On Electronic Signature

Original Language Title: o elektronickém podpisu

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now

Read the untranslated law here: https://portal.gov.cz/app/zakony/download?idBiblio=49532&nr=227~2F2000~20Sb.&ft=txt

227/2000 Coll.



LAW



of 29 April 2004. June 2000



on electronic signature and amending some other acts



(Act on electronic signature)



Change: 226/2002 Sb.



Change: 517/2002 Sb.



Change: 440/2004 Sb.



Change: 635/2004 Sb.



Change: 501/2004 Coll., 444/2005 Sb.



Change: 110/2007 Sb.



Change: 124/2008 Sb.



Change: 190/2009 Sb.



Change: 223/2009 Sb.



Change: 101/2010 Sb.



Change: 227/2009 Sb.



Change: 424/2010 Sb.



Change: 281/2009 Sb.



Change: 424/2010 Coll. (part)



Change: 167/2009 Sb.



Change: 89/2009 Sb.



Change: 64/2014 Sb.



Parliament has passed the following Act of the United States:



PART THE FIRST



ELECTRONIC SIGNATURE



§ 1



The purpose of the law



This Act regulates in accordance with the law of the European Communities ^ 1)

the use of an electronic signature, electronic tags, to provide

certification services and related services providers established on

the territory of the Czech Republic, the duties provided for in this law and the

penalties for violation of the obligations laid down in this law.



§ 2



The definition of some terms



For the purposes of this Act, means the



and) electronic signature information in electronic format, which are

connected to a data message, or are logically associated with it that are used

as a method to uniquely authenticate the identity of the signatory in respect of

the data report,



(b)), an advanced electronic signature, an electronic signature that meets the

the following requirements



1. is uniquely linked to the signatory;



2. allows you to identify the signatory in relation to the data message,



3. was created and appended to a data message by means of which

the signatory can maintain under his sole control,



4. is the data message to which it relates is connected in such a way

It is possible to detect any subsequent change of the data



c) electronic marker data in electronic form, that are

connected to a data message, or are logically associated with it and that

meet the following requirements



1. are uniquely associated with indicating the person and allow you to

identification through a qualified system certificate,



2. have been created and appended to a data message by means of

create electronic tags that indicate the person can keep it under

his sole control,



3. are the data message to which it is subject, attached to such

in a way, it is possible to detect any subsequent change of the data



(d) electronic data message) data that can be transmitted by means of

electronic communications and the retention on technical data carriers,

used in the processing and the transmission of data by electronic means, as well as

data stored on the technical media in the form of a data file



e) signer is a natural person who is the holder of the device for

the creation of electronic signatures and acts on behalf of his or on behalf of another

natural or legal persons,



f) indicating the person natural person, legal person or organizational

the State, which holds a means of creating electronic tags

and indicates a data message, an



g) a holder of a natural person, legal person, or

the branch of the State that has asked for the release of a qualified

certificate or a qualified system certificate for yourself or

for signing or indicating that the person and that the certificate was issued,



h) a provider of certification services means any natural person, legal person

or organisational unit of the State that issues the certificates and the results of their

Register, or provides other services related to electronic

signatures,



I) qualified provider of certification services provider

certification services, which issues a qualified certificate, or

qualified system certificates or qualified time stamps

or the means to secure electronic signatures (hereinafter referred to as

"qualified certification services") and has complied with the obligation to declare

According to § 6,



j) accredited provider of certification services provider

certification services, which has been granted accreditation under this

the law,



k) certificate data message that is released by the provider

certification services, connects to the data for electronic authentication

signatures with the signatory and allows you to verify her identity, or

combines data for authentication of electronic markers that indicate the person and

allows you to verify its identity,



l) qualified certificate a certificate that has the requirements pursuant to §

12 and was issued by a qualified provider of certification services,



m) by a qualified system certificate a certificate that has the

requirements under section 12a and was issued by a qualified provider

certification services,



n) electronic signature creation data unique to the data that

used by the signatory to create an electronic signature,



about)-verification of electronic signatures unique to the data that is

used for the verification of the electronic signature,



p) data for creating electronic tags unique to the data that

indicating that the person uses to create an electronic tag



q) data for electronic tags unique authentication data that is

used to verify the electronic tags,



r) qualified time-stamped data message issued by

qualified certification services provider and trusted

way the data in electronic form with the time at the moment, and

ensures that the data in electronic form existed before the

the time at the moment



with) creation of electronic signatures technical equipment

or software, which is used to create an electronic

signatures,



t) means for authentication of electronic signatures technical equipment

or software that is used to authenticate the electronic

signatures,



u) means for safe electronic signature creation resource

for creating an electronic signature that satisfies the requirements laid down

This law,



in the secure authentication) electronic signature means

for the verification of the signature that complies with the requirements established by this Act,



w) electronic signature tool, technical equipment or software

equipment, or components thereof, used by the provider of certification

services for the creation or verification of electronic signatures, or for

provide certification services,



x) means to create an electronic tag device that

used to indicate the person for creating electronic tags and that

complies with the other conditions laid down in this Act,



s) accreditation certificate, the certification service provider meets

the conditions established by this Act for the performance of the activities of the accredited

the provider of certification services.



§ 3



Compliance with signature requirements



(1) the data message is signed, if it is fitted with an electronic

signature. If proven otherwise, it shall be deemed that the signer

person before signing a data message with its contents.



(2) the use of advanced electronic signature based on a

a qualified certificate and created by the resource for the safe

creating a signature helps verify that the data message was signed by a person

on this the qualified certificate.



section 3a



(1) the use of electronic tags based on a qualified system

the certificate and which are created using the resource for creating electronic

the tag enables you to verify that the data has identified this e-mail message

marker denoting the person.



(2) if the person has identified the data indicating that the message, it is considered that such a

made in an automated fashion without direct verification of the content of a data message and

It expressed its will.



§ 4



Compliance with the original



The use of advanced electronic signature or electronic tags

ensures that if there is a violation of the content of a data message from the moment

It was signed or marked, this violation will be traced.



§ 5



The obligation of the signatory



(1) the signatory is required to



and) deal with resources, as well as with data for creating the guaranteed

electronic signature with due care to prevent their

unauthorized use,



(b) without delay, notify the provider) certification services, which issued the

qualified certificate, showing that the risk of misuse of its data

for creating advanced electronic signature.



(2) for damage caused by the violation of the obligations referred to in paragraph 1 corresponds to the

the signatory under special legislation. ^ 1a) Liability

However, relieved, if he proves that the one who has suffered damage, did not

all acts necessary to verify that the advanced electronic

the signature is valid, and its qualified certificate has not been invalidated.



Section 5a



The obligation to indicate the person



(1) indicating that the person is required to



and deal with the means) as well as with data to create an electronic

brands with due care to prevent their unauthorized

use,



(b) without delay, notify the provider) certification services, which issued the


qualified system certificate, showing that there is a risk of abuse

its data for creating electronic tags.



(2) to indicate that the person is required to ensure that a means of creating

electronic tags, which used, complies with the requirements

This Act.



(3) for damage caused by the violation of the obligations referred to in paragraph 1 corresponds to the

to indicate the person, even if the damage was not caused by, according to a special legal

^ 1a) regulations, liability for defects under the specific legislation is not

without prejudice to the. ^ 1a), however, relieved of Liability If he proves that the one whom

damage, did not perform any acts necessary to ensure

that the electronic tag is valid and its qualified

certificate has not been invalidated.



section 5b



Obligations of the holder of the certificate



The certificate holder shall without undue delay submit accurate,

true and complete information to the provider of certification services in

relation to the qualified certificate and in relation to a qualified

the system certificate.



§ 6



Qualified provider of certification services



(1) a qualified certification services provider is obliged to



and) to ensure that each could make sure of its identity and its

qualified system certificate, which indicates the issued

qualified certificates or qualified system certificates and

lists of certificates that have been invalidated, or qualified time

stamps,



(b)) to ensure that the provision of qualified certification services

performed by people with the expertise and skills necessary for

the provision of qualified and familiar with certificate services

the relevant safety procedures,



(c)) use safe systems and safe electronic tools

the signing, to ensure adequate safety procedures, that these systems and

tools support, and to ensure that sufficient security of the cryptographic

These tools; systems and tools are considered safe, if

comply with the requirements provided by this Act and implementing regulations,

or if they meet the requirements of the technical standards referred to in decision

The Commission issued pursuant to article 3 (5) of Directive 99/93/EC,



d) use safe systems for the retention of qualified certificates

and qualified system certificates or qualified time

the stamps in a verifiable form so that it records, or their

changes can only be performed by authorised persons, in order to check

the accuracy of the records, and in order to any technical or programmatic changes

that violate these security requirements are apparent,



e) have throughout its activities sufficient financial

resources or other financial security to operate in conformity with the requirements of

set out in this Act and having regard to the risk of liability for

damage,



f) before concluding the contract on the provision of qualified certification

services with the person asking for the provision of services under this Act;

inform that person in writing of the exact conditions for the use of

qualified certification services, including any restrictions for

their use, on terms of complaints and disputes and the solution

whether it is or is not accredited by the Ministry of the Interior (hereinafter referred to as

"the Ministry") under section 10; This information can be passed electronically.



(2) If a provider of accredited certification services

the Ministry is obliged to report to the Ministry at least 30 days before the

the start of the qualified certificate services, that it will

provide, and the moment when its provision will launch. At the same time passes

Ministry to verify your qualified system certificate referred to

in paragraph 1 (b). and).



(3) if the qualified providers of certification services,

that earned the accreditation pursuant to § 10 of this Act, accreditation

the Ministry revoked, it shall without delay inform the

the fact the bodies to which it gives its qualified certification

services, and other interested parties.



(4) a qualified provider of certification services provides services

under this Act, on the basis of the Treaty. The contract must be in writing.



(5) the Qualified certification services provider shall keep the documents

associated with the provided qualified certification services

under this law, in particular



and) qualified contract of certificate services, including

the application for provision of the service,



(b) a qualified certificate) issued by issued by qualified system

certificate, or issued by a qualified timestamp,



(c) a copy of the submitted personal documents) of the signatory or documents,

on the basis of the person's identity has been verified, indicating,



d) acknowledgement of receipt of a qualified certificate, or

qualified system certificate holder or his

consent to publication of a qualified certificate in the list issued by the

qualified certificates



e) statement of the certificate holder that he be provided with

information referred to in paragraph 1 (b). (f)),



f) documents and records related to the life cycle of the issued

a qualified certificate or a qualified system

the certificate, which shall specify the details to implementing decree.



(6) the Discarding period-related documents provided by the

qualified certification services under this Act, which

maintains a qualified certification services provider, is 10 years.

After this deadline, the qualified provider of certification services

stores for the next 20 years of data to allow the unambiguous

the identification of the person signing or indicating that the person in the range name,

where appropriate, the name, last name, social security number or date of birth and the number

the document on which to base the signer's identity has been verified, and

qualified certificates issued or qualified system

certificates. Qualified provider is obliged to ensure that it

the documents referred to in paragraph 5 that is maintained and the information referred to in the second sentence before

loss, misuse, destruction or damage. All the documents referred to in

the first sentence may be a qualified provider of certification services

to take and store in electronic form. If this law

otherwise, they shall be taken in the handling of the documents contained

According to the law on Archives and records service.



(7) a qualified certification services provider shall forward the lists

certificate revocation in a given year, which were released as

qualified, the Ministry, within the time limit until 31 December 2006. January calendar

the year following the expiration of 10 years from the end of the calendar year in

where were these lists issued.



(8) employees of a qualified provider of certification services,

or other natural persons that come into contact with personal data

and electronic signature creation data signers and

electronic tags identifying the persons are required to maintain the

the confidentiality of such information and data, and the security precautions

the publication of which would compromise the security of this information and data.

Obligation of confidentiality shall survive after termination or other

like employment or after you complete the work; the said persons

can get rid of the NDA, in whose interest this obligation, or

the Court.



§ 6a



The obligation of a qualified provider of certification services in

issuing qualified certificates and qualified system

certificates



(1) a qualified certification services provider that issues the

qualified certificates or qualified system certificates

(hereinafter referred to as "certificates that are issued as a qualified") is required to



and) to ensure that certificates issued by him as qualified to contain

all the conditions laid down in this Act,



(b)) to ensure that the information referred to in the certificates it issues as

qualified are accurate, true and complete,



c) before issuing a certificate as a qualified securely verify

appropriate means the identity of the person signing or the identity of the

denoting persons, or even its special characters, if required by the purpose of the

such a certificate,



(d)) to determine whether at the time of submission of the application for the issue of a certificate as

qualified signer had data for creating

electronic signatures corresponding to the authentication of electronic data

signatures or indicating that the person the data for creation of electronic tags

the corresponding data for the verification of electronic tags, which contains

application for issue of the certificate,



e) ensure the operation of the safe and publicly accessible list

as a qualified certificate, to whose publication gave

the holder of the certificate of approval in accordance with § 6 para. 5 (b). (d)), and

to ensure the availability of this list as well as remote access and data in

the list contained whenever the update without undue delay,



f) ensure the operation of the safe and publicly accessible list

as a qualified certificate that have been invalidated, even

remote access,



g) to ensure that the date and time, indicating the hours, minutes, and seconds when

the certificate is issued as a qualified issued or invalidated, they

be precisely identified,




h) take appropriate measures against misuse and forgery of certificates

issued as a qualified,



I) provide upon request to third parties the relevant information about

conditions for the use of the certificates issued as qualified,

including restrictions for their use, and information about whether or not it is

accredited by the Ministry; This information can be provided electronically.



(2) If a qualified provider of certification services, which

issues certificates as qualified, creates to the signer

electronic signature creation data or indicating that the person

data for the creation of electronic tags,



and must ensure the confidentiality of these) data before passing it, this

copy and retain data longer than necessary,



(b)) must guarantee that this data reflects data for authentication

electronic signature or electronic authentication data for brands.



(3) a qualified certification services provider that issues the

certificates as qualified, shall immediately void the certificate,

If the holder of the signatory or the person requested, indicating

or if you realize that the risk of misuse of their data for

create electronic signatures or electronic tags, or in

If the certificate was issued on the basis of false or erroneous

of the data.



(4) a qualified provider of certification services shall also

shall immediately void the certificate issued by a qualified, if he

proven that signing or indicating that the person died or

ceased to exist or the court competence to perform legal acts got rid of or

restricted, ^ 2a) or, if the information on the basis of which the certificate was issued,

affidavit of truthfulness.



§ 6b



The obligation of a qualified provider of certification services in

issuing qualified time stamps



(1) a qualified certification services provider that issues the

qualified time stamps, is obliged to



and) to ensure that the time stamps it issued as a qualified

contained all the conditions laid down in this Act,



(b)) to ensure that the timestamp embedded in a qualified time

stamps reflect the value of coordinated universal time when creating

a qualified time stamps,



(c)) to ensure that the data in electronic form, subject to the

applications for qualified time stamps, clearly

correspond to the data in electronic form contained in the issued

a qualified timestamp,



d) take appropriate measures against counterfeiting of qualified

time stamps



(e)) to provide to third parties upon request, relevant information about

conditions for the use of qualified time stamps, including

restrictions for their use and the information about whether or not it is

accredited by the Ministry; This information can be provided electronically.



(2) a qualified certification services provider shall issue a qualified

time stamp, immediately upon receipt of the request for his extradition.



§ 7



Liability for damage



(1) for damage caused by the violation of the obligations laid down in this Act

corresponds to a qualified provider of certification services in accordance with

special legislation. ^ 1a)



(2) the Qualified provider of certification services is not responsible for

damage resulting from the use of a certificate issued by a qualified,

that as a result of failure to comply with restrictions on its use in accordance with § 12

paragraph. 1 (b). I) and (j)) and section 12a (e). (h)).



§ 8



Protection of personal data



Protection of personal data is governed by special legislation. ^ 3)



§ 9



Accreditation



(1) the granting of accreditation to operate as an accredited provider

certification services, as well as control over compliance with this Act

It belongs to the Ministry.



(2) the Ministry of



and grants and withdrawing of accreditation) to operate as an accredited

the provider of certification services to entities acting on the territory of the Czech

Republic,



(b)) shall exercise control over the activities of accredited providers

certification services and qualified providers of certification

services, stores them remedial measures and penalties for breach of the obligations

under this Act,



(c) keep records of accreditations awarded) and their amendments, and the register

qualified providers of certification services,



d) keeps records of issued qualified system certificates,

that uses a qualified provider of certification services under section

6 (1). 1 (b). and) and which were in accordance with § 6 para. 2 validated

the Ministry,



e) continuously publishes an overview of granted accreditation overview

qualified certification service providers and their

skilled services and qualified system certificates according to the

subparagraph (d)), and even manner allowing remote access,



f) evaluates the conformity of the instruments with the requirements of the electronic signature

laid down by this law and implementing regulations,



(g)), and exposes the way allowing remote access list

trusted certification services according to the legislation of the European

Community ^ 3a)



h) exposes the way allowing remote access information about

the conditions of validation of the acclaimed electronic signature or recognised by the

electronic tags, including links to applications under section 11 (1) 5,



I) fulfils other duties established by this Act.



§ 10



The conditions for granting accreditation to provide certification services



(1) every provider of certification services may ask the Ministry of

for accreditation for the pursuit of the activity of an accredited provider

certification services.



(2) the request for approval referred to in paragraph 1, the applicant must demonstrate



and in the case of a legal person) the business name or the name, registered office,

where appropriate, the address of the business folder foreign persons in the territory of the United

of the Republic, and the identification number of the person of the applicant has been allocated; in

the case of a physical person, the name, or names, last name, or

addition, place of establishment, place of business, if different from the location

of establishment, and the identification number of the person of the applicant has been allocated, the



(b)), proof of permission to the business activities and the person registered in the

the Register also extract from commercial register not older than 3

of the month



(c)) substantive, personnel and organizational prerequisites for activity

qualified providers of certification services in accordance with § 6, 6a and 6b

This law,



(d)) as an indication that the certificate services qualified plans to applicant

provide.



(3) if the application does not contain all the required information, the Ministry of

shall stay the proceedings and ask the applicant to it within a specified period.

If the applicant fails to do so within that period, the Department of management of the stops.



(4) if the applicant complies with all the conditions prescribed by this Act for

the granting of accreditation, it shall issue a decision his Department accreditation

It grants. Otherwise, it shall reject the application for accreditation.

Accreditation of the certification services provider is created also a waste

expiry of the period and in the manner referred to in section 28 to 30 of the law on the free movement of

services.



section 10a



The conditions for the extension of the services of an accredited provider

certification services



(1) an accredited certification service provider may extend the

the provision of qualified certification services on the issue of

qualified certificates qualified system certificates,

qualified time stamps or on the issue of funding for the

creation of electronic signatures under this Act (hereinafter referred to as

"distributed services").



(2) an accredited certification service provider is obliged to

the extension referred to in paragraph 1, notify the Ministry so that the Ministry of

notice received at least 4 months before the commencement of the provision of services.



(3) in the notice must be an accredited provider of certification services

demonstrate in-kind, personnel and organizational prerequisites for ensuring

distributed services.



(4) if they can demonstrate an accredited certification service provider

the facts referred to in paragraph 3, or if these facts are incomplete

or inaccurate, Ministry to an accredited provider

certification service warns that unless these defects within the time limit,

to be determined, removed, by decision of the expansion of the services disabled.



(5) the Ministry notified the extension disables, if an accredited

the provider of certification services did not meet all the conditions prescribed

This Act for the provision of distributed services.



(6) on the prohibition of the provision of qualified certification extension

services will issue a decision by the Ministry within 90 days from the time

When it received the notification.



§ 11



(1) to sign or marking of a document in the form of a data message,

which makes the Act against



and the State)



(b) the territorial samosprávnému unit)



(c)) legal person established by law or established by the State-based

the territorial Government or a legal person established under the law,



(d) legal entity not listed in) (a)) to c), and engaged in

competence in the field of public administration, where this document

the scope of the,




e) physical person performing the competence in the field of public administration,

If a document of this scope,



You can only use recognized electronic signature or recognised

an electronic tag.



(2) to sign or marking of a document in the form of a data message,

through which makes the Act of the person referred to in paragraph 1 (b). a) to

(c) in the performance of the Act) or the scope of the person in the field of public administration

referred to in paragraph 1 (b). (d)), and (e)), may be used only to recognized

an electronic signature or a recognised electronic tag.



(3) a recognized electronic signature means



and) advanced electronic signature based on a qualified certificate

certificate issued by an accredited certification service provider, and

with instructions that allow you to uniquely identify

the signatory;



b) advanced electronic signature based on a qualified certificate

issued by a certification service provider which is established outside the

the territory of the Czech Republic, if the qualified certificate is issued within the

Services held in the list of trusted certificate services as

the service for which the provision is a provider of certification services

accredited, or as a service, over which the provision is carried out

supervision in accordance with the European Union ^ 3a).



(4) a recognized electronic marker means the electronic tag

based on a qualified certificate issued by an accredited system

the provider of certification services.



(5) if in the case of signing or marking the document according to the

paragraph 2 recognized electronic signature or a recognized electronic

tag in the reference format set out in the applicable legislation directly

The European unie9), a person referred to in paragraph 2 in advance



and shall notify the Ministry of existing options) authentication acknowledged

an electronic signature or a recognised electronic tags that meet the

requirements directly applicable European Union legislation ^ 9), and



(b)) shall make available to an unlimited and free use of means capable of

remote access application that will allow instant verification of a recognised

an electronic signature or a recognised electronic tags by letter

and).



§ 12



The elements of a professional certificate



(1) a qualified certificate must contain the



and) indicate that it is issued as a qualified certificate in accordance with this

the law,



(b)) in the case of a legal person, business name or the name and the State in

which is a qualified provider is established; in the case of a natural person

name or name, last name, or tag, and the State in which the

He is a qualified provider is established,



(c)) the name or names, and surname of the person signing or its

the pen name with the indication that it is a pseudonym,



d) special characters of the signatory, if required by the purpose of the

a qualified certificate,



e) signature-verification data which correspond to the data to create

the signature, which are under the control of the signatory;



f) electronic tag provider of certification services based

on a qualified system certificate provider that

a qualified certificate is issued by,



(g) a qualified certificate a unique number) for the provider

certification services,



h) start and end of validity of a qualified certificate,



I) where appropriate, information about whether the use of a qualified certificate

limits according to the nature and extent of specific use



(j)) or limit the values of transactions for which can be qualified

the certificate to use.



(2) restrictions on the use of a qualified certificate referred to in paragraph 1

(a). I) and (j)) must be apparent to third parties.



(3) additional personal data may only be qualified certificate contain just

courtesy of the signatory.



§ 12a



Requirements of a qualified system certificate



Qualified system certificate must contain the



and) indicate that it is issued as a qualified certificate in accordance with

This law,



(b)) in the case of a legal person, business name or the name and the State in

which is a qualified provider is established; in the case of a natural person

name or name, last name, or tag, and the State in which the

He is a qualified provider is established,



c) unique identification indicating the person or resource for the

create an electronic tag



d) electronic tags-verification data which correspond to the data for

the creation of electronic tags, which are under the control of indicating

of the person,



an electronic tag provider) certification services based

on a qualified system certificate provider that

qualified system certificate is issued by,



(f) a qualified system certificate number) unique to that

qualified providers of certification services,



(g)) the beginning and end of validity period of a qualified system certificate,



h) restrictions on the use of a qualified system certificate, and

This restriction must be apparent to third parties.



section 12b



Requirements qualified time stamp



A qualified timestamp must contain



and a qualified timestamp) a number unique to that

qualified providers of certification services,



b) indication of the rules according to which the qualified provider

Certificate Services qualified time stamp issued,



c) in the case of a legal person, business name or the name and the State in

which is a qualified provider is established; in the case of a natural person

name or name, last name, or tag, and the State in which the

He is a qualified provider is established,



d) time value that corresponds to the coordinated universal time

creating a qualified timestamp,



e) data in electronic form, for which it qualified the time

stamp issued



(f) a qualified electronic tag provider) certification

services that a qualified timestamp.



section 13 of the



The obligation of a qualified provider of certification services in

their activities



(1) a qualified certification services provider must terminate the intent

report on its activities to the Ministry at least 3 months prior to the scheduled

the date of termination of the activity, and must make every possible effort to ensure

to register according to § 6 paragraph 1 led. 5 was taken over by another

a qualified provider of certification services. Qualified

the provider of certification services shall demonstrably notify

each signer, indicating that the person and the holder, which

providing its certification services, of its intention to terminate its activities

at least 2 months prior to the scheduled date of termination of the activity.



(2) If a qualified provider of certification services

ensure that the register conducted pursuant to section 6 (1). 5 took over another

qualified certification services provider, is obliged to it

no later than 30 days before the scheduled date of termination of the activities of the Ministry of

report. In this case, the Ministry will take over the registration and shall notify the

the entities concerned.



(3) the provisions of paragraphs 1 and 2 shall apply mutatis mutandis also in the case when

qualified provider of certification services, dies or ceases to

ceases to carry on its activities without being required by

of paragraph 1.



§ 14



Measures to remedy the



(1) if the Ministry that an accredited certification service provider

service or a qualified certification services provider violates the

the obligations established by this Act, impose order within the time limit

He negotiated a remedy and, where appropriate, to determine what measures to remedy deficiencies

This is the provider of certification services shall be obliged to accept.



(2) in the case that an accredited certification service provider

commits a serious breach of the obligations set out in this Act or the

in due time does not remove the shortcomings detected by the Ministry, it is

the Ministry shall be entitled to withdraw the accreditation granted to him.



(3) if the Ministry decides to revoke the accreditation, it may at the same time

decide on the revocation of the certificates issued as qualified

the certification services provider at the time of validity of the accreditation.



§ 15



Cancellation of qualified certificate or a qualified system

certificate



The Ministry may order the qualified provider certification

services as a precautionary measure ^ 7) invalidation of a certificate issued as

qualified, if there are reasonable grounds for believing, that the certificate was

falsified, or if it was issued on the basis of false information. The decision of the

for the revocation of a certificate issued as qualified may be issued

also in the case when it was found that signing or indicating

the person uses a resource for creating a signature, or a resource for

create an electronic tag, which shows a security

the flaws, which would have allowed counterfeiting of advanced electronic

signatures or electronic tags or change podepisovaných or

known data.



section 16 of the



Recognition of foreign qualified certificates



(1) a certificate that is issued by a certification service provider

established in one of the Member States of the European Union, another Contracting


State to the agreement on the European economic area or the Swiss

the Confederacy as a qualified, is a qualified certificate in

the meaning of this Act.



(2) a certificate that is issued as a qualified within the meaning of this

the law of a State other than that referred to in paragraph 1,

a qualified certificate within the meaning of this Act, if



the certification services provider) and meets the conditions of the rights of European

Community ^ 1) and has been accredited to act as an accredited

the provider of certification services in one of the Member States

The European Union, another Contracting State to the agreement on the European economic

area or the Swiss Confederation,



(b)) the provider of certification services established in one Member

States of the European Union, another Contracting State of the agreement on the European

economic area or the Swiss Confederation, which meets the

of the European communities, the conditions of ^ 1) will assume responsibility for

the validity and accuracy of the certificate, to the same extent as for their

qualified certificates



(c)) of the international treaty.



§ 17



Secure the creation and validation of electronic signatures



(1) a means for secure signature-creation device must, with the assistance

the relevant technical and programmatic resources and procedures

at a minimum, ensure that



and) the signature-creation data may occur only once, and that

their secrecy is appropriately secured,



(b)) the signature-creation data could not be inferred from the adequate to ensure

knowledge of how to create them, and the signature is protected against forgery

using existing available technologies,



(c)) the data used for signature generation can be reliably signatory

protected against misuse by a third party.



(2) secure signature-creation device must not alter the data

shall be signed or prevent such data has been made

signer before signing process itself.



(3) a means for secure electronic signatures must be

prior to their use in a safe way and released data for creating

electronic signatures must be in a credible manner in these

resources created or added to them.



(4) a means for secure signature-verification shall, with the assistance

the relevant technical and programmatic resources and procedures

at a minimum, ensure that



and) data used for verifying the signature correspond to the data displayed to the person

performing the verification,



(b)) was the signature is reliably verified and the result of that verification is correctly

displayed,



(c)) that verifies the person could reliably determine the contents of the signed data,



(d) the authenticity and validity of the certificate) in the signature verification are reliably

detected,



(e) the result of the verification and identity) of the signatory to be properly

displayed,



(f)) to use a pseudonym is clearly indicated,



(g)), it was possible to determine any changes affecting safety.



§ 17a



Resources for creating electronic tags



(1) a means for creating electronic tags must help

the relevant technical and programmatic resources and procedures

at a minimum, ensure that



and for the creation of electronic data) brands are adequately

secret and are indicating a person reliably protected against abuse

a third person,



(b)), indicating that the person is informed that launches the application of this

resource.



(2) a means of creating the electronic tags must be set

so that even without further checks, indicating that the person has identified just and only those

data messages that indicate the person to indicate a choice.



(3) the means of creating electronic tags must be protected

against unauthorized modification and must guarantee that any change will be

evident to indicate person.



section 17b



(1) the electronic signature creation Data can be used together with the

a qualified certificate containing data for authentication

electronic signatures corresponding to these data and the data necessarily

necessary for the use of an electronic signature to write to contact

an electronic chip card.



(2) the registration data and a qualified certificate referred to in paragraph 1 is

entitled to the holder of the identity card. The provisions of § 15b paragraph. 2 of the law on

civil licences shall not apply.



section 18



Administrative offences of legal persons



(1) a qualified provider of certification services, which



a) does each could make sure of its identity and its

qualified system certificate pursuant to section 6 (1). 1 (b). and)



(b)) does not ensure that the provision of qualified certification services

performed by people with the expertise and skills necessary for

provided by skilled and familiar with certificate services

the relevant safety procedures,



(c)) from failure safety of sufficient systems and tools

the electronic signature and the practices that these systems and tools

support under section 6 (1). 1 (b). (c)), and (d)), would threaten the safety of the

provided by a qualified certification services



(d)) does not have sufficient financial resources or other financial

by ensuring the operation according to § 6 paragraph 1. 1 (b). (e)), and thus endanger the

the safety provided by a qualified certification services



e) fail to comply with information requirements under section 6 (1). 1 (b). (f)), § 6 (1). 3

or § 13 para. 1,



f) fails to comply with the obligation under section 6 (1). 2, including the transmission of

qualified system certificate for verification, or according to § 13 para.

1 or 2,



g) provide certification services based on other than a written contract,



(h)) does not retain the documents and information referred to in section 6 (1). 5 and 6, or



I) does not ensure retained documents and data from loss, misuse,

destruction or damage under section 6 (1). 6,



the above is fined 10 000 000 CZK.



(2) a qualified certification services provider that issues the

qualified certificates or qualified system certificates and

that



and) does it issued as a qualified certificate contained

all the conditions laid down in this Act,



(b)) does not ensure that the information referred to in certificates issued

qualified are accurate, true and complete,



c) verifies the identity of persons under section 6a of paragraph 1. 1 (b). (c)),



(d) does not ensure the compliance of the data), pursuant to section 6a of paragraph 1. 1 (b). (d)),



(e) does not guarantee the operation of safe and) publicly accessible list

as a qualified certificate and does not ensure its availability and

update in accordance with § 6a of paragraph 1. 1 (b). (e)),



(f)) does not ensure the operation of the safe and publicly accessible list

as a qualified certificate that have been invalidated, even

remote access,



g) does not ensure that the date and time, indicating the hours, minutes, and seconds when

the certificate is issued as a qualified issued or invalidated, they

be precisely identified,



(h) adopt appropriate measures) against misuse and counterfeiting

certificates issued as qualified security provided by

qualified certification services



I) fails to comply with information requirements under section 6a of paragraph 1. 1 (b). I),



j) does not ensure consistency and confidentiality of data in accordance with § 6a of paragraph 1. 2 If this data

for signing or indicating that the person creates,



k) copies and stores the data in accordance with § 6a of paragraph 1. 2 If this data for

signing or indicating that the person creates, or



l) nezneplatní certificate pursuant to section 6a of paragraph 1. 3 and 4, shall be fined in the

the amount of 10 000 000 CZK.



(3) a qualified certification services provider that issues the

qualified time stamps and that



and) does the time stamps it issued as a qualified

contain all the elements provided for in section 12b,



(b)) does not ensure that the timestamp embedded in a qualified time

stamps reflect the value of coordinated universal time when creating

a qualified time stamps,



(c)) does not ensure that the data in electronic form, subject to the

applications for qualified time stamps, match the data in the

electronic form contained in the issued a qualified time

postage,



(d) fails to take the appropriate measures against) counterfeiting of qualified

time stamps, and the security provided by a qualified

certification services,



e) fail to comply with information requirements under section 6b of the paragraph. 1 (b). (e)), or



(f)) shall not issue a qualified timestamp immediately upon receipt of the request for

its release,



the above is fined 10 000 000 CZK.



(4) a qualified certification services provider that issues the

resources for creating secure electronic signatures, and that



and) shall not issue a secure electronic signature creation

safely under § 17 para. 3, or



(b)) does not create these resources or does not add to these resources

electronic signature creation data to trusted manner pursuant to §

Article 17(1). 3,



the above is fined 10 000 000 CZK.



(5) the Accredited providers of certification services that fail to comply with

the obligation of notification according to § article 10A(1). 2 shall be fined up to 10

000 000 CZK.



(6) an accredited certification service provider who violates

the ban issued by the Department pursuant to section article 10A(1). 5 a fine shall be imposed in the amount of

10 000 000 CZK.



§ 18a



Misdemeanors




(1) a qualified certification services provider is guilty of an

violation by



a) does each could make sure of its identity and its

qualified system certificate pursuant to section 6 (1). 1 (b). and)



(b)) does not ensure that the provision of qualified certification services

performed by people with the expertise and skills necessary for

provided by skilled and familiar with certificate services

the relevant safety procedures,



(c)) from failure safety of sufficient systems and tools

the electronic signature and the practices that these systems and tools

support under section 6 (1). 1 (b). (c)) and (b). (d)), would threaten the safety of the

provided by a qualified certification services



(d)) does not have sufficient financial resources or other financial

by ensuring the operation according to § 6 paragraph 1. 1 (b). (e)), and thus endanger the

the safety provided by a qualified certification services



e) fail to comply with information requirements under section 6 (1). 1 (b). (f)), § 6 (1). 3

or § 13 para. 1,



f) fails to comply with the obligation under section 6 (1). 2, including the transmission of

qualified system certificate for verification, or according to § 13 para.

1 or 2,



g) provide certification services based on other than a written contract,



(h)) does not retain the documents and information referred to in section 6 (1). 5 and 6, or



I) does not ensure retained documents and data from loss, misuse,

destruction or damage under section 6 (1). 6.



(2) the Qualified provider of certification services, which issues

qualified certificates or qualified system certificates,

commits the offence by



and) does it issued as a qualified certificate contained

all the conditions laid down in this Act,



(b)) does not ensure that the information referred to in certificates issued

qualified are accurate, true and complete,



c) verifies the identity of persons under section 6a of paragraph 1. 1 (b). (c)),



(d) does not ensure the compliance of the data), pursuant to section 6a of paragraph 1. 1 (b). (d)),



(e) does not guarantee the operation of safe and) publicly accessible list

as a qualified certificate and does not ensure its availability and

update in accordance with § 6a of paragraph 1. 1 (b). (e)),



(f)) does not ensure the operation of the safe and publicly accessible list

as a qualified certificate that have been invalidated, even

remote access,



g) does not ensure that the date and time, indicating the hours, minutes, and seconds when

the certificate is issued as a qualified issued or invalidated, they

be precisely identified,



(h) adopt appropriate measures) against misuse and counterfeiting

certificates issued as qualified security provided by

qualified certification services



I) fails to comply with information requirements under section 6a of paragraph 1. 1 (b). I),



j) does not ensure consistency and confidentiality of data in accordance with § 6a of paragraph 1. 2 If this data

for signing or indicating that the person creates,



k) copies and stores the data in accordance with § 6a of paragraph 1. 2 If this data for

signing or indicating that the person creates, or



l) nezneplatní certificate pursuant to section 6a of paragraph 1. 3 and 4.



(3) a qualified certification services provider that issues the

qualified time stamps, is guilty of an offence by



and) does the time stamps it issued as a qualified

contain all the elements provided for in section 12b,



(b)) does not ensure that the timestamp embedded in a qualified time

stamps reflect the value of coordinated universal time when creating

a qualified time stamps,



(c)) does not ensure that the data in electronic form, subject to the

applications for qualified time stamps, match the data in the

electronic form contained in the issued a qualified time

postage,



(d) fails to take the appropriate measures against) counterfeiting of qualified

time stamps, and the security provided by a qualified

certification services,



e) fail to comply with information requirements under section 6b of the paragraph. 1 (b). (e)), or



(f)) shall not issue a qualified timestamp immediately upon receipt of the request for

its release.



(4) a qualified provider of certification services, which issues

resources for creating secure electronic signatures, is guilty of an

violation by



and) shall not issue a secure electronic signature creation

safely under § 17 para. 3, or



(b)) does not create these resources or does not add to these resources

electronic signature creation data to trusted manner pursuant to §

Article 17(1). 3.



(5) a natural person has committed the offence, that the breach of an obligation

confidentiality under section 6 (1). 7.



(6) for the offences referred to in paragraphs 1 to 4, you can impose a fine of up to 10 000

000.



(7) for the offence referred to in paragraph 5 may be imposed a fine up to $ 250 000.



§ 19



Common provisions



(1) a legal person for an administrative offence is not liable if he proves that

made every effort, that it was possible to require that the infringement of the

a legal obligation is prevented.



(2) in determining the amount of the fine on a legal person shall take account of the seriousness of the

the administrative offense, in particular, the way a criminal offence and its consequences, and

the circumstances under which it was committed.



(3) the liability of a legal person for an administrative offense shall cease, if the

administrative authority about him has not initiated proceedings within 1 year from the date on which it

learned, but not later than within 3 years from the date on which it was committed.



(4) administrative offences under this law in the first instance hearing

by the Ministry.



(5) The liability for the acts, which took place in the business

person ^ 8) or in direct connection with the applicable provisions of the Act

on the liability of legal persons and sanctions.



(6) the proceeds of the fines is the State budget revenue.



section 20



Powers of execution



(1) the Ministry shall determine the implementing regulation way meet

information obligation according to § 6 paragraph 1. 1 (b). and), and (f)) and paragraph 2. 3,

qualification requirements under section 6 (1). 1 (b). (b)), the requirements for

safe systems and safe tools according to § 6 paragraph 1. 1 (b). (c)), and (d)),

the method of storage of information and documentation according to § 6 paragraph 1. 5 and 6 and

the way to meet these requirements.



(2) the Ministry of the implementing regulation lays down the method for verifying the

According to the data in accordance with § 6a of paragraph 1. 1 (b). (d)), the way of ensuring the safety of

the lists pursuant to section 6a of paragraph 1. 1 (b). e) and (f)), specifying the date and time in accordance with § 6a

paragraph. 1 (b). (g)), the particulars of the measures pursuant to section 6a of paragraph 1. 1 (b). (h)),

How to fulfil the information obligations, pursuant to section 6a of paragraph 1. 1 (b). I),

way to protect and ensure the consistency of the data in accordance with § 6a of paragraph 1. 2 way

revocation of the certificate pursuant to section 6a of paragraph 1. 3 and 4 and the way in which the

compliance with these requirements.



(3) the Ministry shall determine the implementing regulation to ensure

the accuracy of the time when you create a qualified time stamp pursuant to §

6B of the paragraph. 1 (b). (b)), to ensure consistent data according to § 6b of the paragraph. 1

(a). (c)), Essentials of the measures referred to in paragraph 6b of the paragraph. 1 (b). (d)), the way

compliance with information obligations under paragraph 6b of the paragraph. 1 (b). (e)) and the way

How to meet these requirements.



(4) the Ministry of the implementing regulation lays down the structure of the data,

on the basis of which a person can be uniquely identified, and procedures

for the verification of the validity of the advanced electronic signature, electronic

brand, a qualified certificate a qualified system

certificate and a qualified timestamp.



(5) the Ministry shall determine the implementing regulation to ensure

procedures which resources must support the creation and

authentication of electronic signatures for data protection for building

electronic signatures under section 17 and the means for creating

electronic tags when protecting data for creating electronic

brands under § 17a, and how they are meeting these requirements

illustrated by.



PART TWO



cancelled



section 21



cancelled



PART THREE



cancelled



section 22



cancelled



PART FOUR



cancelled



Article 23 of the



cancelled



PART FIVE



To change the code of civil procedure



section 24



Act No. 99/1963 Coll., the code of civil procedure as amended by Act No. 36/1967

Coll., Act No. 158/1969 Coll., Act No. 50/1973 Coll., Act No. 20/1975

Coll., Act No. 135/1982 Coll., Act No. 180/1990 Coll., Act No. 328/1991

Coll., Act No. 519/1991 Coll., Act No. 263/1992 Coll., Act No. 24/1993

Coll., Act No. 171/1993 Coll., Act No. 114/1994 Coll., Act No. 152/1994

Coll., Act No. 216/1994, Coll., Act No. 84/1995 Coll., Act No. 118/1995

Coll., Act No. 160/1995 Coll., Act No. 237/1995 Coll., Act No. 247/1995

Coll., Constitutional Court No. 31/1996 Coll., Act No. 142/1996 Coll.,

Constitutional Court No. 269/1996 Coll., Act No. 202/1997 Coll., Act

No. 227/1997 Coll., Act No. 15/1998 Coll., Act No. 91/1998 Coll., Act

No 165/1998 Coll., Act No. 326/1999 Coll., Act No. 360/1999 Coll., the award

The Constitutional Court No 2/2000 Coll., Act No. 27/2000 Coll., Act No. 30/2000

Coll., Act No. 46/2000 Coll., Act No. 105/2000 Coll., Act No. 130/2000

Coll., Act No. 155/2000 Coll. and Act No. 220/2000 is amended as follows:



In § 42 para. 1 the first sentence reads: "the Administration it is possible to do so in writing, Word of mouth

in the log, in electronic form, signed electronically by

the specific legislation, by telegram or by fax. ".




PART SIX



Amendment to the criminal procedure code



§ 25



Act No. 141/1961 Coll., on criminal court proceedings (code of criminal procedure), in

amended by Act No. 59/1965 Coll., Act No. 58/1969 Coll., Act No. 149/1969

Coll., Act No. 48/1973 Coll., Act No. 29/1978 Coll., Act No. 43/1980

Coll., Act No. 159/1989 Coll., Act No. 175/1990 Coll., Act No. 303/1990

Coll., Act No. 563/1991 Coll., Act No. 25/1993 Coll., Act No. 115/1993

Coll., Act No. 293/1993 Coll., Act No. 154/1994 Coll., constitutional

Court No. 214/1994 Coll., Constitutional Court No. 8/1995 Coll., Act No.

152/1995 Coll., Act No. 151/1997 Coll., Act No. 209/1997 Coll., Act No.

148/1998 Coll., Act No. 166/1998 Coll., Act No. 191/1999 Coll., Act No.

29/2000 Coll. and Act No. 30/2000 Coll., is amended as follows:



In section 59 paragraph 1 reads:



"(1) the administration shall be assessed according to their content, even if it is incorrectly

marked. You can do so in writing, orally, in electronic

the form of a signed electronically in accordance with special regulations, cable,

by telefax or telex.



PART SEVEN



Amendment of the Act on the protection of personal data



section 26



Act No. 101/2000 Coll., on the protection of personal data and on amendments to certain

laws, is amended as follows:



In section 29, the following paragraph 4 is added:



"(4) the authority granted and withdrawing accreditation to operate as an accredited

the provider of certification services and performs supervision over compliance with

the obligations laid down by the law on electronic signature. ".



PART EIGHT



Amendment of the Act on administrative fees



section 27 of the



Act No. 368/1992 Coll., on administrative fees, as amended by Act No.

10/1993 Coll., Act No. 72/1994 Coll., Act No. 85/1994 Coll., Act No.

273/1994 Coll., Act No. 36/1995 Coll., Act No. 118/1995 Coll., Act No.

160/1995 Coll., Act No. 301/1995 Coll., Act No. 151/1997 Coll., Act No.

305/1997 Coll., Act No. 148/1998 Coll., Act No. 157/1998 Coll., Act No.

167/1998 Coll., Act No. 63/1999 Coll., Act No. 167/1999 Coll., Act No.

167/1999 Coll., Act No. 222/1999 Coll., Act No. 326/1999 Coll., Act No.

353/1999 Coll., Act No. 359/1999 Coll., Act No. 360/1999 Coll., Act No.

363/1999 Coll., Act No. 46/2000 Coll., Act No. 62/2000 Coll., Act No.

117/2000 Coll., Act No. 133/2000 Coll., Act No. 151/2000 Coll., Act No.

153/2000 Coll., Act No. 155/2000 Coll., Act No. 155/2000 Coll. and act

No. 158/2000 is amended as follows:



1. In the annex to the Act (schedule of administration fees) the following new

Part XII:



"PART XII



MANAGEMENT ACCORDING TO THE LAW ON ELECTRONIC SIGNATURE



Item 162



and submission of the application for accreditation), the provider of certification services

$ 100000.0-



b) submission of the electronic tools compliance assessment

signature with the requirements of $ 10000.0-. ".



2. the registry shall be added to the TARIFF, part XII:



"PART XII



Management according to the law on electronic signature 162. ".



3. Dot for part XI shall be deleted.



PART NINE



The EFFECTIVENESS of the



section 28



This Act shall take effect on the first day of the third calendar month after

the date of its publication.



Klaus r.



Havel, v. r.



Zeman in r.



Selected provisions of the novel



Article II of Act No. 440/2004 Sb.



Transitional provisions



Providers of certification services, to which accreditation was granted to the

as an accredited certification service provider prior to the

the effective date of this Act, are required to customize the service

the issue of qualified certificates, Act No. 227/2000 Coll., on the

electronic signature and amending some other acts (the Act on

electronic signature), as amended by article. (I) this Act, up to 1. July

2005.



Article. XXIX of law No 223/2009 Sb.



Transitional provision



The proceedings initiated before the date of entry into force of this law, and to this

the day the unfinished completes and the rights and obligations related to

assessed according to the existing legislation.



1) European Parliament and Council Directive 99/93/EC of 13 April 2004. December

1999 on a Community framework for electronic signatures.



1A) Act No. 40/1964 Coll., the civil code, as amended

regulations.



2A) section 10 of Act No. 40/1964 Coll., the civil code, as amended

regulations.



3) Act No. 101/2000 Coll., on the protection of personal data and on amendments to certain

laws.



3A) decision of the Commission of the European communities 2009/767/EC of 16 December 2002.

October 2009 laying down measures to facilitate the use of the procedures with

by electronic means through the "uniform

contact points "according to the directive of the European Parliament and of the Council

2006/123/EC on services in the internal market.



5) Act No. 368/1992 Coll., on administrative fees, as amended

regulations.



7) section 43 of Act No. 71/1967 Coll., on administrative proceedings (administrative code), in

as amended.



8) § 2 (2). 2 of the Act No. 513/1991 Coll., the commercial code, as amended by

amended.



9) Commission decision 2011/130/EC of 25 March 2002. February 2011

laying down minimum standards for the cross-border processing of documents

electronically signed by the competent authorities in accordance with Directive 2006/123/EC

The European Parliament and of the Council on services in the internal market.