Advanced Search

Act Of 18 September 2001 On Electronic Signatures

Original Language Title: USTAWA z dnia 18 wrzeĊ›nia 2001 r. o podpisie elektronicznym

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$40 per month.

ACT

of 18 September 2001

o e-signature 1)

Chapter I

General provisions

Article 1. [ Regulatory scope] The Act sets out the conditions for the use of electronic signatures, the legal effects of its use, the rules for the provision of certification services and the rules for the supervision of the entities providing these services.

Article 2. [ Application of provisions of the Act] The provisions of the Act apply to entities providing certification services, established or providing services within the territory of the Republic of Poland.

Article 3. [ Definitions] The terms used in the expression shall mean:

1) electronic signature-electronic data, which together with other data to which they are attached or with which they are logically linked, serve to identify the person submitting the electronic signature;

2. secure electronic signature-electronic signature, which:

(a) it is assigned only to the person making the signature,

(b) shall be drawn up by means of the exclusive control of the person making the signature of the electronic signature electronic signature and the data for the electronic signature,

(c) it is linked to the data to which it has been attached, in such a way that any subsequent change to such data is recognisable;

3. electronic signature person-a natural person holding an electronic signature device which acts on its own behalf or on behalf of another natural person, legal entity or non-owned establishment legal personality;

4) data for the creation of electronic signature-unique and assigned to a natural person the data that is used by this person to place an electronic signature;

5) data for the verification of electronic signature-unique and assigned to the natural person the data which are used to identify the person submitting the electronic signature;

(6) electronic signature-assembly equipment-equipment and software configured in such a way as to provide a signature or an electronic certificate using the data used for the signature or certification Electronic

7) a secure electronic signature-folding device-an electronic signature device meeting the requirements set out in the Act;

8. electronic signature verification device-equipment and software configured in such a way as to identify the natural person who signed the electronic signature, using the data used for signature verification electronic or in such a way as to identify the certification service provider or body issuing the certification certificate, using the data used to verify the electronic certificate;

9) a secure electronic signature verification device-a device for the verification of electronic signature meeting the requirements set out in the Act;

10) certificate-electronic certificate, by which data for the verification of electronic signature are assigned to the person submitting the electronic signature and which enable the identification of this person;

11) certification certificate-an electronic certificate by which the data for the verification of the electronic certificate are assigned to the certification service provider or body referred to in art. 30 par. 1, and which allow the identification of that entity or body;

12) qualified certificate-a certificate complying with the conditions set out in the Act, issued by a qualified entity providing certification services, meeting the requirements set out in the Act;

13) certification services-issuing certificates, marking time or other services related to electronic signature;

14) a certification service provider-an entrepreneur within the meaning of the provisions of the Act of 2 July 2004. about the freedom of economic activity (Dz. U. of 2010 No. 220, item. 1447, as of late. ism.), the National Bank of Poland or a public authority body, providing at least one of the services referred to in point 13;

(15) qualified certification service provider-a certification service provider entered in the register of qualified entities providing certification services;

16) time marking-the service of joining the data in electronic form logically associated with the data bearing the signature or electronic certificate, the determination of the time at the time of the performance of the service and the attestation the electronic such data generated by the entity providing the service;

17) the policy of certification-detailed solutions, including technical and organizational, indicating the manner, scope and conditions of security of the creation and use of certificates;

18) recipient of certification services-a natural person, a legal person or an organizational unit without legal personality, who:

(a) it has concluded a certification service agreement with the certification service provider; or

(b) within the limits set out in the certification policy, may operate on the basis of a certificate or other electronic data certified by a certification service provider;

19) electronic certification-data in electronic form, which together with other data to which they have been attached or logically linked to them, enable the identification of the entity providing the certification service or the issuing authority certification attestaments, and meet the following requirements:

(a) they are drawn up by means of an exclusive control of the certification service provider or the authority issuing the certification certificate of safe electronic signature and data for the placing of electronic signatures and data serving the submission of an electronic certificate,

(b) any change in the certified data shall be recognissure;

(20) data for the submission of an electronic certificate, which is unique and assigned to the certification or certification authority of the issuing body, which is used by that body or body to the submission of an electronic certificate;

21) data for the verification of an electronic certificate-unique and assigned to the certification service provider or body issuing the certification certificate the data which are used to identify the entity or an authority consisting of an electronic certification;

22) verification of secure electronic signature-actions which allow the identification of the person submitting the electronic signature and allow the conclusion that the signature has been made by means of data used for the creation of electronic signature assigned to that person, and that the data bearing this signature has not changed after the electronic signature has been lodged.

Article 4. [ Certificate Validity] The certificate issued by the certification service provider, not established in the territory of the Republic of Poland and not providing services in its territory, equates to the legal with the qualified certificates issued by the a qualified certification service provider established or providing services within the territory of the Republic of Poland, if one of the following conditions is met:

1) the certification service provider which issued the certificate has been entered in the register of qualified entities providing certification services;

2) provides for this international agreement, to which the Republic of Poland is a party, with mutual recognition of certificates;

3) the certification service provider which issued the certificate complies with the requirements of the Act and has been granted accreditation in a Member State of the European Union;

4) a certification service provider established within the territory of the European Community, meeting the requirements of the Act, granted a guarantee for this certificate;

5. this certificate is deemed to have been qualified by an international agreement between the European Community and third countries or international organisations;

(5a) this certificate has been deemed to have been qualified by agreement on the European Economic Area;

6. the certification service provider which issued the certificate has been recognised by an international agreement between the European Community and third countries or international organisations.

Chapter II

Legal effects of electronic signature

Article 5. [ Electronic Signature Effects] 1. A secure electronic signature verified by a qualified certificate shall have legal effects defined by the law, if it has been filed during the period of validity of that certificate. A secure electronic signature made during the period of suspension of the qualified certificate used for its verification shall have legal effect upon the repeal of that suspension.

2. Data in electronic form bearing a secure electronic signature verified by means of a valid qualified certificate shall be equivalent in terms of legal effects to documents bearing the signed-in signatures, unless the provisions They are different.

3. A secure electronic signature verified by means of a qualified certificate ensures the integrity of the data bearing this signature and unambiguous indication of the qualified certificate, in such a way that any changes of these are recognized the data and changes to the indication of the certified certificate to be used for the verification of that signature, after the signature has been lodged.

Article 6. [ The electronic signature as evidence] 1. A secure electronic signature verified by means of a valid qualified certificate provides proof that it has been made by the person specified in that certificate as a storage electronic signature.

2. Paragraph Recipe 1 shall not refer to the certificate after the expiry of its period of validity or from the date of its invalidity and during the period of its suspension, unless it is proved that the signature has been submitted before or prior to the certificate's validity invalidation or suspension.

(3) It is not possible to invoke that the electronic signature verified by means of a valid qualified certificate has not been made by means of secure devices and data subject to an exclusive control by the person making the electronic signature.

Article 7. [ Time Marking] 1. The electronic signature may be marked by time.

2. The marking of time by a qualified entity providing certification services shall in particular invoke the legal effects of a certain date within the meaning of the provisions of the Civil Code.

(3) It is considered that the electronic signature time marked by the qualified certification service provider was submitted not later than at the time of the service. This presumption shall exist until the date of expiry of the certification certificate used for the verification of that marking. The extension of the presumption shall require another marking of the time of electronic signature, together with the data used for the previous verification by the qualified entity providing the service.

Article 8. [ Validity and effectiveness of electronic signature] The validity and effectiveness of an electronic signature cannot be refused only on the basis that it exists in electronic form or the data used for the verification of the signature do not have a qualified certificate, or has not been made by means of a secure Electronic signature assembly equipment.

Chapter III

Obligations of certification service providers

Article 9. [ Provision of certification services] 1. Operating in the field of the provision of certification services does not require authorisation or concession.

2. The bodies of public authority and the National Bank of Poland may provide certification services, subject to the paragraph. 3, for the sole use of own or other public authorities.

3. An entity of local government may provide certification services on a non-profit basis also for members of the local government.

Article 10. [ Obligations of the certification service provider] 1. The qualified certification service provider issuing qualified certificates shall be:

1. provide the technical and organisational possibilities for the rapid and reliable issue, suspension and cancellation of certificates and the timing of the completion of these activities;

2) establish the identity of the person applying for the certificate;

3. provide the means to counter the counterfeiting of certificates and other data electronically evidenced by these entities, in particular by protecting the equipment and data used in the certification services;

4) conclude a contract of insurance for civil liability for damage caused to the recipients of certification services;

5) inform the applicant for the certificate, prior to the conclusion of the contract with it, of the conditions of obtaining and using the certificate, including any limitations of its use;

6) use systems to create and store certificates in such a way as to ensure that the data can be entered and changed only to the authorized persons;

7) if the entity provides public access to the certificates, then their publication requires prior consent of the person to whom the certificate was issued;

8) provide the recipient of certification services with a complete list of secure devices for the submission and verification of electronic signatures and the technical conditions to which these devices should be responsible;

(9) ensure, when it creates data for the creation of electronic signatures, the confidentiality of the creation process, and do not store and copy such data or other data which could be used to reproduce them, and not make them available to anyone other than the person who will use the electronic signature for them;

10) ensure, where it is created by the electronic signature, so that the data with the probability of a borderline is likely to occur only once;

11. publish the data which will enable the verification, including in the electronic way, the authenticity and validity of the certificates and other data certified electronically by the entity, and to provide free access to these data to the recipients certification services.

2. A qualified certification service provider consisting of the time-marking shall meet the requirements referred to in paragraph 1. In accordance with Article 1 (1), (1), (4) and (8), and the use of systems for the time-marking, the establishment and storage of certification certificates, in such a way as to ensure that the data can only be entered and changed to rightholders, and that the time limit for sometimes at the time of the submission of an electronic certificate and make it impossible to mark a time other than when the time-marking service is performed.

3. The person performing the tasks related to the provision of certification services shall:

1) have full capacity for legal acts;

2) not be convicted of a final sentence for a crime against the reliability of the documents, the economic defence, the turnover of money and securities, the treasury offence or the crimes referred to in Chapter VIII of the Act;

3) possess the necessary knowledge and skills in the technology of creating certificates and providing other services related to electronic signature.

4. The Council of Ministers may define, by way of regulation, detailed technical and organisational conditions that must meet qualified entities providing certification services, including the requirements of physical protection of premises where the information referred to in Article 12 (1) 1, taking into account the scope of application of certificates issued by them, the requirements of their protection and the need to ensure protection of the interests of the recipients of certification services.

5. The Minister responsible for financial institutions, in agreement with the Minister responsible for the economic affairs, after consulting the Polish Chamber of Insurance, will determine, by way of regulation, the detailed scope of compulsory insurance, of which Paragraph 1. Article 1 (4), the term of the insurance obligation and the minimum guarantee sum, taking into account in particular the specificity of the profession and the scope of the tasks to be carried out.

Article 11. [ Responsibility of the certification service provider] 1. The provider of certification services shall be liable to the recipients of certification services, subject to the paragraph. 2 and 3, for any damage caused by the non-performance or improper performance of his duties in respect of the services provided, unless the non-execution or improper performance of those obligations is a consequence of the circumstances for which the operator, the certification services are not liable and which could not have been prevented despite the due diligence.

2. The entity providing certification services does not respond to the recipients of certification services for the damages resulting from the use of the certificate outside the scope specified in the certification policy, which is indicated in the certificate, including in particular the damages resulting from exceeding the highest transaction limit value, if this value has been disclosed in the certificate.

3. The operator of the certification service shall not be liable to the recipients of the certification services for the damage resulting from the incorrectness of the data contained in the certificate, entered on the request of the person submitting the electronic signature.

4. An entity providing certification services, which has granted a certificate guarantee in accordance with art. 4 point 4 corresponds to the recipients of certification services for any damage caused by the use of this certificate, unless the damage resulted from the use of a certificate outside the scope specified in the certification policy, which was indicated in this certificate.

Article 12. [ Obligation of secrecy] (1) Information related to the provision of certification services, the unauthorised disclosure of which could jeopardise the certification service provider or the recipient of certification services and, in particular, the data to be used for the submission of certification services the electronic certificates are covered by the secret. Information about breaches of the Act by the certification service provider shall not be covered by the secret.

2. To preserve the secrecy referred to in the paragraph. 1, the persons shall be obliged:

1) representing an entity providing certification services;

2) remaining with the entity providing certification services in the employment relationship, in relation to the order or other legal relationship of a similar nature;

3) remaining in the employment relationship, in relation to the order or other legal relationship of a similar nature with the entities providing the service to the provider of certification services;

4. persons and bodies who have entered into it in accordance with the procedure referred to in paragraph 1. 3.

3. The persons referred to in paragraph. 2, they shall have the obligation to provide the information referred to in paragraph 1. 1, with the exception of data for the submission of electronic certificates, on request only:

1) a court or procurator-in connection with the ongoing proceedings;

2. the minister responsible for economic affairs, in connection with the exercise of his supervision over the activities of the certification service providers referred to in Chapter VII;

3) other state bodies authorised to do so on the basis of separate laws-in connection with the proceedings conducted by them in matters concerning the activities of the entities providing certification services.

4. The obligation of secrecy, referred to in paragraph. 1, subject to paragraph. 5, it shall last for a period of 10 years from the cessation of the legal relations mentioned in the paragraph. 2.

5. The obligation to preserve the secrecy of data used for the submission of electronic certificates takes place indefinitely.

Article 13. [ Storing and archiving documents] 1. An entity providing certification services, subject to the paragraph. 5 and Art. 10 para. 1 point 9, stores and archives documents and electronic data directly related to the certification services performed in a manner that ensures the security of the stored documents and data.

2. In the case of qualified entities providing certification services, the obligation to store the documents and data referred to in the paragraph shall be provided. 1, shall last for a period of 20 years from the date of the establishment of the document or data concerned.

3. In the event of a cessation of activities by a qualified entity providing certification services, the documents and data referred to in paragraph. 1, shall store the Minister responsible for the affairs of the economy or the entity designated by it. For the storage of the documents and data referred to in paragraph 1. 1, the minister responsible for economic affairs shall charge a fee, not higher, however, than the equivalent in gold 1 euro for each issued certificate, the documentation of which is subject to storage, calculated according to the average course announced by the National Bank of Poland, effective on the date of cessation of the activity by a qualified certification service provider. This fee should be used for the financing of the activities referred to in the first sentence.

4. The Minister responsible for the economic affairs shall determine, by means of regulations, the payment procedure and the amount of the fees referred to in paragraph 1. 3, taking into account the quantity and the planned cost of storing the documents and data referred to in paragraph 1. 1.

5. The entity providing certification services shall destroy the data for the submission of electronic certificates immediately after the cancellation or after the expiry of the period of validity of the certification certificate used for the verification of these certificates.

Chapter IV

Provision of certification services

Article 14. [ Issuing certificate] 1. The entity providing certification services shall issue a certificate on the basis of a contract.

2. An entity providing certification services prior to the conclusion of the contract referred to in paragraph 1. 1, shall be obliged to inform in writing or in the form of an electronic document within the meaning of the provisions of the Act of 17 February 2005. information on the activities of entities carrying out public tasks (Dz. U. of 2013 r. items 235), in a clear and universally clear manner, of the precise conditions of use of the certificate, including the way in which complaints and disputes are handled, and in particular about the relevant conditions covering:

1) the scope and limitations of its use;

2) the legal effects of the lodging of electronic signatures verified by means of this certificate;

3) information on the system of voluntary registration of qualified entities and their importance.

3. In the case of issuing certificates which are not certified, the information referred to in paragraph 1 shall be provided. 2, it should also include an indication that the electronic signature verified by the certificate does not have legal effect equivalent to the signature of the certificate.

4. The operator of the certification service shall make available, at the request of each of the relevant elements of the information referred to in paragraph 1, the information referred to in paragraph 1. 2.

5. [ 1] Prior to the conclusion of an agreement for the provision of certification services, the object of which is to issue a qualified certificate, a qualified certification service provider shall be required to obtain a confirmation of the information requested by the certification service provider. Paragraph 1. 2, in written form or by means of electronic communication within the meaning of Article 2 point 5 of the Act of 18 July 2002. on the provision of services by electronic means (Dz. U. of 2013 r. items 1422).

6. An entity providing certification services, subject to Art. 10 para. 1 point 2 may use a notarial acknowledgement of the identity of the recipients of the certification services, if this provides for a specific certification policy.

7. An entity providing certification services, issuing qualified certificates, is obliged to use such procedures for issuing them, to obtain from the applicant a written consent to use the data used to verify it electronic signatures that are contained in the issued certificate.

Article 15. [ Obligations of the consignee] The recipient of certification services shall keep the electronic signature data in such a way as to protect them against unauthorised use within the validity period of the certificate used to verify those signatures.

Article 16. [ Form of contract for certification services] 1. [ 2] The certification service agreement shall be written in writing.

1a. [ 3] The contract for the provision of certification services, the object of which is to issue a certified certificate, shall be included in written form under the action of invalidity.

2. [ 4] (repealed).

Article 17. [ Certification policy] 1. A qualified certification service provider shall be required to develop a certification policy. The certification policy shall include in particular:

1) the scope of its application;

2. a description of how electronic data are created and transmitted, which will be accompanied by electronic certificates by the certification service provider;

3) maximum period of validity of certificates;

4. the means of identification and authentication of the persons to whom the certificates are issued and the entity providing certification services;

5) the methods and mode of creation and making available of certificates, lists of invalidated and suspended certificates and other electronically supplied data;

6) a description of the electronic recording of the data structures contained in the certificates and other data certified electronically;

7) a way of managing documents related to the provision of certification services.

2. The Council of Ministers shall determine, after consulting the President of the National Bank of Poland, by means of the Regulation, the basic organisational and technical requirements concerning the certification policies for qualified certificates, taking into account the scope of the the application of these certificates and their periods of validity, the need to ensure the interoperability of the various devices for the submission and verification of electronic signatures, ensuring the safety of legal traffic and taking into account the European Union's standards.

Article 18. [ Technical conditions for a safe device] 1. A secure device for electronic signature shall at least:

1) prevent the collection of data for the purpose of signature or electronic certification;

2. do not change the data to be signed or authenticated electronically and enable the data to be presented to the person submitting the electronic signature before the time of submission of the data;

3) guarantee that the filing of the signature will be preceded by a clear warning that the continuation of the operation will be tantamed with the filing of the electronic signature;

4) provide an easy recognition of the safety of changes in the device for signing the signature or the electronic certificate.

2. A secure electronic signature verification device shall meet the following requirements:

1) the data used for the verification of the electronic signature correspond to the data which are embrothed to the person verifying that signature;

2. the electronic signature is verified reliably, and the result of the verification correctly demonstrated;

(3) the verifier may, in a non-doubt manner, determine the content of the data that has been signed;

4) the authenticity and validity of certificates or other data certified electronically is reliably verified;

5) the result of the verification of the identity of the person submitting the electronic signature is correctly and legibly displayed;

6) the use of a pseudonym is clearly indicated;

7) essential for the safety of the change in the device used for the verification of electronic signature are signalled.

3. The Council of Ministers shall determine, by means of a regulation, the detailed technical conditions to which the secure electronic signature equipment and the safe electronic signature verification equipment should be responsible, taking into account the need to ensure the inviolability and confidentiality of the data bearing such signature.

4. Tests of conformity of devices referred to in paragraph. 1 and 2, with the requirements of the Act shall be held in accordance with separate regulations.

5. The Internal Security Agency or the Military Contrintelligence Service, in accordance with the property specified in the provisions on the protection of classified information, shall evaluate the suitability of the devices referred to in paragraph. 1 and 2, for the protection of classified information and issue relevant safety certificates.

Article 19. [ Charges for testing conformity of devices] 1. For the activities referred to in art. 18 (1) 4 and 5, a fee is charged.

2. To the fees referred to in paragraph. 1, the provisions referred to in Article 1 shall apply. 18 (1) 4, and the provisions of the Act of 5 August 2010. on the protection of classified information (Dz. U. Nr 182, pos. 1228).

Article 20. [ Certificate Qualified Content] 1. The Qualified Certificate shall contain at least the following data:

1) the number of the certificate;

2) an indication that the certificate has been issued as a certified certificate for use in accordance with a specific certification policy;

3) the identification of the certification service provider issuing the certificate and the country in which it is established, and the number of the entry in the register of qualified entities providing certification services;

4) the name or pseudonym of the person submitting the electronic signature; the use of the nickname must be clearly marked;

5) data used for the verification of electronic signature;

6) marking the beginning and end of the validity period of the certificate;

7) a certificate of electronic certification service provider issuing a given certificate;

8) limitations of the validity of the certificate, if provided for by the specified certification policy;

9) limit the highest limit value of the transaction in which the certificate can be used, if it provides for a certification policy or an agreement referred to in art. 14 para. 1.

2. An entity providing certification services by issuing a qualified certificate shall include in that certificate other data than those mentioned in the paragraph. 1 at the request of the person submitting the electronic signature, and in particular an indication of whether the person is acting:

(1) either on his own behalf or

2) as a representative of another natural person, a legal person or an organisational unit without legal personality, or

3) as a member of a body or body of a legal person, or an organisational unit without legal personality, or

4) as a body of public authority.

3. The entity providing certification services, issuing a qualified certificate, confirms the veracity of the data referred to in paragraph. 2, and notify the entities referred to in paragraph. 2 points 2 to 4, the content of the certificate and instructs the possibility of cancelling the certificate at their request.

Chapter V

Validity of certificates

Article 21. [ Certificate validity period] 1. The certificate is valid for the period specified in it.

2. The entity providing certification services shall invalidate the qualified certificate before the expiry of its period of validity, if:

1) the certificate has been issued on the basis of the untrue or outdated data referred to in art. 20 para. 1 point 4 and paragraph. 2;

2) has not fulfilled the obligations set out in the Act;

3) a person submitting an electronic signature verified on the basis of this certificate has failed to complete the obligations referred to in art. 15;

4. the certification service provider shall cease the provision of certification services and its rights and obligations shall not take over any other qualified entity;

5) require that person to sign the electronic signature or the third party indicated in the certificate;

6. the Minister responsible for the economic affairs shall be requested;

7) the person submitting the electronic signature has lost the full capacity for legal action.

3. Cancellation of the certificate in accordance with the paragraph. 2 point 2 does not exclude the liability of the certification service provider for the damage to the person making the electronic signature.

4. Where there is reasonable suspicion that there are reasons for the invalidity of the qualified certificate, the certification service provider is obliged to suspend the certificate immediately and take the necessary measures to clarify of those doubts.

5. The suspension of the qualified certificate shall not last longer than 7 days.

6. After the expiry of the period mentioned in paragraph. 5, in case of uncertainable doubt, the certification service provider shall immediately invalidate the qualified certificate.

7. The certificate, which has been suspended, can then be annulled or its suspension can be repealed.

8. The certificate, which has been revoked, cannot then be considered valid.

9. The Minister responsible for economic affairs shall submit the request referred to in paragraph 1. Article 2 (6), where the conditions laid down in paragraph 6 are met. 2 points 1 to 4 and point 7.

10. The certification service provider shall immediately notify the person submitting the electronic signature that is verified on the basis of the cancellation or suspension of the certificate.

11. The suspension or cancellation of a certificate shall not be retrospectively.

Article 22. [ List of suspended and invalidated certificates] 1. The certification service provider publishes a list of suspended and invalidated certificates.

2. Information about the suspension or cancellation of the certificate shall be placed on each list of suspended and invalidated certificates published before the date of expiry of the period of validity of the certificate and on the first list published after the expiry of this period.

3. The list of suspended and invalidated qualified certificates should contain in particular:

1) the sequence number of the list and an indication that the list has been published in accordance with the specific certification policy and relates to the certificates issued in accordance with this policy;

2) the date and time of publication of the list with the accuracy specified in the certification policy;

3) the date of the expected publication of the next list;

4. the identification of the certification service provider issuing the list and the country in which it is established and the number of the entry in the register of qualified entities providing certification services;

5) the number of any suspended or revoked certificate and an indication of whether it has been cancelled or suspended;

6) the date and time, with the accuracy specified in the policy of certification, suspension or cancellation of each certificate;

7) an electronic certification of the certification service provider, the publication of the list.

4. The entity providing certification services shall publish the information on the suspension and cancellation of the certificate in the list referred to in paragraph. 1, in accordance with the relevant certification policy, however not later than within 1 hour from the cancellation or suspension of the certificate.

5. The suspension and cancellation of the certificate shall have legal effect from the moment referred to in paragraph. 3 point 6, which may not be earlier than the date and time of publication of the previous list of suspended and invalidated certificates.

Chapter VI

Granting of accreditation and registration of a register of qualified entities providing certification services

Article 23. [ Entry in the register of certification service providers] 1. An entity providing a certification service or intending to undertake such activities may request an entry in the register of qualified entities providing certification services.

2. The provision of certification services as a qualified entity providing certification services requires obtaining an entry in the register of qualified entities providing certification services and obtaining a certification certificate used for the verification of electronic certificates of this entity issued by the Minister responsible for the economy, subject to the paragraph. 4 and 5.

3. The Minister responsible for the economy shall publish, in electronic form, the list of issued certification certificates referred to in the paragraph. 2, as well as data for the verification of the certification certificates issued by the competent authority.

4. The Minister responsible for the economic affairs may, in accordance with the rules on public procurement, entrust the production and certification of certification certificates referred to in paragraph 4 to the certification service provider. 2, the publication of the list referred to in paragraph. 3, and the data used to verify the issued certification certificates.

5. The Minister responsible for economic affairs, at the request of the President of the National Bank of Poland, authorizes the National Bank of Poland or indicated in the application, the entity remaining with the National Bank of Poland in relation to the performance of the services referred to in paragraph 4. The authorisation for a subsidiary shall expire under the law in the event of termination of the relationship of dependence on the National Bank of Poland.

6. The entities referred to in paragraph. 4 and 5, they must meet the requirements of the Act for qualified entities providing certification services in the field of safety, issue, storage and cancellation of certificates and may not provide certification services consisting of issuing certificates.

7. In the cases referred to in paragraph. 4 and 5, the Minister responsible for Economic Affairs, making an entry in the register referred to in paragraph 5. 1, it shall indicate to the certification service operator the name and registered office of the entity authorised to manufacture and issue certification certificates.

Article 24. [ Request for entry] 1. The entry in the register of qualified entities providing certification services shall be carried out at the request of the entity which intends to provide or provide certification services.

2. An application for an entry in the register of qualified entities providing certification services shall contain:

1) the name and surname or name (company) of the applicant;

2) specify the certification policy according to which qualified certificates or provided other services related to electronic signature are to be created and applied;

3) the place of residence or seat and address of the applicant;

4) the number in the Register of Entrepreneurs of the National Court Register either in the Central Register and Information on Business Activity and the certificate or statement of the lack of entry in the register of insolvent debtors in the National Court Register;

5) the names of the persons referred to in art. 10 para. 3, which the entity employs or intends to employ;

6) [ 5] information on qualifications and professional experience, and a certificate or a declaration of the impunity of the persons referred to in Article 10 para. 3;

7) an indication of the technical and organizational possibilities of carrying out the tasks in the provision of certification services;

8. determination of how to prevent disclosure of information the use of which would prejudice the interest of the recipients of certification services;

9) documents presenting the property situation and the organisational and financial plan of the applicant's activities;

10) proof of payment of the fee for processing an application for registration of an entry in the register of qualified entities providing certification services;

11) data for the verification of electronic attestations submitted by the entity in the framework of its certification services;

12) the applicant's tax identification number;

(13) the applicant's REGON identification number.

2a. [ 6] The statements referred to in paragraph 1. Article 2 (4) and (6) shall be punishable by criminal liability for making false declarations. The applicant shall be obliged to enter in it the clause of the following text: "I am aware of the criminal responsibility for making a false statement." This clause replaces the instructing of the criminal liability authority for making false statements.

3. The provisions of the paragraph. 2 points 4, 9 and 13 do not apply to the application submitted by the public authority or the National Bank of Poland.

4. In the case of deficiencies in the application, the Minister responsible for the economy shall call upon the applicant to complete his application, setting a time limit of not less than 7 days.

5. The term referred to in paragraph 4, it may be extended to the reasoned request of the applicant submitted before the expiry of that period.

(6) Failure to complete the application within the prescribed period shall result in the rejection of the application.

7. A fee shall be charged for examining an application for an entry in the register of qualified entities providing certification services. The fee paid is non-refundable.

8. The Minister responsible for economic affairs shall determine, by means of a regulation:

1) the model and detailed scope of the application, taking into account the possibility of electronic processing of the data contained in the forms;

2) a detailed mode of creation and issuing of certification certificates, including by entities authorized on the basis of art. 23 (1) 4 or 5, taking into account the need to ensure the confidentiality of the establishment and issue of the certification certificate;

3) the amount of the fees for considering an application for an entry in the register of qualified entities providing certification services, taking into account the reasonable costs incurred in connection with the registration proceedings and the keeping of the register.

Article 25. [ Decision to enter an alert] 1. The Minister responsible for the economic affairs, after carrying out an inspection, shall enter the register of qualified entities providing certification services or issue a refusal to make an entry in the register of qualified entities providing certification services within a period of 2 months from the date of submission of the application meeting the requirements laid down in Article 24 ust. 2.

2. Obtaining an entry in the register referred to in the paragraph. 1, the certification service provider confirms that it is an institution with sufficient technical and technical potential for the issuer of the qualified certificates and meets the requirements set out in the Act.

(3) The decision to issue an alert should, in particular, specify the name of the certification policy under which the entity may issue qualified certificates or other services relating to electronic signature.

4. The Minister responsible for the economy shall refuse to make an entry in the register referred to in paragraph. 1, if:

1) the application and the documents attached to it do not meet the conditions set out in the Act;

2. in the organisation documents of the entity, there are provisions which may endanger security or otherwise violate the interest of the recipients of certification services;

3) the entity has been placed in the Register of Insolvent Debtors;

4. the technical and organisational measures indicated in the request for carrying out the tasks in the field of the provision of certification services do not comply with the conditions laid down in the Article. 10 para. 4, art. 17 para. 2 and Art. 18 (1) 3;

5) the persons referred to in art. 24 ust. Article 2 (5) does not meet the requirements set out in the Article. 10 para. 3.

Article 26. [ Entry content] 1. The entry of a qualified certification service provider in the register of qualified entities providing certification services shall include:

1) the name and surname (s) of the qualified entity providing certification services;

2) way of representation of the qualified entity providing the certification service and registration number of the business register and the designation of the court conducting this register or the number of the entry in the records of the business activity and the designation of the authority Accountancy;

(3) the names of the persons representing the qualified entity providing certification services;

4) the name of the certification policy within which the entity may issue qualified certificates or provide other services related to the electronic signature;

5) information about the sum of the insurance and the terms of the contract referred to in art. 10 para. 1 point 4, and the name of the insurance undertaking;

6) the date on which the entry or the issue of the decision to remove the alert was made.

2. An entity which has obtained an entry in the register of qualified entities providing certification services shall be obliged, within 30 days from the date of service of the decision to make an alert, to serve the proof of the conclusion of the contract referred to in art. 10 para. 1 point 4, and provide the information referred to in paragraph 1. 1 point 5.

3. The Minister responsible for economic affairs shall immediately after obtaining the information referred to in paragraph 1. In addition to the entry into the register of qualified certification service providers, point 5 shall be supplemented by the entry in the register of qualified entities.

4. If an entity that has received an entry in the register of qualified entities providing certification services does not comply with the obligation referred to in the paragraph. 2, the Minister responsible for the economy shall issue a decision to remove the entry in the register of qualified certification service providers.

5. After entering the entry in the register of qualified certification service providers, the Minister responsible for the economy shall without delay, but not earlier than on the date of the certification of the certification service from the obligation, o to the point of reference. 2, issue the certification certificate referred to in art. 23 (1) 2.

Article 27. [ Register of bodies providing certification services] 1. The register of qualified entities providing certification services shall be carried out by the Minister responsible for economic affairs.

2. The register referred to in paragraph 2. 1, and the certification certificates referred to in art. 23 (1) 2, shall be public and publicly available, including in electronic form.

3. The Minister responsible for the economy shall determine, by means of a regulation, the way in which the register of qualified entities providing certification services is kept, the model of that register and the detailed procedure for dealing with matters of entry in the register, Having regard to the need to ensure access to the register to third parties and to be able to enter all data obtained in the course of the proceedings on the registration of the qualified entities providing certification services, including information on the liquidation or bankruptcy of the service provider certification.

Article 28. [ Notification of a change in fact or law] 1. [ 7] A qualified certification service provider shall be required to notify immediately, not later than 14 days after the change in the actual or legal status of the Minister responsible for the economy to the change of data contained in the application, o This is a matter of the 24 ust. 2.

2. The subject referred to in paragraph 2. 1, shall notify the Minister responsible for the economy immediately of the date of cessation of the provision of certification services, but not later than 3 months before the planned date of cessation of the operation.

Article 29. [ Liquidation of the certification service provider] 1. In the event of the opening of the liquidation of a qualified certification service provider, the Minister responsible for the economy shall issue a decision to remove the entry in the register of qualified certification service providers.

2. In the event of a declaration of bankruptcy of a qualified entity providing certification services, the deletion of the entry in the register of qualified certification service providers shall be carried out by virtue of the law.

3. If the separate provisions do not provide for the liquidation of the certification service provider, the Minister responsible for the economy shall issue a decision to remove the entry in the register of qualified certification service providers in the case of the cessation of activities by that entity.

4. The obligation to inform the Minister responsible for the economy of the announcement of bankruptcy or closure of the liquidation of the pregnancy on the receiver or liquidator.

5. In the event of a dismissal of the application for a declaration of bankruptcy for the reasons indicated in art. 13 of the Regulation of the President of the Republic of 24 October 1934. -Bankruptcy law [ 8] (Dz. U. of 1991. No. 118, pos. 512, of late. zm.) paragraph 2 shall apply mutatis mutandis. The obligation to inform the Minister responsible for the matters of the pregnancy economy on the members of the body of the legal person, the compliments of a separate commercial company or the partners of the public company.

Chapter VII

Supervision of the activities of qualified certification-service providers

Article 30. [ Supervision of compliance with the provisions of the Act] 1. The Minister responsible for economic affairs shall exercise supervision over compliance with the provisions of the Act by qualified entities, ensuring the protection of the interests of the recipients of certification services.

2. The task referred to in paragraph. In particular, the Minister responsible for economic affairs shall pursue, in particular, by:

1) keeping a register of qualified entities providing certification services;

2. issuing and revoking certification certificates referred to in art. 23 (1) 2;

3) control of the activities of entities providing certification services in terms of compliance with the Act;

4) the imposition of penalties provided for in the Act.

3. Conducting a register of qualified entities providing certification services, the minister responsible for economic affairs may entrust the entities referred to in art. 23 (1) 4 and 5, which meet the requirements of the Act for qualified entities providing certification services in the field of safety, issuing, storage and cancellation of certificates and do not provide certification services consisting in issuing certificates.

Article 31. [ Deletion of entry] 1. The Minister responsible for the economy shall issue a decision to remove an entry in the register of qualified entities providing certification services, if the entity providing certification services:

1) conducts activities not in accordance with the provisions of the Act in a way that threatens the interests of the recipients of certification services or

2) submit an application for the deletion of an entry in the register, or

3) plans to terminate the activity and notify the Minister responsible for the economy in accordance with art. 28 para. 2, or

(4) refuse to give up the checks referred to in Article 4 (4). 38.

2. In the case referred to in paragraph. In accordance with Article 1 (1), the Minister responsible for the economy may, instead of issuing a decision, call upon the certification service provider to remove the findings of non-compliance within a specified period and to carry out his activities in accordance with the provisions of the law.

3. By issuing the decision referred to in paragraph. 1, the minister responsible for economic affairs may annul the certification certificate referred to in art. 23 (1) 2, and place them on the list of invalidated certification certificates of qualified entities providing certification services. Provisions concerning the list of invalidated certificates referred to in Article 22, it shall apply mutatis mutandis.

4. Cancellation of the certification certificate referred to in art. 23 (1) 2, used for the verification of electronic attestations submitted by qualified entities providing certification services, shall invalidate these certificates, unless it is proved that the certificate was submitted before invalidation of certification attestation.

5. Cancellation of the electronic certificate referred to in paragraph. 4, used to verify the validity of certificates issued by a qualified certification service provider, shall result in the validity of those certificates.

6. In the case of invalidation of the electronic certificate referred to in paragraph. 4, used for the verification of the validity of the time-stamping service provided by the qualified certification service provider, Article 7 ust. 2 and 3 shall not apply.

Article 32. [ Deletion of irregularities] 1. When making a call referred to in art. 31 par. 2, the Minister responsible for economic affairs may impose a financial penalty on the entity providing certification services up to 50 000 zlotys, if the irregularities found were particularly blatant.

2. In the event of failure to remedy the irregularity within the prescribed period, the Minister responsible for the economy may impose a financial penalty of up to 50 000 zlotys per entity providing certification services.

3. In determining the amount of fines referred to in paragraph. 1 and 2, the minister responsible for economic affairs shall take into account the nature and gravity of the irregularities found.

4. The money penalty shall be subject to enforcement in the procedure of enforcement proceedings in the administration.

Article 33. [ Deletion of an alert in case of gross violation of the law] 1. In the case of filing an electronic certificate with flagrant violation of the Act, the decision to delete an entry in the register of qualified entities providing certification services is immediately enforceable.

2. In the case referred to in paragraph. 1, Article 61 of the Act of 30 August 2002. -Right of proceedings before administrative courts (Dz. U. 2012 r. items 270, 1101 and 1529) does not apply.

Article 34. [ Prohibition of concluding contracts for the provision of certification services] From the date of service of the decision to remove an entry in the register of eligible certification service providers, the certification service provider may not conclude certification service contracts in respect of certification policy, is the decision.

Article 35. [ Authorisation to carry out checks] 1. The control shall be carried out by the staff of the Ministry providing services to the Minister responsible for the economy, hereinafter referred to as "controllers", upon presentation of the official identity card and the service of the authorization to carry out the checks.

2. The controller may, in the exercise of control activities, benefit from the assistance of a non-employee of the Ministry, as far as is necessary for carrying out the inspection.

3. The Imienne mandate to carry out the inspection shall be issued by the Minister responsible for the economy or with his authority, the Director of the Ministry of the Ministry's service providing the Minister responsible for the Affairs of the Economy.

4. The authorisation referred to in paragraph 4. 1, shall contain at least:

1) an indication of the legal basis;

2. designation of the control authority;

(3) the date and place of issue;

4) the name of the employee of the Ministry of the economy authorized to carry out the check and the number of his official ID card;

5) the company of the entrepreneur under control;

6. determination of the scope of the control concerned;

7) indication of the start date and the expected date of completion of the inspection;

(8) the signature of the person granting the authorisation;

9) lecture on the rights and obligations of the controlled.

5. With the authorization of the Minister responsible for the management of the economy, the control referred to in paragraph. 1, they may also carry out controllers who are employees of the entity referred to in art. 23 (1) 5.

6. Where the inspection is carried out under the authority of the Minister responsible for the economy, the operator and the certification body referred to in paragraph 1. 5, remuneration shall be paid for the check carried out.

(7) The Minister responsible for the economy will determine, by means of a regulation, the principle of remuneration for carrying out the checks, on the basis of the Minister's authority to check, taking into account the scope and nature of the checks and the reasonable costs of carrying out the checks.

Article 36. [ Audit mode] The Minister responsible for the economy shall carry out checks:

1) ex officie;

2) at the request of the prosecutor or the court, or other state bodies authorized to do so on the basis of laws in connection with the proceedings conducted by them in matters concerning the activities of entities providing certification services.

Article 37. [ Audit objectives] The purpose of the audit is to determine whether the activities of the qualified certification service provider comply with the requirements of the Act. The scope of the checks shall specify the authorisation referred to in Article. 35 par. 1 or paragraph 5.

Article 38. [ Auditor Privileges] In order to carry out the checks correctly:

1) the managers of the controlled entities providing the certification services are obliged to submit, at the request of the controller, any documents and materials necessary for the preparation and carrying out of the inspections, subject to the provisions of protection Legally protected information;

2. the controllers shall have the right to:

(a) access to facilities and premises of controlled certification service providers,

(b) inspection of documents and other media, with the exception of data for the purpose of captions and electronic certificates and other information which may be used for the recovery of such data, directly related to the controlled activities, and the safeguarding of documents and other evidence, with the preservation of the provisions on the protection of legally protected information,

(c) carrying out the visual inspection of the facilities, the other assets and the conduct of the certification service activities,

(d) requests from the staff of the controlled bodies providing oral or written explanations to the certification service,

(e) the use of the assistance of experts and experts.

Article 39. (repealed).

Article 39a. [ Controlling entrepreneur's business activity] The provisions of Chapter 5 of the Act of 2 July 2004 shall apply to the control of economic activities of the trader. about the freedom of economic activity.

Article 40. [ Audit results] The Minister responsible for the economy after hearing the Protocol and the reservations and the explanations notified by the controlled entity providing certification services shall inform that entity of the results of the checks and, if it is established, the irregularity shall set a time limit for their removal, not less than 14 days.

Article 41. [ Obligations of Controller] 1. The controller is obliged to keep in secret the information he has obtained in connection with the performance of a business activity.

2. The obligation of secrecy shall also be maintained after the establishment of employment.

Article 42. [ Complaint to the certification service provider] The Minister responsible for the economy shall consider complaints to entities providing certification services, applying the provisions of the Code of Administrative Procedure accordingly.

Article 43. [ Prohibition of economic activity] 1. The employees employed in the organizational cells of the ministry providing the services of the minister responsible for the affairs of the economy performing the tasks specified in the law shall not carry out business activities, to be partners or shareholders or carry out the duties of the representative or member of the supervisory board and of the review board of the certification service provider, as well as be with the entity providing certification services in relation to the work, relationship of the order or other a legal relationship of a similar nature.

2. Paragraph Recipe 1 shall be without prejudice to the provisions on restricting the pursuit of economic activities by persons performing public functions.

Article 44. [ Obligation of keeping information secret] Staff employed in the organisational cells of the Ministry providing services to the Minister responsible for the economy performing the tasks specified in the Act, as well as persons performing the activities of the cells specified therein organisational or other legal relationships of a similar nature shall be subject to the secrecy of the information obtained in connection with the performance of those activities.

Chapter VIII

Penal provisions

Article 45. [ Liability for damages] Who provides certification services as a qualified provider of certification services without prior conclusion of the required liability insurance contract for damage caused to the recipients of these services, subject to a fine of up to 1 000 000 gold.

Article 46. [ Responsibility for the lack of information on obtaining and using the certificate] Who, when providing certification services, against the obligation specified in the Act does not inform the applicant of the certificate of the conditions for obtaining and using the certificate, is subject to a fine of up to 30 000 zlotys.

Article 47. [ Responsibility for signing the signature] Who submits a secure electronic signature by means of electronic signature data which has been assigned to another person shall be subject to a fine or a custodial sentence of up to or both years 3.

Article 48. [ Responsibility for copying and storing data] Who, by providing certification services, copies or stores data for the purpose of placing a secure signature or electronic certificate or other data which could serve to reproduce them, shall be subject to a fine or a custodial sentence of up to the years 3 or both of these canals combined.

Article 49. [ Liability for a non-true certificate] 1. Who, when providing certification services, issues a certificate containing the untrue data referred to in art. 20 para. 1, shall be subject to a fine or imprisonment for the years 3 or both of those penalties.

2. The same penalty shall be subject to the person who, on behalf of the certification service provider, enables the issue of the certificate referred to in the paragraph. 1.

3. The same penalty shall be subject to the person who uses the certificate referred to in paragraph 1. 1.

Article 50. [ Responsibility for failure to revoke a certificate] Who, by providing certification services, against the obligation referred to in art. 21 (1) 2 points 5 and 6, disregards the cancellation of the certificate, shall be subject to a fine or imprisonment of up to the age of 3 or to the two of those penalties.

Article 51. [ Responsibility for marking time] Who, when providing the time-marking service as a qualified certification service provider, makes it possible to mark the data at times other than at the time of the exercise of that service and shall certify electronically such data, shall be subject to a fine or a penalty. No more than three years, or both of them.

Article 52. [ Liability for disclosure of secrecy] 1. Who, being obliged to maintain the secrecy associated with the provision of certification services, shall disclose or use, contrary to the conditions laid down by the Act, the information covered by this secret shall be subject to a fine of up to 1 000 000 zlotys or punishable by deprivation the freedom to the three years or the two of those to the total.

2. If the perpetrator is permitted to act as referred to in paragraph. 1 as an entity providing certification services or as a controller or in order to achieve property or personal gain, is subject to a fine of up to 5 000 000 zlotys or a custodial sentence of up to 5 years or both to these penalties combined.

Article 53. [ Responsibility for acts committed in the interest of another natural person] To the casers referred to in Article 45-51 shall also be subject to the authorisation of acts referred to in those provisions, acting in the name of or in the interest of another natural person, legal person or business unit without legal personality.

Chapter IX

Amendments to the provisions in force, transitional and final provisions

Article 54. (bypassed).

Article 55. (bypassed).

Article 56. (bypassed).

Article 57. (repealed).

Article 58. [ The date of adaptation of the certification service activities] 1. Banks and public authorities, by 31 December 2002, shall adapt their activities in the provision of certification services and the use of the information and communication systems related to the provision of these services to the requirements of the Act.

2. By 1 May 2008. public authorities shall enable the recipients of certification services to contribute to applications and applications and other electronic means in cases where the provisions of law require them to be submitted in a specific form or in a specific design.

3. (repealed).

4. The Minister responsible for public finance shall, within one year from the date of entry into force of the Act, grant the provisions governing the payment of fees for administrative operations to the requirements of legal traffic using electronic signature.

Article 59. [ Entry into force] 1. The Act shall enter into force after 9 months from the day of the announcement, with the exception of art. 4 points 3 to 6 and Article 4 11 (1) 4, which shall enter into force on the day of obtaining by the Republic of Poland membership of the European Union.

2. From the date of obtaining by the Republic of Poland the membership of the European Union is losing the power of the provision of art. 4 point 2.

1) This Act is being implemented in the framework of its regulation of the implementation of Directive 1999 /93/EC of 13 December 1999. on a Community framework for electronic signatures (Dz. Urz. EC L 13 of 19.01.2000).

The data relating to the publication of the acts of the European Union, as set out in this Act, on the date of accession by the Republic of Poland of membership of the European Union, shall refer to the publication of those acts in the Official Journal of the European Union. Special

[ 1] Article 14 (1) 5 in the version set by the Article. 14 point 1 of the Act of 7 November 2014. to facilitate the performance of economic activities (Journal of Laws of the EU 1662). The amendment came into force on 1 January 2015.

[ 2] Article 16 (1) 1 in the wording set by Article 1. 14 point 2 (a) a) of the Act of 7 November 2014. to facilitate the performance of economic activities (Journal of Laws of the EU 1662). The amendment came into force on 1 January 2015.

[ 3] Article 16 (1) 1a added by art. 14 point 2 (a) b) of the Act of 7 November 2014. to facilitate the performance of economic activities (Journal of Laws of the EU 1662). The amendment came into force on 1 January 2015.

[ 4] Article 16 (1) 2 repealed by Art. 14 point 2 (a) c) of the Act of 7 November 2014. to facilitate the performance of economic activities (Journal of Laws of the EU 1662). The amendment came into force on 1 January 2015.

[ 5] Article 24 (1) Article 2 (6), as amended by Article 2 (2) 14 point 3 (a) a) of the Act of 7 November 2014. to facilitate the performance of economic activities (Journal of Laws of the EU 1662). The amendment came into force on 1 January 2015.

[ 6] Article 24 (1) 2a as set out by the Article. 14 point 3 (a) b) of the Act of 7 November 2014. to facilitate the performance of economic activities (Journal of Laws of the EU 1662). The amendment came into force on 1 January 2015.

[ 7] Article 28 (1) 1 in the wording set by Article 1. 14 point 4 of the Act of 7 November 2014. to facilitate the performance of economic activities (Journal of Laws of the EU 1662). The amendment came into force on 1 January 2015.

[ 8] The Regulation has expired on the basis of art. 545 point 1 of the Act of 28 February 2003. -Bankruptcy and remedial law (Dz. U. 2012 r. items 1112), which entered into force on 1 October 2003.