POLISH REGULATIONS ON E-CERTIFICATE

European Union legislator, considering the previous Member States’ experiences, modified the professionalization of electronic communication idea and passed the new law – REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC [1], so-called eIDAS Regulation.

The aim of this Regulation was to increase confidence in the electronic trade market area in extent of e-business and contact with public entities by the introduction of the unified IT solutions legal frames for the entire European Union. These legal frames provide a reliable determination of the natural persons’ and organizational units’ identity.

The eIDAS Regulation repealed the previous Polish regulation, namely the Act of 18 September 2001 on Electronic Signature and the (EU) Directive 1999/93 implemented to this Act. After passing the Resolution 910/2014, previous Acts and Directives are repealed and the Regulation is directly applicable to the national law.

In this respect the current legal acts consist of:

(EU) eIDAS Regulation,
The Act of 5 September 2016 on Trust Services and Electronic Identification.

SUBJECT MATTER of eIDAS Regulation

Article 1 of the Regulation reads that:

With a view to ensuring the proper functioning of the internal market while aiming at an adequate level of security of electronic identification means and trust services this Regulation:

(a) lays down the conditions under which Member States recognise electronic identification means of natural and legal persons falling under a notified electronic identification scheme of another Member State;

(b) lays down rules for trust services, in particular for electronic transactions; and

(c) establishes a legal framework for electronic signatures, electronic seals, electronic time stamps, electronic documents, electronic registered delivery services and certificate services for website authentication.[2]

The main aim of this Regulation and the legislator intentions are coincided with the (abovementioned) genesis of the regulation.

LEGAL DEFINITIONS

In order to provide a sufficient protection and clarity in interpretation, eIDAS Regulation has a sizeable catalogue of legal definitions. There should be indicated crucial ones, namely electronic signature definition and qualified electronic signature definition:

Article 3

Definitions

For the purposes of this Regulation, the following definitions apply:

(10) ‘electronic signature’ means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign;

(11) ‘advanced electronic signature’ means an electronic signature which meets the requirements set out in Article 26;

(12) ‘qualified electronic signature’ means an advanced electronic signature that is created by a qualified electronic signature creation device, and which is based on a qualified certificate for electronic signatures;

(27) ‘qualified electronic seal’ means an advanced electronic seal, which is created by a qualified electronic seal creation device, and that is based on a qualified certificate for electronic seal;[3]

also there is a definition of electronic identification which is a crucial term in the electronic signature area. It is proper to say that this definition constitutes the Regulation matter:

‘electronic identification’ means the process of using person identification data in electronic form uniquely representing either a natural or legal person, or a natural person representing a legal person;[4]

PROTECTION LEVELS

Article 8 requires to introduce various electronic security levels.

Article 8

Assurance levels of electronic identification schemes

1. An electronic identification scheme notified pursuant to Article 9(1) shall specify assurance levels low, substantial and/or high for electronic identification means issued under that scheme.

2. The assurance levels low, substantial and high shall meet respectively the following criteria:[5]

Having regard to this division of assurance levels of electronic identification, article 3 distinguishes 3 types of electronic signatures:

Electronic signature;
Advanced electronic signature;
Qualified electronic signature.

EUROPEAN LEGISLATURE PRESUMPTIONS

The idea of the EU legislator is that the eIDAS Regulation:

sets out the legal conditions for the member states acknowledgement of the electronic identifications measures for natural and legal persons covered by the notified electronic identification notification of another Member State;
sets out the laws concerning the trusts services including establishing legal frames for: i) electronic signature, ii) electronic seal, iii) electronic registered delivery service, etc.

Thus the eIDAS Regulation concerns 2 issues:

Electronic identification system;
Trust services.

European legal act applies to the electronic identification schemes notified by Member States and applies to the trust service providers based in the European Union. Although the eIDAS Regulation with the EU secondary legislation is a comprehensive legal solution it is necessary to concretise certain issues in the national law. Thereby the Polish legislator has passed the Act of 5 September 2016 on Trust Services and Electronic Identification concretizing and specifying the European act.[6] The Polish Act introduces as follows:

National trust infrastructure;
Trust services providers business activity;
National electronic identification scheme;
Trust services providers supervision;
National electronic identification scheme supervision;
Criminal provisions;
Pecuniary penalties provisions.

TYPES OF ELECTRONIC SIGNATURE

There are 3 types of electronic signature: i) electronic signature; ii) advanced electronic signature and iii) qualified electronic signature.

Non-qualified electronic signature certificate (non-qualified signature) is the common term for any electronic signature (other than qualified). It is used for signing emails and for logging into a domain. It can be also used to sign documents, but a signature created using this type of certificate does not have the same legal force as oleographic signature.
Qualified electronic signature (certificated). Qualified signature certificate (qualified electronic signature) is a certificate issued by a qualified trust services provider. This type of electronic signature fulfills the eIDAS requirements. A signature made with this type of certificate is equivalent to oleographic signature.

WHAT IS THE QUALIFIED ELECTRONIC SIGNATURE – PRACTICAL INFORMATION

Definition

A qualified signature is an electronic signature which has the same legal force as oleographic signature.

This legal force can be found in the Polish Civil Code:

Article 78(1) [Electronic form]

§ 1. To meet the written form requirement of a legal act of law, it is sufficient to submit a declaration of will in electronic form and caption it with a qualified electronic signature.

§ 2. The declaration of will submitted in electronic form is equivalent to the declaration of will submitted in a written form. [7]

How to obtain a qualified electronic signature

A qualified electronic signature can be bought from one of the certified providers (entities). The list of the certificate providers can be found under this link (on the National Certification Centre website): https://www.nccert.pl/.

The most popular qualified signatures (certificates) include: