Final Statement

5 February 2018 |by pozargrz | Comments Off on Final Statement | 2015

The European Forum on Electronic Signature (EFPE) is one of largest international conferences in Europe devoted to electronic signatures and PKI. This year, 15th edition of EFPE 2015 with the leading topic being “New legal and technological order in international electronic economy: eIDAS Regulation – from electronic signatures to trust services”, was held on 10-12 June 2015 in Międzyzdroje (Poland).

EFPE 2015 was attended by over 130 participants from 27 countries. Among them were representatives of European Commission, ETSI, large institutions using trust services (including government offices and agencies), producers of software or hardware solutions or trust service providers related to electronic signature and electronic identification.

The eIDAS Regulation on electronic identification and trusted services requires service providers and supervisors bodies to make meaningful efforts to adopt new requirements for solutions and IT systems existing on the market. According to Art. 52 eIDAS Regulation shall be applied (except some cases counted in Art. 52 (2)) from 1 July 2016. Furthermore, a certification-service-provider issuing before 1 July 2016 qualified certificates under Directive 1999/93/EC should submit a conformity assessment report to the national supervisory body not later than 1 July 2017. After this date such a certification-service-provider shall not be considered as qualified trust service provider under eIDAS Regulation. Hence, trust service providers and developers are essentially interested for publishing of implementation acts and standard documents that allow them to adopt existing and new trust services according with the requirements stated there.

Participants to the Conference pointed to the need for a comprehensive approach to implementing legislative changes in national legal framework. eIDAS Regulation requires careful harmonization with national law, while preserving the letter and spirit of Regulation.
Trust services legal effects defined in eIDAS Regulation must be explicit for users regardless of the fact where the EU member come from.
Participants to the Conference pointed out that it is important to identify not only many challenges in implementing eIDAS in certain EU member States, but also to evaluate what is the impact of eIDAS outside the EU. This is important practical problem because there is no common legal ground between the EU and other countries, although legal systems may be similar and trust services can be provided under the same conditions. The participants stressed that at EU level would be good practice to determine the recommendation for implementation of Art. 14 concerning international aspects of electronic identification and trust services recognition that are provided to or by third parties (non-EU Member States).
A large number of dedicated trust services would be too difficult to use for relying parties and will be not compatible with the postulate cited, for example in Preamble (57), which states that the validation of qualified electronic signature should be made easy and convenient for all parties at Union level. For this reason the trust services should be aggregated according to rules prepared by the normalization body (for example ETSI) as a standard on Trusted List (TL).
Public administration that intends to provide trust services to the public should do it on equal and competitive rules with commercial subjects. Participants to the conference reiterate the belief expressed in last years’ conferences that the public administration should increasingly rely on commercial solutions offered by service providers operating on the digital market.
In the internal instruments, it would be also worth recommending to include areas not covered directly by eIDAS regulation, for example trusted services and identification. International aspects of trust services and ID-escrow are examples of such challenges.

This final document has been prepared by international experts and participants during the EFPE 2015. This document has been translated into English, Polish and Russian and presented for acceptance by participants of the conference. We ask policy makers and lawmakers to consider this modest contribution to the European discussion in their future efforts.

KEEP READING

Program

31 January 2018 |by pozargrz | Comments Off on Program | 2015

Riccardo Genghini, The Chairman of the Technical Committee ESI, European Telecommunications Standards Institute, Italy
Standards and eIDAS regulation: opportunities and challenges

Peter Lipp, European Telecommunications Standards Institute (ETSI), Austria
ETSI Signature Validation Standard

Yurii Kozlov, “The Information Centre” at the Ministry of Justice of Ukraine, Ukraine
Normative and technological aspects of the implementation of eIDAS Regulation in Ukraine

Marco Fernandez Gonzalez, Elena Alampi, European Commission, Belgium
eIDAS Regulation: state of play of implementation

Kazimierz Schmidt, Minister Counsellor at the Information Department, Ministry of Administration and Digitization, Poland
Understandig eIDAS, when does electronic identification end and trust services begin – do we need the answer to such question?

Marek Ujejski, National Health Fund, Poland
Health Profesionals Card and Health Patient Card as a identification means fullfilling Levels HIGH due to requirements lay down on Implementing Act

Jerzy Pejaś, West Pomeranian University of Technology, Poland
Top 10 issues of the eIDAS Regulation implementation in Poland

Michał Tabor, Expert of Polish Chamber of IT and Telecommunications (PIIT) in the area of identification, authentication and electronic signature, Poland
Confirm it with an e-seal

Arno Fiedler, European Telecommunications Standards Institute (ETSI), Germany
Requirements for qualified website certificates

Clemens Wanko, TÜViT, Germany
eIDAS Regulation – Changes in certification and supervision for Trust Services

Sławomir Górniak, ENISA, Greece
ENISA actions with regard to eIDAS Regulation

Christian Kuhn, Gemalto, France
Extend PKI use cases to mobility. Leveraging Bluetooth Smart technology.
Develop cloud signing services. Leveraging HSM in the cloud.

Luca Castellani, Secretary, Working Group IV (Electronic Commerce), Secretariat of the United Nations Commission on International Trade Law (UNCITRAL), Austria
The use of UNCITRAL texts in facilitating cross-border recognition of electronic signatures

Jon Ølnes, Senior Consultant, UniBridge, Norway
Trusting 100s of trust services – architectural models for cross-border e-signatures

Richard Wang, WoSign, China
Electronic Signature Application in China

Iñigo Barreira, Izenpe, Spain
Meaning of the Google’s CT model for trust service providers

Tatiana Stankevich, Gazinformservis, Russia
Legal and technological time aspects as common trust space setting to legally significant electronic documents

Robert Bielecki, ARhS, Luxembourg
Cross-border signature validation: Necessity of a validation report

Marcin Szulga, Unizeto Technologies SA, Poland
Trust Services in the Cloud – In Search of Business Value: Architectural Challenges

Grzegorz Wójcik, President of the Board, Autenti sp. z o.o., Polska
Electronic signature – cooperation of many trust service providers (experience of Autenti)

prof. Aleksandr Potii, “Institute of information technologies” SA, Ukraine
National strategy of electronic identification of Ukraine. “White book” project of e-government

Aleksei Ivanov, Managing Director Leader Telecom B.V., Russia/Netherlands
Latest trends of using Extended Validation Certificates

Jana Krimpe, Best Solutions, Azerbaijan
Asan Imza (Mobile-ID) – unique platform in m-Government of Azerbaijan

Sandor Szoke, Microsec ltd., Hungary
The Next Generation Mobile Based Authentication Solution

Daniel Lancien, Opentrust, France
When I sign, what really matters?

Govind Yadav, Senior Sales Engineer, GlobalSign, Great Britain
PKI for the Modern Enterprise – Securing the IoT and Automating Deployments

KEEP READING

Gallery

31 January 2018 |by pozargrz | Comments Off on Gallery | 2015

Gallery 1

Gallery 2

Gallery 3

Gallery 4

KEEP READING

Summation

31 January 2018 |by pozargrz | Comments Off on Summation | 2015

LEGAL AND TECHNOLOGICAL IMPACT ON THE GLOBAL ELECTRONIC ECONOMY: EIDAS REGULATION – FROM ELECTRONIC SIGNATURES TO TRUST SERVICES

KEEP READING

Dear User

The Controller of your personal data is Asseco Data Systems S.A. seated in Gdynia, ul. Podolska 21, 81-321 Gdynia, KRS No: 0000421310.

You can contact us:

  • by post (traditional mail), writing to the address indicated above;
  • by e-mail at: kontakt@assecods.pl;
  • by phone: +48 22 52 58 601.

Data Protection Officer

We have appointed a Data Protection Officer whom you can contact:

  • by post (traditional mail), writing to the address: Asseco Data Systems S.A., Biuro w Łodzi (Łódź Office), ul. Narutowicza 136, 90-146 Łódź,
  • by e-mail at: IOD@assecods.pl,
  • by phone: +48 42 675 63 60.

Objectives and legal basis of the processing

We will process your personal data to:

  • send marketing information by means of electronic communication and automation programs pursuant to the Act of July 18, 2002 on the provision of services by electronic means and in connection with Article 172(1) of the Act of July 16, 2004 on Telecommunications Law pursuant to Article 6(1)(a) of the Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data as well as repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L. of 2016 No. 119, page 1)).

Data retention period

Your personal data will be stored until you withdraw your consent to receive marketing information.

Recipients of personal data.

In accordance with applicable data protection laws, we provide your personal data:

  • In accordance with applicable data protection laws, we provide your personal data:
  • to our subcontractors or other persons or entities acting on our behalf with whom we will cooperate during the performance of the agreement,
  • to entities to whom we will contract data processing services, IT service providers,
  • to the relevant public authorities to the extent that we are obliged to make your data available to them.

Your rights in relation to the processing of personal data

You have the following rights related to the processing of personal data:

  • the right to object to the processing of your data,
  • the right to access your personal data,
  • the right to request the correction of your personal data,
  • the right to request the deletion of your personal data,
  • the right to request a restriction on the processing of your personal data.

All of the above rights can be exercised by submitting a request to https://www.daneosobowe.assecods.pl or by writing to the Data Protection Officer’s e-mail address: IOD@assecods.pl

Right to lodge a complaint

You have the right to lodge a complaint with the President of the Office for Personal Data Protection (to the address: Stawki 2, 00-193 Warsaw), if you think that the processing of your personal data concerning you violates the provisions of the Regulation.

Transfers of personal data to third countries

Your personal data will be stored on servers located in the European Union; however, in connection with Asseco Data Systems S.A.‘s use of cloud solutions provided by Microsoft, they may be transferred — on the basis of standard data protection clauses — to a third country. Microsoft’s standard contractual clauses in line with the templates approved by the European Commission are available at the following address: https://www.microsoft.com/en-us/licensing/product-licensing/products.aspx in the Online Services Terms (OST) section.

Requirement to provide personal data

The provision of your data is voluntary, but it is necessary for us to send information, including marketing information, by electronic means of communication.

Automatic data processing and profiling

Your data will be processed automatically, including in the form of profiling. Automated decision making will be carried out on the basis of processing of personal data provided when completing the form and data concerning activity in the Services and activity connected with our e-mail communication with you, the consequence of such processing will be to match marketing information concerning our products and services which may be of interest to you.

Privacy Police