CHAPTER VIIU.K. INFORMATION TECHNOLOGY REQUIREMENTS
Article 74U.K.Electronic data exchange formats
1.Member States may require the operator and aircraft operator to use electronic templates or specific file formats for submission of monitoring plans and changes to the monitoring plan, as well as for submission of annual emissions reports, tonne-kilometre reports, verification reports and improvement reports.
Those templates or file format specifications established by the Member States shall, at least, contain the information contained in electronic templates or file format specifications published by the Commission.
2.When establishing the templates or file-format specifications referred to in the second subparagraph of paragraph 1, Member States may choose one or both of the following options:
(a)file-format specifications based on XML, such as the EU ETS reporting language published by the Commission for use in connection with advanced automated systems;
(b)templates published in a form usable by standard office software, including spreadsheets and word processor files.
Article 75U.K.Use of automated systems
1.Where a Member State chooses to use automated systems for electronic data exchange based on file-format specifications in accordance with point (a) of Article 74(2), those systems shall ensure in a cost efficient way, through the implementation of technological measures in accordance with the current state of technology:
(a)integrity of data, preventing modification of electronic messages during transmission;
(b)confidentiality of data, through the use of security techniques, including encryption techniques, such that the data is only accessible to the party for which it was intended and that no data can be intercepted by unauthorised parties;
(c)authenticity of data, such that the identity of both the sender and receiver of data is known and verified;
(d)non-repudiation of data, such that one party of a transaction cannot deny having received a transaction nor can the other party deny having sent a transaction, by applying methods such as signing techniques, or independent auditing of system safeguards.
2.Any automated systems used by Member States based on file-format specifications in accordance with point (a) of Article 74(2) for communication between the competent authority, operator and aircraft operator, as well as verifier and national accreditation body within the meaning of Implementing Regulation (EU) 2018/2067, shall meet the following non-functional requirements, through implementation of technological measures in accordance with the current state of technology:
(a)access control, such that the system is only accessible to authorised parties and no data can be read, written or updated by unauthorised parties, through implementation of technological measures in order to achieve the following:
restriction of physical access to the hardware on which automated systems run through physical barriers;
restriction of logical access to the automated systems through the use of technology for identification, authentication and authorisation;
(b)availability, such that data accessibility is ensured, even after significant time and the introduction of possible new software;
(c)audit trail, such that it is ensured that changes to data can always be found and analysed in retrospect.