Key Benefits:
Decision of 17 January 2011 concerning rules relating to the electronic report (Decision by electronic process-verbally)
We Beatrix, at the grace of God, Queen of the Netherlands, Princess of Orange-Nassau, etc. etc. etc.
On the nomination of Our Minister of Justice of 29 September 2010, No 5669201/10/6;
Having regard to Article 153, second paragraph, of the Code of Criminal Procedure ;
The Council of State heard (opinion of 3 December 2010, No W03.10.0476/II);
Having regard to the further report of our Minister for Security and Justice of 22 December 2010, no. 5678816/10/6;
Have found good and understand:
1 In this Decision, the following definitions shall apply:
a. Electronic process-verbal: process-verbal, intended in Article 152 and 153, first paragraph, of the Code of Criminal Procedure , which is made by electronic means, or which has been transformed by electronic means into a digital copy;
b. validation: determination of the validity of an electronic signature, by verifying the validity of the certificate related to the moment of signature and verifying the unchanged state of the document by the time of signature. signing;
c. electronic signature: the signature, for the purpose of Article 15a, 4th paragraph, of Book 3 of the Civil Code ;
ed. Qualified electronic signature: electronic signature based on a qualified certificate and generated by a safe means of producing electronic signatures in accordance with the requirements set out in Article 15a, second paragraph, parts a to f, of Book 3 of the Civil Code ;
e. Electronic daily drawing: a time stamp indicating the date and time of the moment of signature of an electronic report record and issued in accordance with applicable standards and standards;
f. Certificate, qualified certificate, certification service provider, and secure electronic signature creation device: the certificate, the qualified certificate, the certification service provider, or the safe means for the creation of electronic signatures, intended in Article 1.1, parts ss, tt, uu, and ww, of the Telecommunication Act .
g. Responsible: the head of the organisation where an official is working which creates an electronic process record, converts or receives electronic means of proceedings.
2 For conversion by electronic means, it shall be replaced by an electronic reproduction in order to destroy the documents thus replaced as intended in Article 7 of the Archives Act 1995 .
An electronic report shall be provided with an electronic day drawing and a qualified electronic signature, in a document format complying with or pursuant to the requirements of this Annex. Archive Act 1995 Some.
1 In addition to the data provided on the basis of Article 3 of the Decision on electronic signatures the qualified certificate shall contain information about the organisation where the official, to whom the certificate has been issued, is active.
2 By way of derogation from Article 3 (c) of the Electronic Signatures Decision A pseudonym can only be used in special cases.
1 For conversion by electronic means, the requirements of the application shall be: Article 6 and 8 of the Archive Decision 1995 and Article 26b of the Archiveregulation In order to destroy the minutes of which a reproduction is made, the responsible person being the responsible officer.
2 The requirements of Article 6 of the Archives Decision 1995 shall apply mutatis mutandis to a digital copy of the written record, except that the original minutes shall not be destroyed.
1 The person responsible shall keep the electronic signature and the day drawing the in Annex data specified in this Decision for the purpose of validation.
2 The data referred to in paragraph 1 shall be kept together with the electronic process of minutes during the period of detention of the electronic process.
3 The information referred to in paragraph 2 shall be kept in such a way as to enable it to be demonstrated at any time in the unaltered state of that paragraph.
1 The person responsible for receipt of an electronic report shall immediately send a acknowledgement of receipt to the responsible person who has sent the report.
2 The person responsible for sending the written record shall keep the acknowledgement of receipt referred to in paragraph 1 during a period of five years.
3 The responsible person who has received an electronic report shall ensure that it is validated without delay.
4 If the validation points out that the values checked do not match, this shall be notified without delay to the responsible officer, who has sent the electronic process report.
5 The person responsible, who has sent an electronic report and has sent a message that the verified values do not match, or that a digital copy does not constitute an identical representation of the report, is to be be kept in electronic minutes, or a digital copy, in accordance with the requirements of this Decision.
1 The responsible technical and organisational measures shall be adopted in order to provide the electronic report and the data specified in the Annex. Articles 5 and 6 , to protect against abuse, loss, or unlawful processing. Taking into account the state of the art and the costs of implementation, these measures shall ensure an appropriate level of security, having regard to the risks involved in the processing and the nature of the data.
2 The minutes of electronic procedure and the data referred to in the Articles 5 and 6 , are accessible only to persons who are authorized to do so.
This Decision is cited as: Electronic process decision-verbally.
This Decision shall enter into force on a date to be determined by Royal Decree.
Charges and orders that this Decision will be placed in the Official Journal by means of the note of explanatory note accompanying it.
' s-Gravenhage, 17 January 2011
Beatrix
The Minister for Security and Justice,
I. W. Opstelten
Published the twenty-sixth January 2011The Minister for Security and Justice,
I. W. Opstelten
For the purposes of this Annex, 1 :
Safe means (also called SSCD or Secure Signature Creation Device): A means for the creation of electronic signatures that meet the requirements of the Article 18.17, 1st member of the Telecommunications Act (definition) Electronic signature law ). Within the PKI for the government is in domain Burger chosen for the smart card as SSCD. In Domain Government and Companies, smart cards as well as USB tokens can be used, provided they meet the required requirements.
Hash algorithm: A function that converts a message of random length into a string with a fixed length and meets the following conditions:
• It is practically impracticable to find an import for a given export which is the result of such exports;
• It is practically impracticable to import a second volume of imports for a given entry which has the same effect;
• It is practically impracticable to find two random messages that have the same output as a result;
(Examples are SHA-1 or SHA-2 or RIPBRAKES-160).
Encryption: A process by which data is quantified by means of a mathematical algorithm and a cryptographic key, so that they become illegible to unauthorised persons.
The reliability of encryption depends on the algorithm, its implementation, the length of the cryptographic key, and the use discipline. In the case of symmetric encryption, the use of one and the same, secret key is used in the calculation and decryption process. Asymmetric encryption makes use of a key pair. The one key, the private key, is only known to the end user of this key, and must be kept strictly secret. The other, the public key, is distributed to communication partners. What has been quantified with the private key can be decrypted only with the associated public key, and vice versa.
The purpose of the information given below is to demonstrate the validity and unaltered state of the electronic signature in relation to the document, the certificates used, the data used in relation to the document, irrespective of the time at which it is requested. on the signature (s) of the document and the time of signature (s);
A. Data relating to the certificate used for an electronic signature:
a. The public certificate of the electronic signature;
b. The identifying information of the certificate;
c. the name of the signatory as specified in the certificate;
d. the name of the organisation to which the signatory belongs;
e. the identification and the country of establishment of the issuing certification service provider (s);
f. the indication of the times of the beginning and the end of the period of validity of the certificate;
g. the time at which the electronic signature is placed on the basis of the electronic day drawing, as attached to the signature at the time of signature;
(h) all certificates up to and including the stock certificate proving the validity of this certificate;
i. the answers of the certification service provider (s) proving the validity of all certificates as used at the time of signing, in accordance with the applicable standards and standards, taking into account the period of time between a request for revocation of a qualified certificate until a publication of that revocation;
j. data relating to the certificate version used, the hash algorithm used, and the encryption algorithm used for each certificate;
(k) an indication of whether the certificate is a qualified certificate or a different certificate;
l. an indication whether the signature was produced by a safe means.
B. Details of the certificate used for the placing of the electronic day drawing, which shall be of an electronic signature:
a. The public certificate of the electronic day drawing;
b. The identifying information of the certificate;
c. all certificates up to and including the certificate of origin, proving the validity of the certificate used to place the day drawing;
d. the answers of the certification-service provider (s) proving the validity of all certificates as used at the time of the day drawing, in accordance with applicable standards and standards, taking into account the period of time between a request for revocation of a qualified certificate until a publication of that revocation;
e. data relating to the certificate version used, the hash algorithm used, and the encryption algorithm used for each certificate;
f. an indication of whether the certificate is a qualified certificate or a different certificate;
g. An indication of whether the certificate has been produced by a safe means.
C. Details of the signature of the document:
(a) where available, details of the place of signature, the role of the signatory and the reason for the signature;
b. To the extent available, other information for a uniform interpretation on the basis of which an electronic signature has been placed and subsequently validated has been used;
D. Data relating to the moment when the validation was carried out:
a. The time, on the basis of a trusted time stamp, upon which the verification took place, to the accuracy of the minute;
b. To the extent available data relating to the person or body performing the verification;
c. To the extent available, the role of the person or body carrying out the verification;
E. Data relating to the assurance of the integrity of the validation data (A to D) and the electronic process-verbally:
a verifiable point of time at which the data is protected against changes;
b. The algorithms used to protect the data against changes;
c. an indication of the methodology used; this method will have to be documented elsewhere;
d. data enabling the integrity to be verified.
