440/2004 Sb.
LAW
of 24 July 2003. June 2004,
amending Act No 227/2000 Coll. on electronic signature and amending
some other laws (the law on electronic signature), as amended by
amended
Parliament has passed the following Act of the United States:
Article. (I)
Act No 227/2000 Coll. on electronic signature and amending certain
other laws (the law on electronic signature), as amended by Act No.
229/2002 Coll. and Act No. 517/2002 is amended as follows:
1. In paragraph 1, the word "modifies" the words "in accordance with the law
Of the European Communities ' ^ 1 ') ".
Footnote 1) reads as follows:
"1) European Parliament and Council Directive 99/93/EC of 13 April 2004. December
1999 on a Community framework for electronic signatures. ".
Footnote 1) is renumbered as footnote
No. 1a), including a reference to this footnote.
2. In paragraph 1, the words "electronic signature," the words
"electronic tags".
3. In paragraph 1, the words "the provision of related services" shall be replaced by
"the provision of certification services and related services providers
established in the territory of the Czech Republic. "
4. section 2 including the title reads as follows:
"§ 2
The definition of some terms
For the purposes of this Act, means the
and) electronic signature information in electronic format, which are
connected to a data message, or are logically associated with it that are used
as a method to uniquely authenticate the identity of the signatory in respect of
the data report,
(b)), an advanced electronic signature, an electronic signature that meets the
the following requirements
1. is uniquely linked to the signatory;
2. allows you to identify the signatory in relation to the data message,
3. was created and appended to a data message by means of which
the signatory can maintain under his sole control,
4. is the data message to which it relates is connected in such a way
It is possible to detect any subsequent change of the data
c) electronic marker data in electronic form, that are
connected to a data message, or are logically associated with it and that
meet the following requirements
1. are uniquely associated with indicating the person and allow you to
identification through a qualified system certificate,
2. have been created and appended to a data message by means of
create electronic tags that indicate the person can keep it under
his sole control,
3. are the data message to which it is subject, attached to such
in a way, it is possible to detect any subsequent change of the data
(d) electronic data message) data that can be transmitted by means of
electronic communication and keep on recording media
used in the processing and the transmission of data by electronic means,
e) signer is a natural person who is the holder of the device for
the creation of electronic signatures and acts on behalf of his or on behalf of another
natural or legal persons,
f) indicating the person natural person, legal person or organizational
the State, which holds a means of creating electronic tags
and indicates a data message, an
g) a holder of a natural person, legal person, or
the branch of the State that has asked for the release of a qualified
certificate or a qualified system certificate for yourself or
for signing or indicating that the person and that the certificate was issued,
h) a provider of certification services means any natural person, legal person
or organisational unit of the State that issues the certificates and the results of their
Register, or provides other services related to electronic
signatures,
I) qualified provider of certification services provider
certification services, which issues a qualified certificate, or
qualified system certificates or qualified time stamps
or the means to secure electronic signatures (hereinafter referred to as
"qualified certification services") and has complied with the obligation to declare
According to § 6,
j) accredited provider of certification services provider
certification services, which has been granted accreditation under this
the law,
k) certificate data message that is released by the provider
certification services, connects to the data for electronic authentication
signatures with the signatory and allows you to verify her identity, or
combines data for authentication of electronic markers that indicate the person and
allows you to verify its identity,
l) qualified certificate a certificate that has the requirements pursuant to §
12 and was issued by a qualified provider of certification services,
m) by a qualified system certificate a certificate that has the
requirements under section 12a and was issued by a qualified provider
certification services,
n) electronic signature creation data unique to the data that
used by the signatory to create an electronic signature,
about)-verification of electronic signatures unique to the data that is
used for the verification of the electronic signature,
p) data for creating electronic tags unique to the data that
indicating that the person uses to create an electronic tag
q) data for electronic tags unique authentication data that is
used to verify the electronic tags,
r) qualified time-stamped data message issued by
qualified certification services provider and trusted
way the data in electronic form with the time at the moment, and
ensures that the data in electronic form existed before the
the time at the moment
with) creation of electronic signatures technical equipment
or software, which is used to create an electronic
signatures,
t) means for authentication of electronic signatures technical equipment
or software that is used to authenticate the electronic
signatures,
u) means for safe electronic signature creation resource
for creating an electronic signature that satisfies the requirements laid down
This law,
in the secure authentication) electronic signature means
for the verification of the signature that complies with the requirements established by this Act,
w) electronic signature tool, technical equipment or software
equipment, or components thereof, used to provide certification
services or for the creation or verification of electronic signatures,
x) means to create an electronic tag device that
used to indicate the person for creating electronic tags and that
complies with the other conditions laid down in this Act,
s) Registrar of the workplace of the public authority designated for
sending and receiving data messages,
of the accreditation certificate that) the provider of certification services meets the
the conditions established by this Act for the performance of the activities of the accredited
the certification services provider. ".
5. In section 3, paragraph 3. 1 the second sentence shall be added: "If it is proven
to the contrary, it shall be deemed that the signer before signing data
reports of its contents. ".
6. in paragraph 3, the following paragraph 3a is inserted:
' section 3a
(1) the use of electronic tags based on a qualified system
the certificate and which are created using the resource for creating electronic
the tag enables you to verify that the data has identified this e-mail message
marker denoting the person.
(2) if the person has identified the data indicating that the message, it is considered that such a
made in an automated fashion without direct verification of the content of a data message and
expressed by your will. ".
7. in paragraph 4, the words "electronic signature", the words "or
electronic tags ".
8. In paragraph 4, the word "signed" the words "or designated".
9. in § 5 para. 1 (b). (b)), the word "it" is deleted.
10. in § 5 para. 1 at the end of subparagraph (b)) a comma is replaced by a dot and the
subparagraph (c)) shall be deleted.
11. in paragraph 5, the following new section 5a and 5b, which including the following titles:
"§ 5a
The obligation to indicate the person
(1) indicating that the person is required to
and deal with the means) as well as with data to create an electronic
brands with due care to prevent their unauthorized
use,
(b) without delay, notify the provider) certification services, which issued the
qualified system certificate, showing that there is a risk of abuse
its data for creating electronic tags.
(2) to indicate that the person is required to ensure that a means of creating
electronic tags, which used, complies with the requirements
This Act.
(3) for damage caused by the violation of the obligations referred to in paragraph 1 corresponds to the
to indicate the person, even if the damage was not caused by, according to a special legal
regulations 1a) liability for defects under the specific legislation is not
without prejudice to the 1a), however, relieved of Liability If he proves that the one whom
damage, did not perform any acts necessary to ensure
that the electronic tag is valid and its qualified
certificate has not been invalidated.
section 5b
Obligations of the holder of the certificate
The certificate holder shall without undue delay submit accurate,
true and complete information to the provider of certification services in
relation to the qualified certificate and in relation to a qualified
the system certificate. ".
12. section 6 including title and footnote # 2):
"section 6
Qualified provider of certification services
(1) a qualified certification services provider is obliged to
and) to ensure that each could make sure of its identity and its
qualified system certificate, which indicates the issued
qualified certificates or qualified system certificates and
lists of certificates that have been invalidated, or qualified time
stamps,
(b)) to ensure that the provision of qualified certification services
performed by people with the expertise and skills necessary for
the provision of qualified and familiar with certificate services
the relevant safety procedures,
(c)) use safe systems and safe electronic tools
the signing, to ensure adequate safety procedures, that these systems and
tools support, and to ensure that sufficient security of the cryptographic
These tools; systems and tools are considered safe, if
comply with the requirements provided by this Act and implementing regulations,
or if they meet the requirements of the technical standards referred to in decision
The Commission issued pursuant to article 3 (5) of Directive 99/93/EC,
d) use safe systems for the retention of qualified certificates
and qualified system certificates or qualified time
the stamps in a verifiable form so that it records, or their
changes can only be performed by authorised persons, in order to check
the accuracy of the records, and in order to any technical or programmatic changes
that violate these security requirements are apparent,
e) have throughout its activities sufficient financial
resources or other financial security to operate in conformity with the requirements of
set out in this Act and having regard to the risk of liability for
damage,
f) before concluding the contract on the provision of qualified certification
services with the person asking for the provision of services under this Act;
inform that person in writing of the exact conditions for the use of
qualified certification services, including any restrictions for
their use, on terms of complaints and disputes and the solution
whether it is or is not accredited by the Ministry of Informatics (hereinafter referred to as
"the Ministry") under section 10; This information can be passed electronically.
(2) If a provider of accredited certification services
the Ministry is obliged to report to the Ministry at least 30 days before the
the start of the qualified certificate services, that it will
provide, and the moment when its provision will launch. At the same time passes
Ministry to verify your qualified system certificate referred to
in paragraph 1 (b). and).
(3) if the qualified providers of certification services,
that earned the accreditation pursuant to § 10 of this Act, accreditation
the Ministry revoked, it shall without delay inform the
the fact the bodies to which it gives its qualified certification
services, and other interested parties.
(4) a qualified provider of certification services provides services
under this Act, on the basis of the Treaty. The contract must be in writing.
(5) the Qualified certification services provider stores the information
and the documentation related with provided by qualified
certificate services under this Act, in particular
and) qualified contract of certificate services, including
the application for provision of the service,
(b) a qualified certificate) issued by issued by qualified system
certificate, or issued by a qualified timestamp,
(c) a copy of the submitted personal documents) of the signatory or documents,
on the basis of the person's identity has been verified, indicating,
d) acknowledgement of receipt of a qualified certificate, or
qualified system certificate holder or his
consent to publication of a qualified certificate in the list issued by the
qualified certificates
e) statement of the certificate holder that he be provided with
information referred to in paragraph 1 (b). (f)),
f) documents and records related to the life cycle of the issued
a qualified certificate or a qualified system
the certificate, which shall specify the details to implementing decree.
(6) all the information and documentation about our services by
This Act maintains a qualified provider of certification services
for at least 10 years. Qualified provider is obliged to ensure
the information and documentation that is maintained from loss, misuse, destruction
or damage under conditions which it shall specify the implementing decree.
The information and documentation referred to in the first sentence may be qualified
the provider of certification services to take and store in electronic
form. Unless this Act provides otherwise, the procedure in the handling of
information and documentation under special legislation. ^ 2)
(7) employees of a qualified provider of certification services,
or other natural persons that come into contact with personal data
and electronic signature creation data signers and
electronic tags identifying the persons are required to maintain the
the confidentiality of such information and data, and the security precautions
the publication of which would compromise the security of this information and data.
Obligation of confidentiality shall survive after termination or other
like employment or after you complete the work; the said persons
can get rid of the NDA, in whose interest this obligation, or
the Court.
2) Act No. 97/1974 Coll. on archives, as amended
regulations. ".
13. in paragraph 6, the following new section 6a and 6b, which including the titles and notes
footnote No. 2a) shall be added:
"§ 6a
The obligation of a qualified provider of certification services in
issuing qualified certificates and qualified system
certificates
(1) a qualified certification services provider that issues the
qualified certificates or qualified system certificates
(hereinafter referred to as "certificates that are issued as a qualified") is required to
and) to ensure that certificates issued by him as qualified to contain
all the conditions laid down in this Act,
(b)) to ensure that the information referred to in the certificates it issues as
qualified are accurate, true and complete,
c) before issuing a certificate as a qualified securely verify
appropriate means the identity of the person signing or the identity of the
denoting persons, or even its special characters, if required by the purpose of the
such a certificate,
(d)) to determine whether at the time of submission of the application for the issue of a certificate as
qualified signer had data for creating
electronic signatures corresponding to the authentication of electronic data
signatures or indicating that the person the data for creation of electronic tags
the corresponding data for the verification of electronic tags, which contains
application for issue of the certificate,
e) ensure the operation of the safe and publicly accessible list
as a qualified certificate, to whose publication gave
the holder of the certificate of approval in accordance with § 6 para. 5 (b). (d)), and
to ensure the availability of this list as well as remote access and data in
the list contained whenever the update without undue delay,
f) ensure the operation of the safe and publicly accessible list
as a qualified certificate that have been invalidated, even
remote access,
g) to ensure that the date and time, indicating the hours, minutes, and seconds when
the certificate is issued as a qualified issued or invalidated, they
be precisely identified,
h) take appropriate measures against misuse and forgery of certificates
issued as a qualified,
I) provide upon request to third parties the relevant information about
conditions for the use of the certificates issued as qualified,
including restrictions for their use, and information about whether or not it is
accredited by the Ministry; This information can be provided electronically.
(2) If a qualified provider of certification services, which
issues certificates as qualified, creates to the signer
electronic signature creation data or indicating that the person
data for the creation of electronic tags,
and must ensure the confidentiality of these) data before passing it, this
copy and retain data longer than necessary,
(b)) must guarantee that this data reflects data for authentication
electronic signature or electronic authentication data for brands.
(3) a qualified certification services provider that issues the
certificates as qualified, shall immediately void the certificate,
If the holder of the signatory or the person requested, indicating
or if you realize that the risk of misuse of their data for
create electronic signatures or electronic tags, or in
If the certificate was issued on the basis of false or erroneous
of the data.
(4) a qualified provider of certification services shall also
shall immediately void the certificate issued by a qualified, if he
proven that signing or indicating that the person died or
ceased to exist or the court competence to perform legal acts got rid of or
restricted, ^ 2a) or, if the information on the basis of which the certificate was issued,
affidavit of truthfulness.
§ 6b
The obligation of a qualified provider of certification services in
issuing qualified time stamps
(1) a qualified certification services provider that issues the
qualified time stamps, is obliged to
and) to ensure that the time stamps it issued as a qualified
contained all the conditions laid down in this Act,
(b)) to ensure that the timestamp embedded in a qualified time
stamps reflect the value of coordinated universal time when creating
a qualified time stamps,
(c)) to ensure that the data in electronic form, subject to the
applications for qualified time stamps, clearly
correspond to the data in electronic form contained in the issued
a qualified timestamp,
d) take appropriate measures against counterfeiting of qualified
time stamps
(e)) to provide to third parties upon request, relevant information about
conditions for the use of qualified time stamps, including
restrictions for their use and the information about whether or not it is
accredited by the Ministry; This information can be provided electronically.
(2) a qualified certification services provider shall issue a qualified
time stamp, immediately upon receipt of the request for his extradition.
2A) section 10 of Act No. 40/1964 Coll., the civil code, as amended
regulations. ".
14. in section 7 (2). 1, after the words "matches the word" qualified ".
15. in section 7 (2). 1 the words "issuing qualified certificates"
shall be deleted.
16. in section 7 (2). 2 the term "provider" shall be replaced by
"Qualified provider".
17. in paragraph 7 (2). 2 the term "qualified" is deleted.
18. In article 7 (2). 2, after the word "certificate", the words "issued
as qualified ".
19. in paragraph 7 (2). 2, after the words "for its use", the words "in accordance with
§ 12 para. 1 (b). I) and (j)) and section 12a (e). (h)) ".
20. in § 9 para. 2 (b)):
"(b)) shall exercise supervision over the activities of accredited providers
certification services and qualified providers of certification
services, stores them remedial measures and penalties for breach of the obligations
under this Act, ".
21. in § 9 para. 2 (c)):
"(c)) keeps records of granted accreditation and their changes and records
qualified providers of certification services, ".
22. in § 9 para. 2, letter c) the following point (d)), which read as follows:
"(d)) keeps records of issued qualified system certificates,
that uses a qualified provider of certification services under section
6 (1). 1 (b). and) and which were in accordance with § 6 para. 2 validated
the Ministry ".
Subparagraph (d)) to (f)) are known as the letters e) to (g)).
23. in § 9 para. 2 letter e) is added:
"e) continuously publishes an overview of granted accreditation overview
qualified certification service providers and their
skilled services and qualified system certificates according to the
subparagraph (d)), and even manner allowing remote access, ".
24. in § 9 para. 2 (a). g), the words "(for example, section 10, paragraph 1. 7, section 13
paragraph. 2 and § 16 para. 2) "are deleted.
25. in § 9 para. 3 the words "the issuing qualified certificates"
replaced by the words "and qualified certification services provider".
26. in section 9, the following paragraph 5 is added:
"(5) the qualified providers of certification services, which
has not fulfilled the obligation of cooperation referred to in paragraph 3, can impose
a fine up to Czk 1 000 000 ".
27. in section 10, paragraph 1. 2 letter a) is added:
"a) in the case of a legal person, business name or the name, registered office,
where appropriate, the address of the business folder foreign persons in the territory of the United
of the Republic, and the identification number of the applicant, if assigned; in the case of
natural person, the name, or names, last name, or tag, instead of
of establishment, place of business, if different from place of establishment, and
the identification number of the applicant, if granted, ".
28. in section 10, paragraph 1. 2 letter d) is added:
"d) material, personnel and organizational prerequisites for activity
qualified providers of certification services in accordance with § 6, 6a and 6b
of this Act, ".
29. in section 10, paragraph 1. 2 letter e) is added:
"(e)) an indication that a qualified certification services the applicant intends to
provide, ".
30. In section 10, paragraphs 5, 6 and 7, including footnote No. 6)
shall be deleted.
31. under section 10, the following new section 10a, including title:
"§ 10a
The conditions for the extension of the services of an accredited provider
certification services
(1) an accredited certification service provider may extend the
the provision of qualified certification services on the issue of
qualified certificates qualified system certificates,
qualified time stamps or on the issue of funding for the
creation of electronic signatures under this Act (hereinafter referred to as
"distributed services").
(2) an accredited certification service provider is obliged to
the extension referred to in paragraph 1, notify the Ministry so that the Ministry of
notice received at least 4 months before the commencement of the provision of services.
(3) in the notice must be an accredited provider of certification services
demonstrate in-kind, personnel and organizational prerequisites for ensuring
distributed services.
(4) if they can demonstrate an accredited certification service provider
the facts referred to in paragraph 3, or if these facts are incomplete
or inaccurate, Ministry to an accredited provider
certification service warns that unless these defects within the time limit,
to be determined, removed, by decision of the expansion of the services disabled.
(5) the Ministry notified the extension disables, if an accredited
the provider of certification services did not meet all the conditions prescribed
This Act for the provision of distributed services.
(6) on the prohibition of the provision of qualified certification extension
services will issue a decision by the Ministry within 90 days from the time
When it received notice. ".
32. In the first sentence of paragraph 11, the words "may be" the words "for the purpose of
the signature ".
33. In paragraph 11, at the end of the first sentence, the words "(hereinafter referred to as" the acclaimed
electronic signature ")".
34. in the third sentence of paragraph 11, the words "an advanced electronic signature based
on the qualified certificate "shall be replaced by the words" recognized electronic
signature ".
35. In paragraph 11, at the end of the following sentence "the structure of the data, on the basis of
which it is possible to uniquely identify a person, provides the Ministry of
the implementing regulation. ".
36. In paragraph 11 of the present text shall become paragraph 1 and the following
paragraphs 2 and 3 shall be added:
"(2) the documents of public authorities in electronic form that are marked
electronic marker based on a qualified system
a certificate issued by an accredited certification service provider
or signed by a recognized electronic signature shall have the same legal
effects as a public document issued by those authorities.
(3) the public authority receives and sends data messages referred to in paragraph 1
through the Registrar. ".
37. In § 12 para. 1 (b)):
"(b)) in the case of a legal person, business name or the name and the State in
which is a qualified provider is established; in the case of a natural person
name or name, last name, or tag, and the State in which the
He is a qualified provider is established ".
38. In § 12 para. 1 (b). c) after the word "name" the words ",
where appropriate, the name, ".
39. In § 12 para. 1 letter f) is added:
"(f)) of the certification services provider's electronic tag based
on a qualified system certificate provider that
a qualified certificate is issued by ".
40. In article 12, paragraph 1, the following paragraph 2 is added:
"(2) the limits for the use of a qualified certificate referred to in paragraph 1
(a). I) and (j)) must be apparent to third parties. ".
The former paragraph 2 becomes paragraph 3.
41. under section 12, the following new section 12a and 12b, which including the following titles:
"§ 12a
Requirements of a qualified system certificate
Qualified system certificate must contain the
and) indicate that it is issued as a qualified certificate in accordance with
This law,
(b)) in the case of a legal person, business name or the name and the State in
which is a qualified provider is established; in the case of a natural person
name or name, last name, or tag, and the State in which the
He is a qualified provider is established,
c) unique identification indicating the person or resource for the
create an electronic tag
d) electronic tags-verification data which correspond to the data for
the creation of electronic tags, which are under the control of indicating
of the person,
an electronic tag provider) certification services based
on a qualified system certificate provider that
qualified system certificate is issued by,
(f) a qualified system certificate number) unique to that
qualified providers of certification services,
(g)) the beginning and end of validity period of a qualified system certificate,
h) restrictions on the use of a qualified system certificate, and
This restriction must be apparent to third parties.
section 12b
Requirements qualified time stamp
A qualified timestamp must contain
and a qualified timestamp) a number unique to that
qualified providers of certification services,
b) indication of the rules according to which the qualified provider
Certificate Services qualified time stamp issued,
c) in the case of a legal person, business name or the name and the State in
which is a qualified provider is established; in the case of a natural person
name or name, last name, or tag, and the State in which the
He is a qualified provider is established,
d) time value that corresponds to the coordinated universal time
creating a qualified timestamp,
e) data in electronic form, for which it qualified the time
stamp issued
(f) a qualified electronic tag provider) certification
services that a qualified timestamp. ".
42. section 13 including the title reads as follows:
"section 13
The obligation of a qualified provider of certification services in
their activities
(1) a qualified certification services provider must terminate the intent
report on its activities to the Ministry at least 3 months prior to the scheduled
the date of termination of the activity, and must make every possible effort to ensure
to register according to § 6 paragraph 1 led. 5 was taken over by another
a qualified provider of certification services. Qualified
the provider of certification services shall demonstrably notify
each signer, indicating that the person and the holder, which
providing its certification services, of its intention to terminate its activities
at least 2 months prior to the scheduled date of termination of the activity.
(2) If a qualified provider of certification services
ensure that the register conducted pursuant to section 6 (1). 5 took over another
qualified certification services provider, is obliged to it
no later than 30 days before the scheduled date of termination of the activities of the Ministry of
report. In this case, the Ministry will take over the registration and shall notify the
the entities concerned.
(3) the provisions of paragraphs 1 and 2 shall apply mutatis mutandis also in the case when
qualified provider of certification services, dies or ceases to
ceases to carry on its activities without being required by
paragraph 1. ".
43. In § 14 para. 1, after the words "an accredited provider
certification services or "is inserted after the word" qualified ".
44. In § 14 para. 1 the words "issuing qualified certificates"
shall be deleted.
45. In § 14 para. 3 the words "quit while validity of qualified
certificates issued by "are replaced by the words" at the same time, decide to
revocation of certificates issued as qualified ".
46. section 15 including title and footnote No 7) reads as follows:
"§ 15
Cancellation of qualified certificate or a qualified system
certificate
The Ministry may order the qualified provider certification
services as a precautionary measure ^ 7) invalidation of a certificate issued as
qualified, if there are reasonable grounds for believing, that the certificate was
falsified, or if it was issued on the basis of false information. The decision of the
for the revocation of a certificate issued as qualified may be issued
also in the case when it was found that signing or indicating
the person uses a resource for creating a signature, or a resource for
create an electronic tag, which shows a security
the flaws, which would have allowed counterfeiting of advanced electronic
signatures or electronic tags or change podepisovaných or
known data.
7) section 43 of Act No. 71/1967 Coll., on administrative proceedings (administrative code), in
as amended. ".
47. section 16, including the title reads as follows:
"section 16 of the
Recognition of foreign qualified certificates
(1) a certificate that is issued by a certification service provider
established in one of the Member States of the European Union as a qualified,
is a qualified certificate within the meaning of this Act.
(2) a certificate that is issued as a qualified within the meaning of this
Act in a non-Member State of the European Union, is a qualified
certificate within the meaning of this Act, if
the certification services provider) and meets the conditions of the rights of European
Community ^ 1) and has been accredited to act as an accredited
the provider of certification services in one of the Member States
The European Union,
(b)) the provider of certification services established in one Member
States of the European Union, which meets the conditions of the rights of European
community, ^ 1) will assume responsibility for the validity and accuracy of the
the certificate in the same range as for its qualified
certificates, or
(c)) it appears from the international treaty. ".
48. the heading of section 17 reads: "means for safe creation and validation
electronic signatures ".
49. In article 17, after paragraph 2, insert a new paragraph 3 is added:
"(3) means for safe electronic signature creation must be
prior to their use in a safe way and released data for creating
electronic signatures must be in a credible manner in these
resources created or added to them. ".
The former paragraph 3 shall become paragraph 4.
50. in paragraph 17 of section 17a shall be inserted, which including the title reads as follows:
"§ 17a
Resources for creating electronic tags
(1) a means for creating electronic tags must help
the relevant technical and programmatic resources and procedures
at a minimum, ensure that
and for the creation of electronic data) brands are adequately
secret and are indicating a person reliably protected against abuse
a third person,
(b)), indicating that the person is informed that launches the application of this
resource.
(2) a means of creating the electronic tags must be set
so that even without further checks, indicating that the person has identified just and only those
data messages that indicate the person to indicate a choice.
(3) the means of creating electronic tags must be protected
against unauthorized modification and must guarantee that any change will be
visible indicating the person. ".
51. section 18 including the title reads as follows:
"section 18
Administrative offences of legal persons
(1) a qualified provider of certification services, which
a) does each could make sure of its identity and its
qualified system certificate pursuant to section 6 (1). 1 (b). and)
(b)) does not ensure that the provision of qualified certification services
performed by people with the expertise and skills necessary for
provided by skilled and familiar with certificate services
the relevant safety procedures,
(c)) from failure safety of sufficient systems and tools
the electronic signature and the practices that these systems and tools
support under section 6 (1). 1 (b). (c)), and (d)), would threaten the safety of the
provided by a qualified certification services
(d)) does not have sufficient financial resources or other financial
by ensuring the operation according to § 6 paragraph 1. 1 (b). (e)), and thus endanger the
the safety provided by a qualified certification services
e) fail to comply with information requirements under section 6 (1). 1 (b). (f)), § 6 (1). 3
or § 13 para. 1,
f) fails to comply with the obligation under section 6 (1). 2, including the transmission of
qualified system certificate for verification, or according to § 13 para.
1 or 2,
g) provide certification services based on other than a written contract,
(h)) does not retain the information and documentation referred to in § 6 (1). 5,
I) does not retain all of the information and documentation referred to in § 6 (1). 6 for
at least 10 years, or
j) does not provide the information and documentation that is maintained from loss,
misuse, destruction or damage under section 6 (1). 6,
the above is fined 10 000 000 CZK.
(2) a qualified certification services provider that issues the
qualified certificates or qualified system certificates and
that
and) does it issued as a qualified certificate contained
all the conditions laid down in this Act,
(b)) does not ensure that the information referred to in certificates issued
qualified are accurate, true and complete,
c) verifies the identity of persons under section 6a of paragraph 1. 1 (b). (c)),
(d) does not ensure the compliance of the data), pursuant to section 6a of paragraph 1. 1 (b). (d)),
(e) does not guarantee the operation of safe and) publicly accessible list
as a qualified certificate and does not ensure its availability and
update in accordance with § 6a of paragraph 1. 1 (b). (e)),
(f)) does not ensure the operation of the safe and publicly accessible list
as a qualified certificate that have been invalidated, even
remote access,
g) does not ensure that the date and time, indicating the hours, minutes, and seconds when
the certificate is issued as a qualified issued or invalidated, they
be precisely identified,
(h) adopt appropriate measures) against misuse and counterfeiting
certificates issued as qualified security provided by
qualified certification services
I) fails to comply with information requirements under section 6a of paragraph 1. 1 (b). I),
j) does not ensure consistency and confidentiality of data in accordance with § 6a of paragraph 1. 2 If this data
for signing or indicating that the person creates,
k) copies and stores the data in accordance with § 6a of paragraph 1. 2 If this data for
signing or indicating that the person creates, or
l) nezneplatní certificate pursuant to section 6a of paragraph 1. 3 and 4,
the above is fined 10 000 000 CZK.
(3) a qualified certification services provider that issues the
qualified time stamps and that
and) does the time stamps it issued as a qualified
contain all the elements provided for in section 12b,
(b)) does not ensure that the timestamp embedded in a qualified time
stamps reflect the value of coordinated universal time when creating
a qualified time stamps,
(c)) does not ensure that the data in electronic form, subject to the
applications for qualified time stamps, match the data in the
electronic form contained in the issued a qualified time
postage,
(d) fails to take the appropriate measures against) counterfeiting of qualified
time stamps, and the security provided by a qualified
certification services,
e) fail to comply with information requirements under section 6b of the paragraph. 1 (b). (e)), or
(f)) shall not issue a qualified timestamp immediately upon receipt of the request for
its release,
the above is fined 10 000 000 CZK.
(4) a qualified certification services provider that issues the
resources for creating secure electronic signatures, and that
and) shall not issue a secure electronic signature creation
safely under § 17 para. 3, or
(b)) does not create these resources or does not add to these resources
electronic signature creation data to trusted manner pursuant to §
Article 17(1). 3,
the above is fined 10 000 000 CZK.
(5) the Accredited providers of certification services that fail to comply with
the obligation of notification according to § article 10A(1). 2 shall be fined up to 10
000 000 CZK.
(6) an accredited certification service provider who violates
the ban issued by the Department pursuant to section article 10A(1). 5 a fine shall be imposed in the amount of
10 000 000 CZK. ".
52. under section 18 shall be added to § 18a, which including the title reads as follows:
"§ 18a
Misdemeanors
(1) a qualified certification services provider is guilty of an
violation by
a) does each could make sure of its identity and its
qualified system certificate pursuant to section 6 (1). 1 (b). and)
(b)) does not ensure that the provision of qualified certification services
performed by people with the expertise and skills necessary for
provided by skilled and familiar with certificate services
the relevant safety procedures,
(c)) from failure safety of sufficient systems and tools
the electronic signature and the practices that these systems and tools
support under section 6 (1). 1 (b). (c)) and (b). (d)), would threaten the safety of the
provided by a qualified certification services
(d)) does not have sufficient financial resources or other financial
by ensuring the operation according to § 6 paragraph 1. 1 (b). (e)), and thus endanger the
the safety provided by a qualified certification services
e) fail to comply with information requirements under section 6 (1). 1 (b). (f)), § 6 (1). 3
or § 13 para. 1,
f) fails to comply with the obligation under section 6 (1). 2, including the transmission of
qualified system certificate for verification, or according to § 13 para.
1 or 2,
g) provide certification services based on other than a written contract,
(h)) does not retain the information and documentation referred to in § 6 (1). 5,
I) does not retain all of the information and documentation referred to in § 6 (1). 6 for
at least 10 years, or
j) does not provide the information and documentation that is maintained from loss,
misuse, destruction or damage under section 6 (1). 6.
(2) the Qualified provider of certification services, which issues
qualified certificates or qualified system certificates,
commits the offence by
and) does it issued as a qualified certificate contained
all the conditions laid down in this Act,
(b)) does not ensure that the information referred to in certificates issued
qualified are accurate, true and complete,
c) verifies the identity of persons under section 6a of paragraph 1. 1 (b). (c)),
(d) does not ensure the compliance of the data), pursuant to section 6a of paragraph 1. 1 (b). (d)),
(e) does not guarantee the operation of safe and) publicly accessible list
as a qualified certificate and does not ensure its availability and
update in accordance with § 6a of paragraph 1. 1 (b). (e)),
(f)) does not ensure the operation of the safe and publicly accessible list
as a qualified certificate that have been invalidated, even
remote access,
g) does not ensure that the date and time, indicating the hours, minutes, and seconds when
the certificate is issued as a qualified issued or invalidated, they
be precisely identified,
(h) adopt appropriate measures) against misuse and counterfeiting
certificates issued as qualified security provided by
qualified certification services
I) fails to comply with information requirements under section 6a of paragraph 1. 1 (b). I),
j) does not ensure consistency and confidentiality of data in accordance with § 6a of paragraph 1. 2 If this data
for signing or indicating that the person creates,
k) copies and stores the data in accordance with § 6a of paragraph 1. 2 If this data for
signing or indicating that the person creates, or
l) nezneplatní certificate pursuant to section 6a of paragraph 1. 3 and 4.
(3) a qualified certification services provider that issues the
qualified time stamps, is guilty of an offence by
and) does the time stamps it issued as a qualified
contain all the elements provided for in section 12b,
(b)) does not ensure that the timestamp embedded in a qualified time
stamps reflect the value of coordinated universal time when creating
a qualified time stamps,
(c)) does not ensure that the data in electronic form, subject to the
applications for qualified time stamps, match the data in the
electronic form contained in the issued a qualified time
postage,
(d) fails to take the appropriate measures against) counterfeiting of qualified
time stamps, and the security provided by a qualified
certification services,
e) fail to comply with information requirements under section 6b of the paragraph. 1 (b). (e)), or
(f)) shall not issue a qualified timestamp immediately upon receipt of the request for
its release.
(4) a qualified provider of certification services, which issues
resources for creating secure electronic signatures, is guilty of an
violation by
and) shall not issue a secure electronic signature creation
safely under § 17 para. 3, or
(b)) does not create these resources or does not add to these resources
electronic signature creation data to trusted manner pursuant to §
Article 17(1). 3.
(5) a natural person has committed the offence, that the breach of an obligation
confidentiality under section 6 (1). 7.
(6) for the offences referred to in paragraphs 1 to 4, you can impose a fine of up to 10 000
000.
(7) for the offence referred to in paragraph 5 can impose a fine to a maximum of 250 000
CZK. ".
53. § 19 including title and footnote # 8):
"§ 19
Common provisions
(1) a legal person for an administrative offence is not liable if he proves that
made every effort, that it was possible to require that the infringement of the
a legal obligation is prevented.
(2) in determining the amount of the fine on a legal person shall take account of the seriousness of the
the administrative offense, in particular, the way a criminal offence and its consequences, and
the circumstances under which it was committed.
(3) the liability of a legal person for an administrative offense shall cease, if the
administrative authority about him has not initiated proceedings within 1 year from the date on which it
learned, but not later than within 3 years from the date on which it was committed.
(4) administrative offences under this law in the first instance hearing
by the Ministry.
(5) The liability for the acts, which took place in the business
person ^ 8) or in direct connection with the applicable provisions of the Act
on the liability of legal persons and sanctions.
(6) the Fines collected and enforced by the locally competent territorial tax authority. The yield of the
of fines is the State budget revenue.
8) § 2 (2). 2 of the Act No. 513/1991 Coll., the commercial code, as amended by
amended. ".
54. section 20 including the title reads as follows:
"section 20
Powers of execution
(1) the Ministry shall determine the implementing regulation way meet
information obligation according to § 6 paragraph 1. 1 (b). and), and (f)) and paragraph 2. 3,
qualification requirements under section 6 (1). 1 (b). (b)), the requirements for
safe systems and safe tools according to § 6 paragraph 1. 1 (b). (c)), and (d)),
the method of storage of information and documentation according to § 6 paragraph 1. 5 and 6 and
the way to meet these requirements.
(2) the Ministry of the implementing regulation lays down the method for verifying the
According to the data in accordance with § 6a of paragraph 1. 1 (b). (d)), the way of ensuring the safety of
the lists pursuant to section 6a of paragraph 1. 1 (b). e) and (f)), specifying the date and time in accordance with § 6a
paragraph. 1 (b). (g)), the particulars of the measures pursuant to section 6a of paragraph 1. 1 (b). (h)),
How to fulfil the information obligations, pursuant to section 6a of paragraph 1. 1 (b). I),
way to protect and ensure the consistency of the data in accordance with § 6a of paragraph 1. 2 way
revocation of the certificate pursuant to section 6a of paragraph 1. 3 and 4 and the way in which the
compliance with these requirements.
(3) the Ministry shall determine the implementing regulation to ensure
the accuracy of the time when you create a qualified time stamp pursuant to §
6B of the paragraph. 1 (b). (b)), to ensure consistent data according to § 6b of the paragraph. 1
(a). (c)), Essentials of the measures referred to in paragraph 6b of the paragraph. 1 (b). (d)), the way
compliance with information obligations under paragraph 6b of the paragraph. 1 (b). (e)) and the way
How to meet these requirements.
(4) the Ministry of the implementing regulation lays down the structure of the data,
on the basis of which a person can be uniquely identified, and procedures
public authorities for receiving and sending data
messages through the Registrar pursuant to section 11 (1) 3.
(5) the Ministry shall determine the implementing regulation to ensure
procedures which resources must support the creation and
authentication of electronic signatures for data protection for building
electronic signatures under section 17 and the means for creating
electronic tags when protecting data for creating electronic
brands under § 17a, and how they are meeting these requirements
illustrated by. ".
Article II
Transitional provisions
Providers of certification services, to which accreditation was granted to the
as an accredited certification service provider prior to the
the effective date of this Act, are required to customize the service
the issue of qualified certificates, Act No. 227/2000 Coll., on the
electronic signature and amending some other acts (the Act on
electronic signature), as amended by article. (I) this Act, up to 1. July
2005.
Article. (III)
The publication of the full text of the Act
The Prime Minister shall be empowered, in the collection of laws promulgated the full text
Act No 227/2000 Coll. on electronic signature and amending certain
other laws (the law on electronic signature), as derived from the laws of the
It changing.
Article IV
The effectiveness of the
This Act shall take effect on the date of its publication.
Fort Worth Star Telegram in r.
Klaus r.
Spidla in r.