Law 6/2009, of 29 December, on electronic signatures since the General Council in its session of December 29, 2009 has approved the following: Law 6/2009, of 29 December, on electronic signature exhibition of illustrations and the electronic signature is the mechanism that is used to verify the origin and integrity of messages sent by electronic means. In order to encourage the generalisation of electronic communications and the development of the information society, and so as not to assume an obstacle to the exercise of the rights of citizens, it is necessary that users can rely on this mechanism is optional, and for this reason it is necessary to regulate.
Although there are many possibilities of electronic signature, the practice has become the signature that is based on a certificate in the formula that offers more guarantees of reliability. The certificates are electronic documents issued by third parties lenders of services of certification, which relate the electronic signature creation data in the possession of the user with their identity, and are released in the online field.
In the European environment, the provision of services of certification is an activity carried out in both public and private entities, under the regime of free competition, and the certification services providers can benefit voluntarily to a specific legal regime, called accreditation, through which the State verifies that the services provided meet certain quality standards and, in return , attributes to his character certificates qualified certificates or recognized, which carries with it a presumption of reliability.
Although the Principality of Andorra is a small country and with specific economic and market characteristics, it is appropriate that the regulation of the electronic signature is not out of the general scheme followed by the countries of our surroundings. As a result, the law provides for a dual or mixed scheme by regulating the activity of private provision of certification services all anticipating the possibility that the public administrations can also provide these services.
From these premises, the law is divided into eight chapters, which are intended to the determination of the basic concepts that must be considered with regard to the electronic signature, the modalities and the effects; the regulation of electronic certificates; the regulation of the provision of certification services, including especially the requirements and obligations of this activity; the responsibilities of the people involved in the transmission of digitally signed messages. the accreditation of service providers; the system of supervision and control, and, finally, the system of sanctions.
Finally, the additional provisions establish the equivalence of foreign certificates, electronic signature and electronic signature creation devices, while the final provisions refer to the provision to the Government for the regulatory development of the law and the entry into force.
Chapter first. General provisions Article 1 object of the law 1. This law regulates the electronic signature and its effects in the sphere of business relations and also in the public administrations, in line, in this case, with the rules governing administrative procedures.
2. The law also regulates the provision of certification services, and applies to certification service providers established in the Principality of Andorra or the services provided via an establishment or open Office in the Principality of Andorra. Merely sporadic use, continuous or habitual, not technological resources located in Andorra for the provision or access to the service is understood as the existence of a permanent establishment and does not imply, in itself, the application of this law.
3. The provisions of this law does not modify the substantive law applicable to the formalisation, validity and effectiveness of contracts and legal acts, or the documents stating. Does not modify the applicable rules on the protection of consumers and users.
4. The use of the electronic signature in the relations with the Government of the Principality of Andorra can only be subject to the additional terms envisaged in this law, provided that these additional conditions:-be objective, transparent, proportionate and non-discriminatory;
-only make reference to the specific characteristics of the application concerned;
-do not impede cross-border services to the citizens of the Principality of Andorra.
Article 2 an electronic signature and a signatory to 1. The electronic signature is the set of data contained in an electronic document, linked to other data or associated with them, which can be used as a means of identification of the person that is emitted.
2. Has the status of a signatory the person who, acting for its own account or on behalf of another natural or legal person, creates a digital signature using a signature creation device.
3. electronic signatures are regulated by this law are: a) The advanced electronic signature.
b) electronic signatures qualified or recognized.
Article 3 advanced electronic signature The advanced electronic signature is the electronic signature which meets the following requirements: a) be linked so only the signatory.
b) Allow the identification of the signatory.
c) have been created using means that the signatory can maintain under his sole control.
d) be linked to a specific data so that it can detect any further change on these data.
Article 4 qualified electronic signature or qualified digital signature is referred to as recognized or recognized the electronic signature which meets the following requirements: a) Be based on a qualified certificate or recognized.
b) have been created by a secure signature creation device.
Article 5 Legal Effects of electronic signatures 1. The qualified electronic signature or recognized has with respect to the data contained in electronic form, the same legal validity as a handwritten signature in conjunction with the recorded on paper.
2. The qualified electronic signature or recognized has presumption of authenticity, unless proof to the contrary.
3. The digital signature that does not meet the requirements of a qualified electronic signature or recognized, or that it is not based on a certificate issued by an accredited service provider, no other legal effects or private admissibility at trial to this sole reason. The person who wants to use it can prove its reliability by any means accepted in law.
4. When the electronic signature to be used in the framework of a previously agreed upon by the parties to interact between them, it should be borne in mind that that the parties have stipulated, unless it is contrary to law.
Article 6 Electronic Document 1. The electronic document is that which it is consigned in electronic media and can incorporate data signed electronically.
2. The document may be supported by public and private documents.
3. The public documents issued and digitally signed must correspond to the responsibilities attributed to public officials or civil servants who are issued, and must meet the requirements established by the standard that are expected.
4. the documents referred to in this article are admissible as evidence in court, and have the courage and the legal effects that correspond to their respective nature, in accordance with this law and with the law that is applied.
Article 7 the electronic certificate the certificate is a digitally signed document to a certification service provider that links a signature verification data to a signatory and confirms the identities of both the signature and the signatory.
Article 8 provision of certification services 1. Certification service provider is the person or company that issues digital certificates or provides other services related to electronic signatures.
2. Certification services are provided under the regime of free competition and are not subject to prior authorization. However, the certification service providers, in the case of the qualified electronic signature or recognized, must be obtained in advance the technical accreditation in accordance with this law by the competent body.
3. The public administrations that provide certification services, either directly or through related entities or organisms, they must do so in accordance with the principles of objectivity, transparency, non-discrimination and competition.
Second chapter. System of electronic certificates Article 9 Application of certificates 1. Electronic certificates can apply for individuals.
2. They may request digital certificates for legal entities its administrators, legal representatives or individuals with powers enough for the purpose.
3. The provisions of this article do not apply to certificates that are issued in favor of the public administrations, which must be subject to their specific regulations.
Article 10 Termination of certificates 1. Causes of extinction of the validity of an electronic certificate the following: a) expiration of the period of validity indicated in the certificate.
b) Revocation by a signatory, the physical or legal person represented by this, a third party authorized or the physical person requesting a certificate of legal entity.
c) Violation or danger of the secret signature creation data or misuse of the data by a third party.
d) judicial or Administrative Decision that you order.
e) death or extinction of the legal personality of the signatory; death or termination of the legal personality of the represented; coping with disability is total or partial, of the signatory or represented; termination of the representation; dissolution of the legal person represented or alteration of the conditions of custody or use of the signature creation data that are reflected in the certificates issued to a legal person.
f) end of the activity of the certification service provider, except with the prior express consent of the signatory, the management of electronic certificates issued are transferred to another certification services provider.
g) Alteration of the data provided for the obtaining of the certificate or modification of the circumstances verified for the issuance of the certificate, such as those relating to the position or to the powers of representation.
2. The period of validity of electronic certificates must be suitable to the characteristics and to the technology used to generate the signature creation data. In the case of qualified certificates or recognized this period may not exceed four years.
3. The termination of the validity of an electronic certificate has effect against third parties in the event of expiry of its period of validity from to occur this circumstance; in all other cases, since the indication of the said termination is included in the service of consultation on the validity of the certificates of the certification service provider.
Article 11 suspension of the validity of the electronic certificates 1. Certification service providers have to suspend the validity of digital certificates in the following cases: a) request for the signatory, the physical or legal person represented by this, a third party authorized or the physical person requesting a certificate of legal entity.
b) judicial or Administrative Decision that you remember.
c) existence of doubts founded on the concurrence of a cause of extinction.
2. The suspension of the validity of an electronic certificate produces effects against third parties since it is included in the service of consultation on the validity of the certificates of the certification service provider.
Article 12 Provisions common to the termination and suspension of certificates 1. The certification service provider has to acknowledge the termination or suspension of certificates, expressly and clearly, in the service of consultation on the validity of certificates, when it becomes aware of any of the facts based determinants of the termination or suspension.
2. The certification service provider should inform the signatory of the revocation or suspension of the certificate of electronic signature simultaneously to the termination or suspension, stating the reasons and the date and time that the certificate is without effect and, in the case of suspension, the duration, stating in addition in this case, their maximum duration , dying out the validity of the certificate if upon expiry of the aforementioned term had not lifted the suspension.
3. The termination or suspension of a certificate of electronic signature does not have retroactive effect.
4. The termination or suspension of a certificate of electronic signature should be kept accessible at the service of consultation on the validity of the certificates, at least up to the date on which it would have finished his initial period of validity.
Article 13 qualified Certificates qualified certificates Are recognized or recognized or electronic certificates issued by a certification service provider which complies with the requirements established by this Act in relation to the verification of identity and the other circumstances of the applicants and with the reliability and guarantees that provide certification services.
Article 14 contents of qualified certificates or recognized 1. Qualified certificates or electronic signature recognised should indicate specifically that are delivered with this character and must have, at a minimum, the following content: a) The identification of the certification services provider that issued and your home.
b) The identification of the signatory by name and surname or pseudonym appears as such unequivocally in the case of an individual, and in the case of a legal person, its name, registration number, name and surname of the natural person who represents and in what circumstances.
c) The signature verification data corresponding to the signature-creation data under the control of the signatory.
d) the date and time at which the certificate is issued and the beginning and the end of its period of validity.
e) The unique code that identifies the certificate.
f) electronic signatures qualified or recognized of the service provider that the issued.
g) the limits of use of the certificate, where applicable.
h.) the limits of value of transactions for which the certificate can be used, when it is the case.
2. The certificate may contain any other circumstance or significant personal attribute of the owner, depending on the purpose of the certificate, provided that he give his consent, under the conditions that will make public the statement of certification practices.
Article 15 Checks prior to the issuance of a certificate as a qualified or recognized prior to the issuance of a certificate as a qualified or recognized, the certification service provider should perform the following checks: a) check the identity of the applicant for the certificate, in accordance with the provisions of article 16.
b) verify the accuracy and the accuracy of any other personal circumstance or an attribute that is stating on the certificate, the holder of a position or belonging to a professional association.
c) Check the complementarity of the data creation and signature verification, when delivered both, or verify that the applicant is the holder of the certificate and is in possession of the signature creation data corresponding to the checklist contained in the certificate.
Article 16 Verification of identity and the other circumstances of the applicants 1. The identification of the individuals who require a qualified certificate or recognized requires personal appearance before the charge to verify it and to prove by means of the display of an official document that proves your identity in a reliable way.
2. In the case of certificates issued to natural persons but who have a relationship with an organization, company, institution, company or other legal entity, the certification service providers should check, in addition to the identity of the applicant, the data relating to the Constitution and the legal status of the entity, and the extension and the validity of the faculties or powers of representation of the applicant through the public documents that prove reliable form and consultation at the appropriate public record, in the case of data that should appear there.
3. When the qualified certificate or recognized to contain other personal circumstances or attributes of the applicant, the certification service providers should check them always, in accordance with the specific regulations that apply.
4. It is not necessary to apply the provisions of paragraph 1 in the case of an applicant's identity and the circumstances of which are known by the certification service provider due to a preexisting relationship in which you have used the means of identification that there are established, if not it's been three years since the identification and if it transpires that all data are valid.
5. certification services providers are personally responsible for the actions of verification provided for in this article, even in the case that delegate execution to other people.
Article 17 equivalence of electronic signature certificates with other countries have value to Andorra as a qualified certified or recognized, the certificates that meet one of the following conditions: a) have been issued with qualified certificates or recognized by a certification services provider established in a Member State of the European Union and who has been certified in accordance with a system of voluntary accreditation of certification services in a Member State of the European Union and with those the United States has been established and is in effect a bilateral agreement on equivalence of certificates are qualified or recognized, or there are criteria of reciprocity in relation to the equivalence between both States.
b) have been issued by the United States with legislation on digital signatures to obtain them equivalent to the Andorra, or with whom there is reciprocity in the criteria for approval.
c) have been issued by the United States with which we have established a bilateral agreement of equivalence of certificates of electronic signatures that they foresee as well.
Third chapter. Certification service providers Article 18 Duties of certification service providers The certification service providers that issued electronic certificates must comply with the following obligations: a) does not save or copy the data of creation of the signature of the person to whom they have provided their services.
b) provide the applicant, before the start of the relationship of service, information about the applicant's obligations once it becomes a signatory, information about the obligation of custody of the devices, the secret of the keys, the mechanisms of communication in case of incidents, the mechanisms to ensure the reliability of the electronic signature, the method that will be used to check the identity of the signatory and on aspects relating to the statement of certification practices that regulates article 19.
c) Keep a record of date of certificates which must contain the certificates delivered and whether they are valid or if the term has been canceled or extinguished. The integrity of this directory should be protected by appropriate security mechanisms.
d) Ensure the availability of a consultation service about the validity of the certificates fast and secure.
Article 19 Statement of certification practices 1. Certification service providers have to prepare a statement of certification practices in which should include obligations and warranties which are committed in connection with the management of certificates and of data creation and signature verification, the conditions applicable to the requests, the use, the suspension of the validity and termination of certificates , the applicable security measures, as well as all other data and information that are established by regulation.
2. The service provider has to disclose, at least electronically, the statement of certification practices, free of charge and with free access.
Article 20 additional Obligations of service providers that issue qualified certificates or recognized 1. In addition to the obligations laid down in article 18, the certification service providers issuing qualified certificates or recognized must comply with the following obligations: a) Demonstrate the reliability necessary to provide this kind of service.
b) Guarantee that you can specify the date and time on which the certificate was issued or go extinct or suspend the validity.
c) Employ qualified staff, with knowledge and experience, to ensure the safety and management in the field of the electronic signature.
d) Preserve registered and with guarantees of security and integrity of the information and documentation relating to each qualified certificate or recognized, at least for a period of 15 years from the issue.
e) Take measures against forgery of certificates, and, in the event that the certification service provider generates signature-creation data, guarantee confidentiality during the process of generating this data.
f) Use trustworthy systems and products which are protected against all alteration and to ensure the technical and cryptographic security of the procedures with which they work.
g) Use trustworthy systems to store certificates in a verifiable way that:-only the people authorised to make entries and modifications;
-You can check the authenticity of the information;
-the certificates are available to the public to be consulted;
-the agent can detect all technical changes that may affect the security requirements mentioned above.
h) have sufficient financial resources.
The conditions under which they have to comply with these obligations shall be fixed by the regulations.
2. the certification service providers issuing qualified certificates or recognized must have signed a civil liability insurance for a minimum amount of six hundred thousand euros in order to ensure the coverage of damages that may be caused by reason of their activity. The Government, by Decree, you can modify the amount of this guarantee and also establish other alternative formulas guarantee to supply, entirely or in part, the insurance.
Article 21 the termination of the provision of services of certification 1. The cessation of the activity of rendering of services of certification requires communication to users of its services with a minimum of two months prior to the completion of the activity.
2. The lender to stop the activity can be transferred, with the consent of the users, the certificates that are still in force at another service provider that assume or, otherwise, extinguish the validity reemborsant users to the part proportional to the remaining validity period of the certificate.
3. The provider must also communicate that has decided to cease the activity to the competent body of the Government that will determine by regulation, in the same period established in paragraph 1. In this communication you must declare if you transfer to another service provider or if you terminated the validity of certificates.
4. The lender must guarantee for a period of four years, counting from the moment in which the lender allows the certification services, the availability of a consultation service about the validity of the extinct certificates.
5. If you do not transfer to another service provider, the Government has to take care of identifying information or consultation once removed from the certification activity to ensure the conservation of the data according to the provisions of article 20.1. d).
Article 22 protection of personal data 1. Certification service providers can only ask for personal information directly to a signatory or a third party acting on behalf of the signatory, with your prior consent. The required data are strictly necessary to the issuance and maintenance of an electronic certificate and for the provision of other services related to electronic signatures.
2. The treatment of the personal data that the need for certification service providers in the development of its activity is subject to the provisions in force on the protection of personal data.
3. The certification service providers can make a legal transfer of data to another certification service provider in case of termination of activity, or to the competent body of the Government, in accordance with the legislation on personal data protection.
The fourth chapter. Article 23 liability liability of the certification service provider 1. The electronic signature certification services provider is liable for damages resulting to the signatory, to whom this represents, as well as to any third party in good faith who rely on a certificate issued by him, under the conditions provided for by this law.
2. The certification service provider may specify the certificate any limits regarding their possible uses, or a value limit of transactions that you may make. In this case, is not responsible for any damages caused by improper use of the certificate when they have violated the limits established by, or for the part that exceeds the limit consigned.
3. In the event that the certification service provider has been sanctioned with any accessory sanctions provided for in article 33.1. b), or has been the subject of the provisional measure established in article 35 in), you must: a) Report the suspension to all users of their certificates, indicating the start date and the completion.
b) consign the suspension on the certificate, indicating the start date and the completion.
Article 24 limitation of liability of the certification service provider The electronic signature service provider is not responsible for any damages caused to a signatory or third parties of good faith, when these damages result from the breach of the obligations incumbent upon the signatory or the third party who relies on the digitally signed document, in accordance with the established in articles 25 and 26. To invoke this exemption of liability, the provider of certification services must prove that he has acted with due diligence.
Article 25 duties of signatory 1. The signatory using a device of electronic signature certificate has the following duties: a) to provide the certification service provider exact, complete and truthful information on the data that must be stated in the certificate or that are necessary to expedite it, revoke or suspend it.
b) Communicate with diligence to the certification service provider of any change of circumstances or attributes entered on the certificate that had been subject to variation.
c) Act with the utmost care to ensure the confidentiality of his signature creation device and protect it from all access, disclosure or unauthorised use.
d) Request the suspension or revocation of the certificate is diligently when it becomes aware of circumstances that lead to the risk that the signature creation device has ceased to be sure or you can do it from unauthorized use.
e) refrain from using the signature creation device from which the certificate expires or the service provider notifies the suspension or the revocation.
2. The signatory that violates the duties mentioned in the previous section assumes the responsibilities arising from this breach.
Article 26 duties of trusting the certificate 1. The third which acts relying on the electronic signature based on a certificate has the following duties: a) Use of the authenticity and validity of the certificate, by check in the register of certificates that keep the certification service provider.
b) check and take into account the restrictions placed on the certificate as to their possible uses or the value limit of transactions that you may make.
c) check that the certificate is not expired, or which has not been suspended validity, as a result of the sanctions provided for in this law. With this effect, the person who relies on the certificate you can view public consultation set out in the article 33.3.
2. The third party acts relying on the electronic signature based on a certificate should assume the consequences that result from the breach of the duties mentioned in the previous section.
Chapter five. Digital signature devices of electronic signature creation devices Article 27 1. The signature creation data are the unique data, in the form of codes or private cryptographic keys, that the signatory is used to create the digital signature.
2. A signature creation device is a program or a computer system that is used to implement the signature-creation data.
3. A secure signature creation device is what guarantees, at least, by technical means and appropriate procedures, that: a) the data used for signature generation can only occur once in practice, and guarantees reasonably the secret.
b) there is a reasonable certainty that the data used for signature generation cannot be found by deduction of the signature verification or of the same signature, and the signature is protected against forgery using existing technology at the time.
c) the data used for signature generation can be reliably protected by the legitimate signatory.
d) does not alter the data or the document that has been signed, and does not prevent is displayed in the signer before the signature process.
4. electronic signature devices and other systems, media and related products, is presumed to comply with the conditions set forth in the preceding paragraph if they comply with the corresponding technical standards the reference numbers of which have been published in the official journal of the European Union or other indicated by regulatory pathway.
Article 28 electronic signature verification devices 1. The signature verification data is the data, in the form of codes or cryptographic keys, which are used to verify the digital signature.
2. A device of signature verification is a program or a computer system that is used to implement the signature verification data.
3. secure electronic signature verification devices must ensure, whenever technically possible, the process of verifying an electronic signature satisfies the following conditions: to) That the data used to verify the signature correspond to the data displayed to the person who verifies the signature.
b) That the signature is reliably verified and the result of the verification is presented correctly.
c) that the person who verifies the digital signature can establish reliably the contents of the data message was signed.
d) That verify reliably the authenticity and validity of the certificate that is required to verify the signature.
e) That clearly shows the result of the verification and the identity of the signatory or, when the case may be, has clearly using a pseudonym.
f) that can detect any relevant changes related to safety.
4. The data relating to the verification of signature, such as the time in which there is a verification of the validity of the electronic certificate, must be able to be stored by the person who verifies the signature or, under their responsibility, by trusted third parties.
Chapter six. Article 29 certification service providers accreditation accreditation of certification service providers 1. The accreditation of a certification service provider is the voluntary procedure by which the competent body of the Government that will determine through a private or public entity or regulatory authority, issued a statement in favour of a certification service provider which certifies the fulfilment of certain specific requirements in the provision of the services that it offers to the public.
2. In the procedure of accreditation have been using the technical standards established by the European Commission in the development of the Directive 1999/93/EC of 13 December 1999, which establishes a Community framework for electronic signatures, or any rule that develop or replace in the future. The competent body of the Government must publish these rules in the official bulletin of the Principality of Andorra.
3. The competent body must be published in the official bulletin of the Principality of Andorra, and informative to your web page, the relationship of public and private entities authorized to accredit certification service providers wishing to operate in the territory of the Principality of Andorra. Regulatory for must be to establish the minimum requirements of technical knowledge, human and material resources, and other requirements of these entities must meet in order to be authorized by the Government of Andorra with these effects.
4. The accreditation of certification service providers established in the Principality of Andorra will be carried out, at the request of the person concerned, for an entity of accreditation that is enabled to perform this task in any Member State of the European Union, as long as you see published in the official bulletin of the Principality of Andorra and on the website of the competent body, in compliance with the provisions of paragraph 3.
Chapter seven. Supervision and control Article 30 supervision and control 1. The Government of Andorra, by means of the body to be determined by regulation, should monitor the certification service providers that issued the public electronic certificates comply with the obligations laid down in this law. For this purpose you can carry out the actions necessary inspectores.
2. The officials appointed by the competent body to do the inspections are considered agents of the authority in the performance of its functions.
Article 31 a duty of information and collaboration 1. Certification service providers have a duty to provide to the competent body all information and collaboration that are required for the exercise of its functions.
2. In particular, the service providers must report at the beginning of its activity, and updating with the frequency established by the regulation, its identification data, the characteristics of the services we provide, the accreditations and certifications obtained for their services and other necessary data of interest to the public, that will fix the regulations.
This information may be subject to publication on the website of the body responsible for the supervision and control of service providers with the aim of giving you the maximum dissemination and knowledge.
3. Service providers must allow inspectors access to its facilities and to consult all the documents that the inspectors deem relevant to carry out effectively its task of control. In their inspections can be accompanied by people they deem necessary.
Eighth chapter. Sanctioning Offences Article 32 1. Infringements of this Law are classified as minor, serious and very serious.
2. very serious offences Are: a) the issuance of qualified certificates or recognized without performing the previous checks laid down in articles 15 and 16.
b) issuing qualified certificates or recognized with violation of any of the obligations established in articles 18 and 20.1 when they have caused damage to the users or when the security of the certification services have been severely affected.
c) Contravening the obligations established in article 23.3.
d) recidivism in the Commission of serious offences, even if they are of different nature, provided that they commit within a period of two years from the first and the author has been sanctioned.
3. Are serious offences: a) the issuance of qualified certificates or recognized without performing the previous checks laid down in article 15 and 16, when in fact it does not constitutes a very serious infringement.
b) issuing qualified certificates or recognized with violation of any of the obligations established in articles 18 and 20.1, when the fact is not a very serious infringement.
c) breach of the obligation provided for in article 20.2.
d) breach by the certification service providers issuing qualified certificates or not recognized the obligations set out in article 18, when they have caused damage to the users or when the security of the certification services have been severely affected.
e) the breach of the obligations set forth in article 21.
f) resistance, the obstruction, the excuse or the unjustified refusal to the inspection of the competent body.
g) breach of the resolutions dictated by the competent body to ensure that the service provider according to this law.
h) recidivism in the Commission of infractions minor, even if they are of different nature, provided that they commit within a period of two years from the first and the author has been sanctioned.
4. minor offences Are: failure to comply on the part of lenders of services of other legal obligations are not mentioned in the previous sections.
Article 33 Penalties 1. The penalties for the offences set forth in article 32 are the following: a) The very serious offences are sanctioned with a fine of 100,001 to 300,000 euros. In addition, the following accessory sanctions may be imposed:-prohibition and termination of the exercise of the activity of provision of certification services in the Principality of Andorra.
-phasing out of all certificates issued by the service provider sanctioned, with the refund to users of the part proportional to the remaining validity period of the certificates concerned.
b) serious offences are sanctioned with a fine of 50,001 to 100,000 euros. In addition, the following accessory sanctions may be imposed:-suspension of the exercise of the activity of provision of certification services in the Principality of Andorra, up to a maximum period of two years.
-suspension of the validity of the certificates issued by the provider of services subject to the sanction, up to a maximum period of two years, with a refund to users of the part proportional to the period of validity of the certificates by the sanction.
c) minor offences are sanctioned with a fine of up to 50,000 euros.
2. In the case of very serious offences and to impose sanctions, the resolution must be published in the official bulletin of the Principality of Andorra.
3. In addition, and in order to make it possible for the provisions of article 26.1. c), the competent body must publish, on its website, the complete data on sanctions relating to suspension or termination set forth in the first paragraph, all indicating: a) the provider of services subject to the sanction.
b) provider's certificates, the subject of the sanction.
c) the nature of the sanction imposed (suspension or termination).
d) in the case of termination, the date from which are no longer valid the certificates of the service provider concerned. The date of expiry of the validity of the certificates the subject of disciplinary actions can never be earlier than the date of publication of the sanction on the website of the competent body.
e) in the case of suspension, the start date of the suspension and the end date as of which the certificates go to have legal effects recognized in this law. The start date of the suspension can never be earlier than the date of publication of the sanction on the website of the competent body.
4. Access to the information indicated in paragraph 3 must always be free and free of charge.
5. It has also been published in the official bulletin of the Principality of Andorra the stipulated in the third paragraph, although the effects of suspension or termination take place on the basis of the publication on the website of the competent body.
Article 34 graduation of the amount of the fines the amount of fines, within the limits indicated, he graduated, taking into account the following circumstances: a) The social impact of the infringement committed and the number of users affected.
b) recidivism or repetition.
c) the existence or non-existence of intentionality.
of) the amount and nature of the damage caused.
e) the benefit that the violation has been reported to the offender. In this case, the penalty may not be less than the benefit obtained.
Article 35 injunctive relief in the procedures for serious or very serious offences, the competent body to instruct the transcript may adopt provisional measures which it considers necessary to prevent the maintenance of the effects of the infringement and to ensure the effectiveness of the resolution to be issued. Among others, you can adopt the following measures: a) temporary suspension of the activity of the certification service provider and, if necessary, temporary closure of the establishment.
b) Sealing, deposit or seizure of records, media and computer files and documents in general, as well as appliances and computer equipment.
c) Warning the public of the existence of possible behaviours infractores, of sanctioning the transcript shall and the precautionary measures adopted.
d) suspension of validity of certificates affected.
Article 36 competition and sanctioning procedure 1. The instruction of penalizing corresponds to the competent body to be determined by regulation.
2. very serious offences are sanctioned by the Government of Andorra, and the serious and mild, to the competent body.
3. The sanctioning powers provided for in this chapter must be exercised in accordance with the General rules governing the performance of the general administration, with the specifications provided for by this law.
Article 37 Prescription 1. Very serious offences prescribed in the three years that have been committed, the serious do it after two years and the mild, at the head of a.
2. The penalties prescribed in the three years from the date of notification of the decision to impose sanctions on firm.
First additional provision. The Government's action in the field of accreditation the amounts that the Government can implement the actions derived from the accreditation provided for in article 29 are to be set by regulation. The amount is fixed according to the following criteria:-public prices applicable to the accreditation of certification service providers requesting accreditation: nature of certificates (acknowledged or other) on which the provider accreditation request, amount and type of services subject to accreditation.
-public prices for the entities that wish to be authorized to accredit certification service providers: nature of certification services (acknowledged or other nature) for which want to provide certification services, and maintenance or not on the part of the applicant entity of facilities, offices, as well as of technical and human resources, in the Principality of Andorra, linked directly to the provision of accreditation services.
Second additional provision. Accessibility services, processes, procedures and electronic signature devices must be fully accessible to people with disabilities and the elderly, which may not be discriminated against in any case, in the exercise of the powers and the rights recognized in this law, for reasons related to the disabilities or the elderly.
Third additional provision. Accordance with the regulations applicable to the products of electronic signature is presumed to the electronic signature products referred to in this law, and in particular those mentioned in paragraph d) of paragraph 1 of article 20, are in conformity with the requirements that are set if they comply with the corresponding technical standards published in the official journal of the European Union.
First final provision. Regulatory development prior to the entry into force of the law, the Government of Andorra must dictate the terms that are appropriate for the application and development of the electronic signature. In particular, you must publish the reference numbers of the technical standards approved in the framework of the European Union for the certification of electronic signature products and devices.
Second final provision. Entry into force this law shall enter into force three months to be published in the official bulletin of the Principality of Andorra.
Casa de la Vall, 29 December 2009 Josep Dallerès Codina, General Syndic Us the co-princes the sancionem and promulguem and let's get the publication in the official bulletin of the Principality of Andorra.
Nicolas Sarkozy Joan Enric Vives Sicília and President of the French Republic and the Bishop of Urgell Co-prince of Andorra Co-prince of Andorra