Safeguarding digitized information security

Electronic Signatures are of great and increasing importance to the consumer. They can guarantee to both consumers and businesses the authentic ity of the sender or originator of a communication or transaction, which is of vital importance in electronic commerce or in many other information society-related services (e.g. government online, etc.) which will further grow in the years to come.

In 1999, the European Union Council of Ministers adopted a directive that guarantees the security of electronic signatures. From the summer 2001 at the latest, all member states will have to provide for the legal recognition of electronic signatures in the EU, including their acceptance as evidence in legal proceedings. Each member state will have to monitor certification service providers, as they alone are technically capable of guaranteeing the authenticity of an electronic signature.

The EU Directive does not regulate every detail of electronic signatures, but rather identifies minimal requirements for certificates, certification service providers and signature creation and verification devices. It allows the Commission to establish and publish references of generally recognised standards for electronic signature products. Member states laws shall then presume compliance with the requirements laid down in the Directive when a product meets those standards. It is for this reason that the Commission established and support relevant standardization work in the European standards bodies. This work is done under the umbrella of the ICT Standardization Board and its co-ordination committee EESSI, the European Electronic Signature Standardization Initiative. EESSI co-ordinates the work in the two involved European standards bodies, CEN and ETSI. Work is focusing on various technical and non-technical issues.