法律人 LawPlayer logo

資料由法律人 LawPlayer整理提供·EU law / curated by LawPlayer from EUR-Lex

Decision

Commission Implementing Decision (EU) 2016/650 of 25 April 2016 laying down standards for the security assessment of qualified signature and seal creation devices pursuant to Articles 30(3) and 39(2) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market (Text with EEA relevance)

CELEX
Implementing Decision (EU) 2016/650
Date of document
Articles
4
Source
EUR-Lex
Article 1

1.   The standards for the security assessment of information technology products that apply to the certification of qualified electronic signature creation devices or qualified electronic seal creation devices according to point (a) of Article 30(3) or 39(2) of Regulation (EU) No 910/2014, where the electronic signature creation data or electronic seal creation data is held in an entirely but not necessarily exclusively user-managed environment are listed in the Annex to this Decision.

2.   Until the establishment by the Commission of a list of standards for the security assessment of information technology products that apply to the certification of qualified electronic signature creation devices or qualified electronic seal creation devices, where a qualified trust service provider manages the electronic signature creation data or electronic seal creation data on behalf of a signatory or of a creator of a seal, the certification of such products shall be based on a process that, pursuant to Article 30(3)(b), uses security levels comparable to those required by Article 30(3)(a) and that is notified to the Commission by the public or private body referred to in paragraph 1 of Article 30 of Regulation (EU) No 910/2014.

Article 2

Decision 2003/511/EC is hereby repealed.

Article 3

This Decision shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union .

Schedules & Appendices

ANNEX

ANNEX

LIST OF STANDARDS REFERRED TO IN ARTICLE 1(1)

ISO/IEC 15408 — Information technology — Security techniques — Evaluation criteria for IT security, Parts 1 to 3 as listed below:

ISO/IEC 15408-1:2009 — Information technology — Security techniques — Evaluation criteria for IT security — Part 1. ISO, 2009.

ISO/IEC 15408-2:2008 — Information technology — Security techniques — Evaluation criteria for IT security — Part 2. ISO, 2008.

ISO/IEC 15408-3:2008 — Information technology — Security techniques — Evaluation criteria for IT security — Part 3. ISO, 2008,

and

ISO/IEC 18045:2008: Information technology — Security techniques — Methodology for IT security evaluation,

and

EN 419 211 — Protection profiles for secure signature creation device, Parts 1 to 6 — as appropriate — as listed below:

EN 419211-1:2014 — Protection profiles for secure signature creation device — Part 1: Overview

EN 419211-2:2013 — Protection profiles for secure signature creation device — Part 2: Device with key generation

EN 419211-3:2013 — Protection profiles for secure signature creation device — Part 3: Device with key import

EN 419211-4:2013 — Protection profiles for secure signature creation device — Part 4: Extension for device with key generation and trusted channel to certificate generation application

EN 419211-5:2013 — Protection profiles for secure signature creation device — Part 5: Extension for device with key generation and trusted channel to signature creation application

EN 419211-6:2014 — Protection profiles for secure signature creation device — Part 6: Extension for device with key import and trusted channel to signature creation application

4 articles

Cite this act

Commission Implementing Decision (EU) 2016/650 of 25 April 2016 laying down standards for the security assessment of qualified signature and seal creation devices pursuant to Articles 30(3) and 39(2) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market (Text with EEA relevance) (EUR-Lex). Retrieved via LawPlayer, https://lawplayer.com/eu/act/32016D0650

© European Union, https://eur-lex.europa.eu, 1998-2026. Reuse authorised under Commission Decision 2011/833/EU, provided the source is acknowledged.

EU-EurLex-Reuse-2011-833

本頁資料來源:EUR-Lex·整理提供:法律人 LawPlayer· lawplayer.com