227/2000 Coll.
LAW
of 29 April 2004. June 2000
on electronic signature and amending some other acts
(Act on electronic signature)
Change: 226/2002 Sb.
Change: 517/2002 Sb.
Change: 440/2004 Sb.
Change: 635/2004 Sb.
Change: 501/2004 Coll., 444/2005 Sb.
Change: 110/2007 Sb.
Change: 124/2008 Sb.
Change: 190/2009 Sb.
Change: 223/2009 Sb.
Change: 101/2010 Sb.
Change: 227/2009 Sb.
Change: 424/2010 Sb.
Change: 281/2009 Sb.
Change: 424/2010 Coll. (part)
Change: 167/2009 Sb.
Change: 89/2009 Sb.
Change: 64/2014 Sb.
Parliament has passed the following Act of the United States:
PART THE FIRST
ELECTRONIC SIGNATURE
§ 1
The purpose of the law
This Act regulates in accordance with the law of the European Communities ^ 1)
the use of an electronic signature, electronic tags, to provide
certification services and related services providers established on
the territory of the Czech Republic, the duties provided for in this law and the
penalties for violation of the obligations laid down in this law.
§ 2
The definition of some terms
For the purposes of this Act, means the
and) electronic signature information in electronic format, which are
connected to a data message, or are logically associated with it that are used
as a method to uniquely authenticate the identity of the signatory in respect of
the data report,
(b)), an advanced electronic signature, an electronic signature that meets the
the following requirements
1. is uniquely linked to the signatory;
2. allows you to identify the signatory in relation to the data message,
3. was created and appended to a data message by means of which
the signatory can maintain under his sole control,
4. is the data message to which it relates is connected in such a way
It is possible to detect any subsequent change of the data
c) electronic marker data in electronic form, that are
connected to a data message, or are logically associated with it and that
meet the following requirements
1. are uniquely associated with indicating the person and allow you to
identification through a qualified system certificate,
2. have been created and appended to a data message by means of
create electronic tags that indicate the person can keep it under
his sole control,
3. are the data message to which it is subject, attached to such
in a way, it is possible to detect any subsequent change of the data
(d) electronic data message) data that can be transmitted by means of
electronic communications and the retention on technical data carriers,
used in the processing and the transmission of data by electronic means, as well as
data stored on the technical media in the form of a data file
e) signer is a natural person who is the holder of the device for
the creation of electronic signatures and acts on behalf of his or on behalf of another
natural or legal persons,
f) indicating the person natural person, legal person or organizational
the State, which holds a means of creating electronic tags
and indicates a data message, an
g) a holder of a natural person, legal person, or
the branch of the State that has asked for the release of a qualified
certificate or a qualified system certificate for yourself or
for signing or indicating that the person and that the certificate was issued,
h) a provider of certification services means any natural person, legal person
or organisational unit of the State that issues the certificates and the results of their
Register, or provides other services related to electronic
signatures,
I) qualified provider of certification services provider
certification services, which issues a qualified certificate, or
qualified system certificates or qualified time stamps
or the means to secure electronic signatures (hereinafter referred to as
"qualified certification services") and has complied with the obligation to declare
According to § 6,
j) accredited provider of certification services provider
certification services, which has been granted accreditation under this
the law,
k) certificate data message that is released by the provider
certification services, connects to the data for electronic authentication
signatures with the signatory and allows you to verify her identity, or
combines data for authentication of electronic markers that indicate the person and
allows you to verify its identity,
l) qualified certificate a certificate that has the requirements pursuant to §
12 and was issued by a qualified provider of certification services,
m) by a qualified system certificate a certificate that has the
requirements under section 12a and was issued by a qualified provider
certification services,
n) electronic signature creation data unique to the data that
used by the signatory to create an electronic signature,
about)-verification of electronic signatures unique to the data that is
used for the verification of the electronic signature,
p) data for creating electronic tags unique to the data that
indicating that the person uses to create an electronic tag
q) data for electronic tags unique authentication data that is
used to verify the electronic tags,
r) qualified time-stamped data message issued by
qualified certification services provider and trusted
way the data in electronic form with the time at the moment, and
ensures that the data in electronic form existed before the
the time at the moment
with) creation of electronic signatures technical equipment
or software, which is used to create an electronic
signatures,
t) means for authentication of electronic signatures technical equipment
or software that is used to authenticate the electronic
signatures,
u) means for safe electronic signature creation resource
for creating an electronic signature that satisfies the requirements laid down
This law,
in the secure authentication) electronic signature means
for the verification of the signature that complies with the requirements established by this Act,
w) electronic signature tool, technical equipment or software
equipment, or components thereof, used by the provider of certification
services for the creation or verification of electronic signatures, or for
provide certification services,
x) means to create an electronic tag device that
used to indicate the person for creating electronic tags and that
complies with the other conditions laid down in this Act,
s) accreditation certificate, the certification service provider meets
the conditions established by this Act for the performance of the activities of the accredited
the provider of certification services.
§ 3
Compliance with signature requirements
(1) the data message is signed, if it is fitted with an electronic
signature. If proven otherwise, it shall be deemed that the signer
person before signing a data message with its contents.
(2) the use of advanced electronic signature based on a
a qualified certificate and created by the resource for the safe
creating a signature helps verify that the data message was signed by a person
on this the qualified certificate.
section 3a
(1) the use of electronic tags based on a qualified system
the certificate and which are created using the resource for creating electronic
the tag enables you to verify that the data has identified this e-mail message
marker denoting the person.
(2) if the person has identified the data indicating that the message, it is considered that such a
made in an automated fashion without direct verification of the content of a data message and
It expressed its will.
§ 4
Compliance with the original
The use of advanced electronic signature or electronic tags
ensures that if there is a violation of the content of a data message from the moment
It was signed or marked, this violation will be traced.
§ 5
The obligation of the signatory
(1) the signatory is required to
and) deal with resources, as well as with data for creating the guaranteed
electronic signature with due care to prevent their
unauthorized use,
(b) without delay, notify the provider) certification services, which issued the
qualified certificate, showing that the risk of misuse of its data
for creating advanced electronic signature.
(2) for damage caused by the violation of the obligations referred to in paragraph 1 corresponds to the
the signatory under special legislation. ^ 1a) Liability
However, relieved, if he proves that the one who has suffered damage, did not
all acts necessary to verify that the advanced electronic
the signature is valid, and its qualified certificate has not been invalidated.
Section 5a
The obligation to indicate the person
(1) indicating that the person is required to
and deal with the means) as well as with data to create an electronic
brands with due care to prevent their unauthorized
use,
(b) without delay, notify the provider) certification services, which issued the
qualified system certificate, showing that there is a risk of abuse
its data for creating electronic tags.
(2) to indicate that the person is required to ensure that a means of creating
electronic tags, which used, complies with the requirements
This Act.
(3) for damage caused by the violation of the obligations referred to in paragraph 1 corresponds to the
to indicate the person, even if the damage was not caused by, according to a special legal
^ 1a) regulations, liability for defects under the specific legislation is not
without prejudice to the. ^ 1a), however, relieved of Liability If he proves that the one whom
damage, did not perform any acts necessary to ensure
that the electronic tag is valid and its qualified
certificate has not been invalidated.
section 5b
Obligations of the holder of the certificate
The certificate holder shall without undue delay submit accurate,
true and complete information to the provider of certification services in
relation to the qualified certificate and in relation to a qualified
the system certificate.
§ 6
Qualified provider of certification services
(1) a qualified certification services provider is obliged to
and) to ensure that each could make sure of its identity and its
qualified system certificate, which indicates the issued
qualified certificates or qualified system certificates and
lists of certificates that have been invalidated, or qualified time
stamps,
(b)) to ensure that the provision of qualified certification services
performed by people with the expertise and skills necessary for
the provision of qualified and familiar with certificate services
the relevant safety procedures,
(c)) use safe systems and safe electronic tools
the signing, to ensure adequate safety procedures, that these systems and
tools support, and to ensure that sufficient security of the cryptographic
These tools; systems and tools are considered safe, if
comply with the requirements provided by this Act and implementing regulations,
or if they meet the requirements of the technical standards referred to in decision
The Commission issued pursuant to article 3 (5) of Directive 99/93/EC,
d) use safe systems for the retention of qualified certificates
and qualified system certificates or qualified time
the stamps in a verifiable form so that it records, or their
changes can only be performed by authorised persons, in order to check
the accuracy of the records, and in order to any technical or programmatic changes
that violate these security requirements are apparent,
e) have throughout its activities sufficient financial
resources or other financial security to operate in conformity with the requirements of
set out in this Act and having regard to the risk of liability for
damage,
f) before concluding the contract on the provision of qualified certification
services with the person asking for the provision of services under this Act;
inform that person in writing of the exact conditions for the use of
qualified certification services, including any restrictions for
their use, on terms of complaints and disputes and the solution
whether it is or is not accredited by the Ministry of the Interior (hereinafter referred to as
"the Ministry") under section 10; This information can be passed electronically.
(2) If a provider of accredited certification services
the Ministry is obliged to report to the Ministry at least 30 days before the
the start of the qualified certificate services, that it will
provide, and the moment when its provision will launch. At the same time passes
Ministry to verify your qualified system certificate referred to
in paragraph 1 (b). and).
(3) if the qualified providers of certification services,
that earned the accreditation pursuant to § 10 of this Act, accreditation
the Ministry revoked, it shall without delay inform the
the fact the bodies to which it gives its qualified certification
services, and other interested parties.
(4) a qualified provider of certification services provides services
under this Act, on the basis of the Treaty. The contract must be in writing.
(5) the Qualified certification services provider shall keep the documents
associated with the provided qualified certification services
under this law, in particular
and) qualified contract of certificate services, including
the application for provision of the service,
(b) a qualified certificate) issued by issued by qualified system
certificate, or issued by a qualified timestamp,
(c) a copy of the submitted personal documents) of the signatory or documents,
on the basis of the person's identity has been verified, indicating,
d) acknowledgement of receipt of a qualified certificate, or
qualified system certificate holder or his
consent to publication of a qualified certificate in the list issued by the
qualified certificates
e) statement of the certificate holder that he be provided with
information referred to in paragraph 1 (b). (f)),
f) documents and records related to the life cycle of the issued
a qualified certificate or a qualified system
the certificate, which shall specify the details to implementing decree.
(6) the Discarding period-related documents provided by the
qualified certification services under this Act, which
maintains a qualified certification services provider, is 10 years.
After this deadline, the qualified provider of certification services
stores for the next 20 years of data to allow the unambiguous
the identification of the person signing or indicating that the person in the range name,
where appropriate, the name, last name, social security number or date of birth and the number
the document on which to base the signer's identity has been verified, and
qualified certificates issued or qualified system
certificates. Qualified provider is obliged to ensure that it
the documents referred to in paragraph 5 that is maintained and the information referred to in the second sentence before
loss, misuse, destruction or damage. All the documents referred to in
the first sentence may be a qualified provider of certification services
to take and store in electronic form. If this law
otherwise, they shall be taken in the handling of the documents contained
According to the law on Archives and records service.
(7) a qualified certification services provider shall forward the lists
certificate revocation in a given year, which were released as
qualified, the Ministry, within the time limit until 31 December 2006. January calendar
the year following the expiration of 10 years from the end of the calendar year in
where were these lists issued.
(8) employees of a qualified provider of certification services,
or other natural persons that come into contact with personal data
and electronic signature creation data signers and
electronic tags identifying the persons are required to maintain the
the confidentiality of such information and data, and the security precautions
the publication of which would compromise the security of this information and data.
Obligation of confidentiality shall survive after termination or other
like employment or after you complete the work; the said persons
can get rid of the NDA, in whose interest this obligation, or
the Court.
§ 6a
The obligation of a qualified provider of certification services in
issuing qualified certificates and qualified system
certificates
(1) a qualified certification services provider that issues the
qualified certificates or qualified system certificates
(hereinafter referred to as "certificates that are issued as a qualified") is required to
and) to ensure that certificates issued by him as qualified to contain
all the conditions laid down in this Act,
(b)) to ensure that the information referred to in the certificates it issues as
qualified are accurate, true and complete,
c) before issuing a certificate as a qualified securely verify
appropriate means the identity of the person signing or the identity of the
denoting persons, or even its special characters, if required by the purpose of the
such a certificate,
(d)) to determine whether at the time of submission of the application for the issue of a certificate as
qualified signer had data for creating
electronic signatures corresponding to the authentication of electronic data
signatures or indicating that the person the data for creation of electronic tags
the corresponding data for the verification of electronic tags, which contains
application for issue of the certificate,
e) ensure the operation of the safe and publicly accessible list
as a qualified certificate, to whose publication gave
the holder of the certificate of approval in accordance with § 6 para. 5 (b). (d)), and
to ensure the availability of this list as well as remote access and data in
the list contained whenever the update without undue delay,
f) ensure the operation of the safe and publicly accessible list
as a qualified certificate that have been invalidated, even
remote access,
g) to ensure that the date and time, indicating the hours, minutes, and seconds when
the certificate is issued as a qualified issued or invalidated, they
be precisely identified,
h) take appropriate measures against misuse and forgery of certificates
issued as a qualified,
I) provide upon request to third parties the relevant information about
conditions for the use of the certificates issued as qualified,
including restrictions for their use, and information about whether or not it is
accredited by the Ministry; This information can be provided electronically.
(2) If a qualified provider of certification services, which
issues certificates as qualified, creates to the signer
electronic signature creation data or indicating that the person
data for the creation of electronic tags,
and must ensure the confidentiality of these) data before passing it, this
copy and retain data longer than necessary,
(b)) must guarantee that this data reflects data for authentication
electronic signature or electronic authentication data for brands.
(3) a qualified certification services provider that issues the
certificates as qualified, shall immediately void the certificate,
If the holder of the signatory or the person requested, indicating
or if you realize that the risk of misuse of their data for
create electronic signatures or electronic tags, or in
If the certificate was issued on the basis of false or erroneous
of the data.
(4) a qualified provider of certification services shall also
shall immediately void the certificate issued by a qualified, if he
proven that signing or indicating that the person died or
ceased to exist or the court competence to perform legal acts got rid of or
restricted, ^ 2a) or, if the information on the basis of which the certificate was issued,
affidavit of truthfulness.
§ 6b
The obligation of a qualified provider of certification services in
issuing qualified time stamps
(1) a qualified certification services provider that issues the
qualified time stamps, is obliged to
and) to ensure that the time stamps it issued as a qualified
contained all the conditions laid down in this Act,
(b)) to ensure that the timestamp embedded in a qualified time
stamps reflect the value of coordinated universal time when creating
a qualified time stamps,
(c)) to ensure that the data in electronic form, subject to the
applications for qualified time stamps, clearly
correspond to the data in electronic form contained in the issued
a qualified timestamp,
d) take appropriate measures against counterfeiting of qualified
time stamps
(e)) to provide to third parties upon request, relevant information about
conditions for the use of qualified time stamps, including
restrictions for their use and the information about whether or not it is
accredited by the Ministry; This information can be provided electronically.
(2) a qualified certification services provider shall issue a qualified
time stamp, immediately upon receipt of the request for his extradition.
§ 7
Liability for damage
(1) for damage caused by the violation of the obligations laid down in this Act
corresponds to a qualified provider of certification services in accordance with
special legislation. ^ 1a)
(2) the Qualified provider of certification services is not responsible for
damage resulting from the use of a certificate issued by a qualified,
that as a result of failure to comply with restrictions on its use in accordance with § 12
paragraph. 1 (b). I) and (j)) and section 12a (e). (h)).
§ 8
Protection of personal data
Protection of personal data is governed by special legislation. ^ 3)
§ 9
Accreditation
(1) the granting of accreditation to operate as an accredited provider
certification services, as well as control over compliance with this Act
It belongs to the Ministry.
(2) the Ministry of
and grants and withdrawing of accreditation) to operate as an accredited
the provider of certification services to entities acting on the territory of the Czech
Republic,
(b)) shall exercise control over the activities of accredited providers
certification services and qualified providers of certification
services, stores them remedial measures and penalties for breach of the obligations
under this Act,
(c) keep records of accreditations awarded) and their amendments, and the register
qualified providers of certification services,
d) keeps records of issued qualified system certificates,
that uses a qualified provider of certification services under section
6 (1). 1 (b). and) and which were in accordance with § 6 para. 2 validated
the Ministry,
e) continuously publishes an overview of granted accreditation overview
qualified certification service providers and their
skilled services and qualified system certificates according to the
subparagraph (d)), and even manner allowing remote access,
f) evaluates the conformity of the instruments with the requirements of the electronic signature
laid down by this law and implementing regulations,
(g)), and exposes the way allowing remote access list
trusted certification services according to the legislation of the European
Community ^ 3a)
h) exposes the way allowing remote access information about
the conditions of validation of the acclaimed electronic signature or recognised by the
electronic tags, including links to applications under section 11 (1) 5,
I) fulfils other duties established by this Act.
§ 10
The conditions for granting accreditation to provide certification services
(1) every provider of certification services may ask the Ministry of
for accreditation for the pursuit of the activity of an accredited provider
certification services.
(2) the request for approval referred to in paragraph 1, the applicant must demonstrate
and in the case of a legal person) the business name or the name, registered office,
where appropriate, the address of the business folder foreign persons in the territory of the United
of the Republic, and the identification number of the person of the applicant has been allocated; in
the case of a physical person, the name, or names, last name, or
addition, place of establishment, place of business, if different from the location
of establishment, and the identification number of the person of the applicant has been allocated, the
(b)), proof of permission to the business activities and the person registered in the
the Register also extract from commercial register not older than 3
of the month
(c)) substantive, personnel and organizational prerequisites for activity
qualified providers of certification services in accordance with § 6, 6a and 6b
This law,
(d)) as an indication that the certificate services qualified plans to applicant
provide.
(3) if the application does not contain all the required information, the Ministry of
shall stay the proceedings and ask the applicant to it within a specified period.
If the applicant fails to do so within that period, the Department of management of the stops.
(4) if the applicant complies with all the conditions prescribed by this Act for
the granting of accreditation, it shall issue a decision his Department accreditation
It grants. Otherwise, it shall reject the application for accreditation.
Accreditation of the certification services provider is created also a waste
expiry of the period and in the manner referred to in section 28 to 30 of the law on the free movement of
services.
section 10a
The conditions for the extension of the services of an accredited provider
certification services
(1) an accredited certification service provider may extend the
the provision of qualified certification services on the issue of
qualified certificates qualified system certificates,
qualified time stamps or on the issue of funding for the
creation of electronic signatures under this Act (hereinafter referred to as
"distributed services").
(2) an accredited certification service provider is obliged to
the extension referred to in paragraph 1, notify the Ministry so that the Ministry of
notice received at least 4 months before the commencement of the provision of services.
(3) in the notice must be an accredited provider of certification services
demonstrate in-kind, personnel and organizational prerequisites for ensuring
distributed services.
(4) if they can demonstrate an accredited certification service provider
the facts referred to in paragraph 3, or if these facts are incomplete
or inaccurate, Ministry to an accredited provider
certification service warns that unless these defects within the time limit,
to be determined, removed, by decision of the expansion of the services disabled.
(5) the Ministry notified the extension disables, if an accredited
the provider of certification services did not meet all the conditions prescribed
This Act for the provision of distributed services.
(6) on the prohibition of the provision of qualified certification extension
services will issue a decision by the Ministry within 90 days from the time
When it received the notification.
§ 11
(1) to sign or marking of a document in the form of a data message,
which makes the Act against
and the State)
(b) the territorial samosprávnému unit)
(c)) legal person established by law or established by the State-based
the territorial Government or a legal person established under the law,
(d) legal entity not listed in) (a)) to c), and engaged in
competence in the field of public administration, where this document
the scope of the,
e) physical person performing the competence in the field of public administration,
If a document of this scope,
You can only use recognized electronic signature or recognised
an electronic tag.
(2) to sign or marking of a document in the form of a data message,
through which makes the Act of the person referred to in paragraph 1 (b). a) to
(c) in the performance of the Act) or the scope of the person in the field of public administration
referred to in paragraph 1 (b). (d)), and (e)), may be used only to recognized
an electronic signature or a recognised electronic tag.
(3) a recognized electronic signature means
and) advanced electronic signature based on a qualified certificate
certificate issued by an accredited certification service provider, and
with instructions that allow you to uniquely identify
the signatory;
b) advanced electronic signature based on a qualified certificate
issued by a certification service provider which is established outside the
the territory of the Czech Republic, if the qualified certificate is issued within the
Services held in the list of trusted certificate services as
the service for which the provision is a provider of certification services
accredited, or as a service, over which the provision is carried out
supervision in accordance with the European Union ^ 3a).
(4) a recognized electronic marker means the electronic tag
based on a qualified certificate issued by an accredited system
the provider of certification services.
(5) if in the case of signing or marking the document according to the
paragraph 2 recognized electronic signature or a recognized electronic
tag in the reference format set out in the applicable legislation directly
The European unie9), a person referred to in paragraph 2 in advance
and shall notify the Ministry of existing options) authentication acknowledged
an electronic signature or a recognised electronic tags that meet the
requirements directly applicable European Union legislation ^ 9), and
(b)) shall make available to an unlimited and free use of means capable of
remote access application that will allow instant verification of a recognised
an electronic signature or a recognised electronic tags by letter
and).
§ 12
The elements of a professional certificate
(1) a qualified certificate must contain the
and) indicate that it is issued as a qualified certificate in accordance with this
the law,
(b)) in the case of a legal person, business name or the name and the State in
which is a qualified provider is established; in the case of a natural person
name or name, last name, or tag, and the State in which the
He is a qualified provider is established,
(c)) the name or names, and surname of the person signing or its
the pen name with the indication that it is a pseudonym,
d) special characters of the signatory, if required by the purpose of the
a qualified certificate,
e) signature-verification data which correspond to the data to create
the signature, which are under the control of the signatory;
f) electronic tag provider of certification services based
on a qualified system certificate provider that
a qualified certificate is issued by,
(g) a qualified certificate a unique number) for the provider
certification services,
h) start and end of validity of a qualified certificate,
I) where appropriate, information about whether the use of a qualified certificate
limits according to the nature and extent of specific use
(j)) or limit the values of transactions for which can be qualified
the certificate to use.
(2) restrictions on the use of a qualified certificate referred to in paragraph 1
(a). I) and (j)) must be apparent to third parties.
(3) additional personal data may only be qualified certificate contain just
courtesy of the signatory.
§ 12a
Requirements of a qualified system certificate
Qualified system certificate must contain the
and) indicate that it is issued as a qualified certificate in accordance with
This law,
(b)) in the case of a legal person, business name or the name and the State in
which is a qualified provider is established; in the case of a natural person
name or name, last name, or tag, and the State in which the
He is a qualified provider is established,
c) unique identification indicating the person or resource for the
create an electronic tag
d) electronic tags-verification data which correspond to the data for
the creation of electronic tags, which are under the control of indicating
of the person,
an electronic tag provider) certification services based
on a qualified system certificate provider that
qualified system certificate is issued by,
(f) a qualified system certificate number) unique to that
qualified providers of certification services,
(g)) the beginning and end of validity period of a qualified system certificate,
h) restrictions on the use of a qualified system certificate, and
This restriction must be apparent to third parties.
section 12b
Requirements qualified time stamp
A qualified timestamp must contain
and a qualified timestamp) a number unique to that
qualified providers of certification services,
b) indication of the rules according to which the qualified provider
Certificate Services qualified time stamp issued,
c) in the case of a legal person, business name or the name and the State in
which is a qualified provider is established; in the case of a natural person
name or name, last name, or tag, and the State in which the
He is a qualified provider is established,
d) time value that corresponds to the coordinated universal time
creating a qualified timestamp,
e) data in electronic form, for which it qualified the time
stamp issued
(f) a qualified electronic tag provider) certification
services that a qualified timestamp.
section 13 of the
The obligation of a qualified provider of certification services in
their activities
(1) a qualified certification services provider must terminate the intent
report on its activities to the Ministry at least 3 months prior to the scheduled
the date of termination of the activity, and must make every possible effort to ensure
to register according to § 6 paragraph 1 led. 5 was taken over by another
a qualified provider of certification services. Qualified
the provider of certification services shall demonstrably notify
each signer, indicating that the person and the holder, which
providing its certification services, of its intention to terminate its activities
at least 2 months prior to the scheduled date of termination of the activity.
(2) If a qualified provider of certification services
ensure that the register conducted pursuant to section 6 (1). 5 took over another
qualified certification services provider, is obliged to it
no later than 30 days before the scheduled date of termination of the activities of the Ministry of
report. In this case, the Ministry will take over the registration and shall notify the
the entities concerned.
(3) the provisions of paragraphs 1 and 2 shall apply mutatis mutandis also in the case when
qualified provider of certification services, dies or ceases to
ceases to carry on its activities without being required by
of paragraph 1.
§ 14
Measures to remedy the
(1) if the Ministry that an accredited certification service provider
service or a qualified certification services provider violates the
the obligations established by this Act, impose order within the time limit
He negotiated a remedy and, where appropriate, to determine what measures to remedy deficiencies
This is the provider of certification services shall be obliged to accept.
(2) in the case that an accredited certification service provider
commits a serious breach of the obligations set out in this Act or the
in due time does not remove the shortcomings detected by the Ministry, it is
the Ministry shall be entitled to withdraw the accreditation granted to him.
(3) if the Ministry decides to revoke the accreditation, it may at the same time
decide on the revocation of the certificates issued as qualified
the certification services provider at the time of validity of the accreditation.
§ 15
Cancellation of qualified certificate or a qualified system
certificate
The Ministry may order the qualified provider certification
services as a precautionary measure ^ 7) invalidation of a certificate issued as
qualified, if there are reasonable grounds for believing, that the certificate was
falsified, or if it was issued on the basis of false information. The decision of the
for the revocation of a certificate issued as qualified may be issued
also in the case when it was found that signing or indicating
the person uses a resource for creating a signature, or a resource for
create an electronic tag, which shows a security
the flaws, which would have allowed counterfeiting of advanced electronic
signatures or electronic tags or change podepisovaných or
known data.
section 16 of the
Recognition of foreign qualified certificates
(1) a certificate that is issued by a certification service provider
established in one of the Member States of the European Union, another Contracting
State to the agreement on the European economic area or the Swiss
the Confederacy as a qualified, is a qualified certificate in
the meaning of this Act.
(2) a certificate that is issued as a qualified within the meaning of this
the law of a State other than that referred to in paragraph 1,
a qualified certificate within the meaning of this Act, if
the certification services provider) and meets the conditions of the rights of European
Community ^ 1) and has been accredited to act as an accredited
the provider of certification services in one of the Member States
The European Union, another Contracting State to the agreement on the European economic
area or the Swiss Confederation,
(b)) the provider of certification services established in one Member
States of the European Union, another Contracting State of the agreement on the European
economic area or the Swiss Confederation, which meets the
of the European communities, the conditions of ^ 1) will assume responsibility for
the validity and accuracy of the certificate, to the same extent as for their
qualified certificates
(c)) of the international treaty.
§ 17
Secure the creation and validation of electronic signatures
(1) a means for secure signature-creation device must, with the assistance
the relevant technical and programmatic resources and procedures
at a minimum, ensure that
and) the signature-creation data may occur only once, and that
their secrecy is appropriately secured,
(b)) the signature-creation data could not be inferred from the adequate to ensure
knowledge of how to create them, and the signature is protected against forgery
using existing available technologies,
(c)) the data used for signature generation can be reliably signatory
protected against misuse by a third party.
(2) secure signature-creation device must not alter the data
shall be signed or prevent such data has been made
signer before signing process itself.
(3) a means for secure electronic signatures must be
prior to their use in a safe way and released data for creating
electronic signatures must be in a credible manner in these
resources created or added to them.
(4) a means for secure signature-verification shall, with the assistance
the relevant technical and programmatic resources and procedures
at a minimum, ensure that
and) data used for verifying the signature correspond to the data displayed to the person
performing the verification,
(b)) was the signature is reliably verified and the result of that verification is correctly
displayed,
(c)) that verifies the person could reliably determine the contents of the signed data,
(d) the authenticity and validity of the certificate) in the signature verification are reliably
detected,
(e) the result of the verification and identity) of the signatory to be properly
displayed,
(f)) to use a pseudonym is clearly indicated,
(g)), it was possible to determine any changes affecting safety.
§ 17a
Resources for creating electronic tags
(1) a means for creating electronic tags must help
the relevant technical and programmatic resources and procedures
at a minimum, ensure that
and for the creation of electronic data) brands are adequately
secret and are indicating a person reliably protected against abuse
a third person,
(b)), indicating that the person is informed that launches the application of this
resource.
(2) a means of creating the electronic tags must be set
so that even without further checks, indicating that the person has identified just and only those
data messages that indicate the person to indicate a choice.
(3) the means of creating electronic tags must be protected
against unauthorized modification and must guarantee that any change will be
evident to indicate person.
section 17b
(1) the electronic signature creation Data can be used together with the
a qualified certificate containing data for authentication
electronic signatures corresponding to these data and the data necessarily
necessary for the use of an electronic signature to write to contact
an electronic chip card.
(2) the registration data and a qualified certificate referred to in paragraph 1 is
entitled to the holder of the identity card. The provisions of § 15b paragraph. 2 of the law on
civil licences shall not apply.
section 18
Administrative offences of legal persons
(1) a qualified provider of certification services, which
a) does each could make sure of its identity and its
qualified system certificate pursuant to section 6 (1). 1 (b). and)
(b)) does not ensure that the provision of qualified certification services
performed by people with the expertise and skills necessary for
provided by skilled and familiar with certificate services
the relevant safety procedures,
(c)) from failure safety of sufficient systems and tools
the electronic signature and the practices that these systems and tools
support under section 6 (1). 1 (b). (c)), and (d)), would threaten the safety of the
provided by a qualified certification services
(d)) does not have sufficient financial resources or other financial
by ensuring the operation according to § 6 paragraph 1. 1 (b). (e)), and thus endanger the
the safety provided by a qualified certification services
e) fail to comply with information requirements under section 6 (1). 1 (b). (f)), § 6 (1). 3
or § 13 para. 1,
f) fails to comply with the obligation under section 6 (1). 2, including the transmission of
qualified system certificate for verification, or according to § 13 para.
1 or 2,
g) provide certification services based on other than a written contract,
(h)) does not retain the documents and information referred to in section 6 (1). 5 and 6, or
I) does not ensure retained documents and data from loss, misuse,
destruction or damage under section 6 (1). 6,
the above is fined 10 000 000 CZK.
(2) a qualified certification services provider that issues the
qualified certificates or qualified system certificates and
that
and) does it issued as a qualified certificate contained
all the conditions laid down in this Act,
(b)) does not ensure that the information referred to in certificates issued
qualified are accurate, true and complete,
c) verifies the identity of persons under section 6a of paragraph 1. 1 (b). (c)),
(d) does not ensure the compliance of the data), pursuant to section 6a of paragraph 1. 1 (b). (d)),
(e) does not guarantee the operation of safe and) publicly accessible list
as a qualified certificate and does not ensure its availability and
update in accordance with § 6a of paragraph 1. 1 (b). (e)),
(f)) does not ensure the operation of the safe and publicly accessible list
as a qualified certificate that have been invalidated, even
remote access,
g) does not ensure that the date and time, indicating the hours, minutes, and seconds when
the certificate is issued as a qualified issued or invalidated, they
be precisely identified,
(h) adopt appropriate measures) against misuse and counterfeiting
certificates issued as qualified security provided by
qualified certification services
I) fails to comply with information requirements under section 6a of paragraph 1. 1 (b). I),
j) does not ensure consistency and confidentiality of data in accordance with § 6a of paragraph 1. 2 If this data
for signing or indicating that the person creates,
k) copies and stores the data in accordance with § 6a of paragraph 1. 2 If this data for
signing or indicating that the person creates, or
l) nezneplatní certificate pursuant to section 6a of paragraph 1. 3 and 4, shall be fined in the
the amount of 10 000 000 CZK.
(3) a qualified certification services provider that issues the
qualified time stamps and that
and) does the time stamps it issued as a qualified
contain all the elements provided for in section 12b,
(b)) does not ensure that the timestamp embedded in a qualified time
stamps reflect the value of coordinated universal time when creating
a qualified time stamps,
(c)) does not ensure that the data in electronic form, subject to the
applications for qualified time stamps, match the data in the
electronic form contained in the issued a qualified time
postage,
(d) fails to take the appropriate measures against) counterfeiting of qualified
time stamps, and the security provided by a qualified
certification services,
e) fail to comply with information requirements under section 6b of the paragraph. 1 (b). (e)), or
(f)) shall not issue a qualified timestamp immediately upon receipt of the request for
its release,
the above is fined 10 000 000 CZK.
(4) a qualified certification services provider that issues the
resources for creating secure electronic signatures, and that
and) shall not issue a secure electronic signature creation
safely under § 17 para. 3, or
(b)) does not create these resources or does not add to these resources
electronic signature creation data to trusted manner pursuant to §
Article 17(1). 3,
the above is fined 10 000 000 CZK.
(5) the Accredited providers of certification services that fail to comply with
the obligation of notification according to § article 10A(1). 2 shall be fined up to 10
000 000 CZK.
(6) an accredited certification service provider who violates
the ban issued by the Department pursuant to section article 10A(1). 5 a fine shall be imposed in the amount of
10 000 000 CZK.
§ 18a
Misdemeanors
(1) a qualified certification services provider is guilty of an
violation by
a) does each could make sure of its identity and its
qualified system certificate pursuant to section 6 (1). 1 (b). and)
(b)) does not ensure that the provision of qualified certification services
performed by people with the expertise and skills necessary for
provided by skilled and familiar with certificate services
the relevant safety procedures,
(c)) from failure safety of sufficient systems and tools
the electronic signature and the practices that these systems and tools
support under section 6 (1). 1 (b). (c)) and (b). (d)), would threaten the safety of the
provided by a qualified certification services
(d)) does not have sufficient financial resources or other financial
by ensuring the operation according to § 6 paragraph 1. 1 (b). (e)), and thus endanger the
the safety provided by a qualified certification services
e) fail to comply with information requirements under section 6 (1). 1 (b). (f)), § 6 (1). 3
or § 13 para. 1,
f) fails to comply with the obligation under section 6 (1). 2, including the transmission of
qualified system certificate for verification, or according to § 13 para.
1 or 2,
g) provide certification services based on other than a written contract,
(h)) does not retain the documents and information referred to in section 6 (1). 5 and 6, or
I) does not ensure retained documents and data from loss, misuse,
destruction or damage under section 6 (1). 6.
(2) the Qualified provider of certification services, which issues
qualified certificates or qualified system certificates,
commits the offence by
and) does it issued as a qualified certificate contained
all the conditions laid down in this Act,
(b)) does not ensure that the information referred to in certificates issued
qualified are accurate, true and complete,
c) verifies the identity of persons under section 6a of paragraph 1. 1 (b). (c)),
(d) does not ensure the compliance of the data), pursuant to section 6a of paragraph 1. 1 (b). (d)),
(e) does not guarantee the operation of safe and) publicly accessible list
as a qualified certificate and does not ensure its availability and
update in accordance with § 6a of paragraph 1. 1 (b). (e)),
(f)) does not ensure the operation of the safe and publicly accessible list
as a qualified certificate that have been invalidated, even
remote access,
g) does not ensure that the date and time, indicating the hours, minutes, and seconds when
the certificate is issued as a qualified issued or invalidated, they
be precisely identified,
(h) adopt appropriate measures) against misuse and counterfeiting
certificates issued as qualified security provided by
qualified certification services
I) fails to comply with information requirements under section 6a of paragraph 1. 1 (b). I),
j) does not ensure consistency and confidentiality of data in accordance with § 6a of paragraph 1. 2 If this data
for signing or indicating that the person creates,
k) copies and stores the data in accordance with § 6a of paragraph 1. 2 If this data for
signing or indicating that the person creates, or
l) nezneplatní certificate pursuant to section 6a of paragraph 1. 3 and 4.
(3) a qualified certification services provider that issues the
qualified time stamps, is guilty of an offence by
and) does the time stamps it issued as a qualified
contain all the elements provided for in section 12b,
(b)) does not ensure that the timestamp embedded in a qualified time
stamps reflect the value of coordinated universal time when creating
a qualified time stamps,
(c)) does not ensure that the data in electronic form, subject to the
applications for qualified time stamps, match the data in the
electronic form contained in the issued a qualified time
postage,
(d) fails to take the appropriate measures against) counterfeiting of qualified
time stamps, and the security provided by a qualified
certification services,
e) fail to comply with information requirements under section 6b of the paragraph. 1 (b). (e)), or
(f)) shall not issue a qualified timestamp immediately upon receipt of the request for
its release.
(4) a qualified provider of certification services, which issues
resources for creating secure electronic signatures, is guilty of an
violation by
and) shall not issue a secure electronic signature creation
safely under § 17 para. 3, or
(b)) does not create these resources or does not add to these resources
electronic signature creation data to trusted manner pursuant to §
Article 17(1). 3.
(5) a natural person has committed the offence, that the breach of an obligation
confidentiality under section 6 (1). 7.
(6) for the offences referred to in paragraphs 1 to 4, you can impose a fine of up to 10 000
000.
(7) for the offence referred to in paragraph 5 may be imposed a fine up to $ 250 000.
§ 19
Common provisions
(1) a legal person for an administrative offence is not liable if he proves that
made every effort, that it was possible to require that the infringement of the
a legal obligation is prevented.
(2) in determining the amount of the fine on a legal person shall take account of the seriousness of the
the administrative offense, in particular, the way a criminal offence and its consequences, and
the circumstances under which it was committed.
(3) the liability of a legal person for an administrative offense shall cease, if the
administrative authority about him has not initiated proceedings within 1 year from the date on which it
learned, but not later than within 3 years from the date on which it was committed.
(4) administrative offences under this law in the first instance hearing
by the Ministry.
(5) The liability for the acts, which took place in the business
person ^ 8) or in direct connection with the applicable provisions of the Act
on the liability of legal persons and sanctions.
(6) the proceeds of the fines is the State budget revenue.
section 20
Powers of execution
(1) the Ministry shall determine the implementing regulation way meet
information obligation according to § 6 paragraph 1. 1 (b). and), and (f)) and paragraph 2. 3,
qualification requirements under section 6 (1). 1 (b). (b)), the requirements for
safe systems and safe tools according to § 6 paragraph 1. 1 (b). (c)), and (d)),
the method of storage of information and documentation according to § 6 paragraph 1. 5 and 6 and
the way to meet these requirements.
(2) the Ministry of the implementing regulation lays down the method for verifying the
According to the data in accordance with § 6a of paragraph 1. 1 (b). (d)), the way of ensuring the safety of
the lists pursuant to section 6a of paragraph 1. 1 (b). e) and (f)), specifying the date and time in accordance with § 6a
paragraph. 1 (b). (g)), the particulars of the measures pursuant to section 6a of paragraph 1. 1 (b). (h)),
How to fulfil the information obligations, pursuant to section 6a of paragraph 1. 1 (b). I),
way to protect and ensure the consistency of the data in accordance with § 6a of paragraph 1. 2 way
revocation of the certificate pursuant to section 6a of paragraph 1. 3 and 4 and the way in which the
compliance with these requirements.
(3) the Ministry shall determine the implementing regulation to ensure
the accuracy of the time when you create a qualified time stamp pursuant to §
6B of the paragraph. 1 (b). (b)), to ensure consistent data according to § 6b of the paragraph. 1
(a). (c)), Essentials of the measures referred to in paragraph 6b of the paragraph. 1 (b). (d)), the way
compliance with information obligations under paragraph 6b of the paragraph. 1 (b). (e)) and the way
How to meet these requirements.
(4) the Ministry of the implementing regulation lays down the structure of the data,
on the basis of which a person can be uniquely identified, and procedures
for the verification of the validity of the advanced electronic signature, electronic
brand, a qualified certificate a qualified system
certificate and a qualified timestamp.
(5) the Ministry shall determine the implementing regulation to ensure
procedures which resources must support the creation and
authentication of electronic signatures for data protection for building
electronic signatures under section 17 and the means for creating
electronic tags when protecting data for creating electronic
brands under § 17a, and how they are meeting these requirements
illustrated by.
PART TWO
cancelled
section 21
cancelled
PART THREE
cancelled
section 22
cancelled
PART FOUR
cancelled
Article 23 of the
cancelled
PART FIVE
To change the code of civil procedure
section 24
Act No. 99/1963 Coll., the code of civil procedure as amended by Act No. 36/1967
Coll., Act No. 158/1969 Coll., Act No. 50/1973 Coll., Act No. 20/1975
Coll., Act No. 135/1982 Coll., Act No. 180/1990 Coll., Act No. 328/1991
Coll., Act No. 519/1991 Coll., Act No. 263/1992 Coll., Act No. 24/1993
Coll., Act No. 171/1993 Coll., Act No. 114/1994 Coll., Act No. 152/1994
Coll., Act No. 216/1994, Coll., Act No. 84/1995 Coll., Act No. 118/1995
Coll., Act No. 160/1995 Coll., Act No. 237/1995 Coll., Act No. 247/1995
Coll., Constitutional Court No. 31/1996 Coll., Act No. 142/1996 Coll.,
Constitutional Court No. 269/1996 Coll., Act No. 202/1997 Coll., Act
No. 227/1997 Coll., Act No. 15/1998 Coll., Act No. 91/1998 Coll., Act
No 165/1998 Coll., Act No. 326/1999 Coll., Act No. 360/1999 Coll., the award
The Constitutional Court No 2/2000 Coll., Act No. 27/2000 Coll., Act No. 30/2000
Coll., Act No. 46/2000 Coll., Act No. 105/2000 Coll., Act No. 130/2000
Coll., Act No. 155/2000 Coll. and Act No. 220/2000 is amended as follows:
In § 42 para. 1 the first sentence reads: "the Administration it is possible to do so in writing, Word of mouth
in the log, in electronic form, signed electronically by
the specific legislation, by telegram or by fax. ".
PART SIX
Amendment to the criminal procedure code
§ 25
Act No. 141/1961 Coll., on criminal court proceedings (code of criminal procedure), in
amended by Act No. 59/1965 Coll., Act No. 58/1969 Coll., Act No. 149/1969
Coll., Act No. 48/1973 Coll., Act No. 29/1978 Coll., Act No. 43/1980
Coll., Act No. 159/1989 Coll., Act No. 175/1990 Coll., Act No. 303/1990
Coll., Act No. 563/1991 Coll., Act No. 25/1993 Coll., Act No. 115/1993
Coll., Act No. 293/1993 Coll., Act No. 154/1994 Coll., constitutional
Court No. 214/1994 Coll., Constitutional Court No. 8/1995 Coll., Act No.
152/1995 Coll., Act No. 151/1997 Coll., Act No. 209/1997 Coll., Act No.
148/1998 Coll., Act No. 166/1998 Coll., Act No. 191/1999 Coll., Act No.
29/2000 Coll. and Act No. 30/2000 Coll., is amended as follows:
In section 59 paragraph 1 reads:
"(1) the administration shall be assessed according to their content, even if it is incorrectly
marked. You can do so in writing, orally, in electronic
the form of a signed electronically in accordance with special regulations, cable,
by telefax or telex.
PART SEVEN
Amendment of the Act on the protection of personal data
section 26
Act No. 101/2000 Coll., on the protection of personal data and on amendments to certain
laws, is amended as follows:
In section 29, the following paragraph 4 is added:
"(4) the authority granted and withdrawing accreditation to operate as an accredited
the provider of certification services and performs supervision over compliance with
the obligations laid down by the law on electronic signature. ".
PART EIGHT
Amendment of the Act on administrative fees
section 27 of the
Act No. 368/1992 Coll., on administrative fees, as amended by Act No.
10/1993 Coll., Act No. 72/1994 Coll., Act No. 85/1994 Coll., Act No.
273/1994 Coll., Act No. 36/1995 Coll., Act No. 118/1995 Coll., Act No.
160/1995 Coll., Act No. 301/1995 Coll., Act No. 151/1997 Coll., Act No.
305/1997 Coll., Act No. 148/1998 Coll., Act No. 157/1998 Coll., Act No.
167/1998 Coll., Act No. 63/1999 Coll., Act No. 167/1999 Coll., Act No.
167/1999 Coll., Act No. 222/1999 Coll., Act No. 326/1999 Coll., Act No.
353/1999 Coll., Act No. 359/1999 Coll., Act No. 360/1999 Coll., Act No.
363/1999 Coll., Act No. 46/2000 Coll., Act No. 62/2000 Coll., Act No.
117/2000 Coll., Act No. 133/2000 Coll., Act No. 151/2000 Coll., Act No.
153/2000 Coll., Act No. 155/2000 Coll., Act No. 155/2000 Coll. and act
No. 158/2000 is amended as follows:
1. In the annex to the Act (schedule of administration fees) the following new
Part XII:
"PART XII
MANAGEMENT ACCORDING TO THE LAW ON ELECTRONIC SIGNATURE
Item 162
and submission of the application for accreditation), the provider of certification services
$ 100000.0-
b) submission of the electronic tools compliance assessment
signature with the requirements of $ 10000.0-. ".
2. the registry shall be added to the TARIFF, part XII:
"PART XII
Management according to the law on electronic signature 162. ".
3. Dot for part XI shall be deleted.
PART NINE
The EFFECTIVENESS of the
section 28
This Act shall take effect on the first day of the third calendar month after
the date of its publication.
Klaus r.
Havel, v. r.
Zeman in r.
Selected provisions of the novel
Article II of Act No. 440/2004 Sb.
Transitional provisions
Providers of certification services, to which accreditation was granted to the
as an accredited certification service provider prior to the
the effective date of this Act, are required to customize the service
the issue of qualified certificates, Act No. 227/2000 Coll., on the
electronic signature and amending some other acts (the Act on
electronic signature), as amended by article. (I) this Act, up to 1. July
2005.
Article. XXIX of law No 223/2009 Sb.
Transitional provision
The proceedings initiated before the date of entry into force of this law, and to this
the day the unfinished completes and the rights and obligations related to
assessed according to the existing legislation.
1) European Parliament and Council Directive 99/93/EC of 13 April 2004. December
1999 on a Community framework for electronic signatures.
1A) Act No. 40/1964 Coll., the civil code, as amended
regulations.
2A) section 10 of Act No. 40/1964 Coll., the civil code, as amended
regulations.
3) Act No. 101/2000 Coll., on the protection of personal data and on amendments to certain
laws.
3A) decision of the Commission of the European communities 2009/767/EC of 16 December 2002.
October 2009 laying down measures to facilitate the use of the procedures with
by electronic means through the "uniform
contact points "according to the directive of the European Parliament and of the Council
2006/123/EC on services in the internal market.
5) Act No. 368/1992 Coll., on administrative fees, as amended
regulations.
7) section 43 of Act No. 71/1967 Coll., on administrative proceedings (administrative code), in
as amended.
8) § 2 (2). 2 of the Act No. 513/1991 Coll., the commercial code, as amended by
amended.
9) Commission decision 2011/130/EC of 25 March 2002. February 2011
laying down minimum standards for the cross-border processing of documents
electronically signed by the competent authorities in accordance with Directive 2006/123/EC
The European Parliament and of the Council on services in the internal market.