- Y Diweddaraf sydd Ar Gael (Diwygiedig)
- Gwreiddiol (a wnaed Fel)
Dyma’r fersiwn wreiddiol (fel y’i gwnaed yn wreiddiol). This item of legislation is currently only available in its original format.
Regulation 2
1. The eIDAS Regulation is amended as follows.
2. In Article 1—
(a)in the words before point (a)—
(i)omit “internal”;
(ii)omit “electronic identification means and”;
(b)omit paragraph (a).
3. In Article 2—
(a)omit paragraph 1;
(b)in paragraph 2, for “resulting from national law” substitute “by operation of law”;
(c)in paragraph 3, for “national or Union” substitute “the”.
4.—(1) Article 3 is amended as follows.
(2) Omit point (4).
(3) In point (6), omit “an electronic identification or”.
(4) In point (8), for the words from “means” to the end substitute “has the same meaning as in the Public Contracts Regulations 2015 (S.I. 2015/102)(1) (see the definition of “bodies governed by public law” in regulation 2(1) of those Regulations);”.
(5) After point (41) insert—
“(42) ‘the equivalent EU law’ means Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC(2), or any instrument replacing that Regulation, as it has effect in EU law from time to time.”.
5. Omit Article 4.
6. Omit Article 5.
7. Omit Chapter II.
8. In Article 13—
(a)in paragraph 1, in the first subparagraph, after “trust service providers” insert “established in the United Kingdom or in the EU”;
(b)in paragraph 3, for “national rules on liability” substitute “general principles of liability in tort or delict”.
9. Omit Article 14.
10. Omit Article 15.
11. Omit Article 16.
12.—(1) Article 17 is amended as follows.
(2) Omit paragraphs 1 and 2.
(3) In paragraph 3—
(a)in the words before point (a), after “supervisory body” insert “(as assigned to the Information Commissioner by regulation 3 of the Electronic Identification and Trust Services for Electronic Transactions Regulations 2016 (S.I. 2016/696)(3))”;
(b)in points (a) and (b), for “territory of the designating Member State” substitute “United Kingdom”.
(4) In paragraph 4—
(a)omit point (a);
(b)in point (c), omit “other supervisory bodies and”;
(c)omit point (d);
(d)in point (h), omit “national”;
(5) For paragraph 5 substitute—
“1. The Secretary of State may give directions to the supervisory body requiring it to establish, maintain and update a trust infrastructure in accordance with the directions.”.
(6) Omit paragraphs 6 to 8.
13. For Article 18 substitute—
1. The supervisory body may give information and assistance to, and otherwise co-operate with, a public authority in the EU if the supervisory body considers that to do so would be in the interests of effective regulation or supervision of trust services (whether inside or outside the United Kingdom).
2. Nothing in paragraph 1 authorises the processing of personal data other than in accordance with the data protection legislation.
In this paragraph, “processing”, “personal data” and “the data protection legislation” have the meanings given by section 3 of the Data Protection Act 2018(4).”.
14.—(1) Article 19 is amended as follows.
(2) In paragraph 1, after “trust service providers” insert “established in the United Kingdom”.
(3) In paragraph 2—
(a)in the first subparagraph—
(i)after “trust service providers” insert “established in the United Kingdom”;
(ii)omit the words from “and, where applicable” to “data protection authority,”;
(b)omit the third subparagraph.
(4) Omit paragraphs 3 and 4.
15. In Article 20—
(a)in paragraph 3, for “lists” substitute “list”;
(b)omit paragraph 4.
16. In Article 21—
(a)in paragraph 1, after “providers” insert “established in the United Kingdom”;
(b)in paragraph 2, in the second subparagraph, for “lists” substitute “list”;
(c)in paragraph 3, for “lists” substitute “list”;
(d)omit paragraph 4.
17. For Article 22 substitute—
1. The Secretary of State must make arrangements for the maintenance and publication of a trusted list, containing information relating to qualified trust service providers and the qualified trust services provided by them.
2. The arrangements must provide for the maintenance and publication of the trusted list, in a secured manner, in a form that is electronically signed or sealed and suitable for automated processing.
3. The arrangements must provide for a body to be responsible for the maintenance and publication of the trusted list.
4. The arrangements may provide for the trusted list to include information relating to trust service providers established in the United Kingdom that do not have qualified status, and the trust services provided by them. Where the arrangements do so, they must also provide for the list to indicate clearly which providers and services are not qualified.
5. The arrangements must provide for the publication, in a form that is electronically signed or sealed and suitable for automated processing, of:
(a)information on the body referred to in paragraph 3, and
(b)details of where the trusted list is published, the certificates used to sign or seal the list, and any changes thereto.
6. The trusted list maintained under this Article is initially to consist of the information that was in the list maintained immediately before exit day under Article 22 of this Regulation as it then had effect.”.
18. Omit Article 23.
19.—(1) Article 24 is amended as follows.
(2) In paragraph 1—
(a)in the first subparagraph, omit “and in accordance with national law”;
(b)in the second subparagraph—
(i)in the words before point (a), omit “in accordance with national law”;
(ii)in point (b), for the words from “set out” to “‘high’” substitute “for the assurance levels ‘substantial’ or ‘high’ under the equivalent EU law so far as relating to electronic identification schemes (or would meet those requirements if they were not predicated on the doing of anything in, or by, a member State)”;
(iii)in point (d), omit “recognised at a national level”.
(3) In paragraph 2—
(a)in point (c), omit “, in accordance with national law”;
(b)in point (j), omit “in accordance with Directive 95/46/EC”.
(4) Omit paragraph 5.
20. After Article 24 insert—
1. For the purposes of Articles 25(2), 27, 35(2), 37, 41(2) and 43(2) (and any implementing measures having effect for the purposes of those provisions), anything which is not qualified under this Regulation is to be treated as qualified if:
(a)it is qualified under the equivalent EU law, or
(b)the application of any one or more of the assumptions in paragraph 2 would result in its being qualified under either this Regulation or the equivalent EU law.
2. The assumptions are:
(a)to the extent that being qualified depends on anything being done by a qualified trust services provider, that a trust services provider with qualified status under this Regulation has qualified status under the equivalent EU law (and vice versa);
(b)to the extent that being qualified depends on any related service, device, process or record being qualified, that any such thing that is qualified under this Regulation is qualified under the equivalent EU law (and vice versa);
(c)to the extent that being qualified depends on meeting any technical standard or requirement, that anything meeting such a standard or requirement under this Regulation meets any corresponding standard or requirement under the equivalent EU law (and vice versa).
3. For the purposes of this Article, a trust service is not to be regarded as being qualified under the equivalent EU law if it is qualified (or is treated as such) only by virtue of provision for the recognition of trust services provided by entities established outside the EU pursuant to an international agreement to which the EU is party.”.
21. In Article 25, omit paragraph 3.
22.—(1) Article 27 is amended as follows.
(2) For paragraphs 1 to 3 substitute—
“1. If a public sector body requires an advanced electronic signature for the use of an online service offered by or on behalf of that body (but does not require it to be based on a qualified certificate for electronic signature), the body must recognise any advanced electronic signature (whether or not based on a qualified certificate for electronic signature) that complies with the Implementing Decision.
2. If a public sector body requires an advanced electronic signature based on a qualified certificate for electronic signature to use an online service offered by or on behalf of that body, the body must recognise any advanced electronic signature based on a qualified certificate for electronic signature, or any qualified electronic signature, that complies with the Implementing Decision.
3. If a public sector body requires an electronic signature to use an online service offered by or on behalf of that body, the body may not, for the use of that service from a place outside the United Kingdom, require the signature to be at a higher security level than that of a qualified electronic signature.”.
(3) Omit paragraph 4.
(4) For paragraph 5 substitute—
“5. In this Article “the Implementing Decision” means Commission Implementing Decision (EU) 2015/1506 laying down specifications relating to formats of advanced electronic signatures and advanced seals to be recognised by public sector bodies(5).”.
23. In Article 28, omit paragraphs 2, 5 and 6.
24. In Article 29, omit paragraph 2.
25.—(1) Article 30 is amended as follows.
(2) In paragraph 1, for “Member States” substitute “a person appointed for that purpose by the Secretary of State (“the appointed person”)”.
(3) For paragraph 2 substitute—
“2. The appointed person must notify the supervisory body of the name and address of any body the person designates under paragraph 1.
2A. The supervisory body must maintain a list of the names and addresses of the designated bodies notified to it under paragraph 2.”.
(4) In paragraph 3—
(a)in the first subparagraph—
(i)in point (a), for the words from “carried out” to “subparagraph” substitute “that complies with the Implementing Decision”;
(ii)in point (b), for “Commission” substitute “supervisory body”;
(b)for the second subparagraph substitute—
“In this paragraph “the Implementing Decision” means Commission Implementing Decision (EU) 2016/650 laying down standards for the security assessment of qualified signature and seal creation devices(6).”.
(5) Omit paragraph 4.
26. In Article 31—
(a)for paragraphs 1 and 2 substitute—
“1. A body designated under Article 30(1) must notify the supervisory body as soon as reasonably practicable of any certification of conformity that it makes, or cancels, for the purposes of Article 30.
2. The supervisory body must maintain and publish a list of electronic signature creation devices the certification of which is notified to it under paragraph 1.”;
(b)omit paragraph 3.
27. In Article 32, omit paragraph 3.
28. In Article 33, omit paragraph 2.
29. In Article 34, omit paragraph 2.
30. In Article 35, omit paragraph 3.
31.—(1) Article 37 is amended as follows.
(2) For paragraphs 1 to 3 substitute—
“1. If a public sector body requires an advanced electronic seal for the use of an online service offered by or on behalf of that body (but does not require it to be based on a qualified certificate for electronic seal), the body must recognise any advanced electronic seal (whether or not based on a qualified certificate for electronic seal) that complies with the Implementing Decision.
2. If a public sector body requires an advanced electronic seal based on a qualified certificate for electronic seal to use an online service offered by or on behalf of that body, the body must recognise any advanced electronic seal based on a qualified certificate for electronic seal, or any qualified electronic seal, that complies with the Implementing Decision.
3. If a public sector body requires an electronic seal to use an online service offered by or on behalf of that body, the body may not, for the use of that service from a place outside the United Kingdom, require the seal to be at a higher security level than that of a qualified electronic seal.”.
(3) Omit paragraph 4.
(4) For paragraph 5 substitute—
“5. In this Article “the Implementing Decision” means Commission Implementing Decision (EU) 2015/1506 laying down specifications relating to formats of advanced electronic signatures and advanced seals to be recognised by public sector bodies(7).”.
32. In Article 38, omit paragraphs 2, 5 and 6.
33. In Article 41, omit paragraph 3.
34. In Article 42, omit paragraph 2.
35. In Article 44, omit paragraph 2.
36. In Article 45, omit paragraph 2.
37. Omit Chapter V.
38. Omit Article 49.
39. In Article 51, omit paragraphs 3 and 4.
40. In Article 52, omit paragraphs 3 and 4.
41. After Article 52, omit the words from “This Regulation” to “Member States.”.
42. In Annex I, in point (b), omit “, the Member State in which that provider is established and”.
43. In Annex III, in point (b), omit “the Member State in which that provider is established and”.
44. In Annex IV, in point (b), omit “the Member State in which that provider is established and”.
45. Commission Decision of 16 October 2009 setting out measures facilitating the use of procedures by electronic means through the ‘points of contact’ under Directive 2006/123/EC of the European Parliament and of the Council on services in the internal market (2009/767/EC) is revoked.
46. Commission Decision of 28 July 2010 amending Decision 2009/767/EC as regards the establishment, maintenance and publication of trusted lists of certification service providers supervised/accredited by Member States (2010/425/EU) is revoked.
47. Commission Decision of 27 April 2011 establishing minimum requirements for the cross-border processing of documents signed electronically by competent authorities under Directive 2006/123/EC of the European Parliament and of the Council on services in the internal market (2011/130/EU) is revoked.
48. Commission Implementing Decision of 14 October 2013 amending Decision 2009/767/EC as regards the establishment, maintenance and publication of trusted lists of certification service providers supervised/accredited by Member States (2013/662/EU) is revoked.
49. Commission Implementing Decision of 17 March 2014 amending Decision 2011/130/EU establishing minimum requirements for the cross-border processing of documents signed electronically by competent authorities under Directive 2006/123/EC of the European Parliament and of the Council on services in the internal market is revoked.
50. Commission Implementing Decision (EU) 2015/296 of 24 February 2015 establishing procedural arrangements for cooperation between Member States on electronic identification pursuant to Article 12(7) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market is revoked.
51. Commission Implementing Regulation (EU) 2015/806 of 22 May 2015 laying down specifications relating to the form of the EU trust mark for qualified trust services is revoked.
52. Commission Implementing Regulation (EU) 2015/1501 of 8 September 2015 on the interoperability framework pursuant to Article 12(8) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market is revoked.
53. Commission Implementing Regulation (EU) 2015/1502 of 8 September 2015 on setting out minimum technical specifications and procedures for assurance levels for electronic identification pursuant to Article 8(3) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market is revoked.
54. Commission Implementing Decision (EU) 2015/1505 laying down technical specifications and formats relating to trusted lists pursuant to Article 22(5) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market is revoked.
55.—(1) Commission Implementing Decision (EU) 2015/1506 laying down specifications relating to formats of advanced electronic signatures and advanced seals to be recognised by public sector bodies(8) is amended as follows.
(2) In Article 1—
(a)for the words from the beginning to “recognise” substitute “A signature complies with this Decision if it is an”;
(b)for “those signatures comply” substitute “it complies”.
(3) In Article 2—
(a)for paragraph 1 substitute—
“1. A signature also complies with this Decision if it is in a format other than those referred to in Article 1, provided that:
(a)the trust service provider used by the signatory is established in the United Kingdom or the EU, and
(b)the public sector body in question is offered signature validation possibilities in accordance with paragraph 2, suitable, where possible, for automated processing.”;
(b)in paragraph 2—
(i)in point (a), for “other Member States” substitute “the public sector body”;
(ii)in point (c)—
(aa)in point (1), for the words from “that supports” (in the second place it occurs) to “provider” substitute “met, at the time of signing, all necessary requirements for qualified status”;
(bb)in point (7), after “Regulation (EU) No 910/2014” insert “, or the corresponding provision of the equivalent EU law (within the meaning given by Article 3(42) of that Regulation),”.
(4) In Article 3—
(a)for the words from the beginning to “recognise” substitute “A seal complies with this Decision if it is an”;
(b)for “those comply” substitute “it complies”.
(5) In Article 4—
(a)for paragraph 1 substitute—
“1. A seal also complies with this Decision if it is in a format other than those referred to in Article 3, provided that:
(a)the trust service provider used by the creator of the seal is established in the United Kingdom or the EU, and
(b)the public sector body in question is offered seal validation possibilities in accordance with paragraph 2, suitable, where possible, for automated processing.”;
(b)in paragraph 2—
(i)in point (a), for “other Member States” substitute “the public sector body”;
(ii)in point (c)—
(aa)in point (1), for the words from “that supports” (in the second place it occurs) to “provider” substitute “met, at the time of sealing, all necessary requirements for qualified status”;
(bb)in point (7), after “Regulation (EU) No 910/2014” insert “, or the corresponding provision of the equivalent EU law (within the meaning given by Article 3(42) of that Regulation),”.
(6) After Article 5, omit the words from “This Decision” to “Member States.”.
56. Commission Implementing Decision (EU) 2015/1984 of 3 November 2015 defining the circumstances, formats and procedures of notification pursuant to Article 9(5) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market is revoked.
57.—(1) Commission Implementing Decision (EU) 2016/650 laying down standards for the security assessment of qualified signature and seal creation devices(9) is amended as follows.
(2) In Article 1(2)—
(a)omit the words from the beginning until “seal creation devices,”;
(b)omit the words from “and that is notified” to the end.
58.—(1) The Agreement on the European Economic Area signed at Oporto on 2 May 1992, so far as it forms part of domestic law by virtue of section 3(2)(b) of the European Union (Withdrawal) Act 2018, is amended as follows.
(2) In Annex X, omit points 1b and 1c.
(3) In Annex XI, in point 5l, omit the second subparagraph.
59.—(1) The European Union (Recognition of Professional Qualifications) Regulations 2015(10) are amended as follows.
(2) In regulation 5(8) (electronic signatures), for the words from “accept” to the end substitute “act in accordance with Article 27 of that Regulation (and for this purpose the completion of the procedures is to be treated as the use of an online service to which that Article applies).”.
60. In the Electronic Identification and Trust Services for Electronic Transactions Regulations 2016(11), omit regulation 6(2) (review of eIDAS Regulation to have regard to implementation in other Member States).
S.I. 2015/102 was amended by S.I. 2016/275 and 2016/696; there are other amending instruments, but none is relevant.
OJ No. L 257, 28.8.2014, p. 73.
Regulation 3 was amended by section 211(1)(b) of, and paragraphs 403 and 405 of Schedule 19 to, the Data Protection Act 2018 (c. 12).
The full title of the instrument is Commission Implementing Decision (EU) 2015/1506 laying down specifications relating to formats of advanced electronic signatures and advanced seals to be recognised by public sector bodies pursuant to Articles 27(5) and 37(5) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market. The reference to Articles 27(5) and 37(5) of Regulation (EU) No 910/2014 is to those Articles as they had effect when the Decision was adopted.
The full title of the instrument is Commission Implementing Decision (EU) 2016/650 laying down standards for the security assessment of qualified signature and seal creation devices pursuant to Articles 30(3) and 39(2) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market. The reference to Articles 30(3) and 39(2) of Regulation (EU) No 910/2014 is to those Articles as they had effect when the Decision was adopted.
The full title of the instrument is Commission Implementing Decision (EU) 2015/1506 laying down specifications relating to formats of advanced electronic signatures and advanced seals to be recognised by public sector bodies pursuant to Articles 27(5) and 37(5) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market. The reference to Articles 27(5) and 37(5) of Regulation (EU) No 910/2014 is to those Articles as they had effect when the Decision was adopted.
The full title of the instrument is Commission Implementing Decision (EU) 2015/1506 laying down specifications relating to formats of advanced electronic signatures and advanced seals to be recognised by public sector bodies pursuant to Articles 27(5) and 37(5) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market. The reference to Articles 27(5) and 37(5) of Regulation (EU) No 910/2014 is to those Articles as they had effect when the Decision was adopted.
The full title of the instrument is Commission Implementing Decision (EU) 2016/650 laying down standards for the security assessment of qualified signature and seal creation devices pursuant to Articles 30(3) and 39(2) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market. The reference to Articles 30(3) and 39(2) of Regulation (EU) No 910/2014 is to those Articles as they had effect when the Decision was adopted.
S.I. 2016/696, amended by paragraphs 403 to 406 of Schedule 19 to the Data Protection Act 2018 (c. 12).
Y Diweddaraf sydd Ar Gael (diwygiedig):Y fersiwn ddiweddaraf sydd ar gael o’r ddeddfwriaeth yn cynnwys newidiadau a wnaed gan ddeddfwriaeth ddilynol ac wedi eu gweithredu gan ein tîm golygyddol. Gellir gweld y newidiadau nad ydym wedi eu gweithredu i’r testun eto yn yr ardal ‘Newidiadau i Ddeddfwriaeth’.
Gwreiddiol (Fel y’i Deddfwyd neu y’i Gwnaed): Mae'r wreiddiol fersiwn y ddeddfwriaeth fel ag yr oedd pan gafodd ei deddfu neu eu gwneud. Ni wnaed unrhyw newidiadau i’r testun.
Mae Memoranda Esboniadol yn nodi datganiad byr o ddiben Offeryn Statudol ac yn rhoi gwybodaeth am ei amcan polisi a goblygiadau polisi. Maent yn ceisio gwneud yr Offeryn Statudol yn hygyrch i ddarllenwyr nad oes ganddynt gymhwyster cyfreithiol, ac maent yn cyd-fynd ag unrhyw Offeryn Statudol neu Offeryn Statudol Drafft a gyflwynwyd ger bron y Senedd o Fehefin 2004 ymlaen.
Gallwch wneud defnydd o ddogfennau atodol hanfodol a gwybodaeth ar gyfer yr eitem ddeddfwriaeth o’r tab hwn. Yn ddibynnol ar yr eitem ddeddfwriaeth sydd i’w gweld, gallai hyn gynnwys:
Defnyddiwch y ddewislen hon i agor dogfennau hanfodol sy’n cyd-fynd â’r ddeddfwriaeth a gwybodaeth am yr eitem hon o ddeddfwriaeth. Gan ddibynnu ar yr eitem o ddeddfwriaeth sy’n cael ei gweld gall hyn gynnwys:
liciwch ‘Gweld Mwy’ neu ddewis ‘Rhagor o Adnoddau’ am wybodaeth ychwanegol gan gynnwys