Transcript btk.gov.tr

Workshop on registered electronic mail policies and implementations
(ETT 57074)
Ankara, 16.3. – 17.3. 2015
1. Introduction
2. REM- Electronic delivery of electronic documents
3. Rules in the eIDAS Regulation
4. Legal framework




Importance of electronic mail is growing in private and
business communication
Email is one of the major tools for electronic business and
administration.
Especially in business can be used for sending contracts,
invoices, proposals, applications, large files and any other
documents.
In comparison with physical mail, e-mail is very efficient:
◦ fast (delivery in a very short period)
◦ cheap (no postage, without
almost any costs )
◦ environmental friendly (no printing of
documents required)

But sending standard email is like sending a postcard
written in pencil:
◦ can be easily read by the others (encryption?)
◦ its content can easily be changed (what was the true content?)
◦ Delivery/reception is uncertain (sometimes e-mails are lost,
SPAMed…) and can not be proved (the recipient claiming that
he/she haven't received it)
◦ was it really the sender who send it to me (authentication?)

Although very efficient, in most cases e-mail can not be
proof of a transaction nor it would be valid as an evidience
in the court.

Solution: „Authentication by third party of who send what to
whom and when by email.”

This can be further combined by security guarantees (encryption),
-> guaranteeing that the content has not been compromised
during the delivery.

Providers can be private or public entities:


Rules need to be put in place to provide a legal framework
Legal aspects which should to be addressed:
◦
◦
◦
◦
Standards/conditions for providing such service
Liability of provider(s)
Personal data protection
legal nature of service (does it have the same effect as a physical
registered mail mail?)
◦ Cross-border effect (recognition in foreign countries)

REM is part of trusted services as defined in art. 3 (16) of e
IDAS Regulation:
“trust service’ means an electronic service normally provided for
remuneration which consists of:
(a) the creation, verification, and validation of electronic
signatures, electronic seals or electronic time stamps, electronic
registered delivery services and certificates related to those
services, or
(b) the creation, verification and validation of certificates for
website authentication; or
(c)the preservation of electronic signatures, seals or certificates
related to those services;

Rules from eIDAS Regulation on trusted services are
applicable to REM:
Section 1: General provisions (art. 13-16)
 Liability of TSPs and burden of proof,
 Conditions for the recognition and acceptance of qualified
trust services and qualified certificates provided by
providers established in a third country.
 Accessibility of disabled people to TS.
 Authorizes MS to lay down the rules on penalties for
violators of the regulation.
Section 2: Supervision (17-19)
 Obligation of MS to appoint a supervisory body with
necessary powers and adequate resources. Powers are: ex
ante and ex post supervision activities on qualified TSPs
and ex post actions in case of non-qualified TSPs
 obligation of mutual assistance of supervisory bodies
(exchange of information, execution of supervisory
measures, joint investigations…) .
 It defines the security requirements for all TSP (qualified
and non-qualified)
Section 3: Qualified trust services (art. 20-24):
 The terms and conditions to start providing qualified
TS and supervision of qTSPs
 It sets out the general requirements for qTSP
(verification of clients, financial, HRM, organizational,
security& privacy issues)
 Obligation of MS to establish trusted lists and to notify
EC on such lists
 Determines EU trust mark for qTS

Special provisions regarding REM are set out in art. 43
and 44.

Legal effect of an electronic registered delivery services (art.
43):
1. Data sent and received using an electronic registered delivery service
shall not be denied legal effect and admissibility as evidence in legal
proceedings solely on the grounds that it is in an electronic form or that it
does not meet the requirements of the qualified electronic registered delivery
service.
2. Data sent and received using a qualified electronic registered delivery
service shall enjoy the presumption of the integrity of the data, the sending
of that data by the identified sender, its receipt by the identified addressee
and the accuracy of the date and time of sending and receipt indicated by
the qualified electronic registered delivery service.

Requirements for qualified electronic registered delivery
services (art. 44):
Qualified electronic registered delivery services shall meet the following
requirements:
(a)they are provided by one or more qualified trust service provider(s);
(b)they ensure with a high level of confidence the identification of the sender;
(c) they ensure the identification of the addressee before the delivery of the data;
(d)the sending and receiving of data is secured by an advanced electronic signature
or an advanced electronic seal of a qualified trust service provider in such a manner
as to preclude the possibility of the data being changed undetectably;
(e) any change of the data needed for the purpose of sending or receiving the data is
clearly indicated to the sender and addressee of the data;
(f) the date and time of sending, receiving and any change of data are indicated by a
qualified electronic time stamp.
In the event of the data being transferred between two or more qualified trust service
providers, the requirements in points (a) to (f) shall apply to all the qualified trust
service providers.
Thank You !