On 06.29.2021, the procedure for adopting bill no. 08 / L-022 on electronic identification and trust services in electronic transactions was launched before the Kosovo Assembly (âbillâ).
With the entry into force of this law, the chapter concerning the use of electronic signatures in law no. 04 / L-094 on information society services should be repealed. The provisions mentioned in the said law have not been used in practice, the secondary law necessary for their implementation having never been adopted.
This draft law is fully compliant with Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market which repealed the Directive 1999/93 / EC.
The bill regulates trust services and establishes a legal framework for the use of electronic signature, electronic seal, electronic time stamp and equipment for their creation, conditions for issuance and use of qualified certificates. for service certification and website authentication.
Trust services: The bill establishes rules for the fiduciary services of Kosovo. A trusted service provider (“TSP“) is defined as a natural or legal person who, generally for remuneration, provides one or more of the following electronic services:
- the creation, verification and validation of electronic signatures, electronic seals or electronic time stamps, electronic registered delivery services and certificates related to these services;
- creation, verification and validation of website authentication certificates; Where
- the conservation of signatures, seals or electronic certificates related to these services.
The bill sets out the safety requirements that TSPs must meet as well as the requirements that TSPs must meet in order to be considered a âqualifiedâ TSP (such as qualified employee personnel, reliability and knowledge to exercise the service. activity as a qualified TSP trust service provider, the use of products that apply measures against tampering and theft of data, etc.)
Electronic signature: The bill defines âsimpleâ electronic signature, advanced electronic signature and qualified electronic signature. Electronic signature is defined as a set of data in electronic form, which is attached or logically linked to other data in electronic form and which is used by the signer to sign. The bill provides that such an electronic signature will be valid and acceptable, and that its validity or its weight of proof will not be denied simply because it is in electronic form.
The advanced electronic signature is defined as an electronic signature which meets the following requirements: (i) which is uniquely linked to the signer; (ii) which allows a clear identification of the signatory; (iii) who uses the data for the creation of the electronic signature which is under the exclusive control of the signatory; (iv) which is linked to the data that the signer signs so that any subsequent change is detectable.
Qualified electronic signature is defined as an advanced electronic signature based on a qualified certificate for electronic signatures and created by a qualified electronic signature creation device.
The qualified electronic signature certificate is issued by a qualified TSP and contains, among others, information: (i) which identifies the legal or natural person issuing the qualified certificate, (ii) which uniquely identifies the signatory (i.e. surname and first name, personal identification number, etc.) , (iii) on the validity period of the qualified certificate for the electronic signature, (iv) on the identity code of the electronic certificate, which must be unique for the qualified service provider, etc.
A qualified electronic signature creation device must ensure (i) the confidentiality of the data used to create the electronic signature or seal, (ii) that the electronic signature or seal creation data appears only once, (iii) that electronic data is not obtained outside of an electronic signature creation device; (iv) that the electronic signature is reliably protected against forgery using currently available technology, as well as to ensure that (v) the protection of data used for the creation of an electronic signature against unauthorized use. The qualified electronic signature will have the same legal effect as the handwritten signature.
Exceptions to the use of electronic signatures: The bill lists the cases where the electronic signature cannot be used, as follows:
- in the field of family law and inheritance, which are subject to specific legal requirements;
- in legal actions for which public legalization, a notarial deed or judicial authorization is required,
- in legal actions relating to the guarantee of property for surety;
- whenever, by special law, the use of electronic signatures is not permitted.
Electronic seal: The electronic seal is the electronic equivalent of a seal applied to a document to guarantee its origin. The bill provides that an electronic seal is considered valid and admissible and must not be denied legal effect and admissibility as evidence in legal proceedings on the sole ground that it is in electronic form or that it does not meet the requirements of a seal.
In addition, the bill sets the requirements for the advanced qualified electronic seal, i.e. (i) which is only related to the creator of the seal, (ii) that it identifies the creator of the seal, (iii ) which is created using the electronic seal creation data and (iv) which is linked to the data to which it relates so as to detect any subsequent change thereof. Such an advanced qualified electronic seal benefits from the presumption of data integrity and correctness of the origin of the data to which the qualified electronic seal is linked.
Website authentication: The bill regulates website authentication, which is defined as an electronic process to verify the integrity of website data and the reliability of its use, and is based on a website authentication certificate, to know a qualified website authentication certificate (issued by a qualified trust service provider). Website Authentication Certificates are electronic certificates used to authenticate the website and connect with the natural or legal person (i.e. the owner of the website) to whom the certificate is issued. .
Electronic registered delivery service: The bill provides the legal framework for the establishment of the recommended electronic delivery service which is a service that allows the electronic transfer of data between parties (i.e. public administration bodies, companies and citizens). It provides proof of sending and receiving data and protects against the risk of loss, theft, damage or unauthorized modification. For example, it enables online sharing of legal documents between parties in a secure manner, without the need for the parties to meet physically.