Advanced Search

The Law On Electronic Signature (Esignaturloven)

Original Language Title: Lov om elektronisk signatur (esignaturloven)

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$40 per month.

Law on electronic signature (esignatural law).

Date LOL-2001-06-15 -81
Ministry of The proximity and the fisheries Department
Last modified LAW-2015 -06-19-65 from 01.10.2015
Published In 2001 booklet 7
Istrontrecation 01.07.2001
Card title The Esignature Law-Signal.

Capital overview :

0 Lovens title modified by law 17 June 2005 # 104 (ikr. 1 July 2005 ifg. res. 17 June 2005 # 584). Jf. EES deal Attachment XI No 5 l (dir 1999/93).

Chapter I. Almemorial rules

SECTION 1. Law's purpose

The purpose of this law is to be added for a secure and effective use of electronic signature by determining the requirements of eligible certificates, to the issuers of these certificates and to secure signature presentation systems.

SECTION 2. Lovens Scope

The law applies to the certificate of CAs established in Norway. The law reguates the framework conditions for the use of eligible electronic signatures, with the exception of Section 6 different period, Section 7 and Section 16 a that applies to all electronic signatures.

The king can in regulation decide that the law shall apply to Svalbard and Jan Mayen.

0 Modified by law 17 June 2005 # 104 (ikr. 1 July 2005 ifg. res. 17 June 2005 # 584).
SECTION 3. Definitions

In this law, it is meaning :

1. electronic signature : data in electronic form related to other electronic data and used as the authentication method,
2. advanced electronic signature : an electronic signature that
a) is uniquely associated with the sub-character,
b) can identify the sub-character,
c) is made using funds that only the sub-character has control over, and
d) is related to other electronic data in such a way that it can be detected if these have been changed after signing,
3. qualified electronic signature : an advanced electronic signature that is based on a qualified certificate and presented by an approved secure signature presentation system,
4. sign : the one that is predisposed of a signature presentation system and acting on behalf of himself or on behalf of a different physical or legal person,
5. signature presentation data : 1 unique data, such as tags or private keys, as the sub-character takes advantage of porker an electronic signature,
6. signature presentation system : software or hardware that is used to portable electronic signature using signature showroom data,
7. signature verification data : unique data, such as tags or public keys, which are used to verify an electronic signature,
8. signature verification system : software or hardware that is used to verify electronic signature by signature verification data,
9. certificate : a coupling between signature verification data and the sign that confirms the subchargers identity and is signed by CA,
10. CA : a physical or legal person who issues certificates or offers other services related to electronic signature,
11. certification arrangement : Any arrangement where a third party in writing confirms that a CA's products, processes or services meet specified requirements, and where CA is not justified in exercising those rights that the certification provides before the person received third-party confirmation,
12. approval arrangement : Any arrangement in which a third party gives permission that a certificate of CA products, processes or services market is being marketers or used for further designated purposes or under specified conditions,
13. self-declaration arrangement : Any arrangement in which the CAs submit a self-declaration to third party with the indication that further stated requirements are met.
0 Modified by laws 20 des 2002 # 110 (ikr. 1 jan 2003 ifg res. 20 des 2002 # 1615), 17 June 2005 # 104 (ikr. 1 July 2005 ifg. res. 17 June 2005 # 584).
1 Should be "signature showroom data".
SECTION 4. Qualified Certificate

The term qualified certificate shall be used only for certificates that meet the requirements of this paragrafen and issued for a limited period of a CA that meets the requirements in Section 10-15.

A qualified certificate shall contain the following information :

a) an indication that the certificate has been issued as a qualified certificate,
b) The CA's identity and the state it is established in,
c) undercharacter's name or pseudonym with enlightenment that it is a pseudonym,
d) optionally further details of the sub-character, if they are relevant for the use of the certificate,
e) the signature verification data, which responds to the signature presentation data that are under the underdrawing control,
f) The certificate's Commencement and expiration date,
g) certificate identification code,
h) The CA's advanced electronic signature,
in) any restrictions in the certificate of the certificate, and
j) any amount of amounts of limitations in the certificate with respect to what transactions the certificate can be used for.

The king can in regulation regulate what the qualified certificate further should contain.

SECTION 5. Requirements of qualified electronic signatures used in communication with and in the public sector

The king can determine further rules about what requirements should be brought to eligible electronic signatures to be used at communications with and in the public sector.

SECTION 6. Procsures of electronic signature

If it in law, regulation or otherwise is lined up claims for signatory to obtain a specific legal effect and outline can be carried out electronically, a qualified electronic signature always fulfills such a requirement ; an electronic signature which is not eligible, can meet such a requirement.

SECTION 7. Collection and use of personal information

A CA will only obtain personal information directly from that information applies, or with dennes expressed consent and only in the extent necessary to issue or maintain a certificate. The information must not be collected or processed for any other purposes, so unless that information applies has given its expressed consent to it.

The data protection committee shall be supervising that this determination is overheld. In the extent that no other follows of this law, the People's Enlightenment Act comes Section 42-47 with regulations to the Applicability of the Data Regulations Control after the first period.

0 Modified by law 20 des 2002 # 110 (ikr. 1 jan 2003 ifg res. 20 des 2002 # 1615).

Chapter II. Secure signature presentation systems

SECTION 8. Requirements for secure signature presentation systems

A secure signature showroom system should ensure that the signature is satisfactory protected from forgery. Further, a secure signature presentation system should ensure that signature presentation data :

a) of practice can only be presented once and with reasonable degree of security remain secrecy,
b) in reasonable extent cannot be derived, and
c) in reliable ways can be protected by proper signs against others ' use.

A secure signature showroom system must not change data in electronic form to be signed, or prevent the data from appearing for the sign before signing.

SECTION 9. Approval of secure signature presentation system

Approval as a secure signature presentation system, jf. Section 8, is provided by the organ that the King is pointing out. The king can in regulation give closer regulations on the organ and about the requirements of secure signature signature management system.

Liquial with approval after the first clause is approval from an equivalent organ in a different state that is party to the EES agreement.

The requirements of Section 8 shall be met when the machine or software that is used is in accordance with the standards of electronic signature products that the European Commission is determining and as released in the European Communities ' s Tidding.

Chapter III. Requirements for issuyourselves of eligible certificates

SECTION 10. The business requirements

Highlights of eligible certificates shall exercise and manage your business in a defensible manner so that it can offer secure, reliable and well-functioning certificate services.

The certificate issuer shall at all times have sufficient financial resources to be able to operate the business according to the requirements that are lined up or in the co-hold of this law.

SECTION 11. Requirements for products and systems

Highlights of eligible certificates shall use reliable products and systems that are protected from changes, and which provide technical and cryptographic security in subsupportive processes.

The requirements in the first clause shall be deemed met if the CA uses products and systems approved by an organ in accordance with Section 9 first and other clauses, or is in accordance with standards determined by the European Commission after Section 9 third clause.

Certificate issuer shall commit measures against the forgery of the certificates. If Certificate Authority represents signature presentation data, the issuance shall guarantee the privacy of these data during the presentation process.

SECTION 12. Catalog and retreat service requirements

Highlights of eligible certificates shall ensure a fast and secure directory and retreat service and shall ensure that the date and time of the Commencement or withdrawal of a certificate.

SECTION 13. Requirement of the control of the subcharacter's identity

Highlights of eligible certificates are responsible for the identity of the signing and further relevant information about the person is verified through secure routines.

Details of the routines mentioned in the first clause should be publicly available.

SECTION 14. Requirements for storage of information

Highlights of eligible certificates shall store all relevant information on eligible certificates in a reasonable period, dog at least 10 years after the certificate is registered in the withdrawal list.

Certificate issuer shall take advantage of reliable systems to retention of certificates in verifiable form, so that

a) The information authenticity can be verified,
b) The certificates are publicly available in those cases where the holder has given their consent, and
c) any technical changes, which bring these security requirements in danger, are visible to the operator.

Issues of qualified certificates must not retain or copy the sign-up sign-up signature data.

SECTION 15. Requirements for information on terms, limitations and similar

Prior to a CA, agreement to issue a qualified certificate shall the issuer in writing inform the opposing party

a) the terms and limitations of the use of the certificate,
b) details of any volunteer certification, approval, or self-declaration arrangements, and
c) procedures for complaint and decision by disputes.

Information, according to the first clause can be sent electronically, if it occurs in one for the opposing immediately readable form. These information should also be able to be checked by the signature recipient.

0 Modified by law 17 June 2005 # 104 (ikr. 1 July 2005 ifg. res. 17 June 2005 # 584).
SECTION 16. Replenishment requirements

The king may in regulation determine closer rules about what requirements can be brought to issuable certificates to fulfill the provisions of Section 10-15.

Chapter Ilet. Volunteers certification arrangements, approval arrangements or self declaration arrangements

0 The headline added by law 17 June 2005 # 104 (ikr. 1 July 2005 ifg. res. 17 June 2005 # 584).
Section 16 a Establishment of volunteer certification arrangements, approval arrangements, or self-declaration arrangements

The Ministry can at regulation impose voluntary certification, approval, or self-declaration arrangements with aim to raise the level of certificate services to increase the trust and use of such services.

The Ministry of the Ministry can in the Scripture determine what requirements should be brought for such arrangements, designate responsible organ and decide that it should be paid fees to the organ. The fees must not exceed the costs of the organ's business.

In order to bring legial business to termination or ensure that the injunction or terms given in regulation with home in this determination descendants, the organ can be designated after other clause of illegate compulsily after the rules of Section 20.

0 Added by law 17 June 2005 # 104 (ikr. 1 July 2005 ifg. res. 17 June 2005 # 584).

Chapter IV. Access and sanctions

SECTION 17. Access with issuyou of eligible certificates

The king can designate an organ that is supposed to be supervising that this law with the regulations of the world.

The vision can require the information and documents that are necessary to carry out their tasks, and determine a deadline to submit them.

The vision can give the edict that conditions that are in violation of regulations granted in or in the co-hold of this law shall cease and quiet terms that must be met for the business to be in compliance with the law.

The vision may require that the IT audit at the issuer of eligible certificates and designate an auditor to carry out the IT audit. Certificate issuer can be placed to pay for the revision.

The vision can revoke a certificate of authority to the term qualified certificate, if the certificate authority or repeatedly does not comply with the rules of law.

The king can give closer regulations on the conduct of the company.

SECTION 18. Registration of the issuer of eligible certificates

A CA may not issue eligible certificates until registration message has been submitted to the PSA. Changes in already recorded information and new information to be registry shall be reported to the DMV without due stay.

SECTION 19. Advenues to premises m.v.

The vision can be laughed at in its control, demanding access to places where it is driven business that stands under supervision.

The vision can conduct the controls it finds necessary, and require assistance from the staff at the site of the extent that this must to be taken to the control.

Law of 10. February 1967 about the processing way in management matters Section 15 about the procedure of review, comes to the Applicability.

SECTION 20. Compulsive

To ensure that regulations granted in or in co-conduct of this law be allowed to pay a daily continuous mulct to the state until the legislant's business is heard or raise and terms given with home in the this law has been recovered.

The mulkten does not run until the end of the cloth deadline is out. The Easter Act of the foreclosure, running no compulsion before the complaint case is settled unless the claviet organ decides differently.

The vision can be waived on-run foreclosure.

SECTION 21. Punishment

With fines punished it as intentional or aggravated negligent

a) fail to register / send message after Section 18,
b) fail to provide information after Section 17,
c) process personal information in violation of Section 7 and 14, or
d) provides incorrect or misleading information to the Board of Health.
0 Modified by law 19 June 2015 # 65 (ikr. 1 oct 2015).
SECTION 22. Replacement

A CA that issues certificates issued to be eligible, or guaranteets of such certificates published by someone else, is the replacement responsible for loss with a physical or legal person as a result of this had been reasonable reason to have confidence that :

a) The information indicated in the certificate was correct on the issuer's point of view,
b) The certificate contains all of the information required in accordance with Section 4,
c) signature presentation data and signature verification data belong together in a unique way if the Certificate Authority is making both,
d) The signing of the predisposed correct signature presentation data at the time of the certificate was issued, or
e) The certificate is recorded in the withdrawal list, jf. SECTION 12.

Certificate issuer is responsible for the first clause unless he allowance that he, or the person he guarantees for, did not act negligent.

Certificate issuer is not the replacement responsible for damage caused by the certificate of the certificate to be used in violation of clear restrictions in the certificate of the certificate of the certificate or beyond amounts of limitations.

SECTION 23. Compass

Regulatory decisions after regulations granted in or in the co-hold of this Act may be incurred to the organ King is outpointing.


The king can in regulation decide that CAs who are enrollment liquidating after Section 18 shall pay fees. The fees must not exceed the costs of the company's business.

Chapter V. International relations

SECTION 25. Righteous recognition of eligible certificates from issuer established outside of Norway

Certificates from CAs established within the EPS are considered eligible certificates in accordance with this law if they meet the requirements of a qualified certificate in the country where the issuer has been established.

Eligible Certificates from CAs established in countries outside of the EPS shall be granted legal recognition on equal line of eligible certificates from the Certificate of Authorities within the EPS if :

a) The issuer meets the requirements of an EPS state and has been approved in accordance with a voluntary certification or approval arrangement in that state,
b) a CA established within the EPS, and which meets the requirements of the establishment of the establishment, guarantees the issuer, or
c) The certificate or issuer is recognized in accordance with the multilateral or bilateral agreements between Norway or the EU and the third-country or international organizations.
0 Modified by laws 20 des 2002 # 110 (ikr. 1 jan 2003 ifg res. 20 des 2002 # 1615), 17 June 2005 # 104 (ikr. 1 July 2005 ifg. res. 17 June 2005 # 584).

Chapter VI. Istrontrecation and transition rules

SECTION 26 Istrontrecation

The law takes effect from the time the King decides. 1

1 From 1 July 2001 ifg. res. 15 June 2001 No. 614.
SECTION 27. Overtime rules

Highlights of eligible certificates shall within 6 months after the law of law have entered into effect, according to Section 18 or within the same deadline, calling the certificates for qualified or using designation that gives the impression that they are eligible.