Law For Electronic Identification

Original Language Title: Закон за електронната идентификация

Read the untranslated law here: http://parliament.bg/bg/laws/ID/15565/

Name of law Law for electronic identification Name of the Bill a bill for electronic identification of acceptance Date 11/05/2016 number/year Official Gazette 38/2016 Decree No 139

On the grounds of art. 98, paragraph 4 of the Constitution of the Republic of Bulgaria

I DECLARE:

To be published in the Official Gazette the law for electronic identification, adopted by the National Assembly of the HLÌÌI 11 may 2016.

Issued in Sofia on May 18, 2016.

The President of the Republic: Rosen Plevneliev

Stamped with the State seal.

Minister of Justice: Catherine Dana

LAW

for electronic identification

Chapter one

GENERAL

Subject

Art. 1. This law governs social relations related to electronic identification of individuals.

Electronic ID

Art. 2. (1) the electronic identifier is a unique identifier of a physical person who is issued a certificate for electronic identity.

(2) the right of an electronic identifier have Bulgarian citizens and foreigners who own personal identification number, serial number, respectively.

(3) on the basis of the electronic identifier can be made uniquely differentiating one person from other persons in the virtual environment with the aim of providing access to information systems or providing the ability to perform electronic statements.

Certificate of electronic identity

Art. 3. the certificate of electronic identity is formalized, the official electronic document presented by a common standard, issued with a period of validity and containing an electronic identifier and other information determined by the regulation for implementation of the law.

Sectoral electronic identifiers

Art. 4. (1) in certain sectors of the State Government that individuals can be identified by sectoral electronic identifiers.

(2) Sectoral electronic identifier is converted by means of cryptographic algorithms, electronic identifier obtained in the process of electronic identification.

(3) Sectoral electronic identifiers can be used to identify natural persons only in sectors in which the public authorities grant citizens the opportunity to exercise their rights by electronic means or electronic services, which do not collect data on citizens from other bodies and persons outside the sector.

(4) Sectoral electronic ID cannot be converted into an electronic identifier.

(5) the sectors that use sec electronic, thorny identifiers shall be determined by decision of the Council of Ministers, on a proposal from the Minister of transport, information technology and communications, in agreement with the Commission for the protection of personal data.

(6) the Sectoral electronic identifiers can be established and of private law bodies to identify the individuals in the relationship between them.

Detailed rules for the application of the law

Art. 5. the requirements for the issuance of the certificate and e-LY identity, algorithms and methods for the creation of electronic and sectoral electronic identifiers, as well as the conditions and procedures for the registration of the persons under art. 8, al. 1 and art. 9, para. the detailed rules for the application of the law, adopted by the Council of Ministers.

Chapter two

ACTORS OF E-IDENTITY

The holder of an electronic identity

Art. 6. the Holder of an electronic identity is an individual who has completed 14 years of age, of which has been granted a certificate of electronic identity.

Authority for electronic identification

Art. 7. Authority for the electronic identification is the Minister of the Interior, which issues a certificate to an identity.

Administrators of e-identity

Art. 8. (1) in carrying out its activities by issuing certificates for electronic identity Minister of internal affairs can be assisted by the administrators of e-identity, entered in the register under art. 10.

(2) when issuing certificates for the electronic identity of Bulgarian nationals who reside abroad, the Minister of the Interior and is assisted by diplomatic and consular representations of the Republic of Bulgaria. In this case the technological and organizational security for the performance of activities is provided by the Minister of Foreign Affairs, in consultation with the Minister of the Interior.

(3) the activities of the administrator of an identity under para. 1 and the representations referred to in paragraph 1. 2 includes:

1. acceptance of written applications by individuals for issuing certificates for electronic identity;

2. identification of the applicant by checking the represented identity document;

3. check electronically through a secure session for the exchange of data to the authority for the electronic identification of validity of the identity document and further identification of the applicant by the authority for the electronic identification information;

4. send electronically to the authority for the electronic identification of applications for the issue of certificates;

5. application to the authority for the electronic identification of changes in data, on the basis of which the certificate was issued, and the suspension, renewal and cancellation of certificates;

6. customize the certificates of electronic identity through recording on electronic media.

(4) the administrator of an identity store documents relating to the activities referred to in para. 3 for a period of 20 years.

Center for electronic identification


Art. 9. (1) in the Ministry of transport, information technology and communications centre for electronic identification, which must meet the requirements of art. 11, item 1 – 3. The Centre shall have the status of a Directorate in the Ministry.

(2) the functions of the Centre for electronic identification can be carried out by other persons entered in the register under art. 10.

(3) electronic identification centres carry out automated checking of electronic identity under this Act and may keep records of ovlastâvaniâta in chapter six.

(4) the services provided by the centres referred to in paragraph 1. 1 and 2, may be v″zmezdni.

Chapter three

REGISTRATION OF ADMINISTRATORS OF ELECTRONIC IDENTITY AND ELECTRONIC IDENTIFICATION CENTRES

Public register

Art. 10. (1) in the Ministry of the Interior shall establish and maintain a public electronic register of the administrators of an electronic identity and electronic identification centres under art. 9, para. 2.

(2) the register referred to in para. 1 in separate sections fit persons applied for administrator of electronic identity and electronic identification Center, as well as the number and type of attached to the application documents, the changes in the activity and the accompanying compulsory administrative measures under art. 43, para. 1, item 2.

(3) the conditions and procedures for the keeping of the register shall be determined by the regulation for implementation of the law.

(4) access to the register referred to in paragraph 1. 1 is free, including free online in mašinnočetim format.

Requirements for registration

Art. 11. In the register under art. 10, para. 1 fits a person who:

1. has qualified staff;

2. has the technical equipment and technology to ensure the reliable provision of services and security of information;

3. meets the security requirements of art. 14;

4. keep disposable funds or insurance in an amount to be determined by the regulation for implementation of the law, which covers liability for damage caused to the holder of the electronic identity and all third parties damages from failure to perform his obligations under this law;

5. it is not deprived of the right to carry out business activities, is not in the winding-up proceedings or in open bankruptcy proceedings, or in other similar procedure under the law on registration;

6. no is placed under guardianship.

Personnel requirements

Art. 12. (1) the administrators of e-identity, e-identification centres, respectively, are required to have qualified individuals who at any moment of the implementation of the activities to ensure the performance of their duties.

(2) the requirements for the qualification and reliability of the persons referred to in para. 1 shall be determined by the regulation for implementation of the law.

Requirements in terms of technical equipment and technology

Art. 13. (1) the administrators of e-identity, e-identification centres, respectively, provide and implement procedures and methods for the Administration and management of the security of the infrastructure in accordance with generally accepted in international practice standards for information security management.

(2) the reliability of the systems and the technical security of the activities carried out by these processes are considered to be insured, when the equipment and technology have gone through successfully conducted tests and checks.

(3) the requirements for the methods for the evaluation of the security of the systems are defined by the regulation for implementation of the law.

(4) the persons referred to in para. 1 are required to maintain documentation on the current status of the technical equipment and technology.

(5) failure to comply with the obligation under paragraph 1. 4 is considered as violation of security requirements.

(6) the persons referred to in para. 1 use technical equipment and technologies for expressions of issuance and management, respectively, for the verification of the certificates of electronic identity conforming to the requirements laid down by the regulation for implementation of the law.

(7) the administrator of an electronic identity is required to use only devices to securely customize, which comply with the requirements laid down by the regulation for implementation of the law.

Security requirements

Art. 14. (1) the administrators of e-identity, e-identification centres, respectively, establish and maintain internal security procedures under which operate.

(2) security procedures must comply with the requirements for information security management, defined by the regulation for implementation of the law.

(3) security procedures reflect the conformity of persons referred to in para. 1 with the requirements of law, as well as the reliability and security of the implementation of these activities.

(4) security procedures shall contain at least:

1. risk assessment;

2. managerial security measures;

3. measures for information security;

4. disposable funds or insurance;

5. requirements for the reliability of the staff;

6. measures to ensure security and to restrict access to individual devices and premises;

7. measures to ensure protection against unauthorized access to information systems;

8. measures to ensure protection against unauthorized changes;

9. plan of action under the events constituting force majeure, and in subsequent recovery of the activity.

(5) security procedures shall not be public. Access to them have only the Minister of the Interior and the persons under art. 35.

Registration proceedings


Art. 15. (1) the production of registration begins with an application to the Minister of the Interior in a form determined by the regulation for implementation of the law.

(2) an application under subsection. 1 shall apply:

1. proof of available funds or insurance contract;

2. evidence of compliance with the requirements for the personnel referred to in art. 12;

3. evidence of compliance with the requirements for technical equipment and technology under art. 13 (declarations of conformity, a description of the equipment, technological processes, etc.);

4. evidence of compliance with security requirements under art. 14.

(3) upon deficiencies or irregularities of the documents submitted under paragraph 1. 2 or if no processing fee has been paid, the Minister of the Interior within 14 days from the filing of the application in writing notify the person and gives a deadline for elimination of deficiencies or limitations.

(4) within 14 days of submission of the application or removal of limitations or deficiencies in the Al. 3 the Minister of the Interior or by the authorised officials entered in the register under art. 10 persons who satisfy the requirements of art. 11 and have implemented the documents referred to in para. 2.

(5) the Minister of the Interior denied registration of a motivated person who does not meet any of the requirements of art. 11 or has not submitted the documents referred to in para. 2 within the time limit referred to in paragraph 1. 3.

(6) the refusal under para. 5 subject to appeal pursuant to the administrative code.

Action, transfer and assignment of the registration

Art. 16. (1) the registration is indefinite.

(2) the rights referred to in the registration cannot be transferred or ceded, except in the cases referred to in para. 3.

(3) the rights referred to in the registration can be transferred or ceded, when Regis triranoto person itself through acquisition, merger, Division, separation, change of legal form of company transfer or inheritance, if the person you devolve or transfer rights, fulfil the conditions for entry in the register. The persons shall inform the Minister of the Interior in advance of the changes.

(4) the registered person shall be obliged to notify the Minister of the Interior of any change in the circumstances under art. 11 within 7 days of its occurrence.

Termination of registration

Art. 17. (1) the Minister of the Interior or an official authorised by him with an order terminating the registration:

1. at the written request of the registered person;

2. in case of death – at the request of his heirs or ex officio;

3. at the opening of winding-up proceedings or bankruptcy proceedings or any other proceedings for termination of legal person – at the request of the Member representing the person or ex officio;

4. where the activities of the sole trader or legal entity – in his application or ex officio;

5. in the case of imprisonment – on application by the guardian or curator of the face or ex officio;

6. when the activity for which the registration was issued, is not carried out within one year.

(2) except in the cases referred to in para. 1 the Minister of the Interior or an official authorized by him by order suspend the registration if the registered person:

1. presented false information or false documents, which served as the basis for registration;

2. in carrying out its activities under this Act is issued the document with a false content, when this is established by a court order;

3. systematically violates this Act or acts for its implementation;

4. ceases to satisfy the requirements under art. 11 and within a time limit set by the Minister of the Interior shall not remedy the irregularity.

(3) a person with suspended registration may apply for registration for the same activity within two years of the entry into force of orders under subsection. 1 and 2.

(4) Orders under para. 1 and 2 shall be subject to appeal under the administrative code.

(5) termination of registration and the reasons for it shall be entered ex officio in the register under art. 10, para. 1.

Taxi

Art. 18. For the examination of the application for registration, the applicant shall pay the fee set out in the tariff approved by the Council of Ministers, on a proposal from the Minister of transport, information technology and communications and the Minister of the Interior.

Chapter four

THE ISSUANCE, SUSPENSION, RENEWAL AND CANCELLATION OF CERTIFICATE OF ELECTRONIC IDENTITY

Register of certificates for electronic identity and electronic identifiers

Art. 19. (1) in the Ministry of the Interior shall establish and maintain:

1. the electronic register of issued and revoked certificates for electronic identity;

2. an electronic register of electronic identifiers, holders and their corresponding certificates for electronic identity.

(2) the procedure for the keeping, storage and access to the records referred to in para. 1 shall be determined by the regulation for implementation of the law.

Issue of certificate

Art. 20. (1) the Minister of the Interior shall issue a certificate to an identity on the written application of a person under art. 6. The application may be filed by the administrator of an identity or a diplomatic mission or consular post of the Republic of Bulgaria.

(2) a certificate of an identity is issued if the person appear personally in front of person under par. 1 and produce a valid identity document. Apart from the cases referred to in paragraph 1. 1, second sentence, the appearance shall be determined by the Minister of the Interior.


(3) a certificate of an identity of a minor or a person placed under guardianship shall be issued, subject to compliance with the requirements of para. 2 and:

1. the application is signed by a parent, guardian or custodian, respectively, of the person;

2. the parent, trustee or guardian respectively, appear personally and has provided a valid identity document.

(4) the Minister of the Interior provides the administrator the opportunity to check the validity of identity documents presented under para. 2 and 3. The administrator is obliged to check the validity of the document of identity before you send an application for the issue of an identity.

(5) the certificate for electronic identity is issued with validity period of 5 years.

(6) the certificate shall be recorded only on an electronic medium that meets the requirements laid down by the regulation for implementation of the law.

(7) the certificate shall be entered in the register of certificates of electronic identity.

(8) the holder of the certificate shall be transmitted to the holder and his exceptionally – the authorized person after submission of the notarized power of Attorney explicitly.

(9) a person may request the issuance of more than one certificate of electronic identity.

(10) where an application for the issue of the certificate was submitted by admin of an identity, the relationship between him and the person under art. 6 are governed by contract.

(11) except in the cases referred to in paragraph 1. 10, for the issuance of certificate of electronic identity the person under art. 6 fee, determined by the tariff referred to in art. 18.

Suspension, renewal and extension of the certificate

Art. 21. (1) the Minister of the Interior or an official authorised by him shall have the right to suspend the validity of an issued certificate, if there is a good reason – damage to the interests of the holder of the certificate or of any third party.

(2) the Minister of the Interior or an official authorized by him is obliged to suspend the validity of the certificate at the request of the holder of an electronic identity, after verifying his identity by requesting the indication of further data which are included in the request for the issue of the certificate.

(3) the Minister of the Interior or an official authorized by him is obliged to suspend the validity of the certificate at the request of a person with an established identity, which under the circumstances, it appears that knows about security breaches related to the illegal use of electronic identity, shall immediately inform the holder of the suspension of the operation of the certificate.

(4) the suspension of the operation of the certificate shall be effected by entering in the register of certificates of electronic identity.

(5) the operation of the certificate shall be renewed by the Minister of internal affairs or by an official authorized by him at the request of the holder of the electronic identity through an entry in the register of certificates of electronic identity.

(6) the request for suspension and resumption may be given by a person referred to in art. 8.

(7) the request to stop can be said and by electronic means, the person shall be identified in accordance with this law.

(8) the continuation of the certificate for electronic identity can be declared electronically before its expiry, such person shall be identified in accordance with this law.

Revocation of certificate

Art. 22. (1) the operation of the certificate shall lapse:

1. with the expiration of its period of validity;

2. upon the death of the holder of the certificate.

(2) the Minister of the Interior must immediately suspend the certificate:

1. at the request of the holder of the certificate after verifying his identity;

2. in establishing that the certificate is issued on the basis of incorrect data;

3. in the event of a change of data, on the basis of which the certificate was issued for electronic identity;

4. when incidents compromise of the security of electronic identification.

(3) the termination shall be entered in the register under art. 19, para. 1, item 1 immediately after the occurrence of the relevant circumstances under para. 1, item 2 and al. 2.

Obligation for notification of changes

Art. 23. the Primary data controller is obliged to notify automated and electronically, the Minister of the Interior of any change of personal data that are related to the activities of chapter three and this chapter, immediately after the change. The notification shall contain the identification of the person, and information about the change.

Chapter five

ELECTRONIC IDENTITY VERIFICATION

Electronic identity verification

Art. 24. (1) the verification of the electronic identity is a process of automatic verification of the validity of the certificate for electronic identity in the provision of electronic services.

(2) electronic identity verification shall be carried out by the centres for electronic identification using specialized protocols or otherwise determined by the regulation for implementation of the law.

(3) the verification of the electronic identity is done via the request of the person concerned after the payment of a fee fixed by the tariff referred to in art. 18.

(4) examination of electronic identity via request of State bodies and persons performing public functions is carried out by the Centre under art. 9, para. 1. For the examination fee is not due.

Check the certificate for electronic identity


Art. 25. the Minister of the Interior provides the Centers for electronic identification opportunity for making free checking of certificate for electronic identity in a manner determined by the regulation for implementation of the law.

Volume of provided data

Art. 26. (1) for the verification of the electronic identity of the State bodies for electronic identification centres provide only e-certificate-related identity data that is entered as available in the register of administrative services under art. 61, para. 1, item 2 of the law on the Administration as necessary to provide the service.

(2) in the initial statement of the use of the service for the electronic identification of persons providing electronic services, electronic identification centres shall communicate to the Commission for the protection of personal data on the volume of personal data related to the electronic identity that will be processed by such persons.

Store and access information for inspection

Art. 27. (1) the electronic identification centres and persons providing electronic services, store data for inspection of electronic identity under conditions and by an order determined by the regulation for implementation of the law.

(2) the information referred to in para. 1 shall be kept for a period of 10 years.

(3) individuals have the right to free and open access to the information under para. 1 gathered for them by order, determined by the regulation for implementation of the law.

(4) the data referred to in para. 1 stored by electronic identification centres may not include details of location or the number of unique devices through which electronic identification has been carried out.

Protocols, technical requirements and ways to check the electronic identity

Art. 28. The protocols, technical requirements and procedures for the verification of electronic identity shall be determined by the regulation for implementation of the law.

Chapter six

ELECTRONIC OVLASTÂVANIÂ

Directory of ovlastâvaniâta

Art. 29. (1) for the exercise of rights by proxy in front of a public authority, an organization providing public services, and persons performing public functions, up″lnomoŝitelât must authorize a proxy through the entry of his unique identifier in the water from Interior Minister electronic register of ovlastâvaniâta.

(2) the authorization is done after identification by electronic identifier of the assignor and by signing a statement with ovlastitelnoto electronic signature.

(3) Up″lnomoŝitelât indicates the actions for which provides the authorised representative, the volume of representative power and the empowerment.

(4) persons other than those referred to in paragraph 1. 1 may provide an opportunity for the exercise of rights in front of them by proxy through tipizirano the determination of the volume and conditions of representation in a manner determined by the regulation for implementation of the law. To these persons is carried out on the empowerment of persons under art. 9 ovlastâvaniâta registers.

Writing

Art. 30. Written form with notary certification of signatures for ovlastâvaniâ shall be considered observed if there is an entry in the registry respectively of ovlastâvaniâta.

The withdrawal of representative power

Art. 31. The withdrawal of representative power becomes the order of the empowerment.

Keeping, preservation and access to the register of ovlastâvaniâta

Art. 32. (1) the register of ovlastâvaniâta is not public. Up″lnomoŝitelite, ovlastenite persons and the persons under art. 29, para. 1 and 4 have access to data from the register concerning the empowerment associated with them.

(2) the procedure for the keeping, storage and access to the register of ovlastâvaniâta is determined by the regulation for implementation of the law.

(3) the persons under art. 29, para. 1 carry out a check on the power of representation arising from law, through automated check in the appropriate registers kept by the primary administrators of data under art. 2, al. 2 of the Act on e-Government, responsible for the entry of this circumstance, unless a special law does not prohibit it. In this case registration and check in the register of ovlastâvaniâta.

Certificates for empowerment

Art. 33. For the issue of certificates for empowerment due fee, fixed by the tariff referred to in art. 18, except where the certificate is issued electronically.

Chapter seven

CONTROL

Persons who are subject to control

Art. 34. (1) the administrators of an electronic identity and electronic identification centres are subject to administrative control.

(2) the persons referred to in para. 1 are obliged to provide access to the supervisory authorities to the documentation, information systems and the premises where the activity takes place.

Control bodies

Art. 35. The controls referred to in art. 34 is carried out by officials designated by the Minister of the Interior.

Types of inspections

Art. 36. (1) the supervisory authorities may carry out unannounced or periodic checks on documents, information systems and on-the-spot checks.

(2) the supervisory authorities carry out inspections on an annual basis on the implementation of the requirements under art. 11 of the administrators of an electronic identity and electronic identification centres.


(3) supervisory authorities shall carry out checks on the implementation of the requirements under art. 11 by the administrators of e-identity and e-identification centres and changing circumstances relating to the registration of the administrators of an electronic identity and electronic identification centres, within one month of the notification according to art. 16, al. 4.

Checking in documents

Art. 37. inspection of documents shall cover the inspection of documents relating to applications for registration, as well as subsequent verifications of documents in connection with their operations.

Verification of information systems

Art. 38. the verification of information systems covers the compliance of the operating system with the requirements laid down by the regulation for implementation of the law.

On-the-spot check

Art. 39. (1) the on-the-spot inspection shall be carried out in premises used for the conduct of the activity of persons who are subject to control under art. 34, in the presence of the person who represents them, or of persons that work for them.

(2) the officials carrying out the on-the-spot check shall have the right to:

1. free access to the premises;

2. to require the provision of documents relating to the controlled activities;

3. require oral and written explanations from the workers, servants and other persons working for the inspected person, from counterparties of the inspected person and of all persons who are located in the premises at the time of the inspection;

4. to require from third parties documents, information and assistance necessary for checks;

5. to carry out cross-checks on the spot at the third parties on issues related to verification.

(3) where the inspection is complicated and requires special knowledge, supervisory authorities can attract experts in the relevant field.

Protection of trade secrets

Art. 40. the officials who carry out the checks, as well as the persons under art. 39, para. 3 are required to keep the commercial, professional and other secret protected by the law and not to divulge details of the checks prior to their closure, as well as not to use this information by checking out its purpose.

Chapter eight

NOTIFICATIONS AND COOPERATION

Notifications

Art. 41. (1) the Minister of the Interior shall notify the European Commission about the circumstances under art. 9 and 10 of Regulation (EC) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and certification services under the electronic transactions in the internal market and repealing Directive 1999/93/EC (OJ L 257/73 of 28 August 2014), hereinafter referred to as "Commission Regulation (EC) No 910/2014".

(2) any person to whom the data are known for breaches or disturbances under art. 10 of Regulation (EC) No 910/2014, is required to notify the Minister of the Interior for this data.

Cooperation

Art. 42. cooperation under art. 12, paragraphs 5 and 6 of Regulation (EC) No 910/2014 is exercised by the Minister of transport, information technology and communications.

Chapter nine

COMPULSORY ADMINISTRATIVE MEASURES AND ADMINISTRATIVNONAKAZATELNA RESPONSIBILITY

Section I

Compulsory administrative measures

Compulsory administrative measures

Art. 43. (1) for the prevention and cessation of violations of this law and the instruments for its implementation, and to prevent or remedy the detrimental effects of them Minister of internal affairs can:

1. issue a written prescription for taking specific measures to remedy the breach within a specified period of time;

2. stop the activity for which the registration has been carried out, and to suspend the access of registered person to register for an identity to remove the violation.

(2) Compulsory administrative measures referred to in paragraph 1. 1 apply with a motivated order of the Minister of the Interior.

(3) the order under paragraph 1. 2 determine the type of compulsory administrative measure and the time limit for its completion.

(4) the order under paragraph 1. 2 subject to appeal pursuant to the administrative code.

(5) an appeal shall not suspend the execution of the compulsory administrative measure.

Section II

Administrativnonakazatelna responsibility

Activity without registration

Art. 44. Who performs the business of an administrator of an identity or a Centre for electronic identification, without being entered in the register under art. 10, para. 1 shall be punishable by a fine or penalty payment amounting to 200 000.

Failure of a registered person

Art. 45. (1) the Administrator of an electronic identity, who said the issue of an identity in violation of this law, shall be punished with fine or penalty payment in the amount of 50 000.

(2) the Administrator of an identity that does not fulfill the other duty under this Act, is punishable by a fine or penalty payment in the amount of 2000 to 20 000.

(3) the Centre for electronic identification electronic identification, which carried out in violation of this law, shall be punished with fine or penalty payment in the amount of 150 000 to 300 000.

(4) the Centre for electronic identification, which does not perform another obligation under this Act, is punishable by a fine or penalty payment in the amount of 5000 to 30 000.

Obstruction of inspection bodies

Art. 46. Which hinder access refuses or does not provide the information, documents, data and reports of an official in the exercise of the control activities under this Act, is punishable by a fine or penalty payment in the amount of 1000 to 10 000 BGN.

Making no application when a change in circumstances subject to entry in register


Art. 47. a registered person who does not apply when changing the circumstances subject to entry, is liable to a penalty payment in the amount of 500 to 5000 EUR

Failure to comply with the compulsory administrative measure

Art. 48. (1) Who fails to comply with compulsory administrative measure applied under art. 43, para. 1, item 1, shall be punished with fine or penalty payment in the amount of 1000 to 10 000 BGN.

(2) Who carries out the function of managing certificates for electronic identity after the application of a coercive administrative measure under art. 43, para. 1, item 2, shall be punished with fine or penalty payment in the amount of 100 000 to 500 000.

Repeated violation

Art. 49. In the event of a breach of art. 44-48 is a fine or penalty payment in double size.

Proceedings for the imposition of administrative penalties

Art. 50. (1) the acts establishing the offences under art. 44 – 48 shall be drawn up by officials designated by the Minister of the Interior.

(2) the penal provisions under para. 1 shall be issued by the Minister of the Interior.

(3) the establishment of violations, the issue, the appeal and the implementation of the penal provisions shall be carried out in accordance with the law for the administrative offences and sanctions.

ADDITIONAL PROVISIONS

§ 1. Within the meaning of this law:

1. "electronic identity" is the process of using data in electronic form for identification of the persons who represent data in a unique way a natural person.

2. "electronic identity" e a minimum set of features presented in electronic form, on the basis of which it can be made uniquely differentiating one person from other persons in the electronic environment.

3. "Available funds" are funds available b″rzolikvidni – cash and cash equivalents.

4. "systematic violations" are three or more administrative violations under this law or its implementing acts carried out within one year, or three or more identical administrative infringements committed within three consecutive years.

§ 2. This law introduces measures for the implementation of Regulation (EC) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and certification services under the electronic transactions in the internal market and repealing Directive 1999/93/EC are followed.

TRANSITIONAL AND FINAL PROVISIONS

§ 3. (1) the Council of Ministers shall adopt rules for the application of the Act and the tariff referred to in art. 18 within 6 months from the promulgation of the law in the Official Gazette.

(2) the Minister of the Interior:

1. determine the places under art. 20, para. 2 within one year of the promulgation of the law in the Official Gazette;

2. provide an opportunity for applications under art. 15, para. 1 electronically within 7 months of promulgation of the law in the Official Gazette;

3. notify the European Commission about the circumstances under art. 9 of Council Regulation (EC) No 910/2014 by 1 September 2017.

(3) the public authorities providing electronic administrative services for which identification is required by law, within one year of the promulgation of the law in the Official Gazette:

1. declare for entry in the register under art. 61, para. 1, item 2 of the law on Administration personal data volumes, which are authorized to process in accordance with the law, and

2. provide technical possibility for identification in accordance with this Act for the provision of these services.

§ 4. (1) within 6 months from the entry into force of § 5, paragraph 4 verification of the identity of the applicant when applying electronically may be made by a provider of electronic administration services.

(2) the verification shall be carried out immediately by the supplier via:

1. mapping the name of the applicant referred to in the application, and the name of the author in the electronic signature certificate, and

2. check in the Administration responsible for personal registration of citizens, whether on the unique identifier of the applicant referred to in the application is consistent with the name of a citizen with established under item 1 name.

(3) verification of the identity for all citizens is carried out, on which said circumstances and which are identified by a unique identifier. The verification of the identity of the organisations shall be carried out by checking in the relevant registers of the organizations.

(4) in the technological ability checks at al. 2 and 3 are carried out automatically.

(5) where the applicant has no unique identifier verification under paragraph 1. 2, item 2 does not take place.

(6) when access for use of electronic administrative service is operated through a single environment to exchange documents or when the Ordinance under art. 12, al. 4 of the Act on e-governance has provided other means of identification of the type of access, check under para. 2 does not take place.

§ 5. In the e-Government Act (promulgated, SG. 46 2007; amended by 82/2009 No. 20 of 2013 No. 40 by 2014 and 13 from 2016) make the following amendments and additions:

1. Article 5 shall be amended as follows:

"Obligations on identification

Art. 5. (1) the obligations arising under this chapter, if a citizen organization, respectively, were identified in the order, established by law, when the law requires identification for the provision of administrative service.

(2) in the application of the electronic administrative service administrative authorities, persons performing public functions, and organisations providing public services, are required to ensure that citizens and organizations to identify the order established in the law. "

2. In art. 22:

a) paragraph 1 shall be amended as follows:


(1) the Bulgarian citizens and long-term residents aliens – recipients of electronic administration services and authors of electronic statements are identified in the order determined by law, unless by law is permitted providing administrative service without identification. Recipients of electronic administration services – legal persons are identified by their unique ID. ';

(b)) a new para. 2:

(2) Nationals of a Member State of the European Union, are identified by their national e-ID, in accordance with the Act of art. 12 (8) of Regulation (EC) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and certification services under the electronic transactions in the internal market and repealing Directive 1999/93/EC (OJ L 257/73 of 28 August 2014). ";

in the past) Al. 2 it al. 3;

d) past al. 3 it al. 4 and in her words "para. 2 "are replaced by" para. 3. "

3. Article 24 is amended as follows:

"Representation

Art. 24. For the use of electronic administrative services by proxy must authorize it up″lnomoŝitelât by the order of the law for electronic identification. "

4. Article 28 is amended as follows:

"Verification of the identity of legal entities

Art. 28. The identity of legal entities shall be verified by an automated verification of their status in the relevant records are entered, where there are the technical means to carry out. "

5. Article 29 shall be repealed.

§ 6. The law shall enter into force six months after its promulgation in the State Gazette, with the exception of:

1. Article 8 art. 9, para. 2, art. 10, 11 and article. 15-17, which shall enter into force seven months after its promulgation;

2. Article 9, para. 1, 3 and 4, art. 19 – 21, art. 22, with the exception of para. 1, item 3, art. 23-28, § 4 and § 5, items 1, 2, 4 and 5, which shall enter into force one year after its publication;

3. articles 29-33 and § 5, paragraph 3, which shall enter into force 18 months after its publication;

4. Article 22, para. 1, paragraph 3, which shall enter into force from 1 April 2017.

The law was passed by the National Assembly-43 on May 11, 2016 and is stamped with the official seal of the National Assembly.

President of the National Assembly Tsetska Tsacheva:

3767