Act on Electronic Signature

The Act on Electronic Signature introduces the first separate legal regulation of relations arising in connection with the execution and use of the electronic signature.

Under the Act, an electronic signature shall mean an information attached or otherwise logically associated with a document which is executed on the basis of knowing a private key and the electronic document itself. The private key is a confidential information serving for the execution of an electronic signature. It is possible to verify the electronic signature thus created by means of a public key which is made available to the public.

The public key is based on the certificate of a public key that is an electronic document, by which the issuer of the certificate confirms that the stated public key belongs to a person for whom the certificate was issued and that the holder of the certificate owns a private key. The certificate issued by an accredited certification authority or the National Security Authority (the ``NSA'') is called a qualified certificate. This certificate may be granted to an individual, accredited certification authority or the NSA.

The secure electronic signature ensuring the higher level of protection must meet the following conditions:

a)

is executed by means of a private key which is intended for the execution of the secure electronic signature,

b)

may be only executed with the use of a secure device for the execution of electronic signatures,

c)

manner of its execution enables to reliably identify which individual executed the secure electronic signature,

d)

a qualified certificate is issued for the public key belonging to a private key used for the execution of the secure electronic signature.

Along with the electronic signature, a time stamp is used which enables to clearly identify the date and time when the electronic document and the signature to which this stamp is attached was executed. The stamp is also executed on the basis of a private key.

For the execution of secure electronic signatures and time stamps and for storage of private keys, secure devices verified by the NSA must be used.

The central authority of state administration for electronic signatures is the NSA. The NSA fulfils in particular the following tasks:

a)

performs control over observance of the Act on Electronic Signature,

b)

grants and withdraws accreditation of the certification authorities and issues certificates of accreditation,

c)

issues and cancels qualified certificates of public keys to the accredited certification authorities,

d)

releases its own public key and issues a qualified certificate of its own public key,

e)

keeps a register of foreign certification authorities, the certificates of which are recognised for use in the Slovak Republic and issues qualified certificates of public keys to such foreign certification authorities,

f)

keeps a record of the certification authorities operating in the Slovak Republic,

g)

keeps the list of accredited certification authorities active in the territory of the Slovak Republic and the list of certification authorities from which it withdrew its accreditation,

h)

certifies secure devices for the execution of electronic signatures and secure devices for the execution of time stamps.

The certification authority is a certification service provider. No special licence is required for the performance of certification activities and provision of certification services. In addition to the Act, the certification authority also follows its own rules of certification in the course of its activity.

The certification authority is liable to:

a)

have executed and follow the security rules and rules for performance of certification activities,

b)

perform certification activities in such a way that it prevents from executing copies of private keys or storing information on private keys of the users of its services,

c)

notify the NSA of changes in the content and scope of provided certification services within 30 days at the latest,

d)

issue certificates to the applicants upon a written agreement with a hand written signature, or an agreement in the form of an electronic document signed by secure electronic signatures of both parties to the agreement,

e)

notify the holder of the certificate of its duties, potential consequence in law of the used procedure for the execution of a signature and responsibility of the certification authority,

f)

keep a record of the certification documentation and archive related documentation with the issued certificates.

In addition to the above, the certification authority in the course of performance of certification activities is liable to ensure the issue of certificates which contain all prerequisites stipulated by law, with which, in case of having arbitrary limits, these limits are obvious and recognisable to third parties.

The certification authority is obliged to provide service of cancellation of the certificate issued by the same, ensure that the list of cancelled certificates is published and notify the holder of the certificate of cancellation of the certificate without delay.

The certification authority may ask the NSA for accreditation, upon which it becomes an accredited certification authority. Following the accreditation it has these additional obligations:

a)

to demonstrate reliability necessary for the provision of certification services and undergo a security audit at least once a year,

b)

to provide applicants with information on conditions and limitations on the use of certificates, methods of settlement of disputes and provide such information also to any individual or legal entity which shows its rightful interest and requires the information,

c)

to provide applicants with information on technical products, procedures and devices which were certified by the NSA as the products for electronic signature suitable for creation and verification of the secure electronic signature,

d)

at issuing qualified certificates or providing a guarantee for the validity of a certificate of a foreign certification authority ensure that:

1.

all information contained in the qualified certificate are exact and correct at the time of issue,

2.

person stated in the certificate at the time of issue is the holder of a private key corresponding to the public key stated in the certificate,

3.

the private key and the public key belonging to it correspond to one another at the use of products and procedures of electronic signature for creation and verification of the electronic signature,

4.

service of cancellation of certificates is available, the certificate is cancelled within the stipulated time period after the receipt of a rightful application for cancellation or meeting requirements for cancellation pursuant to the Act, the cancelled certificates are published in the list of cancelled certificates.

It is necessary to distinguish a certification authority from a registration authority. A registration authority mediates services of a certification authority to applicants for issue of certificates and to holders of certificates and performs selected certification services on behalf of the certification authority.

The Act also contains minor amendments to other acts in order to enable the use of electronic signature in practice. The following acts were thus amended: the Civil Code, the Civil Procedure Code, the Administrative Code, the Criminal Code, the Act No. 511/1992 Coll. on Taxes and Fees Administration and the Act No. 145/1995 Coll. on Administrative Fees.

This Act came into force on 1 May 2002, save for certain provisions which became effective on 1 September 2002.

---

Next: Amendment to the Act on
Up: April 2002
Previous: Hague Convention on Abolishment of