Statutory Instruments
Electronic Communications
Made
30th June 2016
Laid before Parliament
1st July 2016
Coming into force
22nd July 2016
The Secretary of State is a Minister designated M1 for the purposes of section 2(2) of the European Communities Act 1972 M2 in relation to electronic trust services and other systems to facilitate electronic transactions in the internal market.
These Regulations make provision for a purpose mentioned in section 2(2) of the European Communities Act 1972 and it appears to the Secretary of State that it is expedient for the reference to Regulation (EU) No 910/2014 M3 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market to be construed as a reference to that instrument as amended from time to time.
The Secretary of State makes these Regulations in exercise of the powers conferred by section 2(2) of, and paragraph 1A M4 of Schedule 2 to, the European Communities Act 1972.
Marginal Citations
M21972 c.68; section 2(2) was amended by the Legislative and Regulatory Reform Act 2006 (c.51), section 27(1) and the European Union (Amendment) Act 2008 (c.7), Schedule, Part 1.
M3OJ No L 257, 28.8.2014, p73.
M4Paragraph 1A of Schedule 2 was inserted by the Legislative and Regulatory Reform Act 2006, section 28 and amended by the European Union (Amendment) Act 2008, Schedule, Part 1.
1. These Regulations may be cited as the Electronic Identification and Trust Services for Electronic Transactions Regulations 2016 and come into force on 22nd July 2016.
2.—(1) In these Regulations—
F1...
the “2002 Regulations” means the Electronic Signatures Regulations 2002 M5;
“eIDAS Regulation” means Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market M6, as amended from time to time;
“supervisory body” has the meaning given in regulation 3(1) of these Regulations;
“the Tribunal” has the meaning given in section 70(1) M7 of the 1998 Act.
(2) Other expressions used in these Regulations, which are used in the eIDAS Regulation, have the same meaning as in the eIDAS Regulation.
Textual Amendments
F1Words in reg. 2(1) omitted (25.5.2018) by virtue of Data Protection Act 2018 (c. 12), s. 212(1), Sch. 19 para. 404 (with ss. 117, 209, 210); S.I. 2018/625, reg. 2(1)(g)
Marginal Citations
M6OJ No L 257, 28.8.2014, p73.
M71998 c.29; section 70(1) was amended by S.I. 2010/22.
3.—(1) The Information Commissioner is the supervisory body and must carry out the supervisory body tasks set out in Article 17 of the eIDAS Regulation.
(2) The supervisory body must enforce these Regulations and Chapter III of the eIDAS Regulation.
(3) Schedules 1 (monetary penalties) and 2 (enforcement powers of the Information Commissioner F2...) have effect.
Textual Amendments
F2Words in reg. 3(3) omitted (25.5.2018) by virtue of Data Protection Act 2018 (c. 12), s. 212(1), Sch. 19 para. 405 (with ss. 117, 209, 210); S.I. 2018/625, reg. 2(1)(g)
4.—(1) The Electronic Signatures Regulations 2002 are revoked.
(2) For the purposes of these Regulations, a qualified certificate issued pursuant to regulation 2 of the 2002 Regulations is to be treated as a qualified certificate for electronic signature pursuant to Article 3(15) of the eIDAS Regulation until it expires.
5. Schedule 3 has effect.
6.—(1) The Secretary of State must from time to time—
(a)carry out a review of these Regulations;
(b)set out the conclusions of the review in a report; and
(c)publish the report.
F3(2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
(3) The report must in particular—
(a)set out the objectives intended to be achieved by the regulatory system established by these Regulations;
(b)assess the extent to which those objectives are achieved; and
(c)assess whether those objectives remain appropriate and, if so, the extent to which they could be achieved by a system that imposes less regulation.
(4) The first report under this regulation must be published before the end of the period of 5 years beginning with the day on which these Regulations come into force.
(5) Reports under this regulation are afterwards to be published at intervals not exceeding 5 years.
Textual Amendments
Neville-Rolfe
Parliamentary Under Secretary of State for Business, Innovation and Skills
Department for Business, Innovation and Skills
Regulation 3(3)
1. If the supervisory body is satisfied that a trust service provider has contravened or is contravening Chapter III of the eIDAS Regulation, the supervisory body may issue a trust service provider with a fixed monetary penalty notice in respect of such contravention.U.K.
2. The amount of a fixed monetary penalty under these Regulations is £1000.U.K.
3. Before serving a fixed monetary penalty notice, the supervisory body must serve the trust service provider with a notice of intent.U.K.
4. The notice of intent must—U.K.
(a)state the name and address of the trust service provider;
(b)state the nature of the contravention;
(c)indicate the amount of the fixed monetary penalty;
(d)include a statement informing the trust service provider of the opportunity to discharge liability for the fixed monetary penalty notice;
(e)indicate the date on which the supervisory body proposes to serve the fixed monetary penalty notice; and
(f)inform the trust service provider that it may make written representations in relation to the proposal to serve a fixed monetary penalty notice within a period of 21 days beginning with the date of service of the notice of intent.
5. A trust service provider may discharge liability for the fixed monetary penalty if it pays to the supervisory body the amount of £800 within a period of 21 days beginning with the date of receipt of the notice of intent.U.K.
6. The supervisory body may not serve a fixed monetary penalty notice until the expiry of a period of 21 days beginning with the date of service of the notice of intent.U.K.
7. The fixed monetary penalty notice must state—U.K.
(a)the name and address of the trust service provider;
(b)details of the notice of intent served on the trust service provider;
(c)whether there have been any written representations;
(d)details of any early payment discounts;
(e)the grounds on which the supervisory body imposes the fixed monetary penalty;
(f)the date by which the fixed monetary penalty is to be paid; and
(g)details of, including the time limit for, the trust service provider's right of appeal against the imposition of the fixed monetary penalty.
8. A trust service provider on whom a fixed monetary penalty is served may appeal to the Tribunal against the issue of the fixed monetary penalty notice.U.K.
9. Any sum received by the supervisory body by virtue of this Schedule must be paid into the Consolidated Fund.U.K.
10. In England and Wales and Northern Ireland, the fixed monetary penalty is recoverable—U.K.
(a)if a county court so orders, under an order of that court;
(b)if the High Court so orders, under an order of that court.
11. In Scotland, the penalty may be enforced in the same manner as an extract registered decree arbitral bearing a warrant for execution issued by the sheriff court of any sheriffdom in Scotland.U.K.
Textual Amendments
F4Sch. 2 substituted (25.5.2018) by Data Protection Act 2018 (c. 12), s. 212(1), Sch. 19 para. 406 (with ss. 117, 209, 210); S.I. 2018/625, reg. 2(1)(g) (with reg. 4)
1 For the purposes of enforcing these Regulations and the eIDAS Regulation, the following provisions of Parts 5 to 7 of the Data Protection Act 2018 apply with the modifications set out in paragraphs 2 to 26—U.K.
(a)section 140 (publication by the Commissioner);
(b)section 141 (notices from the Commissioner);
(c)section 142 (information notices);
(d)section 143 (information notices: restrictions);
(e)section 144 (false statements made in response to an information notice);
(f)section 145 (information orders);
(g)section 146 (assessment notices);
(h)section 147 (assessment notices: restrictions);
(i)section 148 (destroying or falsifying information and documents etc);
(j)section 149 (enforcement notices);
(k)section 150 (enforcement notices: supplementary);
(l)section 152 (enforcement notices: restrictions);
(m)section 153 (enforcement notices: cancellation and variation);
(n)section 154 and Schedule 15 (powers of entry and inspection);
(o)section 155 and Schedule 16 (penalty notices);
(p)section 156(4)(a) (penalty notices: restrictions);
(q)section 157 (maximum amount of penalty);
(r)section 159 (amount of penalties: supplementary);
(s)section 160 (guidance about regulatory action);
(t)section 161 (approval of first guidance about regulatory action);
(u)section 162 (rights of appeal);
(v)section 163 (determination of appeals);
(w)section 164 (applications in respect of urgent notices);
(x)section 180 (jurisdiction);
(y)section 182(1), (2), (5), (7) and (13) (regulations and consultation);
(z)section 196 (penalties for offences);
(z1)section 197 (prosecution);
(z2)section 202 (proceedings in the First-tier Tribunal: contempt);
(z3)section 203 (Tribunal Procedure Rules).
2 The provisions listed in paragraph 1 have effect as if—U.K.
(a)references to the Data Protection Act 2018 were references to the provisions of that Act as applied by these Regulations;
(b)references to a particular provision of that Act were references to that provision as applied by these Regulations.
3—(1) Section 142 has effect as if subsections (9) and (10) were omitted.U.K.
(2) In that section, subsection (1) has effect as if—
(a)in paragraph (a)—
(i)for “controller or processor” there were substituted “ trust service provider ”;
(ii)for “the data protection legislation” there were substituted “ the eIDAS Regulation and the EITSET Regulations ”;
(b)paragraph (b) were omitted.
(3) In that section, subsection (2) has effect as if paragraph (a) were omitted.
4—(1) Section 143 has effect as if subsections (1) and (9) were omitted.U.K.
(2) In that section—
(a)subsections (3)(b) and (4)(b) have effect as if for “the data protection legislation” there were substituted “ the eIDAS Regulation or the EITSET Regulations ”;
(b)subsection (7)(a) has effect as if for “this Act” there were substituted “ section 144 or 148 or paragraph 15 of Schedule 15 ”;
(c)subsection (8) has effect as if for “this Act (other than an offence under section 144)” there were substituted “ section 148 or paragraph 15 of Schedule 15 ”.
5 Section 145(2)(b) has effect as if for “section 142(2)(b)” there were substituted “ section 142(2) ”.U.K.
6—(1) Section 146 has effect as if subsection (11) were omitted.U.K.
(2) In that section—
(a)subsection (1) has effect as if—
(i)for “controller or processor” (in both places) there were substituted “ trust service provider ”;
(ii)for “the data protection legislation” there were substituted “ the eIDAS requirements ”;
(b)subsection (2) has effect as if paragraphs (h) and (i) were omitted;
(c)subsections (7), (8), (9) and (10) have effect as if for “controller or processor” (in each place) there were substituted “trust service provider.
(d)subsection (9)(a) has effect as if for “as described in section 149(2) or that an offence under this Act” there were substituted “ to comply with the eIDAS requirements or that an offence under section 144 or 148 or paragraph 15 of Schedule 15 ”.
7—(1) Section 147 has effect as if subsections (5) and (6) were omitted.U.K.
(2) In that section, subsections (2)(b) and (3)(b) have effect as if for “the data protection legislation” there were substituted “ the eIDAS Regulation or the EITSET Regulations ”.
8—(1) Section 149 has effect as if subsections (2) to (5) and (7) to (9) were omitted.U.K.
(2) In that section—
(a)subsection (1) has effect as if—
(i)for “as described in subsection (2), (3), (4) or (5)” there were substituted “ to comply with the eIDAS requirements ”;
(ii)for “sections 150 and 151” there were substituted “ section 150 ”;
(b)subsection (6) has effect as if the words “given in reliance on subsection (2), (3) or (5)” were omitted.
9—(1) Section 150 has effect as if subsection (3) were omitted.U.K.
(2) In that section, subsection (2) has effect as if the words “in reliance on section 149(2)” and “or distress” were omitted.
10 Section 152 has effect as if subsections (1), (2) and (4) were omitted.U.K.
11 The provisions listed in paragraph 1 have effect as if after section 153 there were inserted—U.K.
The Commissioner may, by written notice (a “withdrawal notice”), withdraw the qualified status from a trust service provider, or the qualified status of a service provided by a trust service provider, if—
(a)the Commissioner is satisfied that the trust service provider has failed to comply with an information notice or an enforcement notice, and
(b)the condition in subsection (2) or (3) is met.
(2)The condition in this subsection is met if the period for the trust service provider to appeal against the information notice or enforcement notice has ended without an appeal having been brought.
(3)The condition in this subsection is met if an appeal against the information notice or enforcement notice has been brought and—
(a)the appeal and any further appeal in relation to the notice has been decided or has otherwise ended, and
(b)the time for appealing against the result of the appeal or further appeal has ended without another appeal having been brought.
(4)A withdrawal notice must—
(a)state when the withdrawal takes effect, and
(b)provide information about the rights of appeal under section 162.”
12—(1) Schedule 15 has effect as if paragraph 3 were omitted.U.K.
(2) Paragraph 1(1) of that Schedule (issue of warrants in connection with non-compliance and offences) has effect as if for paragraph (a) (but not the final “and”) there were substituted—
“(a)there are reasonable grounds for suspecting that—
(i)a trust service provider has failed or is failing to comply with the eIDAS requirements, or
(ii)an offence under section 144 or 148 or paragraph 15 of Schedule 15 has been or is being committed,”.
(3) Paragraph 2 of that Schedule (issue of warrants in connection with assessment notices) has effect as if—
(a)in sub-paragraphs (1) and (2), for “controller or processor” there were substituted “ trust service provider ”;
(b)in sub-paragraph (2), for “the data protection legislation” there were substituted “ the eIDAS requirements ”.
(4) Paragraph 5 of that Schedule (content of warrants) has effect as if—
(a)in sub-paragraph (1)(c), for “the processing of personal data” there were substituted “ the provision of trust services ”;
(b)in sub-paragraph (2)(d)—
(i)for “controller or processor” there were substituted “ trust service provider ”;
(ii)for “as described in section 149(2)” there were substituted “ to comply with the eIDAS requirements ”;
(c)in sub-paragraph (3)(a) and (d)—
(i)for “controller or processor” there were substituted “ trust service provider ”;
(ii)for “the data protection legislation” there were substituted “ the eIDAS requirements ”.
(5) Paragraph 11 of that Schedule (privileged communications) has effect as if, in sub-paragraphs (1)(b) and (2)(b), for “the data protection legislation” there were substituted “ the eIDAS Regulation or the EITSET Regulations ”.
13—(1) Section 155 has effect as if subsections (1)(a), (2)(a), (3)(g), (4) and (6) to (8) were omitted.U.K.
(2) Subsection (2) of that section has effect as if—
(a)the words “Subject to subsection (4),” were omitted;
(b)in paragraph (b), the words “to the extent that the notice concerns another matter,” were omitted.
(3) Subsection (3) of that section has effect as if—
(a)for “controller or processor”, in each place, there were substituted “ trust services provider ”;
(b)in paragraph (c), the words “or distress” were omitted;
(c)in paragraph (c), for “data subjects” there were substituted “ relying parties ”;
(d)in paragraph (d), for “section 57, 66, 103 or 107” there were substituted “ Article 19(1) of the eIDAS Regulation ”.
14 Schedule 16 has effect as if paragraphs 3(2)(b) and 5(2)(b) were omitted.U.K.
15 Section 157 has effect as if subsections (1) to (3) and (6) were omitted.U.K.
16 Section 159 has effect as if—U.K.
(a)in subsection (1), the words “Article 83 of the [F5UK GDPR] and” were omitted;
(b)in subsection (2), the words “Article 83 of the [F6UK GDPR] ” and “and section 158” were omitted.
Textual Amendments
F5Words in Sch. 2 para. 16(a) substituted (31.12.2020) by The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (S.I. 2019/419), reg. 1(2), Sch. 3 para. 101 (with Sch. 3 para. 112); 2020 c. 1, Sch. 5 para. 1(1)
F6Words in Sch. 2 para. 16(b) substituted (31.12.2020) by The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (S.I. 2019/419), reg. 1(2), Sch. 3 para. 101 (with Sch. 3 para. 112); 2020 c. 1, Sch. 5 para. 1(1)
17—(1) Section 160 has effect as if subsections (5) and (12) were omitted.U.K.
(2) In that section, subsection (4)(f) has effect as if for “controllers and processors” there were substituted “ trust service providers ”.
18—(1) Section 162 has effect as if subsection (4) were omitted.U.K.
(2) In that section, subsection (1) has effect as if, after paragraph (c), there were inserted—
“(ca)a withdrawal notice;”.
19 Section 163 has effect as if subsection (6) were omitted.U.K.
20—(1) Section 180 has effect as if subsections (2)(d) and (e) and (3) were omitted.U.K.
(2) Subsection (1) of that section has effect as if for “subsections (3) and (4)” there were substituted “ subsection (4) ”.
21 Section 182 has effect as if subsections (3), (4), (6), (8) to (11) and (14) were omitted.U.K.
22—(1) Section 196 has effect as if subsections (3) to (5) were omitted.U.K.
(2) In that section—
(a)subsection (1) has effect as if the words “section 119 or 173 or” were omitted;
(b)subsection (2) has effect as if for “section 132, 144, 148, 170, 171 or 184” there were substituted “ section 144 or 148 ”.
23 Section 197 has effect as if subsections (3) to (6) were omitted.U.K.
24 Section 202 has effect as if in subsection (1)(a), for sub-paragraphs (i) and (ii) there were substituted “ on an appeal under section 162 ”.U.K.
25 Section 203 has effect as if—U.K.
(a)in subsection (1), for paragraphs (a) and (b) there were substituted “ the exercise of the rights of appeal conferred by section 162 ”;
(b)in subsection (2)(a) and (b), for “the processing of personal data” there were substituted “ the provision of trust services ”.
26—(1) This paragraph applies if the first guidance produced under section 160(1) of the Data Protection Act 2018 and the first guidance produced under that provision as applied by this Schedule are laid before Parliament as a single document (“the combined guidance”).U.K.
(2) Section 161 of that Act (including that section as applied by this Schedule) has effect as if the references to “the guidance” were references to the combined guidance, except in subsections (2)(b) and (4).
(3) Nothing in subsection (2)(a) of that section (including as applied by this Schedule) prevents another version of the combined guidance being laid before Parliament.
(4) Any duty under subsection (2)(b) of that section (including as applied by this Schedule) may be satisfied by producing another version of the combined guidance.
27 In this Schedule—U.K.
“the eIDAS requirements” means the requirements of Chapter III of the eIDAS Regulation;
“the EITSET Regulations” means these Regulations;
“withdrawal notice” has the meaning given in section 153A of the Data Protection Act 2018 (as inserted in that Act by this Schedule).]
Regulation 5
1.—(1) The Electronic Communications Act 2000 M8 is amended as set out below.
(2) In section 7(2)(b), for paragraph (b) substitute—
“(b)purports to be used by the individual creating it to sign.”
(3) In section 7(3), for the words “establishing the authenticity of the communication or data, the integrity of the communication or data, or both”, substitute “ signing ”.
(4) After section 7, insert—
(1) In any legal proceedings—
(a)an electronic seal incorporated into or logically associated with a particular electronic communication or particular electronic data, and
(b)the certification by any person of such a seal,
shall each be admissible in evidence in relation to any question as to the authenticity of the communication or data, the integrity of the communication or data, or both.
(2) For the purposes of this section an electronic seal is so much of anything in electronic form as—
(a)is incorporated into or otherwise logically associated with electronic communication or electronic data; and
(b)purports to ensure the origin and integrity of the communication or data.
(3) For the purposes of this section an electronic seal incorporated into or associated with a particular electronic communication or particular electronic data is certified by any person if that person (whether before or after the making of the communication) has made a statement confirming that—
(a)the seal,
(b)a means of producing, communicating or verifying the seal, or
(c)a procedure applied to the seal,
is (either alone or in combination with other factors) a valid means of ensuring the origin of the communication or data, the integrity of the communication or data, or both.
(1) In any legal proceedings—
(a)an electronic time stamp incorporated into or logically associated with a particular electronic communication or particular electronic data, and
(b)the certification by any person of such a time stamp,
shall each be admissible in evidence in relation to any question as whether the communication or data existed at the time the electronic time stamp was incorporated into or logically associated with such communication or data.
(2) For the purposes of this section an electronic time stamp is so much of anything in electronic form as—
(a)is incorporated into or otherwise logically associated with any electronic communication or electronic data; and
(b)purports to bind electronic communication or electronic data to a particular time establishing evidence that such data existed at that time.
(3) For the purposes of this section an electronic time stamp incorporated into or associated with a particular electronic communication or particular electronic data is certified by any person if that person (whether before or after the making of the communication) has made a statement confirming that—
(a)the time stamp,
(b)a means of producing, communicating or verifying the time stamp, or
(c)a procedure applied to the time stamp,
is (either alone or in combination with other factors) a valid means of establishing whether the communication or data existed at a particular point in time.
(1) In any legal proceedings an electronic document shall be admissible in evidence in relation to any question as to the authenticity of an electronic transaction.
(2) For the purposes of this section an electronic document is anything stored in electronic form, including text or sound, and visual or audiovisual recording.
(1) In any legal proceedings, any electronic communication or electronic data sent and received using an electronic registered delivery service shall be admissible in evidence.
(2) For the purposes of this section an electronic registered delivery service is a service which—
(a)provides for the transmission of data between third parties by electronic means;
(b)provides evidence relating to the handling of the transmitted data, including proof of sending and receiving the data; and
(c)protects transmitted data against the risk of loss, theft, damage or unauthorised alterations.”.
2. In regulation 2(1) (interpretation) of the Medicines for Human Use (Clinical Trials) Regulations 2004 M9—
(a)for the definition “electronic signature”, substitute—
““electronic signature” means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign; ”; and
(b)after the definition of “serious adverse event”, insert—
““signatory” means a natural person who creates an electronic signature;”.
Marginal Citations
M9S.I. 2004/1031, to which there are amendments not relevant to these Regulations.
3. In regulation 2(1) (interpretation) of the National Health Service (General Medical Services Contracts) (Scotland) Regulations 2004 M10 for the definition of “advanced electronic signature”, substitute—
““advanced electronic signature” means an advanced electronic signature within the meaning given in Article 3(11) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market M11;”.
Marginal Citations
M10S.S.I 2004/115, amended by S.S.I. 2007/206; there are other amending instruments but none is relevant.
M11OJ No L 257, 28.8.14, p73.
4. In regulation 2 (interpretation) of the National Health Service (Primary Medical Services Section 17C Agreements) (Scotland) Regulations 2004 M12 for the definition of “advanced electronic signature”, substitute—
““advanced electronic signature” means an advanced electronic signature within the meaning given in Article 3(11) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market;”.
Marginal Citations
M12S.S.I 2004/116, amended by S.S.I 2007/205; there are other amending instruments but none is relevant.
5. In the Hazardous Waste (Wales) Regulations 2005 M13—
(a)in the Welsh language text, for regulation 5(3)(ch) (general interpretation) substitute—
“mae i “llofnod electronig” yr ystyr a roddir i “electronic signature” yn Erthygl 3(10) o Reoliad (EU) Rhif 910/2014 Senedd Ewrop a'r Cyngor ar adnabod electronig a gwasanaethau ymddiried ar gyfer trafodiadau electronig yn y farchnad fewnol.”; and
(b)in the English language text, for regulation 5(3)(d) (general interpretation) substitute—
““electronic signature” (“llofnod electronig”) has the meaning given in Article 3(10) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market.”.
Marginal Citations
M13S.I. 2005/1806 (W.138). The Regulations are made in Welsh and English. By virtue of section 156(1) of the Government of Wales Act 2006 (c.32) the English and Welsh texts are to be treated for all purposes as being of equal standing. The title of the Regulations in Welsh is Rheoliadau Gwastraff Peryglus (Cymru) 2005.
6. In regulation 2 (interpretation and notices) of the Producer Responsibility Obligations (Packaging Waste) Regulations 2007 M14—
(a)in regulation 2(2), after the definition “SIC code”, insert the definition—
““signatory” means a natural person who creates an electronic signature;”; and
(b)in regulation 2(5)(d) for the definition “electronic signature”, substitute—
““electronic signature” means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign; ”.
Marginal Citations
M14S.I. 2007/871, amended by S.I. 2010/2849; there are other amending instruments but none is relevant.
7. In regulation 49(6)(a) (means of communication) of the Defence and Security Public Contracts Regulations 2011 M15, for the words “Directive 1999/93/EC of the European Parliament and the Council of 13th December 1999 on a Community framework for electronic signatures”, substitute “ Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market ”.
Marginal Citations
M15S.I. 2011/1848, to which there are amendments not relevant to these Regulations.
8.—(1) In regulation 8(1) (general interpretation) of the Human Medicines Regulations 2012 M16, after the definition “electronic communication”, insert—
““electronic signature” has the meaning given within Article 3(10) of Regulation (EU) 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market;”.
(2) In regulation 219(5) (electronic prescriptions) of the Human Medicines Regulations 2012, for the definition of “advanced electronic signature”, substitute—
““advanced electronic signature” has the meaning given within Article 3(11) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market;”.
Marginal Citations
M16S.I. 2012/1916; amended by S.I. 2015/903; there are other amending instruments but none is relevant.
9. In regulation 2(1) (interpretation) of the National Health Service (Pharmaceutical and Local Pharmaceutical Services) Regulations 2013 M17—
(a)for the definition of “advanced electronic signature”, substitute—
““advanced electronic signature” means an electronic signature which meets the following requirements—
(a)it is uniquely linked to the signatory;
(b)it is capable of identifying the signatory;
(c)it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under the signatory's sole control; and
(d)it is linked to the data signed in such a way that any subsequent change in the data is detectable;”;
(b)after the definition “electronic repeatable prescription”, insert—
““electronic signature” means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign;
“electronic signature creation data” means unique data which is used by the signatory to create an electronic signature;”; and
(c)after the definition “scheme premises” insert—
““signatory” means a natural person who creates an electronic signature;”.
Marginal Citations
M17S.I. 2013/349, to which there are amendments not relevant to these Regulations.
10. In the National Health Service (Pharmaceutical Service) (Wales) Regulations 2013 M18—
(a)in the English language text, in regulation 2(1) (interpretation), for the definition “advanced electronic signature”, substitute—
““advanced electronic signature” means an advanced electronic signature as defined in Article 3(11) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market;”; and
(b)in the Welsh language text, in regulation 2(1) (Dehongli), for the definition “llofnod electronig uwch”, substitute—
“ystyr “llofnod electronig uwch” yw llofnod electronic uwch fel y'i diffinir yn Erthygl 3(11) o Reoliad (EU) Rhif 910/2014 Senedd Ewrop a'r Cyngor ar adnabod electronig a gwasanaethau ymddiried ar gyfer trafodiadau electronig yn y farchnad fewnol;”.
Marginal Citations
M18S.I. 2013/898 (W.102). The Regulations are made in Welsh and English. By virtue of section 156(1) of the Government of Wales Act 2006 (c.32) the English and Welsh texts are to be treated for all purposes as being of equal standing. The title of the Regulations in Welsh is Rheoliadau'r Gwasanaeth Iechyd Gwladol (Gwasanaethau Fferyllol) (Cymru) 2013.
11. In regulation 2(2)(e) (interpretation) of the Reservoirs Act 1975 (Capacity, Registration, Prescribed Forms, etc.) (England) Regulations 2013 M19, for the definition “electronic signature”, substitute—
““electronic signature” has the meaning given within Article 3(10) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market.”.
Marginal Citations
12.—(1) In regulation 1(2) (citation, commencement and interpretation) of the Electronic Documents (Scotland) Regulations 2014 M20—
(a)omit the definition “the 2002 Regulations”;
(b)for the definition “advanced electronic signature”, substitute—
““advanced electronic signature” means an advanced electronic signature within the meaning given in Article 3(11) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market;”; and
(c)for the definition “signature-creation data”, substitute—
““electronic signature creation data” has the meaning given in Article 3(13) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market;”.
(2) For regulation 3(b) (requirements of self-proving electronic document) of the Electronic Documents (Scotland) Regulations 2014, substitute—
“(b)certified by a qualified certificate for electronic signature as defined in Article 3(15) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market.”.
(3) In regulation 6 (registration of electronic documents in the Land Register) of the Electronic Documents (Scotland) Regulations 2014—
(a)in sub-paragraph (b), from the words “created by” to the end, substitute—
“(i)created by electronic signature creation data associated with a digital certificate supplied by the Keeper in accordance with paragraph (c); or
(ii)certified by a qualified certificate for electronic signature as defined in Article 3(15) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market;”; and
(b)at the beginning of sub-paragraph (c), insert “ in the case of an electronic signature under paragraph (b)(i), ”.
Marginal Citations
M20S.S.I. 2014/83, as amended by S.S.I. 2014/347; there are other amending instruments but none is relevant.
13. In regulation 5(8) (functions of competent authorities in the United Kingdom) of the European Union (Recognition of Professional Qualifications) Regulations 2015 M21—
(a)for “advance electronic signatures under Article 2.2 of Directive 1999/93/EC on a Community framework for electronic signatures”, substitute “ advanced electronic signatures under Article 3(11) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market ”; and
(b)for “Decision 2009/76/EC”, substitute, “Decision 2009/767/EC M22”.
14. In regulation 2(1) (interpretation) of the National Health Service (Charges for Drugs and Appliances) Regulations 2015 M23—
(a)in the definition of “advanced electronic signature”, for the words “created using means that a signatory can maintain under their sole control”, substitute “ created using electronic signature creation data that the signatory can, with a high level of confidence, use under the signatory's sole control; ”;
(b)after the definition of “electronic signature”, insert—
““electronic signature creation data” means unique data which is used by the signatory to create an electronic signature;”; and
(c)after the definition “repeatable prescription”, insert—
““signatory” means a natural person who creates an electronic signature;”.
Marginal Citations
15.—(1) In regulation 3 (interpretation) of the National Health Service (General Medical Services Contracts) Regulations 2015 M24—
(a)for the definition of “advanced electronic signature”, substitute—
““advanced electronic signature” means an electronic signature which meets the following requirements—
(a)it is uniquely linked to the signatory;
(b)it is capable of identifying the signatory;
(c)it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under the signatory's sole control; and
(d)it is linked to the data signed in such a way that any subsequent change in the data is detectable;”;
(b)after the definition “electronic repeatable prescription”, insert—
““electronic signature” means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign;
“electronic signature creation data” means unique data which is used by the signatory to create an electronic signature;”; and
(c)after the definition “service provider” insert—
““signatory” means a natural person who creates an electronic signature;”.
Marginal Citations
16. In regulation 3 (interpretation) of the National Health Service (Personal Medical Services Agreements) Regulations 2015 M25—
(a)for the definition of “advanced electronic signature”, substitute—
““advanced electronic signature” means an electronic signature which meets the following requirements—
(a)it is uniquely linked to the signatory;
(b)it is capable of identifying the signatory;
(c)it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under the signatory's sole control; and
(d)it is linked to the data signed in such a way that any subsequent change in the data is detectable;”;
(b)after the definition “electronic repeatable prescription”, insert—
““electronic signature” means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign;
“electronic signature creation data” means unique data which is used by the signatory to create an electronic signature;”; and
(c)after the definition “Scheduled drug”, insert—
““signatory” means a natural person who creates an electronic signature;”.
Marginal Citations
17.—(1) The Public Contracts Regulations 2015 M26 are amended as set out below.
(2) In regulation 2(1) (definitions)—
(a)after the definition of “economic operator”, insert—
““electronic document” has the meaning given in Article 3(35) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market;”;
(b)after the definition of “electronic means”, insert—
““electronic signature” has the meaning given in Article 3(10) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market;”; and
(c)after the definition of “public works contracts”, insert—
““qualified certificate for electronic signature” has the meaning given in Article 3(15) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market;”.
(3) In regulation 22(17)(c) (rules applicable to communication: technical requirements for tools and devices)—
(a)for the words “Directive 1999/93/EC of the European Parliament and of the Council”, substitute “ Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market ”; and
(b)for the words “qualified certificate”, wherever they occur, substitute “ qualified certificate for electronic signature ”.
Marginal Citations
M26S.I. 2015/102, amended by S.I. 2015/1472.
18. In regulation 23(19) (rules applicable to communication) of the Public Contracts (Scotland) Regulations 2015 M27, for “Directive 1999/93/EC of the European Parliament and of the Council on a Community framework for electronic signatures”, substitute “ Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market ”.
Marginal Citations
19.—(1) In regulation 32(18) (rules applicable to communication) of the Concession Contracts (Scotland) Regulations 2016 M28, for “Directive 1999/93/EC of the European Parliament and of the Council on a Community framework for Electronic signatures”, substitute “ Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market ”.
Marginal Citations
M28S.S.I. 2016/65; amended by S.S.I. 2016/125.
20.—(1) The Utilities Contracts Regulations 2016 M29 are amended as set out below.
(2) In regulation 2(1) (definitions)—
(a)after the definition of “economic operator”, insert—
““electronic document” has the meaning given in Article 3(35) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market;”;
(b)after the definition of “electronic means”, insert—
““electronic signature” has the meaning given in Article 3(10) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market;”; and
(c)after the definition of “Public Contracts Regulations”, insert—
““qualified certificate for electronic signature” has the meaning given in Article 3(15) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market;”.
(3) In regulation 40(17)(c) (rules applicable to communication: technical etc. requirements for tools and devices)—
(a)for the words “Directive 1999/93/EC of the European Parliament and of the Council”, substitute “ Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market ”; and
(b)for the words “qualified certificate”, wherever they may occur, substitute “ qualified certificate for electronic signature ”.
Marginal Citations
21.—(1) The Utilities Contracts (Scotland) Regulations 2016 M30 are amended as set out below.
(2) In regulation 2(1) (interpretation)—
(a)after the definition of “economic operator”, insert—
““eIDAS Regulation” means Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market;”;
““electronic document” has the meaning given in Article 3(35) of the eIDAS Regulation;”;
(b)after the definition of “electronic means”, insert—
““electronic signature” has the meaning given in Article 3(10) of Regulation (EU) No 910/2014 of the eIDAS Regulation;”; and
(c)after the definition of “Public Contracts (Scotland) Regulations”, insert—
““qualified certificate for electronic signature” has the meaning given in Article 3(15) of the eIDAS Regulation;”.
(3) In regulation 38(18)(d) (rules applicable to communication), for the words “qualified certificate”, wherever they may occur, substitute “ qualified certificate for electronic signature ”.
(4) In regulation 38(19) (rules applicable to communication), for “Directive 1999/93/EC of the European Parliament and of the Council on a Community framework for electronic signatures” substitute, “ the eIDAS Regulation ”.
Marginal Citations
(This note is not part of the Regulations)
These Regulations implement the provisions of Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market (OJ No L 257, 28.8.2014, p73) (“the eIDAS Regulation”).
The eIDAS Regulation repeals and replaces Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community Framework for electronic signatures (OJ No L 13, 19.1.2000, p12) which was implemented in the United Kingdom by the Electronic Signatures Regulations 2002 (S.I. 2002/318) (“the 2002 Regulations”) and section 7 of the Electronic Communications Act 2000 (2000 c.7) (“the ECA 2000”). These Regulations revoke and replace S.I. 2002/318 and amend the ECA 2000.
Part 2 contains the supervisory provisions. Regulation 3 appoints the Information Commissioner as the supervisory body under these Regulations. The Information Commissioner is responsible for carrying out the supervisory body tasks and enforcing these Regulations.
Part 3 sets out the transitional provisions and consequential amendments. Qualified certificates issued before 1 July 2016, under the 2002 Regulations, are considered to be qualified certificates for electronic signatures under this Regulation until their expiry.
Schedules 1 and 2 set out the penalty and enforcement regime. Schedule 1 provides that where the supervisory body is satisfied that a trust service provider is in contravention of the eIDAS Regulation, it may issue a monetary penalty. Schedule 2 provides that where the supervisory body is satisfied that a trust service provider is in contravention of the eIDAS Regulation, the supervisory body may withdraw the provider's qualified status or serve an enforcement notice, assessment notice or an information notice. A trust service provider served with a monetary penalty or notice may appeal to the Upper or First-tier Tribunal.
A full impact assessment has not been produced for this instrument as no, or no significant impact on the private, voluntary or public sectors is foreseen.
A transposition note is available from the European Reform Directorate, Department for Business, Innovation and Skills, 1 Victoria Street, London SW1H 0ET and is also published with the Explanatory Memorandum alongside these Regulations on www.legislation.gov.uk.