Act on electronic service in the Administration 1318/1999, 1 enero 2000.
Chapter 1. General provisions
Section 1 Objective
(1) The objective of this Act is to improve the smoothness and rapidity of the service in the
administration, as well as data security, by promoting the use of electronic data interchange.
(2) The Act contains provisions on the rights, duties and responsibilities of the administrative
authorities and their customers in the context of electronic service.
(3) In addition, this Act contains provisions on the most significant requirements in the electronic identification of persons.
Section 2 Scope of application
(1) This Act applies to the electronic lodging of an administrative matter with an authority, to
its handling and to the service of notice of the decision (electronic service). This Act applies to
electronic service also when an administrative matter is being handled by someone else than a
public authority. The Act does not apply to administrative judicial procedure, criminal investigations, police inquiries or enforcement.
(2) Separate provisions apply to electronic service in the Evangelical Lutheran Church of Finland.
(3) Unless otherwise provided in this Act, the provisions in other legislation on the lodging of an administrative matter, the service of notice on the decision, the openness of the activities of the authorities, the processing of personal data, the archiving of documents, the language to be used in the matter, and the handling of the matter by the authorities apply also to electronic service.
Section 3. Definitions
For the purposes of this Act:
(1) electronic data interchange means telefaxes and teleservice, such as electronic forms or email,
and other methods based on electronics, where data is being transferred either wirelessly or via a cable as electromagnetic waves;
(2) electronic message means information sent by way of electronic data interchange and easily stored as a written document;
(3) electronic document means an electronic message which has an effect on the lodging or handling of a matter or on the service of a decision;
(4) certificate means a set of data that confirms the identity of the person in possession of the
certificate and the integrity and originality of his/her electronic signature;
(5) certifier means a reliable third party who defines and issues certificates;
(6) electronic signature means a set of data that confirms the integrity and originality of an
electronic message by a method that is open to public inspection;
(7) public key means a public set of data that is used in the confirmation of the identity of the person in possession of a certificate and the integrity and originality of an electronic signature.
Chapter 2. Provisions on certifiers'operations
Section 4. Requirements for certifiers
(1) The operations of a certifier shall be based on generally accepted defined methods and best data administration practices.
(2) The certifier shall have the technical, professional and financial resources that can be considered adequate in view of the extent of its operations.
Section 5. Requirements for certificates
(1) A certificate shall contain
(1) the name of the person in possession of the certificate and the other data, albeit not a personal identity code, necessary for the unequivocal identification of that person;
(2) the data identifying the certifier;
(3) the period of validity of the certificate;
(4) the identity code of the certificate;
(5) the electronic signature of the certifier; and
(6) the data on the possible restrictions of the use of the certificate.
(2) The certificate shall be based on adequately strong encryption and on definitions that are open to public inspection. In addition, the certificate shall be based on public key technology or on another method with at least the same standard of security.
Section 6. Access to and contents of the operating principles
The certifier shall keep the documentation on the operating principles applied in the certificate and certification freely available to the public. The documentation shall also contain the data on the technology used in the electronic signature of the certifier and, if public key technology is being used, on the algorithm applied therein.
Section 7. Procedure in the operations of the certifier
(1) The provisions in the following legislation apply to the issuance and maintenance of certificates and the use of the directories relating to them: the Administrative Procedure Act (598/1982), the Languages Act (148/1922), the Act on the Use of the Samí Language before the Authorities (516/1991), the Act on the Openness of Government Activities (621/1999), the Personal Data Act (523/1999) and the Archives Act (831/1994).
(2) A certificate issued to an employee of the certifier and meeting the requirements in this Act may be used when the certifier is deciding a matter under this Act, as well as in the certifier's other own service. In this event, the certificate need not be issued by a third party.
Section 8. Duty of a person requesting a certificate to supply information
A person requesting a certificate shall supply the certifier with his/her name, address and personal identity code for purposes of reliable and unequivocal identification and for the maintenance of contact.
Section 9. The certifier's access to information
(1) The certifier has the right, on the consent of the person requesting a certificate, to obtain and to check the information referred to in section 8 in the Population Register.
(2) The information shall be delivered from the Population Register as a public-law performance, as referred to in the Act on the Charge Criteria of the State (150/1992).
Section 10. Certificate directories
(1) The certifier shall maintain an appropriate and up-to-date directory of the certificates and the public keys in use, so as to allow for the verification of the validity of certificates and the
originality of electronic signatures.
(2) The data referred to in section 5(1) and section 8, and the data on the public keys in use, the validity of the certificate and the revocation of the certificate shall be entered into the directory. The data shall be entered into the directory without delay.
(3) A certificate shall upon the request of the person in possession be immediately revoked. No
reasons need be supplied for the request.
Section 11. Delivery of data in a certificate directory
(1) For purposes of verifying the validity of a certificate and the originality of an electronic
signature, everyone shall have access to a certificate directory, for data referred to in section 5(1), as well as data on the public keys in use, the validity of the certificate and the revocation of the certificate.
(2) The data not referred to in paragraph (1) shall be delivered from the certificate directory in
accordance with the provisions on the delivery of data in the Personal Data Act and the Act on the Openness of Government Activities. When requesting such access, reasons for the request shall be supplied. The data thus delivered shall not be used for purposes not mentioned at the time of the request.
Section 12. Archiving of the data in a certificate directory
(1) The data in a certificate directory shall be retained permanently.
(2) The provisions in section 14 of the Archives Act on the archiving of permanently retained documents apply to a certifier. The provision applies also to the transfer of the certificate
directory to an archive at the end of the certifier's operations.
Section 13. Verification of the validity of certificates
The certifier shall not record the verifications of the validity of certificates.
Section 14. Procedure in personal identification
(1) A certificate shall be fetched in person. At this time, the certifier shall verify the identity of the person from current domestic identification documents issued by the police. However, a driver's license issued before 1 October 1990 cannot be accepted as an identification document. In addition, the information shall be double-checked from the Population Register.
(2) If the person does not have documents referred to in paragraph (1) of if there otherwise is a special reason to verify the identification, the identity of the person shall be verified from a specific and current document issued by the police and vouching that the person has been identified.
Section 15. Certifier's liability in damages
(1) The certifier shall be liable in damages for any loss arising from data having been erroneous when it was entered into a certificate or the certificate directory, or from a certificate not having been revoked even though a request or notification for this effect has been received.
(2) However, the certifier shall not be liable for such loss, if it can show that the loss has not arisen from the negligence of the certifier.
(3) If the loss has arisen from the activity of a person employed in the certification operations or in a part of such operations, the certifier shall be released from liability only if also the said person would be released from liability under paragraph (2).
Section 16. Effect of a restriction in the use of a certificate on the obligations of the certifier
The provisions in this Act do not apply to a certifier whose certificates, owing to a restriction in their use, cannot be used in electronic service in the administration.
Section 17. Assignment of a certifier's duties to another person
A certifier may contractually assign a certifier's duty to another person. The provisions in this chapter on the certifier apply correspondingly to the assignee.
Chapter 3. Duties of the authorities
Section 18. Availability of electronic service
(1) An authority in possession of the requisite technical, financial and other resources shall offer to the public the option to send a message to a designated electronic address or other designated device so as to lodge a matter or to have it handled. Furthermore, the authority shall offer to the public the option to deliver electronically the statutory or ordered notifications, the requested accounts and the other comparable documents and messages.
(2) The authority may offer the services referred to in paragraph (1) also on a function-byfunction
or office-by-office basis.
(3) The authorities shall strive to use equipment and software that is technically as compliant and as user-friendly as possible to the customers of the administration. In addition, the authorities shall ensure an adequate level of data security both in their service and in interauthority
communications.
Section 19. Accessibility of the authorities
The authorities shall see to it that their electronic data interchange equipment is in working order and that their electronic data interchange equipment is accessible, in so far as possible, also outside office hours.
Section 20. Authorities'contact information
The authorities shall make their contact information for electronic data interchange available in an appropriate manner.
Chapter 4. Electronic lodging of matters
Section 21. Risk of delivery of an electronic message
The delivery of electronic messages to the authorities shall take place at the risk of the sender.
Section 22. Lodging a matter by electronic document
(1) If a matter is to be lodged in writing, it can be lodged also by way of a document delivered to the authority as an electronic message.
(2) If a matter is to be lodged by a signed document, an electronic signature shall be accepted as the signature, if the certifier and the certificate of the signature meet the requirements set in sections 4 and 5.
Section 23. Time of delivery
(1) An electronic message shall be deemed to have been delivered to the authority when it is available for the use of the authority in a reception device or data system so that the message can be handled.
(2) If the time of delivery referred to in paragraph (1)cannot be determined, the electronic message shall be deemed to have been delivered at the time it was sent, provided that the sending time can be reliably verified.
Section 24. Notification of receipt
(1) A notification of the receipt of an electronic message shall be given without delay by the authority to the sender. The notification can be given by way of the data system as an automatic receipt or otherwise. The notification of receipt shall not have any effect on the prerequisites for the handling of the matter; separate provisions apply to these prerequisites.
(2) The provisions in paragraph (1) do not apply to a document delivered by telefax or by comparable means.
Section 25. Diary entries and records
(1) Diary entries or other reliable records shall be made on electronic documents that have been received.
(2) A diary entry or record shall indicate the time of delivery of the document and the checks on the integrity and originality of the document.
Section 26. Technical editing of the message
An authority may technically edit a message received by it, if this is necessary in order to render the message into a legible format.
Section 27. Forwarding of an electronic document
The provisions in section 8 of the Administrative Procedure Act apply to the forwarding of an
electronic document delivered by mistake to the wrong authority.
Chapter 5. Electronic signature and service of notice of decisions
Section 28. Electronic signature of decisions
A decision may be signed electronically. The electronic signature of an authority shall meet the
requirements for an acceptable electronic signature, as provided in section 22(2).
Section 29. Electronic service of notice of a decision
(1) Where an appeal period begins upon service of notice of the decision or where the decision
enters into force upon service of notice, the decision may on the consent of the party be served also as an electronic message, but not, however, as a telefax or by comparable means.
In this event, the authority shall make a notification to the effect that the decision is available for retrieval by the party or a representative of the party on a server designated by the authority.
(2) The party or the representative of the party shall identify themselves at the time of retrieval of the decision. The identification may be accepted, if the certifier and certificate meet the requirements provided in sections 4 and 5.
(3) The service of notice of the decision shall be deemed effected upon retrieval of the document from the server referred to in paragraph (1). If the decision is not retrieved within seven days of the notification, the provisions in other legislation on service of notice shall be complied with in the service of notice of the decision.
Section 30. Copy of the decision
Once the period of validity of an electronic signature in a decision has ended, the party has the right to receive, upon request, a new copy of the decision free of charge.
Section 31. Contact information for rectification requests and appeals
If a rectification request or an appeal can be electronically lodged with an authority, the relevant contact information shall be supplied in the rectification or appeal instructions.
Otherwise, the provisions in section 24a of the Administrative Procedure Act on rectification
instructions and section 14 of the Act on Administrative Judicial Procedure (586/1996) on appeal instructions apply in the matter.
Section 32. Electronic service of notice of other documents
A document other than that referred to in section 19 may be served on a party as an electronic
message in the manner requested by the party. However, if data security so requires, the provisions in section 29(1) and (2) apply to the service of notice of the document.
Chapter 6. Miscellaneous provisions
Section 33. Electronic identity cards
A certificate referred to in section 3(1) of the Identity Cards Act (829/1999) shall always be
acceptable in electronic service.
Section 34. Acceptance of foreign certificates
A certificate issued in another country may be accepted, if the certifier and the certificate meet the requirements laid down in chapters 4-6, if the issuance of the certificate can be deemed
appropriate and if the operations of the certifier can be deemed to meet the criteria laid down in section 7(1).
Section 35. Duty of notification of the person in possession of a certificate
The person in possession of a certificate shall notify the certifier immediately if he/she loses possession or if he/she has reason to believe that the certificate is otherwise susceptible to unauthorised use.
Section 36. Consequences of the unauthorised use of a certificate
(1) A person in possession of a certificate shall be liable for the unauthorised use of an instrument of electronic identification or the production of an electronic signature only if he/she has relinquished possession of the instrument to a third person or if he/she has failed in the duty of notification provided in section 35.
(2) A person in possession of a certificate shall not be liable for the unauthorised use of the instrument
(3) if the instrument has been used after the notification on the loss of possession has been received by the certifier, or
(4) if the third party who relied on the certificate has not verified its validity.
Section 37. Penal provisions
(1) Chapter 38, section 9 of the Penal Code (39/1889) contains the penal provision governing
personal data file offences and section 48(2) of the Personal Data Act contains the penal provision governing personal data violations.
(2) A person who deliberately or negligently breaches the provisions in section 14 on the procedure for the identification of a person requesting a certificate shall be sentenced for neglect to identify a person requesting a certificate to a fine.
Section 38. Archiving
An electronic document shall be archived in a manner allowing for the later verification of its integrity and originality.
Section 39. Charges
Separate provisions apply to the charges payable for administrative decisions.
Section 40. Administrative instructions and guidance
(1) The Ministry of Finance shall publish a list of the certifiers and certificates in electronic
service in the administration meeting the requirements of sections 4 and 5; the list shall be as exhaustive and up-to-date as possible; In addition, the Ministry of Finance shall provide instructions and guidance on the arrangement of the data administration required for electronic service. The Ministry of the Interior shall provide instructions and guidance on the arrangement of electronic service.
(2) The Archival Service shall provide instructions and guidance on diary entries, other records and archiving in the context of electronic service.
Section 41. Appeals
(1) A decision on the issuance of a certificate in use in the administration or on the validity of such a certificate shall be subject to appeal before an Administrative Court as provided in the Act on Administrative Judicial Procedure.
(2) A certifier may request that information on itself or on the certificate offered by it be included in the list referred to in section 40 or that information in the list be deleted or altered.
A decision of the Government on such a request shall be subject to appeal as provided in the Act on Administrative Judicial Procedure.
Section 42. Further provisions
Where necessary, further provisions on the implementation of this Act shall be issued by Decree.
Section 43. Entry into force
(1) This Act shall enter into force on 1 January 2000.
(2) Measures necessary for the implementation of this Act may be undertaken prior to its entry into force.