New Act on Trust Services and Electronic Identification
The Act on Trust Services and Electronic Identification is intended to adapt Polish law to the EU’s eIDAS Regulation. Among other things, it repeals the Electronic Signature Act. The new act is part of a broad trend toward creation of a new regulatory framework for digital commerce.
On 5 September 2016 the Polish Sejm adopted the Act on Trust Services and Electronic Identification. After ratification by the Senate without amendments, it now awaits the signature of the President. Most of the provisions of the new act will enter into force 7 days after publication.
eIDAS Regulation
The eIDAS Regulation is designed to serve as the basis for making secure electronic transactions and expanding the digital economy in the European Union. It replaces the existing Electronic Signatures Directive while introducing entirely new types of trust services, such as electronic registered delivery services (intended to replace traditional registered mail), website authentication, and electronic seals.
The eIDAS Regulation also lays the groundwork for identifying participants in digital commerce. This primarily involves introduction of an obligation of mutual recognition of electronic identification means issued in other EU member states, which should become the equivalent of traditional identity documents in the digital world.
Act on Trust Services and Electronic Identification
The eIDAS Regulation began to be applied on 1 July 2016. It applies directly (not requiring implementation into national law), but the Polish regulations nonetheless need to be adjusted to suit the eIDAS Regulation.
This is to be achieved through the recently adopted Act on Trust Services and Electronic Identification. The act first and foremost:
- Establishes the rules for functioning of the national trust services infrastructure
- Defines the fundamental rules for conducting activity by trust services providers
- Establishes the procedure for notification of the national electronic identification scheme
- Appoints supervision over trust service providers
- Contains criminal provisions and provisions concerning fines
- Introduces numerous changes to the current regulations, mainly to adapt them to the terminology used in the eIDAS Regulation.
Significance for trust service providers
Providing trust services typically entails implementation of complex IT, encryption and business processes. The eIDAS Regulation establishes a framework but leaves great discretion to market players, including for the development of market service standards.
It appears that this trend is maintained by the new Polish act. For example, the existing Electronic Signature Act regulated in detail the issue of the contents of the certification policy applied by qualified entities providing certification services. The new act, by contrast, merely mentions the need to adopt such a certification policy.
This approach on one hand provides greater freedom to market participants, enabling them to develop new technical solutions and pursue innovative business models. On the other hand, without detailed statutory guidelines, trust service providers and other entities operating in the area of electronic identification will have to concentrate more on creating the optimal rules for providing such services.
Other significant legal acts
The Act on Trust Services and Electronic Identification represents just one part of the broader activity of Polish lawmakers in creating regulations facilitating digital commerce. Other efforts involve for example support for cash-free trade and enabling electronic communications with the public administration (e.g. through the trusted profile and the ePUAP platform) and the courts.