process of sending and receiving data meets these standards, it is presumed
compliance with the requirements specified in paragraph 1. Those implementing acts shall be adopted in accordance with the examination procedure,
referred to in art. 48 paragraph 2.
Qualified time stamp
The "Time Stamp" service is useful in situations where the date plays an important role in verifying and authenticating various types of documents, contracts or certificates.
It's a kind of "label" pinned to an electronic document or application, on the basis of which you can easily determine the exact, reliable date of its creation or signing.
The Time Stamp is particularly applicable to contracts and settlements with business partners, clients and public institutions.
The time that a document is tagged is not based on system time (workstation or server), but comes from an independent source, which is the Trusted Third Party.
Documents with a Time Stamp (e.g. invoices or applications) are secured against counterfeiting and backdating. As a result, they are fully reliable for all companies, institutions, offices and individual clients.
The qualified electronic time stamp service complies with Art. 42 Regulation of the European Parliament and the Council of the European Union No. 910/2014 of 23 July 2014 (eIDAS)
| Time stamp | unqualified | qualified |
|---|---|---|
| Compliance with eIDAS (First in Poland) |  |
|
| It has legal effects on a certain date | |
|
| Reliable time stamping | |
|
| Dating of documents and electronic signatures (SHA1) | |
|
Main applications - time stamping:
-
- contracts sent electronically to banks, insurance institutions and partner companies,
-
- applications and applications sent electronically to public administration offices,
-
- electronic invoices sent to recipients in an electronic form.
The most important benefits:
-
- legal effects of a "certain date" within the meaning of the Civil Code,
-
- certainty of creating documents in a specified time,
-
- ensuring trade safety on the Internet,
-
- protection of computer programs against counterfeiting and virus infection.
