Advanced Search

Law On Paper Computer And Electronic Signature

Original Language Title: Legge Sul Documento Informatico E La Firma Elettronica

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$40 per month.
REPUBLIC OF SAN MARINO
LAW July 20, 2005 115
SAN MARINO
LAW ON PAPER COMPUTER AND ELECTRONIC SIGNATURE


We the Captains Regent of the Most Serene Republic of San Marino


Promulgate and publish the following law approved by the Great and General Council
its meeting of 20 July 2005.


Art.
1 (Definitions)

1. For the purposes of this Act, the following definitions apply:
a) '' administrative document '', every representation, however formed, the content of acts, even
interior, public administration or, cmunque, used for the purposes
Business Administration;
B) '' electronic document '', the computer representation of acts, facts or legally relevant data
;
C) "electronic signature" ( '' digital signature ''), data in electronic form, attached to or
through logic Association to other electronic data and which serve as a method of
validation;
D) "advanced electronic signature" means an electronic signature obtained through a procedure
computer that meets the following requirements:
I. It is uniquely linked to the signatory;
II. be capable of identifying the signatory;
III. It is created using means that the signatory can maintain under his sole control
;
IV. It is linked to the data to which it relates so as to allow to detect whether the data
themselves have been subsequently modified;
E) '' qualified electronic signature '', an advanced electronic signature which is based on a qualified certificate
created by a secure signature creation device;
F) "signatory" means a person who has access to the device for creating a signature and acts
for own account or on behalf of the natural or legal person or entity he represents
;
G) "data for creating a signature" means unique data, such as codes or private cryptographic keys,
used by the signatory to create an electronic signature;
H) "device for creating a signature" means configured software or hardware used to
use the data for creating a signature;
I) "secure device for the creation of a" signature, a device for creating a
signature that meets the requirements of Article 7;
L) "Signature verification data" means data, such as codes or public cryptographic keys,
used to verify an electronic signature;
M) '' signature and certification service '', the provision of products and procedures necessary
for signing, the issuance, renewal and certificate management, directory services, services
revocation, registration services and time stamping services, as well as IT services
and related advice to elttroniche signatures;
N) "signature-verification device" means configured software or hardware used to
use the signature-verification data, according to the recommendations set forth in Article 8
;
O) "certificate" means an electronic attestation which links signature-verification data to a holder
and confirms the identity of the holder;
P) "qualified certificate" means an electronic certificate which meets the requirements of Article 4
issued by a certification service provider which fulfills the requirements of Article 5
;
Q) "provider of certification services" or '' certification '', an organization or a natural or legal
person who issues certificates or provides other services related to electronic signatures;
R) "electronic signature product" means hardware or software, or relevant components thereof
, intended to be used by a provider of certification services for the
provision of electronic-signature services or for the creation or verification of electronic signatures
;
S) '' time-stamping '' or '' time stamping '', the result of the computer procedure, which is
attaches to one or more electronic documents, a time reference
enforceable against third parties;
T) '' of time stamping '' service, a certificate bearing the electronic signature of a certification that
proves the existence of certain electronic data at a given time (date and time
).

Art. 2
(electronic document and its validity)

1. The documents, data and document formats from government and private computer with tools
, the contracts concluded under the same forms as well as their storage in computer support
and transmission with electronic tools, are valid and relevant to all legal purposes, provided that
signed and validated in accordance with this law.
2. In transactions involving the activities of production, input, storage,

Reproduction and transmission of data, administrative documents and records
using computer and telecommunications systems, including the enactment of the acts with the same systems, must be reported and made readily identifiable
both data concerning administrations concerned is the subject that has
do this. 3
. The public authorities shall define and make available electronically
forms and electronic forms valid adogni operation of law.
4. The technical rules for the formation, transmission, storage, duplication, reproduction and validation
, even temporarily, of electronic documents will be established with specific
technical regulations to be issued by Regency Decree.



Art. 3
(Legal effects of electronic signatures)

1. The use of an electronic signature or associated with certificate revoked or expired
tantamount to failure to sign. The revocation or suspension, however motivated, have
effect upon publication by the certification service providers.
2. The transmission of electronic documents electronically, signed electronically to
under the regulations under this Act, in a manner that will ensure the successful delivery,
equivalent to dispatch by post. 3
. The qualified electronic signatures based on a qualified and certified or created through a
secure device for the creation of a signature:
a) satisfy the legal requirements of a signature in relation to data in electronic form as well as
a handwritten signature satisfies those for paper-based data;
B) they are admissible as evidence in court.
4. The electronic signature can not be considered leglmente
effectiveness and admissibility as evidence in legal proceedings solely on the fact that it is:
- electronic, or
- not based on a qualified certificate, or
- not based upon a qualified certificate issued by an accredited certification service
or
- not created by a secure device for creating a signature.
5. The duplicate, copies, extracts of the electronic document, even if played back on a variety of media
, are valid for all legal purposes if they comply with technical regulations as provided for by this Act
.
6. Conservation requirements and the submission of documents required by current legislation
, it means fulfilled all legal purposes by means of electronic documents, if
comply with technical regulations under this Act.

Art. 4
(Requirements for qualified certificates)

1. Qualified certificates must include at least the following information:
a) an indication that the certificate is issued as a qualified certificate;
B) the identification of the provider of certification services and the State in which it has its headquarters;
C) the name of the signatory or a pseudonym identified as such;
D) an indication of a specific attribute of the signatory to be included if relevant, depending
the purpose for which the certificate is intended;
E) data for verifying the signature correspond to the data for the signature creation
under the control of the signatory;
F) an indication of the beginning and end of the validity period of the certificate;
G) the identity code of the certificate;
H) the qualified electronic signature of the certification-service-provider issuing the certificate
;
I) the limits of use of the certificate, if applicable;
L) limits on the value of transactions for which the certificate can be used, if applicable.

Art. 5
(Requirements for certification-service provider issuing qualified certificates)

1. The provider of the certification service provider issuing qualified certificates must:
a) demonstrate the technical organizational and financial reliability required to provide services
certification;
B) ensure the operation of a prompt and safe
information management and ensure a secure and immediate revocation service;
C) use the qualified certificates and for directory services and for revocation services one time
quality stamping guaranteed, and in any case ensure the localization time
issuance and revocation of a certificate to QUALIFIED ;
D) verify, by appropriate means, the identity and, possibly, the specific characteristics of the person
which is issued as a qualified certificate;
E) employ personnel who possess the expert knowledge, experience, and
qualifications necessary for the services provided, in particular competence at managerial level,

Specific knowledge in electronic signature technology and familiarity with proper security procedures
; they must also apply administrative procedures and methods
and management are adequate and correspond to recognized standards;
F) use trustworthy systems and products which are protected against modification and ensure the
technical and cryptographic security of the processes supported by them;
G) take measures against forgery of certificates, and, in cases where the provider of certification services
to generate data for creating a signature, ensuring the confidentiality, integrity and security
in during the generation of such data;
H) maintain sufficient financial resources to operar
according to the requirements of the law, in particular to bear the risk of liability for damages, for example
obtaining appropriate liability insurance vile c;
I) record all relevant information about a qualified certificate
for a period of at least 10 years, in particular in order to provide proof of certification
in any legal proceedings. Such records may be electronic
;
L) not store or copy data for the creation of the signature of the person which the service
certification services provider provided key management services;
M) before initiating a contractual relationship with a person seeking a certificate to
support his electronic signature inform that person by a durable means of communication,
the precise terms and conditions regarding the use of the certificate including any limitations
use and the procedures for complaints and dispute resolution. Such information,
that can be transmitted electronically, must be in writing and a
understandable language. Upon request, pertin elements nti information
they can be made accessible to third-parties relying on the certificate;
N) use trustworthy systems to store certificates in a verifiable form so that:
I. only authorized persons can effettuar entries and changes,
II. the authenticity of the information can be checked;
III. certificates are publicly available for retrieval only where permitted
by the certificate holder;
IV. the operator should be aware of any technical changes compromising these security requirements
.

Art. 6
(Liability)

1. The certification-service provider issuing a certificate to the public as
qualified certificate to the public or by guaranteeing the reliability of such a certificate, is responsible for
damage caused to any entity or individual or giuridche who reasonably relies on
that certificate:
a) with regard to the accuracy of any information contained in the qualified certificate
by the time of release, and the fact that it contains all the details prescribed for a qualified certificate
,
b) for assurance that at the time of issue of the certificate, the signatory identified in the qualified certificate held
data for creating the corresponding signature data for signature verification
given or identified in the certificate ,
c) for assurance that the data for the creation of the signature and the data for the verification of the signature
can be used in a complementary manner, in cases where the provider of
certification services both genders,
unless the certification-service-provider proves that he has not acted negligently.
2. The certification-service provider issuing a certificate to the public as
qualified certificate is liable, against entities or natural or legal persons who
relying on the certificate, of the damage caused, for failure to register revocation
certificate, unless he proves that he acted without egligenza. 3
. A supplier of certification services has the right to indicate in a qualified certificate
, the use of that certificate limits, provided that the limitations are recognizable to the t rzi.
The provider of certification services is exempted from liability for damages resulting from the use
of a qualified certificate which exceeds the limitations placed on it.
4. A supplier of certification services has the right to indicate in the qualified certificate
a limit the value of transactions for which the certificate can be used, provided that the limitations are recognizable to third
. The provider of certification services is not liable for damages resulting from
exceed this limit.

5. The provider of certification services must be able to provide, upon request, marking time
(time stamping), with adequate precision, which it will record held by
an appropriate number of years as indicated by reggenziale decree Article 2, paragraph 4. 6
. For the purposes of underwriting, where required, computer external relevance documents, public administrations
:
a), may carry out the activity of release of qualified certificates for this purpose
having the obligation to apply for accreditation pursuant to Article 5; this activity can be carried out exclusively
towards its organs and offices, as well as the categories of third parties, public or private. The
qualified certificates issued in favor of third categories may only be used
in relations with the certifying Administration, outside of which are devoid of any
effect; by Regency Decree, they will be defined the categories of third parties and the characteristics of
qualified certificates;
B) may apply to accredited certification, in accordance with current legislation on public contracts
.

Art. 7
(Requirements relating to devices for the creation of a qualified electronic signature)

1. Arrangements for the creation of a qualified electronic signature, by technical means and procedural
appropriate, must ensure at least that:
a) the data for the creation of the signature used in the generation can occur in practice
only once, and that is guaranteed lororiservatezza;
B) data for the creation of the signature used in the generation can not, by
safety limits, be derived and the signature is protected against forgery
with the use of current technology available;
C) the data for the creation of the signature used in the generation can be reliably protected by the legitimate signatory
c tro use by third parties.
2. The devices are sure to create a signature must not alter the data to be signed or
prevent such data from being presented to the signatory prior to the signature;
should also be required, without ambiguity, the willingness to create the signature.

Art. 8
(Recommendations for the verification of qualified electronic signature)

1. During the verification process of the qualified electronic signature must be guaranteed,
by the certainty that:
a) the data used for verifying the signature correspond to the data displayed to the verifier;
B) the signature is reliably verified and the result of that verification is correctly displayed;
C) the verifier can, as necessary, reliably establish the contents of the signed data;
D) the authenticity and validity of the certificate required at the time of signature verification are reliably verified
;
E) the result of verification and the signatory's identity are correctly displayed;
F) the use of a pseudonym is clearly indicated;
G) any security-relevant changes can be detected.

Art.
9 (Public Sector)

1. Within the public administration and public sector and for the
communications between state bodies and natural or legal persons, the use of electronic signatures
may be subject to specific requirements that will idividuati technical regulations to be issued | || by Regency decree referred to in Article 2, paragraph 4.

Art. 10
(Technical Committee)

1. The technical skills of implementation of the present gge are carried out by the Authority for Information
of Law 70 of May 23, 1995, which is the technical support
Office of Economic Planning and Data Processing Center statistics and possibly
advice from persons or companies experienced in issues relating to electronic signature.

Art. 11
(tasks entrusted to the Authority for Information Technology)

1. And 'the Authority responsible for Information Technology to promote the technical regulations to be issued
the decree referred to in Article 2 reggenziale, point 4. These regulations should take account of emerging standards
internationally.
2. At least every two years, starting from the publication of the technical regulations, the Authority
Informatics shall examine advances in technology, market trends and developments legal
internationally and shall, if dl case, to make the appropriate changes to the technical regulations
. 3
. Every six months, starting from the publication technical delregolamento, the Authority
Informatics will publish a list of third countries whose legislation on electronic signatures

Complies with the requirements specified in this Law and the technical regulations.
4. And 'the Authority responsible for Information Technology, with the technical support of the Office
Economic Planning Center Data Processing and Statistics and possibly the
advice from persons or companies experienced in issues relating to the electronic signature,
perform supervisory functions and control over active à certification and certification
carried out by the provider of certification services.

Art.
12 (International aspects)

1. In order to facilitate cross-border certification services with third countries and
legal recognition of qualified electronic signatures originating in third countries,
the Authority for Information Technology shall, if appropriate, pr posed aimed at ' effective implementation of standards and international agreements applicable to certification services
.

Art.
13 (Data protection)

1. The provider of certification and accreditation or
gliorganismi responsible for overseeing services must comply with the Law 23 May 1995 n.
70 on the protection of individuals with regard to the processing of personal data.
2. It allowed a certification-service provider issuing certificates to the public of
collect personal data only directly from the data subject, or after the explicit
consent, and only to the extent necessary for the issuing and maintaining the certificate. The data will not
can be collected or processed for divers purposes without the express consent of the person to whom you refer
.




Art. 14
(Review)

1. Every two years from the entry into force d t the present law, the Authority for the Computer
review the application of this Act and submit a report on the
Great and General Council.
2. The review shall assess, inter alia, whether the scope of application of this law should
be modified to take account of technological, market and legal developments
. The report shall be accompanied, if appropriate, by legislative proposals.

Art.
15 (Entry into force)

1. This Law shall enter into force on the fifth day following that of its legal publication
.


Our Residence, this day of July 25 2005/1704 dFR



THE CAPTAINS REGENT
Fausta Simona Morganti - Cesare Antonio Gasperoni





THE SECRETARY OF STATE FOR INTERNAL AFFAIRS

pink crocuses