Legislation and standards

Over and above the digital signature law, it is regulated by a series of laws and technical regulations which should ensure its proper implementation:

LISI

The law 56/2007, dated 29 December 2007, on measures to promoting Law 56/2007, published on 28 December, on Measures to Promote the Information Society, emerged with the purpose of encouraging the digital society. It lays out a series of mandatory steps in areas of great influence on economic activity, namely:

• Electronic communications services to consumers, as set forth in Law 32/2003, published November 3, General of Telecommunications
• Servicios financieros destinados a consumidores.
• Water supply services to consumers
• Gas supply services for retail sector
• Electric supply services to end consumers
• Travel agency services
• Passenger transport services by road, rail, sea, or air
• Commercial activities in retail sector.

LAECSP

The main objective of the Law 11/2007 of 22 June, related to electronic access of citizens to Public Service, is the development of a modern management, focused on delivering to citizens the most efficient service possible, taking advantage of the continuous advancement in information technology. The main impact lies in the fact that it makes the adoption of instruments for the development of eGovernment obligatory than optional. At Isigma, we offer advisory services to align your organization to the requirements of the LAECSP.

The law for digital signatures

The Law 59/2003 of December 19, 2003, for digital signatures, governs the validity of digital signatures in Spain and requirements to be met by certification service providers. Unlike the DIRECTIVE 1999/93/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL, dated 13 December 1999 that laid down a basic framework for digital signatures, law 59/2003 introduces the possibility to issue electronic certificates to lawful individuals and also regulates electronic ID card.

European directive for digital signatures

The DIRECTIVE 1999/93/EC of the EUROPEAN PARLIAMENT and COUNCIL, dated 13 December 1999, establishing a Community framework for digital signatures "is intended to facilitate the use of digital signatures and to contribute to their legal recognition. The present directive establishes a legal framework for digital signatures and certification services in order to ensure the correct functioning of the internal market.”

Order of the Treasury for the use of digital signatures on tax relations

ORDER HAC/1181/2003 dated 12 May, which is said to have laid down specific norms on the use of digital signatures in electronic tax relations over computer and telematics with the State Tax Administration Agency, is an example of how digital signatures can impact the automation of business processes.

Technical norms and standards

On the other hand, institutions such as CEN (European Centre for Standardisation), ETSI (European Telecommunications Standards Institute), the IETF-PKIX (Internet Engineering Task Force) or RSA Laboratories develop different standards, specifications and norms governing the technology, procedures and formats of information exchanged. Some of the most important ones are:

• CEN-CWA Series 14 167: Security Requirements for Trustworthy Systems Managing Certificates for Electronic Signature, which establishes requirements for software and hardware systems that manage the life cycle of certificates.
• CEN-CWA 14169: Secure Signature Creation Devices" EAL 4 + ", which demands a protection profile for secure signature creation devices mentioned in the law 59/2003 dated 19 December 2003, for electronic signatures and the European directive.
• ETSI TS 101 456 ESI: Policy Requirements for certification authorities issuing qualified certificates, which states a policy to be followed by certification service providers that issue recognised certificates.
• ETSI TS 101 733 ESI: Electronic signature formats, which define the formats of the digital signatures. Each format presents more complete evidences than the previous format to be verifiable independently.
• IETS-PKIXX: A long list of RFCs (Request For Comments) that try to ensure the interoperability of digital signature systems. As shown in the RFC 3280 Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, RFC 3647 Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework, the standards PKCS # (Public Key Cryptography Standards) of RSA Laboratories released now have laid the foundation for ensuring the interoperability of public key infrastructure (PKI - Public Key Infrastructure).