The increase in the distribution of electronic mail and the number of users in the business communities have together created the problem of how to guarantee whether an e-mail message or an electronic document is from the person it purports to be from. Guaranteeing the provenance of e-mail messages or electronic documents which, for example, contain contractual proposals or evidence commercial agreements, has become an absolute necessity. The very first tool which attempted to solve this problem was the digital signature.
The digital signature
The digital signature is the result of a computerised process and is based on a double key cryptography system. This allows potential receivers to verify the provenance and the integrity of the electronic document.
The validity of the digital signature depends on electronic certificates issued by the certification service providers. The main task of these organisations is to ensure the authenticity of the signature or, the provenance of the digital signature from the subscriber.
Italywas one of the first Member States to recognise and regulate digital signatures through changes to regulations. The most significant law is Presidential Decree 10 November 1997 no. 513.
The desire for a uniform and unique text, then led to the issuing of Presidential Decree 28 November 2000 no. 445 on “administrative documentation” which has abrogated and modified Decree no. 513.
The legislative Decree 23 January 2002 no. 10
On15th February 2002, the legislative Decree 23 January 2002 no.10 implementing the 1993/93 EC Directive was published on the Italian official Gazette. This Decree amended Presidential Decree no. 445/2000 and modified several of its provisions.
Decree 10/2002 introduced the following new concepts:
a) introduction of different types of electronic signatures, each one having different effects
b) creation of different categories of certification service providers
The legislative Decree 10/2002 also introduced distinctions between simple electronic signatures (weak signatures) and advanced electronic signatures (strong electronic signatures).
Weak signatures are defined by art. 2 of Decree no. 10/2002 (art. 1 lett. c) of Decree 445/2000) as the “totality of electronic data attached or linked through logic association to other electronic data, used as a method of electronic authentication”. Within such category we can include every identity code associated with an electronic document (for example, a user name or a password).
Advanced electronic signatures (strong electronic signatures) are defined as ones obtained by an electronic procedure:
- able to grant an univocal (i) link to its subscriber and (ii) identification of the subscriber
- created through means by which the subscriber is able to exercise an exclusive control
- linked with the data which it refers to in a way that allows it to reveal whether the data has been modified subsequently
This last category includes, but is not limited to, digital signatures. In fact “strong electronic signatures” comprise all types of signatures which are based on a qualified certificate and generated by a safe device.
Differences between the two categories
The introduction of such new forms of electronic signatures has raised the issue of the legal status of the documents to which the electronic signature is appended.
Decree no. 10/2002 contains a fundamental proposition which attributes to an electronic document the same effects of a paper one but only when it meets certain requirements. In this regard, art. 6 of this Decree (which has modified art. 10 of Presidential Decree no. 445/2000) sets out the following rules:
- electronic documents without signature: in such cases the electronic document is treated as a mechanical reproduction regulated by art. 2712 of the Italian Civil Code according to which a mechanical reproduction constitutes evidence unless it is unrecognised by the person against whom is produced;
- electronic documents containing an electronic signature: such documents satisfy the requirement of written form. Nevertheless it is not given an “absolute probatory effect”, due to the fact that the judge can freely evaluate it, in consideration of its quality and safety characteristics;
- electronic documents subscribed by a digital signature or another type of advanced electronic signature created by a device for the creation of a secure signature: in this case the electronic document has the same probatory effect as a private deed as per art. 2702 of the Italian Civil Code. This means that such an electronic document constitutes evidence unless the truth of the declarations in the document are contested by the subscriber through a complicated proceeding aimed at ascertaining their falsity (the so called “querela di falso” provided by art. 221 of the Italian Code of Civil Procedure).
Such “general dispositions” are also applied with specific regard to e-commerce contracts. Art. 11 of Presidential Decree no. 445/2000 states that e-commerce contracts formed through qualified electronic signatures as above defined, are valid and relevant for all legal purposes.
5. The certification services providers
With Decree no. 10/2002 the role and the operating methods of the certification service providers have been modified considerably. This Decree, has achieved one of the main aims of Directive 93/1999, which is the wider use of the electronic signature system through the liberalisation of certification services.
To meet those aims the Decree has created two categories of certification services providers:
(i) ordinary certification services providers
(ii) qualified certification services providers
According to Article 3 of Decree no. 10/2002 (art. 26 of Presidential Decree 445/2000) the activity of the certification service providers with a registered office in Italy or in a Member State is free and does not require any previous authorisation.
The ordinary certification service providers carry out certification services of electronic signatures or supply services connected to the electronic services.
Qualified certification service providers established in Italy and who intend to issue qualified certificates to the public mustinform the Department for Innovations and Technologies of the activity (the Department for Innovations and Technologies is the body with control to monitor the certification services providers’ activities).
Finally Presidential Decree 7 April 2003, no. 137 has been enacted.
On one hand, this Decree has specifically indicated the requirements necessary to exercise the certification activities; on the other hand it reaffirms that no previous authorisation is necessary to start certification service activity in conformity with Directive no. 93/1999.
Art. 2 of the Decree 10/2002 defines a qualified certificate as one in compliance with annex I of the Directive 1993/99 CE, issued by the certification providers which comply with the requirements established by annex II of the captioned directive.
Important - The information in this article is provided subject to the disclaimer. The law may have changed since first publication and the reader is cautioned accordingly.