JUAN CARLOS I King of Spain to all that the present join together and act.
Know: That the Cortes Generales have approved and I come in to sanction the following law.
EXHIBITION of reasons I the Royal Decree Law 14/1999, of September 17, on electronic signature, was approved with the aim of promoting the rapid incorporation of new technologies of security of electronic communications on the activity of companies, citizens and public administrations. In this way, it is deficient to enhance the growth and competitiveness of the economy Spanish through the rapid establishment of a legal framework for the use of a tool that provides confidence in electronic transactions on open networks such as the case of Internet. The Royal Decree Law joined the Spanish public order the Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999, on the establishment of a Community framework for electronic signatures, even before its promulgation and publication in the official journal of the European communities.
Following its ratification by the Congress of Deputies, processing agreed Real Decree-Law 14/1999 project of law, in order to submit it to a broader public consultation and subsequent parliamentary debate to improve its text. However, this initiative fell upon the expiry of the mandate of the cameras in March 2000. This law, therefore, is the result of the commitment made in the sixth legislature, at the same time updating the framework established in the Royal Decree-Law 14/1999 incorporating amendments that recommend the experience gained since its entry into force both in our country and in the international arena.
(II) the development of the information society and the dissemination of the positive effects deriving from it requires generalization of the confidence of citizens in telematic communications. However, the most recent data indicate that there is still mistrust by those participating in the telematic transactions and, in general, communications allowing new technologies to transmit information, constituting this lack of confidence a brake for the development of the society of information, in particular, the Administration and the trade electronic.
In response to this need provide safety communications online arises, among others, the electronic signature. The electronic signature is an instrument capable of allowing a verification of the origin and the integrity of the messages exchanged through telecommunications networks, offering bases to avoid repudiation, if appropriate measures are taken based on electronic dates.
The subjects that make possible the use of the electronic signature are referred to as providers of certification services. So they issued electronic certificates, which are electronic documents that relate the tools of electronic signature held by each user with your personal identity, giving to know in the telematics field as a signer.
The law obliges providers of certification services to carry out a guardianship and permanent management of electronic certificates that are issued. The details of this management must collect in the Declaration of certification practice, where you specify the conditions applicable to the request, expedition, use, suspension and termination of the validity of the digital certificates. In addition, these providers are required to maintain accessible service of consultation on the State of validity of certificates in which must be updated so if these are valid or if its validity has been suspended or terminated.
In addition, it should be noted that the law defines a particular kind of electronic certificates known as recognized certificates, which are electronic certificates that have been issued to meet requirements, qualified in what refers to its contents, procedures of verification of the identity of the signer and the reliability and guarantees of the activity of electronic certification.
Recognized certificates constitute a cornerstone of the so-called recognized electronic signature, which is defined according to the guidelines imposed by the Directive 1999/93/EC as the advanced electronic signature based on a qualified certificate and generated by a secure-signature-creation device. Recognized electronic signatures it gives law functional equivalence with the handwritten signature to data in electronic form.
On the other hand, the law contains guarantees that must be met by the signature-creation devices so that they can be considered as secure devices and thus form a recognised electronic signature.
The technical certification of secure signature-creation devices is based on the framework established by the law 21/1992, 16 July, industry and its development provisions. The technical standards published for this purpose in the "Official Journal of the European Communities' or, exceptionally, approved by the Ministry of science and technology will be used for this certification.
In addition, the law establishes a framework of obligations applicable to providers of certification services, depending on whether they issue certificates recognized or not, and determines its regime of responsibility, taking into account the duties of diligence that the signatories and third recipients of electronically signed documents.
III this law is promulgated to strengthen the existing legal framework incorporating the text some news regarding the Royal Decree-Law 14/1999 which will help boost the market in the provision of certification services.
Thus, we review the terminology, systematics amending and simplifying the text by facilitating their understanding and giving it a structure more in line with our legislative technique.
One of the novelties offered by the law regarding the Royal Decree-Law 14/1999, is the designation as a recognised electronic signature of electronic signatures that are functionally equates to the handwritten signature. It is simply the creation of a new concept demanded by the sector, without implying any modification of the substantive requirements that both own Real Decree-Law 14/1999 and Directive 1999/93/EC had been demanding. This clarifies that not enough advanced for the comparability with the handwritten signature; electronic signature It is necessary that the advanced electronic signature is based on a qualified certificate and has been created by a secure creation device.
It is also noteworthy in particular, the removal of the register of providers of certification services, which has led to the establishment of a mere service of dissemination of information on providers that operate in the market, quality and characteristics of products and services available for the development of its activity.
On the other hand, the law modifies the concept of certification of providers of certification services to give a greater degree of freedom and give a greater role to the participation of the private sector in the certification systems and eliminating the legal assumptions associated with the same, adapted more precisely the provisions of the directive. Thus, favors self-regulation of the industry, so is this who design and manage, in accordance with their own needs, voluntary accreditation schemes aimed at improving the technical levels and quality in the provision of certification services.
The new regime was born from the conviction that quality seals are an effective tool to convince users of the benefits of the products and services of electronic certification, resulting in essential to facilitate and expedite the obtaining of these external symbols for those who offer them to the public.
While faithfully collected in law the concepts of "accreditation" of providers of certification and of "conformity" of the secure electronic signature creation devices contained in the directive, the terminology has adapted to the most commonly used and known collection in the law 21/1992 of July 16, industry.
Another important change is that the law clarifies the obligation of provision of economic security providers of certification services issued certificates recognized by setting a minimum amount only three billion euros, making also the combination of the various instruments for the security.
On the other hand, given that the provision of certification services is subject to prior authorisation, it is important to highlight that the law strengthens the capabilities of inspection and control of the Ministry of science and technology, pointing out that this Department may be assisted independent and technically qualified entity to carry out tasks of supervision and control on the providers of certification services.
Also has stand out the regulation containing the law with respect to the electronic national identity document that is housed in an electronic certificate recognised called to generalize the use of secure electronic communication instruments capable of conferring the same integrity and authenticity than that currently surrounds communications through physical media. The law is limited to fixing the basic regulatory framework for the new electronic ID card showing their two most characteristic notes - certifies the identity of its owner in any administrative procedure and allows the electronic signature of documents - referring to the specific regulations regarding the peculiarities of their legal status.
Another novelty is also the establishment in law of the regime applicable to the performance of individuals as signatories, for the purpose of integrating these entities into the telematic traffic. It goes thus beyond the Royal Decree Law of 1999, allowing only legal persons be proprietors of electronic certificates in the field of the management of taxes.
Precisely, the enormous expansion that have had these certificates in this field in recent years, while it has represented increased some of the litigation or legal insecurity of transactions, recommended the generalisation of the ownership of companies certified.
In any case, electronic certificates of legal persons do not alter the civil and commercial legislation in terms of the figure of the organic or voluntary representative and do not replace the electronic certificates that are issued to individuals that reflect these relationships of representation.
As springs of legal certainty, the law requires, on the one hand, a special legitimation so that individuals applying for the issue of licences; on the other hand, it obliges applicants to be responsible for the custody of electronic signature creation data associated with these certificates, all without prejudice to that can be used by other individuals linked to the entity. Finally, with regard to third parties, limited the use of these certificates to acts that integrate the relationship between the legal person and the public administrations and to the things or services that constitute the giro or regular traffic of the entity, without prejudice to the possible quantitative or qualitative limits that can be added. It is to combine the dynamism that must govern the use of these certificates in the traffic with the necessary dose of prudence and security to avoid that they can be born uncontrollable obligations towards third parties due to improper use of the signature creation data. The balance between one and another principle has been established on things and services that constitute the giro or regular traffic of the company's parallel to how our more than Centennial Commercial Code regulates bonding vis third parties of the establishment factor acts of trade.
With the expression "turning or ordinary traffic" of an entity is updated to a vocabulary more adapted to our days in Spanish mercantile law called "industrial or commercial establishment". This will include transactions mediate or immediately for the realization of the core activity of the Organization and activities of management or administrative necessary for the development of it, the purchase of tangible and intangible supplies or ancillary services. Finally, it should be emphasized that, although "twist or ordinary traffic" is a term coined by the trade law, regulation on certificates of legal persons applies not only to companies but to any type of legal person wishing to make use of the electronic signature in its activity.
Additionally, it adds a special regime for issuing electronic certificates to unincorporated entities referred to in article 33 of the General tax law, for the sole purpose of their use in the tax field, in the terms established the Ministry of finance.
On the other hand, following the pattern marked by law 34/2002, of 11 July, services of the society of information and electronic commerce, is included in the form of documentary evidence support which contains data signed electronically, giving greater legal certainty to the use of electronic signatures by subjecting it to the rules of effectiveness at trial of the documentary evidence.
In addition, must be highlighted another novel aspect of the law is explicit placement that is made of the relations of representation that may underlie the use of electronic signatures. There is no doubt that the Institute of representation is widely widespread in the trade, hence whether to give legal certainty the allocation to the legal sphere of the represented statements are enrolled by the representative through the electronic signature.
To do this, set new than in the issue of recognised certificates that support relations of representation among its attributes, it should be covered in a public document reliably accrediting such a relationship of representation as well as the adequacy and suitability of the powers conferred on the representative. Also, will provide for mechanisms to ensure the maintenance of the powers of representation for all the qualified certificate period.
Finally, it should be noted that the law allows that certification services providers may, in order to improve confidence in its services, establishing mechanisms for coordination with the data that must be mandatorily work in public records, in particular, through telematic connections, for the purposes of verifying the information contained in the certificates at the time of the issuance of these.
These coordination mechanisms may also provide notification telematics by records registry variations later certification services providers.
IV the law consists of 36 items grouped in six titles, 10 additional provisions, two transitional provisions, a repealing provision and three final provisions.
Title I contains the General principles that define the subjective and objective fields of application of the law, the effects of the electronic signature and the regime of employment before the public administrations and the business of provision of certification services.
The regime applicable to electronic certificates is contained in title II, which dedicated its first chapter to determine who can be proprietors and regulate the vicissitudes that affect its validity. Chapter II regulates the recognized certificates and the third electronic national identity document.
Title III regulates the activity of provision of certification services by establishing obligations that providers - distinguishing sharp which only affect those who issued recognized certificates - are subject, and the applicable liability regime.
Title IV establishes the requirements that must gather the devices of verification and creation of electronic signatures and the procedure to be followed to obtain seals of quality in the provision of certification services activity.
Titles V and VI dedicated its content, respectively, to fix regimes of monitoring and punishment of certification service providers.
Finally, close the text further provisions - which refer to the special arrangements resulting from preferential application - transitional provisions - which incorporate legal security to deployed activity under the previous regulations - and repealing provision final provisions concerning the constitutional basis, enabling the regulatory development and the entry into force.
This provision has been subjected to the information procedure on standards and technical regulations under Directive 98/34/EC, of the European Parliament and of the Council of 22 June 1998, by which establishes an information procedure in the field of technical standards and regulations, as amended by Directive 98/48/EC of the European Parliament and of the Council 20 July 1998, and in the Royal Decree 1337 / 1999 of 31 July, which regulates the submission of information in the field of standards and technical regulations and regulations on information society services.
Title I General provisions article 1. Object.
1. this law regulates the electronic signature, its legal effectiveness and the provision of certification services.
2. the provisions of this Act do not alter the rules concerning the celebration, formalisation, validity and effectiveness of the contracts and any other legal acts or those relating to documents and others showing.
Article 2. Providers of certification services subject to the law.
1. this law shall apply to providers of certification services established in Spain and certification services offering lenders resident or domiciled in another State through a permanent establishment situated in Spain.
2. is called certification services provider the physical or legal person who issues electronic certificates or provides other services in relation to electronic signatures.
3 means that a certification services provider is established in Spain when their residence or registered office is present in Spanish territory, provided that these coincide with the place in which it is effectively centralized administrative management and direction of their business. In another case, it will serve to place that can perform such management or direction.
4. it shall be deemed that a lender operates through a permanent establishment situated in Spanish territory when available, either continuous or habitual, facilities or workplaces that make all or part of its activity.
5. it shall be presumed that a certification services provider is established in Spain when such provider or any of its branches are entered in the register or in another Spanish public record which were necessary registration for the acquisition of legal personality.
The mere use of technological means located in Spain for the provision or access to the service will do, by itself, the establishment of the service provider in Spain.
Article 3. Electronic signature, and electronically signed documents.
1. the electronic signature is the set of data in electronic form, recorded together with others or associated with them, which can be used as a means of identification of the signer.
2. the advanced electronic signature is the electronic signature which allows to identify the signer and detect any subsequent change of the signed data, which is linked to the signer in a unique way and the data which refers and which has been created by means that the signatory can maintain under its exclusive control.
3. is considered electronic signature recognised the advanced electronic signature based on a qualified certificate and generated by a secure-signature-creation device.
4. the recognized electronic signature will have with respect to the data reported electronically the same value that the handwritten signature in relation to the recorded on paper.
5. is considered electronic the redacted document in electronic form that incorporates data which are signed electronically.
6 the electronic document will be support of: to) public documents, to be electronically signed by officials who have legally attributed the Faculty attest public, judicial, notarial or administrative, provided that they act in the scope of their powers with the requirements of the law in each case.
(b) documents issued and signed electronically by officials or public employees in the exercise of their public functions, subject to specific legislation.
(c) private documents.
7. the documents referred to in the previous paragraph will have the value and the legal validity that corresponds to their respective nature, in accordance with the legislation which is applicable to them.
8. the support that electronically signed data are admissible as documentary evidence at trial. If it disputes the authenticity of the electronic signature recognised, which have been signed data incorporated into the electronic document, shall be checked by the provider of certification services, issuing electronic certificates, met all the requirements laid down in the law regarding the guarantee of the services provided in the verification of the effectiveness of the electronic signature , and in particular, the obligations of guaranteeing the confidentiality of the process as well as authenticity, preservation and integrity of the information generated and the identity of the signers. If it is disputed the authenticity of the advanced electronic signature, that have been signed data incorporated into the electronic document, it will be as provided in paragraph 2 of article 326 of the code of Civil Procedure Act.
9. do not refuse legal effect to a signature that does not meet the requirements of electronic signature recognised in relation to the data that is associated by the mere fact is filed in electronic form.
10. for the purposes of this article, where an electronic signature is used in accordance with the conditions agreed by the parties to engage each other, be taken into account as provided between them.
Article 4. Use of the electronic signature in the field of public administration.
1. this law shall apply to the use of electronic signatures in the bosom of public authorities, their public bodies and entities dependent or related to them and the relationships that keep those and they among themselves or with private individuals.
Public administrations, in order to safeguard the guarantees of each procedure, may establish additional conditions to the use of electronic signatures in the procedures. Such conditions may include, inter alia, the imposition of electronic dates on electronic documents embedded in an administrative file. The set of data in electronic form, used as a means of means electronic date to check the time that has been conducted a performance over other electronic data that are associated.
2. additional conditions to which referred to above only may make reference to the specific characteristics of the application concerned and shall ensure compliance with the provisions of article 45 of the law 30/1992, of 26 November, legal regime of public administrations and common administrative procedure. These conditions will be objective, proportionate, transparent and non-discriminatory and should not impede the provision of certification services to citizen when involving different public authorities national or the European economic area.
3. rules laying down additional General conditions for the use of the electronic signature with the General Administration of the State, its public bodies and entities dependent or related to them are will give a joint proposal of the ministries of public administration science and technology report of the Consejo Superior de Informática and for the promotion of e-Government.
4. the use of electronic signatures in communications relating to classified information, public security or national defence shall be governed by its specific regulations.
Article 5. Regime for the provision of certification services.
1. the provision of certification services is not subject to prior authorisation and be held in a regime of free competition. Restrictions for certification services coming from another Member State of the European economic area can not set.
2. the organs of the competition shall ensure the maintenance of conditions of effective competition in the provision of certification services to the public through the exercise of functions that are legally attributed.
3. the provision public certification services by public authorities, their public bodies or entities dependent or related to them will be held in accordance with the principles of objectivity, transparency and non-discrimination.
Title II certified electronic chapter I provisions general article 6. Concept of electronic certificate and signer.
1. an electronic certificate is a document signed electronically by a provider of certification services which links signature-verification data to a signer and confirms his identity.
2. the signatory is the person who holds a signature-creation device and acts on its own behalf or on behalf of a natural or legal person that it represents.
Article 7. Electronic certificates of legal persons.
1 may request electronic certificates of legal persons administrators, volunteers and legal representatives with power enough to these effects.
Electronic certificates of legal persons may not affect the organic or voluntary representation scheme regulated by the civil or commercial law applicable to each legal person.
2. the custody of the signature-creation data associated with each electronic certificate of legal person shall be the responsibility of the applicant natural person, whose identification is included in the electronic certificate.
3. the signature creation data may only be used when he is admitted in relations that hold the legal person with the public administrations or in the procurement of goods or services which are owned or concerning your twist to ordinary traffic.
In addition, the legal person may impose additional limits, by reason of the amount or the matter, for the use of such data, which, in any case, must appear on the electronic certificate.
4 shall be made by the legal person acts or contracts in which his firm had used within the limits provided for in the preceding paragraph.
If the signature is used to violation the limits above, the legal person will be linked against third parties only if it assumes them as their own or had been in their interest. Otherwise, the effects of such acts shall devolve upon the natural person responsible for the custody of signature-creation data, which may be repeated, if necessary, against whom he had used them.
5. the provisions of this article shall not apply to the certificates used to verify the electronic signature of the provider of certification services that sign electronic certificates issued.
6. the provisions of this article shall not apply to certificates that are issued in favour of public administrations, which are subject to its specific regulations.
Article 8. Termination of the validity of the digital certificates.
1 are causes of extinction of the validity of an electronic certificate: to) expiration of the period of validity referred to in the certificate.
(b) revocation by the signer, the physical or legal person represented by this, an authorized third party or the applicant natural person of an electronic certificate of legal entity.
(c) violation or endangered the secrecy of data of creation of the signature of the signer or the provider of services of certification or misuse of these data by a third party.
(d) judicial or administrative resolution ordering it.
(e) death or extinction of the legal personality of the signer; death or extinction of the legal personality of the represented; sudden, total or partial disability of the signer or its represented; completion of the representation; dissolution of the legal person represented or alteration of the conditions of custody or use of the signature creation data that are reflected in certificates issued to a legal person.
(f) termination of the activity of safe certification service provider who, prior express consent of the signatory, the management of electronic certificates issued by that will be transferred to another provider of certification services.
(g) alteration of data provided for obtaining the certificate or modification of the verified circumstances for the issuance of the certificate, such as those relating to the charge or the powers of representation, so this is not already subject to reality.
(h) any other lawful cause provided in the certification practice statement.
2. the period of validity of electronic certificates will be suitable to the characteristics and technology used to generate the signature creation data.
In the case of recognized certificates this period may not exceed four years.
3. the termination of the validity of an electronic certificate will take effect against third parties, in the event of expiry of its period of validity, since there is this circumstance and, in other cases, since the indication of such extinction should be included in the consultation service on the validity of the certificates of the certification services provider.
Article 9. Suspension of the validity of the digital certificates.
1 providers of certification services shall suspend the validity of electronic certificates issued if there is any of the following reasons: to) request of the signer, the physical or legal person represented by this, an authorized third party or the applicant natural person of an electronic certificate of legal entity.
(b) judicial or administrative resolution ordering it.
((c) the existence of doubts based on the concurrence of causes of extinction of the validity of the certificates referred to in paragraphs c) and g) of article 8(1).
(d) any other lawful cause provided in the certification practice statement.
2. the suspension of the validity of an electronic certificate will take effect from the include in the service of consultation on the validity of the certificates of the certification services provider.
Article 10. Provisions common to the termination and suspension of the validity of digital certificates.
1. the provider of certification services shall be recorded immediately, clearly and beyond, the termination or suspension of the validity of electronic certificates in the service of consultation on the validity of certificates when I have founded knowledge of any of the decisive events of the termination or suspension of their validity.
2. the certification services provider shall inform the signer about this circumstance way prior or simultaneous to the termination or suspension of the validity of the electronic certificate, specifying the reasons and the date and time that the certificate shall be without effect. In cases of suspension, shall indicate, in addition, its maximum duration, extinguishing the validity of the certificate if within this period had not lifted the suspension.
3. the termination or suspension of the validity of an electronic certificate will not have retroactive effect.
4. the termination or suspension of the validity of an electronic certificate will remain accessible in the service of consultation on the validity of the certificates at least until the date that would have completed its initial validity period.
Chapter II article 11 recognized certificates. Concept and content of the recognized certificates.
1 they are certificates recognized electronic certificates issued by a provider of certification services that meets the requirements set out in this Act regarding the verification of identity and other circumstances of the applicants and to the reliability and guarantees of certification services that provide.
2 recognized certificates shall include, at least, the following information: a) the indication that are issued as such.
(b) the unique code of the certificate.
(c) the identification of the provider of certification services issued the certificate and his home.
(d) the advanced electronic signature of the provider of certification services issuing the certificate.
(e) the identification of the signatory, in the case of natural persons, by its name and its number of national document of identity or through a pseudonym that record as unequivocally and, in the case of legal persons, by name or business name and tax ID code.
(f) the verification data signature that correspond to data from signature-creation that are under the control of the signatory.
(g) the beginning and end of the period of validity of the certificate.
(h) the limits of use of the certificate, if established.
(i) the limits of the value of transactions for which the certificate, can be used if they settle.
3. recognized certificates may also contain any other circumstance or specific signer's attribute as they are significant according to own certificate order and whenever he requests it.
4. If the recognized certificates support a relationship of representation they will include an indication of the public document attesting of informing the signatory powers to act on behalf of the person or entity to which represent and, in case of compulsory registration, registration data, in accordance with paragraph 2 of article 13.
Article 12. Obligations prior to the issue of recognized certificates.
Antes_de the issue of a recognized certificate, certification services providers must meet the following obligations: to) check the identity and personal circumstances of the requesters pursuant to the provisions of the following article.
(b) verify that the information contained in the certificate is accurate and that it includes the information prescribed for a qualified certificate.
(c) ensure that the signer is in possession of the signature-creation data corresponding to the checklist contained in the certificate.
(d) ensure complementarity of creation and signature verification data, provided that both are generated by the certification services provider.
Article 13. Verification of the identity and personal circumstances of a qualified certificate applicants.
1. the identification of the natural person seeking a qualified certificate will require its representation to policymakers to verify it and will be credited through the national document of identity, passport or other means accepted in law. It can be dispensed with the representation if your signature on the request for issuance of a qualified certificate has been authenticated in the presence of attorney.
Regime of representation in the application for certificates that are issued after identification of the applicant before the public administrations shall be governed by the provisions of the administrative regulations.
2. in the case of legal persons recognized certificates, certification services providers checked, moreover, data relating to the Constitution and legal personality and the extent and term of the powers of representation of the applicant, either through consultation in the public register in which the documents of Constitution and empowerment, through public documents which serve to demonstrate the extremes cited in an irrefutable manner are registered When those non-mandatory registration.
3. If the recognized certificates reflect a ratio of voluntary representation, certification services providers checked, data relating to the legal personality of the represented and the extent and term of the powers of the representative, either through consultation in the public register in which they are registered, either through public documents which serve to demonstrate the extremes cited in an irrefutable manner When those non-mandatory registration. If the recognized certificates support other assumptions of representation, providers of certification services should require the accreditation of the circumstances in which are based, in the same manner provided above.
When the qualified certificate contains personal circumstances or attributes of the applicant, as its status as holder of a public office, membership in a professional association or their qualification, they should be checked through documents officiates them proving them, in accordance with their specific regulations.
4 the provisions of the preceding paragraphs may not be required in the following cases: to) when the identity or other permanent circumstances of applicants for certificates already brand provider of certification services in virtue of a pre-existing relationship, in which, for the identification of the interested party, had used the means referred to in this article and the length of time elapsed since the identification is less than five years.
(b) when to request a certificate using another existing order whose expedition had identified the signatory in the manner prescribed in this article and record it to the service provider's certification that the period of time elapsed since the identification is less than five years.
5. providers of certification services may make the checking actions envisaged in this article by Yes or through other persons, natural or legal, public or private, being responsible, in any case, the certification services provider.
Article 14. International equivalence of recognized certificates.
Electronic certificates that providers of certification services established in a State which is not a member of the European economic area issued to the public as certificates recognized in accordance with the law applicable in that State shall be deemed equivalent to certificates issued by those established in Spain, provided that it meets any of the following conditions: to) that the certification services provider fulfils the requirements laid down in the Community rules on the electronic signature for the expedition of recognized certificates and has been certified in accordance with a voluntary certification system established in a Member State of the European economic area.
(b) that the certificate is guaranteed by a certification services provider established in the European economic area that meets the requirements laid down in the Community rules on electronic signatures for the issue of recognized certificates.
(c) that the certificate or the certification services provider are recognised under a bilateral or multilateral agreement between the European Community and third countries or international organisations.
Chapter III the electronic national identity document article 15. Electronic national identity document.
1. the electronic national identity document is the national document of identity that electronically certifies the identity of its holder and allows the electronic signature of documents.
2. all the persons, natural or legal, public or private, shall recognize the effectiveness of the electronic national identity document to prove the identity and other personal data of the holder affixed to it, and to prove the identity of the signer and the integrity of the documents signed with electronic signatures in the devices included.
Article 16. Requirements and characteristics of the electronic national identity document.
1. the competent bodies of the Ministry of the Interior for the issuance of the electronic national identity document shall comply with the obligations imposed by this law to the providers of certification services issued recognized certificates with the exception of that relating to the lodging of the security referred to in paragraph 2 of article 20.
2 General Administration of the State shall be used, to the extent possible, systems that ensure the compatibility of electronic signature tools included in the electronic national identity document with different devices and products of electronic signatures generally accepted.
Title III provision of certification chapter I duties Article 17. Protection of personal data.
1. the treatment of the personal details requiring providers of certification services for the development of its activity and administrative organs for the exercise of the functions conferred by this law shall be subject to the provisions in the organic law 15/1999, of 13 December, of protection of data of a Personal nature and its implementing rules.
2. to issue electronic certificates to the public, providers of certification services only may collect personal data directly from the signatories or express consent of these.
The required data will be exclusively necessary for the expedition and the maintenance of the electronic certificate and providing other services relating to electronic signatures, and can not be treated with different purposes without the express consent of the signatory.
3. providers of certification services that disclosed a pseudonym on the electronic certificate at the request of the undersigned must verify their true identity and retain documentation proving it.
Such certification services providers are obliged to disclose the identity of the signers request of judicial bodies in the exercise of their attributed functions and in other cases provided for in article 11.2 of the organic law of protection of data of a Personal nature is thus required.
4. in any case, certification service providers will not be included in the electronic certificates issued, the data referred to in article 7 of the Organic Act 15/1999, of 13 December, of protection of data of a Personal nature.
Article 18. Obligations of providers of certification services that issue digital certificates.
Providers of certification services issued electronic certificates must meet the following obligations: to) do not store or copy the data of creation of the signature of the person who lent their services.
b) provide to the applicant before the issuance of the certificate the following minimum information which must be transmitted free of charge, in writing or by electronic means: 1 obligations of the signatory, the way that you have keep the creation data signing, the procedure that has to follow to communicate the loss or possible misuse of such data and certain creation and electronic signature verification devices that are compatible with the signature data and with the certificate issued.
2. mechanisms to ensure the reliability of the electronic signature of a document over time.
3 the method used by the provider to verify the identity of the signer or other data appearing on the certificate.
4th the precise conditions of use of the certificate, its possible limits of use and the way in which the lender guarantees their liability.
5 certifications who has been obtained, where appropriate, the provider of certification services and applicable procedures for the out-of-court settlement of disputes that may arise from the exercise of its activity.
6 other information contained in the certification practice statement.
The above information that is relevant for third parties affected by the certificates must be available at the request of these.
(c) maintain an up-to-date directory of certificates that indicate the certificates issued and if they are valid or if its validity has been suspended or terminated. The integrity of the directory will be protected through the use of appropriate security mechanisms.
(d) ensure the availability of a consultation service on the validity of the fast and secure certificates.
Article 19. Certification practice statement.
1. all providers of certification services will formulate a statement of certification practice that explained, in the context of this law and its development provisions, obligations which undertake to comply in relation to the management of data creation and verification of signature and electronic certificates, the conditions applicable to the request delivery, use, suspension and extinction of the validity of certificates technical and organizational security measures, the profiles and the mechanisms of information about the validity of the certificates and, where appropriate the existence of coordination procedures with the corresponding public records that allow the exchange of information immediately on the entry into force of the powers indicated in the certificate and that must be mandatorily registered in these records.
2 each provider certification practice statement available to the public easily accessible, at least by electronic means and free of charge.
3. the certification practice statement will be considered safety document for the purposes provided for in the legislation on protection of personal data and must contain all the requirements for this document in the aforesaid legislation.
Article 20. Obligations of the providers of certification services that recognized certificates issued.
1. in addition to the obligations set out in this chapter, providers of certification services issued recognized certificates must meet the following obligations:
(a) demonstrate the reliability necessary for providing certification services.
(b) ensure that it can be determined with precision the date and time that is issued a certificate or became extinct or suspended its validity.
(c) employ staff with the skills, knowledge and experience necessary for the provision of security and management procedures appropriate in the field of electronic signatures and certification services offered.
(d) use systems and reliable products which are protected against any alteration, and that guarantee the technical and, where appropriate, security cryptographic certification processes to those serving support.
(e) take measures against forgery of certificates, and, in the event that the certification service provider generates signature-creation data, guarantee confidentiality during the process of generating and delivery by a safe procedure to the signer.
(f) retain registered by any safe means all information and documentation concerning a qualified certificate and declarations of current certification practices at all times, at least during 15 years counted from the moment of issue, so made it signatures may occur.
(g) use reliable systems to store recognized certificates that allow to check its authenticity and prevent unauthorized people to alter the data, restrict its accessibility in the cases or persons provided by the signer and enable to detect any changes that affect these conditions of security.
2. providers of certification services that recognized certificates issued shall constitute a civil liability insurance for an amount of at least EUR 3,000,000 to face the risk of liability for damages arising from the use of certificates issued.
This guarantee may be replaced total or partially by a guarantee through bank guarantee or suretyship insurance, so that the sum of the insured amounts is at least 3,000,000 euros.
The amounts and the means of assurance and warranty set forth in the preceding two paragraphs may be amended by Royal Decree.
Article 21. Cessation of activity of a provider of certification services.
1. the provider of certification services that go to cease its activity must inform the signatories using electronic certificates issuing as well as to applicants for licences issued in favour of legal persons; and, with your express consent, may transfer management which remain valid on the date in which the cessation occurs to another provider of certification services that take them or, otherwise, extinguish its validity.
The aforementioned communication will be carried out at least two months to the effective cessation of activity of and inform, where appropriate, on the characteristics of the provider that intends to transfer the management of certificates.
2. the provider of certification services issuing electronic certificates to the public must be communicated to the Ministry of science and technology, with the advance referred to in previous, the cessation of its activity and the fate that go to the certificates, specifying, where appropriate, if you plan to transfer the management and who or if its validity expires.
Likewise, it shall communicate any relevant circumstances which may impede the continuation of its activity. In particular, shall inform, as soon as it becomes aware of this, the opening of any insolvency process followed against him.
(3. providers of certification services shall send to the Ministry of science and technology prior to the cessation of its activity information concerning electronic certificates whose validity has been extinguished to make this charge of their custody for the purposes of article 20.1. f). This Ministry will be accessible to the public a specific consultation service showing an indication of above certificates during a period deemed sufficient on the basis of the consultations carried out at the same.
Chapter II liability article 22. Liability of certification services providers.
1. providers of certification services will be responsible for damages cause any person in the exercise of their activity when they fail to comply with the obligations imposed on them by this law.
The responsibility of the provider of services of certification regulated by this law will be payable in accordance with the General rules on contractual or extra-contractual fault, as appropriate, while the certification services provider shall demonstrate that he acted with professional diligence that is required.
2 If the certification services provider does not fulfill the obligations set out in paragraphs b) d) article 12 to ensure an electronic certificate issued by a certification services provider established in a State not belonging to the European economic area, shall be liable for damages caused by the use of such a certificate.
3. in particular, the certification services provider be liable for damages caused to the signer or a third party in good faith by the failure or delay in the inclusion in the service of consultation on the validity of the certificates of the termination or suspension of the validity of the electronic certificate.
4. providers of certification services shall assume all liability to third parties for the actions of people in which delegated the execution of one or more of the functions necessary for the provision of certification services.
5. the regulation contained in this law on the liability of the certification services provider is understood without prejudice to the provisions of the legislation on unfair terms in consumer contracts.
Article 23. Limitations of liability of certification services providers.
1 the certification services provider will not be responsible for damages caused to the signer or third parties in good faith, if the signer incurs in any of the following cases: to) have not provided the service provider certification truthful, complete and accurate information on the data that must be recorded in the electronic certificate or that are necessary for your expedition or for the termination or suspension of their validity When his inaccuracy has been able to go undetected by the certification services provider.
(b) the lack of communication without delay to the provider of certification services of any change in circumstances reflected in the electronic certificate.
(c) negligence in the conservation of its signature creation data, assurance of confidentiality and the protection of all access or disclosure.
(d) do not apply for the suspension or revocation of the electronic certificate in case of doubt as to the maintenance of the confidentiality of its signature creation data.
(e) signature-creation data used when the electronic certificate validity period has expired or the certification services provider to notify you the termination or suspension of their validity.
(f) exceed the limits listed in the electronic certificate in terms of its possible uses and the individual amount of transactions that can be made with him or not to use it in accordance with the conditions established and communicated to the undersigned by the certification services provider.
2. in the case of electronic certificates that obtained a power of representation of the signer, both this and the person or entity represented, when it has knowledge of the existence of the licence, are obliged to request the revocation or suspension of the validity of the certificate in the terms provided for in this law.
3 when the signer is a legal person, the applicant of the electronic certificate will assume the obligations referred to in paragraph 1.
4. the certification service provider shall not be liable for the damages caused to the signer or third parties of good faith if the recipient of the electronically signed documents act negligently. Means, in particular, that the recipient acts negligently in the following cases: to) when no check and note the restrictions listed in the electronic certificate as to their possible uses and the individual amount of transactions that can be made with it.
b) does not take into account the suspension or loss of validity of the electronic certificate posted in the service of consultation on the validity of the certificates or when it does not check the electronic signature.
5. the certification services provider will not be responsible for damages caused to the signer or third parties in good faith by the inaccuracy of the data contained in the electronic certificate, if these have been accredited him by public document. In the event that such data should be registered in a public register, the certification services provider must check them in the register at the time immediately prior to the issuance of the certificate, can be, in your case, telematic media.
6 exemption from liability to third parties requires the certification services provider to prove that it acted in any case with due diligence.
Devices of electronic signature and certification systems of providers of certification and electronic signatures electronic signatures article 24 chapter I devices devices. Electronic signature-creation devices.
1. the signature creation data are the unique data, such as codes or private cryptographic keys, that the signer uses to create the electronic signature.
2. a signature-creation device is a program or computer system used to implement the signature-creation data.
3 a secure signature creation device is a device of signature creation that offers, at least the following guarantees: to) that data used for signature generation can occur only once and reasonably ensures your secret.
(b) that there is reasonable assurance of that data used for signature generation can not be derived from verification signature or the signature and the signature is protected against forgery with existing technology.
(c) that the signature creation data can be protected reliably by the signatory against the use by third parties.
(d) that the device used does not alter the data or document to be signed or prevents this is displayed to the signatory prior to the signature process.
Article 25. Electronic signature verification devices.
1. the signature-verification data are data, such as codes or public cryptographic keys, which are used to verify the electronic signature.
2. a signature-verification device is a program or computer system used to implement the signature-verification data.
3 electronic signature verification devices shall ensure, whenever technically possible, that the electronic signature verification process meets at least the following requirements: to) that the data used for verifying the signature correspond to the data displayed to the person who verifies the signature.
(b) that the signature be verified reliably and the result of that verification is correctly presented.
(c) that the person who verifies the signature can, if necessary, reliably establish the contents of the signed data and detect if they have been modified.
(d) to display correctly both the identity of the signer or, where appropriate, clearly stating the use of a pseudonym, as the result of the verification.
(e) that verify reliably the authenticity and validity of the electronic certificate for.
(f) that any change in its security can be detected.
4. in addition, information relating to the verification of the signature, such as the time in which it occurs or a confirmation of the validity of the electronic certificate at that time, may be stored by the person who verifies the signature or by trusted third party.
Chapter II certification of providers of certification and of article 26 signature creation devices. Certification of providers of certification services.
1. the certification of a certification services provider is the voluntary procedure whereby a qualified public or private entity issues a statement in favour of a provider of certification services, which implies a recognition of the fulfillment of specific requirements in the provision of services which are offered to the public.
2. the certification of a certification service provider may be requested by this and may carry out, among others, by certification bodies recognized by an accreditation body appointed in accordance with provisions in the law 21/1992 of July 16, of industry, and its development provisions.
3 certification procedures technical standards or other appropriate certification criteria may be used. In case of technical standards, will be preferably used those that enjoy wide recognition adopted by European standardisation bodies, and, in their absence, other Spanish or international standards.
4. the certification of a certification service provider shall not be required to recognize legal validity to an electronic signature.
Article 27. Certification of secure signature-creation devices.
1 secure signature creation devices certification is the procedure by which checks that a device meets the requirements laid down in this law for consideration as secure-signature-creation device.
2. the certification may be requested by the manufacturers or importers of signature creation devices and will be carried out by certification bodies recognized by an accreditation body appointed in accordance with provisions of law 21/1992, of July 16, industry and its development provisions.
3. the certification procedures used technical standards whose reference numbers have been published in the "Official Journal of the European Union" and, exceptionally, approved by the Ministry of science and technology which will be published on the Internet of this Ministry.
4. the conformity of secure signature-creation devices certificates will be modified or, if necessary, revoked when they no longer meet the conditions laid down for obtaining.
Certification bodies shall ensure the dissemination of decisions revocation of signature-creation devices.
Article 28. Recognition of compliance with the rules applicable to electronic-signature products.
1 it shall be presumed that the products of electronic signature referred to in paragraph d) of paragraph 1 of article 20 and paragraph 3 of article 24 are compliant with the requirements laid down in those articles if they conform to the relevant technical standards whose reference numbers have been published in the "Official Journal of the European Union".
2. be recognized effectiveness to certificates of conformity on devices secure signature creation that have been granted by the bodies designated to do so in any Member State of the European economic area.
Title V Supervision and control article 29. Supervision and control.
1. the Ministry of science and technology will monitor compliance by providers of certification services that electronic certificates of the obligations laid down in this law and its development provisions issued to the public. In addition, oversee the functioning system and organisms of certification of secure signature-creation devices.
2. the Ministry of science and technology will carry out inspection actions that are accurate for the exercise of its control function.
Officers attached to the Ministry of science and technology who carried out the inspection referred to in the preceding paragraph shall be regarded as public authority in the performance of their tasks.
3. the Ministry of science and technology may agree measures appropriate for the enforcement of this law and its development.
4. the Ministry of science and technology may be made independent and technically qualified entities to assist him in the work of supervision and control on the providers of certification services that assigned to it by this law.
Article 30. Duty of information and collaboration.
1. providers of services of certification, the entity independent of accreditation and certification bodies have an obligation to provide to the Ministry of science and technology information and collaboration accurate for the exercise of their functions.
In particular, should allow its agents or staff inspector access to its facilities and the consultation of any relevant documents for the inspection in question, being application, where appropriate, the provisions of article 8.5 of law 29/1998, of 13 July, the contentious regulatory. In its inspections may be accompanied by experts or experts in the subjects on which related to those.
2. providers of certification services shall be notified to the Ministry of science and technology the beginning of its activity, their identification data, including the tax and registration, identification, data allowing to establish communication with the provider, including internet domain name, customer service data, the characteristics of the services that will provide the certifications obtained for its services and certifications of devices that use. This information must be conveniently updated by the providers and subject to publication on the internet of the aforementioned Ministry in order to give maximum dissemination and knowledge.
3 when, as consequence of an inspector performance, they had knowledge of facts that might constitute violations typified in other laws, will you notice the same organs or bodies for supervision and sanction.
Title VI infractions and sanctions article 31. Infractions.
1. the infringements of the provisions of this law are classified as very serious, major and minor.
2 are very serious breaches: a) the breach of any of the obligations set out in articles 18 and 20 in the issue of recognised certificates, provided that it caused serious damage to users or safety certification services have been severely affected.
The provisions of this section shall not apply with respect to the breach of the obligation of establishment of the financial guarantee provided for in paragraph 2 of article 20.
(b) the issue of recognized certificates without making all the checks referred to in article 12, where it affects the majority of recognized certificates issued in the three years prior to the onset of the sanctioning procedure or from the beginning of the activity of the provider if this period is less.
3 are serious breaches: a) the breach of any of the obligations set out in articles 18 and 20 on the issue of recognized certificates, except from the obligation of security envisaged in paragraph 2 of article 20, when it is not very serious infringement.
(b) the lack of Constitution by lenders issuing recognized certificates from the financial guarantee provided for in paragraph 2 of article 20.
(c) the issue of recognized certificates without making all the checks referred to in article 12, in cases that do not constitute very serious infringement.
(d) the non-compliance by providers of certification services issued not recognized certificates from the obligations laid down in article 18, if they will had caused serious damage to the users or safety certification services had been severely affected.
(e) the non-compliance by providers of certification services of the obligations established in article 21 regarding the cessation of the same activity or the production of circumstances that prevent the continuation of its activity, where they are not punishable in accordance with the provisions of the organic law 15/1999, of 13 December, of protection of data of a Personal nature.
(f) the resistance, obstruction, excuse or unjustified refusal to inspector performance by the bodies empowered to carry it out in accordance with this law and the lack or poor presentation of the information requested by the Ministry of science and technology in its function of inspection and control.
(g) failure to comply with decisions taken by the Ministry of science and technology to ensure that the certification services provider conforms to this law.
4 constitute minor offences: non-compliance by providers of certification services issued not recognized certificates, the obligations laid down in article 18 and the remaining of this law, when it is not violation serious or very serious, except those contained in paragraph 2 of article 30.
Article 32. Sanctions.
1 by the Commission of violations collected in the preceding article, the following penalties shall be imposed: to) by the Commission of very serious offences, shall be imposed on the offender 150.001 to 600,000 euro fine.
The Commission of two or more very serious infringement within the period of three years, may give rise, on the basis of the criteria of graduation of the following article, the sanction of prohibition of actions in Spain for a maximum period of two years.
(b) by the Commission of serious offences, 30001 to 150,000 euro fine shall be imposed on the offender.
(c) by the Committee on minor offences, will be imposed on the offender a fine amounting to up to 30,000 euros.
2. the violations serious and very serious may be accompanied, at the expense of the sanctioned, the publication of the sanction resolution in the "official bulletin of the State" and in two newspapers of national broadcasting or on the home page of the website of the provider and, where applicable, on the website of the Ministry of science and technology, once one has strong character.
The imposition of this sanction, shall be regarded as the social impact of the infringement, the number of users affected and the severity of the crime.
Article 33. Setting the amount of the sanctions.
It will graduate the amount of fines imposed, within the indicated limits, taking into account the following: a) the existence of intentionality or repetition.
(b) recidivism, by Commission of offences of the same nature, sanctioned by a firm resolution.
(c) the nature and amount of the damages.
((d) period of time during which has been committing the offence and) the benefit has been reported to the offender the Commission of the offence.
(f) volume of turnover that affects the infringement.
Article 34. Provisional measures.
1. in the proceedings for violations serious or very serious the Ministry of science and technology may adopt provisional measures as may be necessary to ensure the effectiveness of the resolution definitely rendered pursuant to law 30/1992, of 26 November, legal regime of public administrations and common administrative procedure, and its implementing rules, , the good end of the procedure, avoid the maintenance of the effects of the infringement and the demands of the general interest.
They may en_particular, remember the following: to) Temporary Suspension of the activity of the provider of certification and, where appropriate, provisional close their establishments.
(b) seal, deposit or seizure of records, stands and computer files and documents in general, as well as of equipment and equipment of all types.
(c) warning the public of the existence of possible offending behaviour and of the initiation of the disciplinary record in question, as well as measures for the cessation of such conduct.
In the adoption and implementation of measures referred to in this section are respect, in any case, warranties, rules and procedures laid down in the legal system to protect the rights to privacy and to the protection of personal data, when they could be affected.
2. in the event of damage of exceptional gravity in the security of the systems used by the provider of certification services that seriously undermine the confidence of the users in the services offered, the Ministry of science and technology may agree to the suspension or loss of validity of the affected certificates, even with finality.
3. in any case, be respected the principle of proportionality of the measure to adopt with the objectives which they intend to achieve in each case.
4. in cases of urgency and for the immediate protection of the interests involved, the provisional measures provided for in this article may be agreed before initiating disciplinary record.
Measures should be confirmed, modified, or raised on the agreement of the initiation of the procedure, which must be made within 15 days of its adoption, which may be the resource that appropriate.
In any case, such measures shall be without effect if does not start the sanctioning procedure within that period or when the initiation agreement does not contain an express ruling on the same.
Article 35. Coercive fine.
The administrative body competent to solve the sanctioning procedure may impose periodic penalty payments amount that does not exceed 6,000 euros for each day that passes without complying with the provisional measures which had been agreed.
Article 36. Competition and sanctioning procedure.
1. the imposition of sanctions for breach of the provisions of this law shall be, in the case of very serious offences, the Minister of science and technology and in the of violations serious and mild, the Secretary of State for telecommunications and the information society.
However, failure to comply with the obligations laid down in article 17 shall be punished by the data protection agency pursuant to the provisions of the organic law 15/1999, of 13 December, of protection of data of a Personal nature.
2 powers to impose penalties regulated in this law should be exercised according with what is established in this respect in the law of legal regime of public administrations and common administrative procedure and its implementing rules.
First additional provision. Public faith and use of electronic signature.
1. the provisions of this law does not replace or modify the rules governing the functions that correspond to employees who legally have the power to attest documents in regards to the scope of its powers provided that they act with the requirements in the law.
2. in the field of the electronic documentation, the providers of certification services shall certify the services provided in the exercise of its activity of electronic certification, at the request of the user, or a judicial or administrative authority.
Second additional provision. Exercise of powers to impose penalties on the entity of accreditation and certification of electronic signature creation devices bodies.
1 in the field of certification of signature creation devices, shall be responsible to the Secretary of State for telecommunications and the information society of the Ministry of science and technology the imposition of sanctions by the Commission, secure electronic signature creation devices certification bodies or by the entity that accredits them, serious infringements provided for in paragraphs e) (((, f) and g) paragraph second article 31 of law 21/1992 of July 16, of industry, and the minor offences set forth in paragraph a) of paragraph 3 of article 31 of the act committed in the exercise of activities relating to the certification of electronic signature.
2. when such violations deserve the rating of very serious violations, they will be penalized by the Minister of science and technology.
Third additional provision. Issuing electronic certificates to entities without legal personality for the fulfillment of tax obligations.
E-certificates may be issued to the unincorporated entities referred to in article 33 of the General tax law for the sole purpose of their use in the field of tax, in the terms established by the Minister of finance.
Fourth additional provision. Provision of services by the Fabrica Nacional de Moneda y Timbre-real Casa de la Moneda.
The provisions of this law is understood without prejudice to the provisions of article 81 of the law 66/1997, of 30 December on fiscal, administrative and social order.
Fifth additional provision. Amendment of article 81 of the law 66/1997, of 30 December, fiscal measures, administrative and social order.
Added paragraph 12 to article 81 of the law 66/1997, of 30 December, fiscal measures, administrative and social order, with the following wording.
"Twelve. In the exercise of the functions which he credited with this article, the Fábrica Nacional de Moneda y Timbre-real Casa de la Moneda shall be exempt from the creation of the security referred to in paragraph 2 of article 20 of law 59/2003, of electronic signature. "
Sixth additional provision. Legal regime of electronic national identity document.
1. without prejudice to the application of the existing legislation on national identity document in everything that suits their particular characteristics, the electronic national identity document will be governed by its specific regulations.
2. the Ministry of science and technology may refer to the Ministry of the Interior by this will take the necessary measures to ensure the fulfilment of the obligations which are incumbent on him as a provider of services of certification in relation to the electronic national identity document.
Seventh additional provision. Issuance of invoices by electronic means.
The provisions of this law is understood without prejudice to the requirements derived from the tax rules on issuance of invoices by electronic means.
The eighth additional provision. Modifications of the law 34/2002, of 11 July, services of the society of information and electronic commerce.
One. Addition of a new paragraph 3 to article 10 of the law 34/2002, of 11 July, of services of the society of information and electronic commerce.
Added a paragraph 3 with the following text: "3. when it has been attributed to a range of telephone numbers to premium services that allow access to services of the information society and required its use by the service provider, this use and download of software programs that perform functions of dialing" they must be carried out with the prior, informed and express consent of the user.
A_tal_efecto, the service provider shall provide at least the following information: a) the characteristics of the service which will provide.
(b) the functions that made the software downloading, including the phone number that will be dialled.
((c) the procedure for terminating the connection of additional pricing, including an explanation of the particular moment in which will be the end,) and (d) the necessary procedure to reset the number of connection prior to connection of premium.
The above information must be available in a clearly visible and identifiable.
This paragraph is understood without prejudice to the provisions in the regulation of telecommunications, in particular, in relation to the applicable requirements for users access to ranges of telephone numbers, in their case, attributed to the premium services."
Two. Paragraphs 2, 3 and 4 of article 38 of the law 34/2002, of 11 July, services of the society of information and electronic commerce are drafted in the following terms: "(2. Son infracciones muy graves: a) failure to comply with orders issued pursuant to article 8 in those cases that have been issued by an administrative body."
(b) breach of the obligation to suspend transmission, data hosting, access to the network or the provision of any other service equivalent of intermediation, when an administrative body competent order, pursuant to article 11.
(c) significant breach of the obligation to retain traffic data generated by the communications established during the provision of a service of the society of information, as provided for in article 12.
(d) the use of retained data, pursuant to article 12, for purposes other than those listed in it.
3 are serious breaches: a) the breach of the obligation to retain traffic data generated by the communications established during the provision of a service of the society of the information, provided for in article 12, except that it must be considered as a very serious offense.
((b) significant breach of provisions of paragraphs to)) and (f) of article 10(1).
(c) the massive sending of commercial communications by electronic mail or other means of electronic communication or sending, within the period of a year, more than three commercial communications by means referred to a same person, when such shipments are not satisfied the requirements laid down in article 21.
(d) the significant breach of the obligation of the service provider established in paragraph 1 of article 22, concerning the procedures to revoke the consent given by the recipients.
(e) not put at the disposal of the recipient of the service conditions, in your case, is hold the contract, as provided in article 27.
(f) the usual failure to confirm receipt of an acceptance, when no rent payments are their exclusion or the contract has been concluded with a consumer.
(g) resistance, excuse, or refusal to inspector performance by the bodies empowered to carry it out in accordance with this law.
(h) significant breach of the provisions of paragraph 3 of article 10.
(i) the significant breach of obligations of information or establishment of a rejection of the data processing procedure, laid down in paragraph 2 of article 22.
4 are minor offences: a) the lack of communication to the public register in which they are registered, in accordance with the provisions of article 9, of the name or domain names or Internet addresses used for the provision of services of the information society.
((((((b) not to report in the manner prescribed by article 10(1) on the aspects referred to in paragraphs b), c), d), e) and g), or paragraphs to) and f) when does not constitute serious infringement.
(c) failure to comply with the provisions in article 20 for business communications, promotional offers and contests.
(d) the sending of commercial communications by electronic mail or other means of electronic communication when in such shipments are not satisfied the requirements laid down in article 21, and it does not constitute a serious infringement.
(e) not to provide the information referred to in article 27.1, when the parties have not agreed their exclusion or the recipient is a consumer.
(f) breach of the obligation to confirm the receipt of a request under the terms established in article 28, when their exclusion has not been agreed or the contract has been concluded with a consumer, unless it constitutes a serious infringement.
(g) the breach of obligations of information or establishment of a rejection of the data processing procedure, set forth in paragraph 2 of article 22, where it does not constitute a serious infringement.
(h) the breach of the obligation of the service provider established in paragraph 1 of article 22, concerning the procedures to revoke the consent given by the recipients when it does not constitute a serious infringement.
"i) non-compliance with the provisions of paragraph 3 of article 10, when it does not constitute serious infringement."
3. Modification of article 43, paragraph 1, second paragraph of the law 34/2002, of 11 July, of services of the society of information and electronic commerce.
The second subparagraph of paragraph 1 of article 43 is drafted as follows: (and b) of article 38.2 of the Act shall correspond to the body which issued the decision breached. " "(((((Igualmente, corresponderá a la Agencia de Protección de Datos la imposición de sanciones por la comisión de las infracciones tipificadas en los artículos 38.3 c), d) and i) and 38.4 d), g) and h) of this law."
Four. Modification of article 43, paragraph 2 of the law 34/2002, of 11 July, of services of the society of information and electronic commerce.
Paragraph 2 of article 43 shall be worded as follows:
"2. the sanctioning regulated in this law should be exercised according with what is established in this respect in law 30/1992, of 26 November, legal regime of public administrations and common administrative procedure, and its implementing rules. However, the maximum period of duration of the simplified procedure shall be three months."
Ninth additional provision. Guarantee of accessibility for people with disabilities and senior citizens.
Services, processes, procedures and devices of electronic signature must be fully accessible to people with disabilities and senior citizens, which may not be any discrimination in the exercise of rights and powers recognized in this law for reasons based on reasons of disability or advanced age.
Tenth additional provision. Modification of the law on Civil procedure.
Added a paragraph 3 to article 326 of the code of Civil Procedure Act with the following lines: "When the party who are interested in the effectiveness of an electronic document requests it or are contested its authenticity, will proceed in accordance with the provisions of article 3 of the law on electronic signature."
First transitional provision. Validity of electronic certificates issued prior to the entry into force of this law.
Electronic certificates that have been issued by providers of certification services in the framework of the Royal Decree Law 14/1999, of September 17, on electronic signature, shall maintain their validity.
Second transitional provision. Providers of certification services established in Spain prior to the entry into force of this law.
Providers of certification services established in Spain before the entry into force of this Act must be reported to the Ministry of science and technology activity and the characteristics of the services provided in the period of one month from the said entry into force. This information will be published on the internet of the aforementioned Ministry in order to give maximum dissemination and knowledge.
Sole repeal provision. Repeal legislation.
The Royal Decree-Law 14/1999, of September 17, on electronic signature shall be repealed and many provisions of equal or lower rank is contrary to the provisions of this law.
First final provision. Constitutional basis.
This law is issued on the basis of article 149.1.8., 18th, 21st and 29th of the Constitution.
Second final provision. Regulatory development.
1. the Government will adapt the regulatory regulation of the national identity document to the provisions of this law.
2. Likewise, it empowers the Government to issue other regulations that are accurate for the development and implementation of this law.
Third final provision. Entry into force.
This law shall enter into force three months after its publication in the "official bulletin of the State".
Therefore, command to all Spaniards, private individuals and authorities, which have and will keep this law.
Madrid, 19 December 2003.
JUAN CARLOS R.
The Prime Minister, JOSÉ MARÍA AZNAR LÓPEZ