- Latest available (Revised)
- Point in Time (30/11/2011)
- Original (As adopted by EU)
Commission Regulation (EC) No 2216/2004 (repealed)Show full title
Commission Regulation (EC) No 2216/2004 of 21 December 2004 for a standardised and secured system of registries pursuant to Directive 2003/87/EC of the European Parliament and of the Council and Decision No 280/2004/EC of the European Parliament and of the Council (Text with EEA relevance) (repealed)
You are here:
What Version
Advanced Features
- Show Geographical Extent(e.g. England, Wales, Scotland and Northern Ireland)
- Show Timeline of Changes
More Resources
Revised version PDFs
- Revised 01/01/20120.44 MB
- Revised 30/11/20111.50 MB
- Revised 15/10/20101.46 MB
- Revised 01/01/20090.38 MB
- Revised 01/02/20080.37 MB
- Revised 04/08/20070.36 MB
Legislation originating from the EU
When the UK left the EU, legislation.gov.uk published EU legislation that had been published by the EU up to IP completion day (31 December 2020 11.00 p.m.). On legislation.gov.uk, these items of legislation are kept up-to-date with any amendments made by the UK since then.
This item of legislation originated from the EU
Legislation.gov.uk publishes the UK version. EUR-Lex publishes the EU version. The EU Exit Web Archive holds a snapshot of EUR-Lex’s version from IP completion day (31 December 2020 11.00 p.m.).
Changes over time for: ANNEX XV
Version Superseded: 01/01/2012
Status:
Point in time view as at 30/11/2011.
Changes to legislation:
There are currently no known outstanding effects for the Commission Regulation (EC) No 2216/2004 (repealed), ANNEX XV.
Changes to Legislation
Revised legislation carried on this site may not be fully up to date. At the current time any known changes or effects made by subsequent legislation have been applied to the text of the legislation you are viewing by the editorial team. Please see ‘Frequently Asked Questions’ for details regarding the timescales for which new effects are identified and recorded on this site.
ANNEX XVU.K.Security standards
Communication link between the Community independent transaction log and each registryU.K.
1. [F1When the communication link between the Community independent transaction log and the UNFCCC independent transaction log is not established, all processes concerning allowances, automatic national allocation plan table changes, verified emissions and accounts shall be completed using a communication link with the following properties:] U.K.Textual Amendments
F1
Substituted by Commission Regulation (EC) No 916/2007 of 31 July 2007 amending Regulation (EC) No 2216/2004 for a standardised and secured system of registries pursuant to Directive 2003/87/EC of the European Parliament and of the Council and Decision No 280/2004/EC of the European Parliament and of the Council (Text with EEA relevance).
Textual Amendments
F1 Substituted by Commission Regulation (EC) No 916/2007 of 31 July 2007 amending Regulation (EC) No 2216/2004 for a standardised and secured system of registries pursuant to Directive 2003/87/EC of the European Parliament and of the Council and Decision No 280/2004/EC of the European Parliament and of the Council (Text with EEA relevance).
(a)
Secure transmission shall be achieved through the use of secure socket layer (SSL) technology with a minimum of 128 bit encryption.
(b)
The identity of each registry shall be authenticated using digital certificates for the requests originating from the Community independent transaction log. The identity of the Community independent transaction log shall be authenticated using digital certificates for each request originating from a registry. The identity of each registry shall be authenticated using a user name and password for each request originating from a registry. The identity of the Community independent transaction log shall be authenticated using a user name and password for each request originating from the Community independent transaction log. Digital certificates shall be registered as valid by the certification authority. Secure systems shall be used to store the digital certificates and usernames and passwords, and access shall be limited. Usernames and passwords shall have a minimum length of 10 characters and shall comply with the hypertext transfer protocol (HTTP) basic authentication scheme (http://www.ietf.org/rfc/rfc2617.txt).
[F12. When the communication link between the Community independent transaction log and the UNFCCC independent transaction log is established, all processes concerning allowances, automatic national allocation plan table changes, verified emissions, accounts and Kyoto units shall be completed using a communication link with the properties set out in the functional and technical specifications for data exchange standards for registry systems under the Kyoto Protocol, elaborated pursuant to Decision 24/CP.8 of the Conference of the Parties to the UNFCCC.] U.K.
Communication link between the Community independent transaction log and its authorised representatives, and each registry and all authorised representatives in that registryU.K.
3.The communication link between the Community independent transaction log and its authorised representatives, and between a registry and the authorised representatives of account holders, verifiers and the registry administrator, when the authorised representatives are obtaining access from a network different from the one serving the Community independent transaction log or that registry, shall have the following properties:U.K.
(a)
Secure transmission shall be achieved through the use of secure socket layer (SSL) technology with a minimum of 128 bit encryption.
(b)
The identity of each authorised representative shall be authenticated through the use of usernames and passwords, which are registered as valid by the registry.
4.The system for issuing usernames and passwords pursuant to paragraph 3(b) to authorised representatives shall have the following properties:U.K.
(a)
At any time, each authorised representative shall have a unique username and a unique password.
(b)
The registry administrator shall maintain a list of all authorised representatives who have been granted access to the registry and their access rights within that registry.
(c)
The number of authorised representatives of the Central Administrator and registry administrator shall be kept to a minimum and access rights shall be allocated solely on the basis of enabling administrative tasks to be performed.
(d)
Any default vendor passwords with Central Administrator or registry administrator access rights shall be changed immediately after installation of the software and hardware for the Community independent transaction log or registry.
(e)
Authorised representatives shall be required to change any temporary passwords they have been given upon accessing the secure area of the Community independent transaction log or registry for the first time, and thereafter shall be required to change their passwords every two months at a minimum.
(f)
The password management system shall maintain a record of previous passwords for an authorised representative and prevent re-use of the previous ten passwords for that authorised representative. Passwords shall have a minimum length of 8 characters and be a mix of numeric and alphabetical characters.
(g)
Passwords shall not be displayed on a computer screen when being entered by an authorised representative, and password files shall not be directly visible to an authorised representative of the Central Administrator or registry administrator.
Communication link between the Community independent transaction log and the general public, and each registry and the general publicU.K.
5.The public area of the website of the Community independent transaction log and the public website of a registry shall not require authentication of its users representing the general public.U.K.
6.The public area of the Community independent transaction log website and the public area of a registry website shall not permit its users representing the general public to directly access data from the database of the Community independent transaction log or the database of that registry. Data which is publicly accessible in accordance with Annex XVI shall be accessed via a separate database.U.K.
General security requirements for the Community independent transaction log and each registryU.K.
7.The following general security requirements shall apply to the Community independent transaction log and each registry:U.K.
(a)
A firewall shall protect the Community independent transaction log and each registry from the Internet, and shall be configured as strictly as is possible to limit traffic to and from the Internet.
(b)
The Community independent transaction log and each registry shall run regular virus scans on all nodes, workstations and servers within their networks. Anti-virus software shall be updated regularly.
(c)
The Community independent transaction log and each registry shall ensure that all node, workstation and server software is correctly configured and routinely patched as security and functional updates are released.
(d)
When necessary, the Community independent transaction log and each registry shall apply additional security requirements to ensure that the registry system is able to respond to new security threats.
Options/Help
Print Options
PrintThe Whole Regulation
PrintThis Annex only
You have chosen to open the Whole Regulation
The Whole Regulation you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.
Would you like to continue?
You have chosen to open Schedules only
The Schedules you have selected contains over 200 provisions and might take some time to download. You may also experience some issues with your browser, such as an alert box that a script is taking a long time to run.
Would you like to continue?
Legislation is available in different versions:
Latest Available (revised):The latest available updated version of the legislation incorporating changes made by subsequent legislation and applied by our editorial team. Changes we have not yet applied to the text, can be found in the ‘Changes to Legislation’ area.
Original (As adopted by EU): The original version of the legislation as it stood when it was first adopted in the EU. No changes have been applied to the text.
Point in Time: This becomes available after navigating to view revised legislation as it stood at a certain point in time via Advanced Features > Show Timeline of Changes or via a point in time advanced search.
See additional information alongside the content
Geographical Extent: Indicates the geographical area that this provision applies to. For further information see ‘Frequently Asked Questions’.
Show Timeline of Changes: See how this legislation has or could change over time. Turning this feature on will show extra navigation options to go to these specific points in time. Return to the latest available version by using the controls above in the What Version box.
Opening Options
Different options to open legislation in order to view more content on screen at once
More Resources
Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as adopted version that was used for the EU Official Journal
- lists of changes made by and/or affecting this legislation item
- all formats of all associated documents
- correction slips
- links to related legislation and further information resources
Timeline of Changes
This timeline shows the different versions taken from EUR-Lex before exit day and during the implementation period as well as any subsequent versions created after the implementation period as a result of changes made by UK legislation.
The dates for the EU versions are taken from the document dates on EUR-Lex and may not always coincide with when the changes came into force for the document.
For any versions created after the implementation period as a result of changes made by UK legislation the date will coincide with the earliest date on which the change (e.g an insertion, a repeal or a substitution) that was applied came into force. For further information see our guide to revised legislation on Understanding Legislation.
More Resources
Use this menu to access essential accompanying documents and information for this legislation item. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as adopted version that was used for the print copy
- correction slips
Click 'View More' or select 'More Resources' tab for additional information including:
- lists of changes made by and/or affecting this legislation item
- confers power and blanket amendment details
- all formats of all associated documents
- links to related legislation and further information resources
All content is available under the Open Government Licence v3.0 except where otherwise stated. This site additionally contains content derived from EUR-Lex, reused under the terms of the Commission Decision 2011/833/EU on the reuse of documents from the EU institutions. For more information see the EUR-Lex public statement on re-use.