ELECTRONIC COMMERCE AND ELECTRONIC SIGNATURE ACT

LJUBLJANA, JUNE 2000
 

I. GENERAL PROVISIONS

Article 1

This act regulates electronic commerce, which includes commerce in the electronic form on distance by the use of information and communication technology and use of electronic signature in legal affairs, including electronic commerce in judicial, administrative and other similar procedures, unless provided otherwise by law.

Unless otherwise agreed, the provisions of this act, except the provisions of article 4 in 14, do not apply to closed systems, which are entirely based on contracts among the established number of contracting parties.

Article 2 

For the purpose of this act:

1.  Electronic data means data, which are formed or stored in an electronic way;

2. Electronic message means an array of data, which are sent or received in an electronic way, which includes particularly electronic data interchange and electronic mail;

3. Electronic signature means an array of data in an electronic form, included, attached to or logically associated with other data and serves as a method of authentication of these data and identification of a signatory;

4. Advanced electronic signature means an electronic signature, which meets the following requirements:

that it is uniquely linked to the signatory;

that it is reliably capable of identifying the signatory;

that it is created using secure signature creation device that the signatory can maintain under his sole control;

that it is linked to the data to which it relates in such a manner that any subsequent change of the data or the connections between the data and the signature are detectable;

5. Time stamp means an electronically signed certificate of the certification service provider confirming the contents of the specific data at alleged time;

6. Sender of an electronic message means a person by whom or on whose behalf the electronic message was sent; an intermediary shall not be deemed to be the sender of the electronic message;

7. Addressee of an electronic message means a person to whom the sender intended the electronic message;

8. Recipient of an electronic message means a person who received the electronic message; an intermediary shall not be deemed to be recipient of the electronic message;

9. Intermediary of an electronic message means a person who for another person sends, receives and stores electronic messages or provides other services relating to electronic messages;

10. Signatory means a person by whom, or on whose behalf, an electronic signature is created;

11. Information system means a system used for forming, sending, receiving, storing or otherwise processing electronic data;

12. Signature creation data means unique data, such as codes or private cryptographic keys, used by the signatory to create an electronic signature;

13. Signature creation device means configured software or hardware, used by the signatory to create an electronic signature;

14. Secure signature creation device means a signature creation device which meets the requirements laid down in Article 37 of this Act;

15. Signature verification data means unique data such as codes or public cryptographic keys, used for the purpose of verifying an electronic signature;

16. Signature verification device means configured software or hardware, used for the purpose of verifying an electronic signature;

17. Electronic signature product means configured hardware or software, or relevant components thereof, which are intended to be used by a certification service provider for the provision of electronic signature services or are intended to be used for the creation or verification of electronic signatures;

18. Certificate means a certificate in an electronic form, which links signature verification data to a person (certificate holder) and confirms the identity of that person;

19. Qualified certificate means a certificate which meets the requirements laid down in Article 28 of this Act and is issued by the certificate service provider who fulfils the requirements laid down in Articles 29 to 36 of this Act;

20. Certification service provider shall mean a natural or legal person, who issues certificates or provides other services related to certification service or electronic signatures. 

Article 3

Persons shall be free to agree on matters regarding creating, sending, receiving, storing or other processing of electronic messages in a different manner than it is stated in this act, unless this conflicts with individual provisions of this act or their meaning.

Article 4

Legal effectiveness and admissibility as evidence shall not be denied to the data in the electronic form solely on the grounds that they are in the electronic form.

II. ELECTRONIC COMMERCE

Section 1 – Electronic message

Article 5

1. It is assumed that an electronic message originates from a sender if:

it is sent by the sender, or;

it is sent by a person authorised by the sender, or;

it is sent by an information system, programmed by the sender himself, or programmed by an order of the sender to operate automatically, or;

the recipient established the origin of a message by application of procedure or technology, which was previously agreed upon between the sender and the recipient.

2. Previous paragraph does not apply:

as of the time when the recipient has both received notice from the sender that the electronic message is not that of the sender, and had reasonable time to act accordingly or;

if the recipient knew or should or should have known, had it exercised reasonable care or used any agreed technology and procedure, that the electronic message was not that of the sender.

Article 6 

The recipient is entitled to regard each electronic message received as a separate electronic message and to act on that assumption, except to the extent that the electronic message was duplicated and the recipient knew or should have known, had it exercised reasonable care or used any agreed technology and procedure.

Article 7

Where the sender has previously or at the time of sending the electronic message or within the electronic message requested or agreed with the recipient upon the acknowledgement of the receipt of the message and stated that the electronic message is conditional on receipt of the acknowledgement, the electronic message is treated as though it has never been sent, until the sender receives the acknowledgement on the receipt.

Where the sender does not state that the electronic message is conditional on receipt of the acknowledgement, and the acknowledgement has not been received within the time specified or agreed or, if no time has been specified or agreed, within a reasonable time, the sender may give notice to the recipient stating that no acknowledgement of the receipt has been received and specifying a reasonable time by which the acknowledgement must be received. If the acknowledgement is not received within the time specified, upon previous notice to the recipient, may the sender treat the electronic message as though it had never been sent.

Where the sender has not agreed with the recipient on a particular form of the acknowledgement of the receipt of the electronic message, an acknowledgement may be given by any confirmation by the recipient, automated or otherwise, or any conduct of the recipient, sufficient to indicate to the sender that the electronic message has been received.

Article 8

Where the sender receives the recipient’s acknowledgement of the receipt, it is presumed that the related electronic message was received by the recipient. That presumption does not imply that the electronic message sent corresponds to the electronic message received.

Article 9

Unless otherwise agreed, the dispatch of the electronic message occurs when it enters an information system outside the control of the sender or the person who sent the electronic message on behalf of the sender.

Article 10

Unless otherwise agreed, the time of receipt of an electronic message is the time when the electronic message enters the recipient’s information system.

Unless otherwise agreed and regardless of the provisions of the previous paragraph, if the recipient has designated an information system for the purpose of receiving electronic messages, receipt occurs at the time when the electronic message enters the designated information system, or, if the electronic message is sent to an information system other than the designated information system, at the time when the electronic message is retrieved by the recipient.

Provisions of the previous paragraph apply notwithstanding that the place where the information system is located may be different from the place where the electronic message is deemed to be received after this act.

Article 11

Unless otherwise agreed, an electronic message is deemed to be dispatched from the place where the sender has his place of business or his permanent residence at the time of sending of the electronic message, and is deemed to be received at the place where the recipient has place of business or his permanent residence at the time of the receipt.

If the sender or the recipient does not have a permanent residence, an electronic message is deemed to be dispatched, after the previous paragraph, from the place or received at the place of his habitual residence at the time of sending or receiving of the electronic message.

Section 2 – Electronic data

Article 12

Where the law or any other provision requires that certain documents, records or data be retained, that requirement is met by retaining electronic data, provided that the following requirements are met:

if the information, contained in an electronic document or record is accessible so as to be usable for subsequent reference; and

if the information is retained on the format, in which it was generated, sent or received, or in a format which represents accurately the information generated, sent or received; and

if such information is retained as to enable the identification of the origin and destination of an electronic message and the place and time when it was sent or received; and

if such technology and procedures are used as to prevent in a sufficient manner any change or deletion of data, which would not be easily ascertained, or to reliably assure the inalterability of the message.

An obligation to retain documents, records or information in accordance with the previous paragraph does not extend to any information the sole purpose of which is to enable the electronic message to be sent or received (communication data).

Where the law or any other regulation requires that certain data are to be presented or retained in the original form, that requirement is met by the message in the electronic form, provided that the conditions set forth in paragraph (1) of this article are met.

The provisions of this article shall not apply to the data, for which this act prescribes more rigorous or special requirements on the retention.

Article 13

Where the law or any other regulation requires information to be in writing, that requirement is met by an electronic message, if the information contained therein is accessible so as to be usable for subsequent reference.

The provisions of the previous paragraph do not apply to:

contracts regulating property and other rights and other rights on immovable things;

contracts regulating testaments;

contracts regulating property relationships between spouses;

contracts of disposal of property belonging to persons who have been dispossessed of legal capacity;

contracts of tradition and division of property inter vivos;

contracts of life-subsistence and agreements of waiver of heirship prior to inheritance;

contracts of donations and contracts of donations mortis causa;

contracts of sale with the retention of ownership;

other legal acts, which shall be, according to legal provisions, made in a form of a notarial note.

III. ELECTRONIC SIGNATURE

Section 1 – General provisions

Article 14

Electronic signature shall not be denied legal effectiveness or admissibility as evidence solely on the grounds of its electronic form or not being based on a qualified certificate or a certificate issued by an accredited certification service provider or not being created by a secure signature creation device.

Article 15

Advanced electronic signature, verified with qualified certificate, is equal to autographic signature in relation to data in electronic form, and has therefore equal legal effectiveness and admissibility as evidence.

Article 16

Persons, who store the documents, which are electronically signed with the use of signature creation data and signature creation devices, shall store complementary signature verification data and signature verification devices for as long as the documents are stored.

Article 17

The use of signature creation data or signature creation devices without the knowledge of the signatory or the holder of a certificate, which refers to these data or devices, is prohibited. 

Section 2 – Certificates and certification service providers, who issue them

Article 18. 

Certification service provider does not require a special permit for performing his activity.

Certification service provider must report the beginning of performing the activity to the ministry, competent for economy (hereafter: ministry) at least eight days before the beginning. At the beginning of performing the activity or at the change of the activity, certification service provider has to inform the ministry about his internal rules regarding the signature creation and verification and about his procedures and infrastructure.

Certification service provider, who provides services of advanced electronic signature creation, must in his own internal rules take into consideration the security requirements defined with this act and the regulations issued on the basis of this act.

Certification service provider must fulfil the requirements from his internal rules so as at the beginning as continuously all the time of performing the activity.

Article 19

Certification service provider must inform promptly the ministry about all circumstances, which obstruct and prevent him from performing the activity in accordance with current regulations or his internal rules.

Certification service provider must inform promptly the ministry about possible beginning of bankruptcy or compulsory settlement.

Article 20

Certification service provider must revoke the certificate laid down in item 18 of Article 2 in time of its validity in accordance with his internal rules, which regulate revocations of the certificates, however always promptly:

if the revocation is demanded by the certificate holder or his trustee; or

when the certification service provider finds out that the certificate holder has lost his legal capacity, passed away, ceased to exist or that the circumstances, which have an essential influence on the validity of the certificate, have changed; or

if data in the certificate are false or the certificate was issued on the basis of false data; or

if signature verification data or the information system of the certification service provider were threatened in a way, that influences on the reliability of the certificate; or

if signature creation data or the information system of the certificate holder were threatened in a way, that influences on the reliability of the electronic signature creation; or

if the certification service provider ceases with the activity or he has been prohibited to operate and it his activity has not been taken over by another certification service provider; or

upon receiving an order from the competent court, magistrate or an administrative body for the revocation.

Certification service provider must in his internal rules define when and in what way a notification about an issuance or a revocation of the certificate will be given.

Irrespective of internal rules, a certification service provider must always inform promptly the certificate holder about the revoked certificate and deliver the information about the revocation to every person that demands it, or publish them if he keeps a register on revoked certificates.

Article 21

The ministry must promptly ensure the revocation of the certificates of the certification service provider if he ceases to operate or he is prohibited to operate and his activity has not been taken over by another certification service provider, if the certification service provider does not revoke the certificate.

Article 22

The certificate holder must keep signature creation data and signature creation devices with reasonable care and use them in accordance with the requirements of this act and regulations issued on the basis of this act and must prevent unauthorised access to these data and devices.

The certificate holder must demand the revocation of his certificate if his signature creation data or his information system were lost or threatened in a way, which influences on the reliability of the electronic signature creation, or if a possibility of abuse exists or if data stated in the certificate have been changed.

Article 23

If the certificate includes information about a third person, who is not a certificate holder, this person is also entitled to demand a revocation of the certificate.

Article 24

As between the certificate holder and certification service provider, the revocation is effective from the moment of revocation. As between certification service provider and any other person, the revocation is effective from the time it is published or, if the revocation is not published, from the moment that the other person is informed about it.

Revocation of the certificate shall include the time when the revocation took place.

Revocation is valid from the moment it took place onward. A retroactive revocation is not permitted.

Article 25

Provisions regulating certificate and qualified certificate shall mutatis mutandis apply to the time stamp and services concerning it.

Article 26

Certification service provider must keep the documentation about the security measures in accordance with this act and the regulations, issued on the basis of this act, and about all the issued and revoked certificates in such a manner, that the information will be accessible at any time and its authenticity and inalterability can be verified at all times but at least five years from the particular event or action.

Article 27

The certification service provider must previously notify the ministry and the certificate holders that received his certificates, of the cessation of his activity, and ensure that all his rights and obligations concerning the certificates, issued by him, are taken over by another certification service provider or are revoked.

Certification service provider must forward all of his documentation to another certification service provider, who will take over all of his rights and obligations  concerning the issued certificates, or to the ministry, if there is no such certification service provider.

Section 3 – Qualified certificates and certification service providers, who issue them


Article 28

1. Qualified certificate must contain:

an indication that it is issued as a qualified certificate;

name or firm and State of permanent residence or of place of business;

name and pseudonym of the signatory respectively or name and pseudonym of the information system respectively, alleging the certificate holder, under whose control it is, with a compulsory statement that it is a pseudonym;

specific data of the certificate holder, required for the purpose for which the certificate is intended;

signature verification data, which correspond to signature creation data under the control of the certificate holder;

an indication of the beginning and the end of the period of validity of the certificate;

identification code of the certificate;

safe electronic signature of the certification service provider, who issued the certificate;

eventual limitations on the scope of the use of the certificate;

eventual limitations on the value of transactions, for which the certificate can be used.

2. Unless otherwise agreed, a certificate must not include any other data.

Article 29

Certification service provider, who issues qualified certificates, must ensure  to provide services concerning electronic signature with reasonable professional care. 

Article 30

Certification service provider, who issues qualified certificates, must ensure the management of a register of revoked certificates, which must contain in particular the identification code of the revoked certificate, so that it can be precisely identified. The register must not contain the information about the reasons for the revocation or any other data, which are not contained in the certificate, except the date and time of the revocation. The register must have a safe electronic signature and the signature must be verified with a qualified certificate with at least the same reliability as the certificates, revoked in the register.

Certification service provider must ensure a possibility of a prompt and safe revocation of the qualified certificate, and also a possibility, that the time when the qualified certificate was issued or revoked, can be precisely determined.

Certification service provider, who issues qualified certificates, must upon the cessation of his activity ensure that another certification service provider, who issues qualified certificates, keeps the revoked qualified certificates in his own register.

If certification service provider does not ensure a continuation of the revocation service, the ministry shall ensure at his expenses that the service is taken over by another certification service provider.

Article 31

Certification service provider, who issues qualified certificates, must with help of an official personal identity document – with a photograph for natural persons or with officially verified documents for legal persons – reliably ascertain the identity and other important characteristics of the person, who requires a certificate.

Article 32

Certification service provider, who issues qualified certificates, must, to ensure implementation of all the provisions of this act, employ personnel who possess the expert knowledge, experience and qualifications necessary for the services provided, in particular competence at managerial level, expertise in electronic commerce technology and familiarity with proper security procedures. 

Personnel must apply administrative and management procedures, which are adequate to recognised standards.

The Government of the Republic of Slovenia prescribes with a governmental regulation the kind and the degree of the professional education, years of experience and eventual additional qualifications required to meet the requirements form the paragraph (1).

Article 33

Certification service provider must use trustworthy systems and products, which are protected against modification and ensure the technical and cryptographic security of the process supported by them.

Certification service provider must take security measures against forgery of certificates, and, in cases where he generates signature creation data, guarantee confidentiality of the data during the whole process of generating these data.

Certification service provider must not store the signature creation data of the ertificate holder.

Certification service provider must, to store the certificates, use trustworthy systems, which enable a simple detection of alterations and at the same time enable:

that only authorised persons can make new entries and changes;

that information can be checked for authenticity;

that certificates are publicly available only if the certification service provider has previously obtained a consent from the certificate holder; 

that any technical changes compromising the security requirements are apparent to the operator.

The Government of the Republic of Slovenia prescribes with an governmental regulation the more exact criteria to meet the requirements from this article.

Article 34

Certification service provider, who issues qualified certificates, must ensure the risk of liability for damages. The lowest amount of the insurance is prescribed by the regulation by the Government of the Republic of Slovenia.

Article 35

Certification service provider, who issues qualified certificates, must store all relevant information concerning qualified certificates, in particular for the purpose of providing evidence of certification for the purposes of judicial, administrative and other proceedings, for as long as the data, signed with the electronic signature to which the qualified signature is referred, will be stored, but at least for five years from the issuance of the certificate.

The important information of the qualified certificates are deemed in particular the information about how to establish the identity of a certificate holder, about the time and the way of issuing the certificate, the cause, the time and the way of an eventual revocation of the certificate, the time of validity of the certificate and about all the messages, referring to the validity of the certificate, exchanged between the certification service provider and the certificate holder.

The information from the paragraphs (1) and (2) may be recorded electronically.

Article 36

Certification service provider, who issues qualified certificates, must before entering into contractual relationship with a person requiring a certificate, notify that person of all important circumstances regarding the use of the certificate.

Notification shall include:

a precise summary of valid regulations and internal rules and other conditions regarding the use of the certificate;

information on eventual limitations on the use of the certificate;

information on existence of a voluntary accreditation;

information on the procedures for complaints and dispute settlements;

information on the measures of the certificate holder, necessary for the security of signature creation and for the verification of the electronic signatures and information on the appropriate technology;

admonition that the data, which are already electronically signed, will have to be electronically signed again before the security of the existing electronic signature is diminished with time.

Such notification must be written in a readily understandable language and in writing on durable means of communication.

Relevant parts of this notification must be available on request to third persons relying on the certificate.

Section 4 – Technical requirements for secure signature creation

Article 37

Secure signature creation devices must, by the use of appropriate procedures and infrastructure ensure that:

1. the signature creation data used for signature creation are unique and their secrecy is reasonably assured;

2. the signature creation data cannot, in reasonable time and by reasonable means, be derived from the signature verification data, and the electronic signature is effectively protected against forgery using currently available technology;

3. the signatory can reliably protect his signature creation data from unauthorised access.

Secure signature creation devices must not alter the signed data or prevent the data to be presented to the signatory prior to the signature process.

4. The Government of the Republic of Slovenia prescribes with a governmental regulation more exact criteria to meet the requirements concerning secure signature creation devices from this article.  

Article 38

1. During the advanced signature verification process must be ensured with the use of appropriate procedures that:

the data used for verifying the electronic signature correspond to the data displayed to the verifier;

the signature is reliably verified and the result of the verification and identity of the certificate holder is correctly displayed to the verifier;

the verifier can reliably establish the contents of the signed data;

the authenticity and validity of the certificate required at the time of signature verification are verified;

the use of a pseudonym is clearly indicated;

any security-relevant changes can be detected.

2. The Government of the Republic of Slovenia prescribes with a governmental regulation more exact criteria to meet the requirements concerning the procedures and infrastructure from the previous paragraph.

Section 5 – Liability of the certification service providers

Article 39

By issuing a qualified certificate, the certification service provider is liable to any person, who reasonably relies on the qualified certificate, for:

accuracy of all data in the qualified certificate as from the time it was issued and that the certificate contains all the data, prescribed for a qualified certificate;

assurance that at the time of the issuance of the certificate, the certificate holder identified in the certificate held the signature creation data corresponding to the signature verification data, given or identified in the certificate;

assurance that the signature creation data and the signature verification data together function in a complementary manner in cases where the certification service provider generates them both;

immediate revocation of the certificate, if there is a reason for such action, and notification of the certificate revocation;

implementation of the requirements of this act and the regulations issued on the basis of this act regarding advanced electronic signatures and qualified certificates.

Certification service provider may indicate in a qualified certificate limitations of the use or the highest values of transactions of that certificate and is not liable for consequences arising from use of a qualified certificate which exceeds the limitations on it, if the limitations are recognisable to third persons.

Certification service provider is liable for the eventual damage, if he is not able to prove that the damage occurred without his fault.

Section 6 – Supervision

Article 40

Ministry performs the supervision over the implementation of the provisions of this act.

The ministry, within its supervision powers:

verifies, whether the requirements of this act and regulations issued on the basis of this act are adequately transmitted into internal rules of the certification service providers;

verifies, whether the certification service provider within his activity at all times fulfils the requirements of this act and regulations issued on the basis of this act and his internal rules;

supervises the use of appropriate procedures and necessary infrastructure in case of assurance of qualified certificates;

supervises the legitimacy of issuing, storage and revocations of the certificates; 

supervises the legitimacy of implementation of other services of certification service providers.

The ministry keeps an electronic public register of all certification service providers in the Republic of Slovenia. On the request of certification service providers also foreign certification service providers may be registered in the register of all certification service providers, if they fulfil the requirements of this act for the validity of their certificates in the Republic of Slovenia.

The register of certification service providers receives an advanced electronic signature from the ministry. The qualified certificate of the ministry is published in the Official Journal of the Republic of Slovenia.

Article 41

Within his supervision the inspector is in title to:

inspect the documentation and files, which refer to the operation of certification service providers;

inspect premises, in which the certification service is performed, information technology, infrastructure and other equipment and technical documentation of the certification service providers;

control measures and procedures of the certification service provider.

Inspector has the right to confiscate the documentation for up to fifteen days, if it is necessary to secure the evidence or to accurately ascertain the irregularities. In such cases he must issue a receipt about the confiscation.

The inspector is obliged to safeguard the information about the certificates and personal data, obtained within the implementation of his inspection, as an official secret.

The inspector may by an administrative decision:

prohibit the use of inappropriate procedures and infrastructure;

in full or in part temporarily suspend the operation of the certification service provider;

prohibit the operation of the certification service provider, if he fails to fulfil the requirements of this act and the regulations issued of the basis of this act, and if milder measures failed or would fail to succeed;

order revocation of the certificates, when there is a reason to believe that the certificates were forged;

A complaint, on which the government of Republic of Slovenia will decide, is allowed against the provision from the previous paragraph. The complaint does not suspend the execution of the decree issued under the second indent of the paragraph 4 of this article.

Prohibition of operation shall not influence the validity of previously issued certificates.

Section 7 – Voluntary accreditation

Article 42

Certification service providers, who prove that they fulfil all the requirements prescribed with this act and the regulations issued on the basis of this act, may demand that the accreditation body registers them in the register of the accredited certification service providers.

On the request of the accredited certification service providers also foreign certification service providers are registered in the register of accredited certification service providers, if they fulfil the requirements of this act for the validity of their certificates in the Republic of Slovenia.

Certification service providers, registered in the register of the accredited certification service providers (accredited certification service providers) can officiate with the declaration of their accreditment.

Certification service providers, registered in the register of the accredited certification service providers, may indicate this fact in the issued certificates.

Article 43

Accreditation body keeps a public electronic register of its voluntary accredited certification service providers.

Accreditation body gives an advanced electronic signature to the register of the accredited certification service providers. Qualified certificate of the accreditation body is published in the Official Journal of the Republic of Slovenia.

Article 44

Accreditation body performs the supervision and the official actions over the accredited certification service providers.

Accreditation body:

issues general recommendations of the operation of the certification service providers and recommendations and standards for the operation of the accredited certification service providers in accordance with the law and the regulations issued on its basis;

verifies, whether the requirements of the law and the regulations issued on its basis are adequately transmitted to the internal rules of the accredited certification service providers

verifies, whether the certification service provider meets the requirements of this act and regulations issued on the basis of this act and his internal rules at all times within his activity;

controls the use of appropriate procedures and infrastructure with the accredited certification service providers;

controls the legitimacy of issuing, storage and revocations of the certificates of the accredited certification service providers;

controls legitimacy of the implementation of other services of the accredited certification service providers.

Accreditation body may recommend:

a change of the internal rules of the accredited certification service provider;

cessation of further use of inappropriate procedures and infrastructure to the accredited certification service provider.

In the certification service provider does not follow the recommendations of the accreditation body, he is erased from the register of the accredited certification service providers by the accreditation body with an administrative decision.

Within fifteen days from receiving such administrative decision a complaint is allowed, upon which is decided by the minister, competent for economy.

The minister is obliged to issue an administrative decision on the complaint within thirty days after receiving it. The decision on the complaint is final.

Article 45

The duty of the accreditation body is performed by the Agency for telecommunications.

Section 8 – Validity of foreign certificates

Article 46

Qualified certificates of the certification service provider with a place of business originating from European Union are equal to domestic qualified certificates.

Qualified certificates of the certification service providers with a place of business originating from the third countries are equal to domestic qualified certificates:

if the certification service provider fulfils the requirements laid down in Articles 29 to 36 of this Act and is voluntarily accredited in the Republic of Slovenia or in one of the European Union Member States;

if the domestic certification service provider, who fulfils the requirements, laid down in Articles 29 to 36 of this Act, guarantees for such certificates as if they were his own;

if it is provided by a bilateral or multilateral agreement among the Republic of Slovenia and other countries or international organisations;

if it is provided by a bilateral or multilateral agreement among European and other countries or international organisations.

IV. PENAL PROVISIONS

Article 47

Monetary penalty of 500.000 tolars to 5.000.000 tolars for minor offence is imposed on the certification service provider if he:

does not certainly ascertain the identity or other meaningful characteristics of the person, who requests the qualified certificate (Article 31);

issues a qualified certificate, which does not contain all the requested data or contains the data, which it should not contain (Article 28);

does not revoke the certificate or qualified certificate in cases, where it is requested by law or his internal rules (Articles 20 and 23);

within the revocation does not indicate the time of the revocation of the certificate or the qualified certificate or if he revokes it retroactively(Articles 20 and 24);

does not inform the petitioner of the certificate or qualified certificate about all the obligatory information(Article 36);

does not inform the ministry before the cessation of his operation and does not ensure that the concern for all the valid certificates or qualified certificates is taken over by another certification service provider, or that the certificates are revoked (Article 27);

does not hand over all the documentation to another certification service provider or to the ministry (Article 27);

does not inform the ministry about the possible beginning of bankruptcy or compulsory settlement or other circumstances, which prevent him from implementing the provided requirements (article 19);

does not keep the prescribed documentation (article 26);

does not enable an insight or confiscation of his documentation to the inspector or does not hand the necessary information and explication (article 41);

does not report the beginning of performing the activity or does not present the internal rules (article 18);

issues qualified certificates and does not keep or deficiently keeps a register of revoked certificates (Article 30);

issues qualified certificates and does not execute adequate security measures to prevent unauthorised collecting or copying of signature creation data from his part or by a third person (Article 33);

performs his activity in spite of interdiction by the ministry (Article 41);

unjustifiably uses the characterisation of the accredited certification service provider (Article 42).

If the certification service provider is a legal person, a monetary penalty of 50.000 to 100.000 is imposed also on the responsible person of the legal person for minor offence according to the previous paragraph of this article.

Article 48

Monetary penalty of 50.000 to 150.000 tolars for minor offence is imposed on the certificate holder or, in case of a legal person, his responsible person, if he:

does not demand a revocation of the certificate or qualified certificate (Article 22);

uses signature creation data and signature creation devices in a manner that is violating the requirements of this act and the regulations issued on the basis of this act (article 22);

Article 49

Monetary penalty of 50.000 tolars to 150.000 tolars for minor offence is imposed on the individual who without knowledge of the signatory or a certificate holder abuses of his signature creation data or signature creation devices (article 17).

V. TRANSITIONAL AND FINAL PROVISIONS

Article 50

The Government of the Republic of Slovenia issues an governmental regulation to regulate:

measures for the assessment of reliability and for the assessment of implementation of technical requirements laid down in Articles 33., 37. and 38;

professional education, knowledge and experiences from the Article 32;

a minimal amount, which a certification service provider shall have at disposal for the defrayal of responsibility;

the form, publication and the accessibility of the internal rules of the certification service providers;

period of validity of the qualified certificates, the period after which a new electronic signature should be given to already electronically signed data and the relevant procedure;

scope of use, requirements and admissible deviations at performing services concerning secure time stamps;

type and form of characterisation of the accredited certification service provider;

technical conditions for the electronic commerce in public administration.

The Government of the Republic of Slovenia issues implementing regulations laid down in the first paragraph of this Article in sixty days at the latest after this act is published in the Official Journal of the Republic of Slovenia.

Article 51

Minister competent for economy may regulate more precisely the way of the implementation of individual provisions of this act. 

Article 52

Until the adoption of an act that will regulate the conditions for the electronic commerce concerning the verification of a signature by notaries or other competent body, the provision from the article 15 does not apply for such cases.

Article 53

The item 4. of the second paragraph of Article 46 of this act enters into force on the day of the admission of the Republic of Slovenia into a full membership of the European Union.

Article 54

Until the Agency for telecommunications does not take over the duties after this act, duties from its competence after this act are performed by Government Centre for Informatics.

Article 55

This act shall enter into force on the 60th day after its publication in the Official Journal of the Republic of Slovenia. 

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *

Este sitio usa Akismet para reducir el spam. Aprende cómo se procesan los datos de tus comentarios.