Regulation Law 6/2020, of November 11, regulating certain aspects of electronic services or the law regulating electronic trust services. Entered into force on November 13, 2020.
The purpose of this law is to regulate certain aspects introduced in Regulation (EU) 910/2014, of July 23, 2014. Regarding electronic identification and trust services for electronic transactions in the internal market and by which it repeals Directive 1999/93 / CE, (hereinafter “the Regulation”).
The law is mandatory for entities that provide public and private electronic trust services established and residents or domiciled in another state that has a permanent establishment located. Provided that they offer services not supervised by the competent authority of another country. From the EU and offering trusted electronic services.
The adaptation to the regulation implies that only natural persons will be able to sign electronically. In this sense, the issuance of electronic signature certificates in favor of legal persons or other entities without legal personality is not foreseen. However, legal persons may act through the signature certificates of the natural persons that represent them.
Legal Effects Of Electronic Documents And Certificates
The validity of the electronic certificates will have a maximum duration of five years, depending on the characteristics and the technology used to generate the signature, seal, or authentication data of the website. This validity may be revoked or suspend by the issuing entity or an official body, in accordance with the provisions of article 5.
In accordance with the foregoing, and in the event of a suspension, the validity of the certificate will end if, once the suspension period has expired, the service provider has not lifted it. However, the “chaining” in the renewal of qualified certificates will only be authorized once for security reasons.
Obligations And Responsibility Of Trusted Electronic Service Providers
A trust service provider is an entity or body responsible for creating. Verifying, and validating all the services inherent to the electronic signature.
In this sense, trusted electronic service providers have the following obligations and responsibilities:
- All trusted service providers must be register with the appropriate body. Which will maintain lists of qualified and unqualified trusted providers.
- They must inform the Ministry of Economy and Digital Transformation. The Spanish Agency for Data Protection, and users whose personal data have been affecting. As soon as possible, of security incidents that endanger
- Electronic service providers in the private sector must be insure against liability in order to operate with guarantees.
- Likewise, they must inform the users of their services and the control body of the cessation of their activity two months in advance.
- They must keep the information for 15 years.
- Service providers have an obligation to respond to requests related to the right to data portability.
In this sense, and in accordance with the provisions of article 10 of the law, “Trustworthy electronic. Service providers will assume full responsibility vis-à-vis third parties for the acts of the persons or others. Providers to whom they delegate the execution of one or more of the functions. Necessary for the provision of electronic trust services, including identity verification actions prior to the issuance of a qualified certificate”. You can get more detail information about the subject through online network.
Violations of this law are classified as very serious, serious, and minor. Thus, service providers who fail to comply with their obligations. without prejudice to the possibility already provided in article 20.3 of the aforementioned regulation. To withdraw the qualification or the service they provide may be exclude from the trust list publish by the Ministry.