German Government Summary of Proposed Amendments to the Digital Signature Law (SigG)

April 2000

Translation and Commentary by Christopher Kuner, Esq.

Morrison & Foerster LLP, Brussels

Translation copyright 2000 Christopher Kuner. Reproduction is permitted, provided that this translator's note, including the above copyright notice, is retained in its entirety.

Commentary: In mid-April, the German government released this summary (dated April 2000) of the eagerly-awaited draft amendments to the German Digital Signature Law; the German original is available on the Internet. The amendments, which are intended to implement the EU Directive on Electronic Signatures, make several important changes to the German Digital Signature Law necessary to implement the Directive, but retain the basic security standard under the current Digital Signature Law. They have proved controversial within Germany, with some German companies that offer electronic signature products and services favoring the retention of a strict security standard and an accreditation regime, while others argue for a more liberal legal framework oriented more towards international standards and less toward national needs.

A translation of the proposed amendments to the German Digital Signature Law will appear on this site shortly.

 

Law on the Conditions for Electronic Signatures

(Signature Law – SigG)

 

 

Outline of the Draft Law

 

 

1.         Starting Point

 

With the Digital Signature Law, Germany has since 1997 had a uniform legal framework for digital signatures. The more than two-year phase of implementation of the law has given Germany a substantial experiential lead, and has solidified its leading European and international role in this area. Germany now has a widespread IT security infrastructure (the establishment of certification authorities, the development of technical components complying with the Digital Signature Law, suitable examination and verification instances). The Deutsche Telekom AG and the Deutsche Post AG offer services under the Digital Signature Law all over Germany. Further certification authorities are about to enter the market, and seven (potential) certification authorities have in the mean time agreed on a common technical standard for signatures under the Digital Signature Law. Thus, users of electronic signatures with appropriate technical equipment can make use of the services of different service providers.

Germany was able to work its experiences into the consultations on the European Parliament and Council Directive on a common framework for electronic signatures, and to influence it substantially.

2.                  Need for Action

 

The Federal Government needs to take the following steps in order to secure and further develop the advantages already gained in the area of digital and electronic signatures:

 

·        To enact a “Law on the Conditions for Electronic Signatures” to replace the “Digital Signature Law” of July 22, 1997 (BGBl. I S. 1870, 1872) and to implement the European Parliament and Council Directive on a common framework for electronic signatures of November 18, 1999;

·        To implement the recommendations arising from evaluation of the Digital Signature Law (see Report of the Federal Government concerning Experiences and Developments in the New Information and Communication Services in connection with Implementation of the Act on Information and Communication Services (IuKDG – BT-Drs. 14/1191).

·        To conceive and coordinate measures for a rapid introduction of digital and electronic signatures in business and government administration, and to create transparency for all concerned on the basis of an action program;

·        To adapt the provisions on written form to the needs of electronic commerce and the electronic administration of justice, and in particular to adopt into the Civil Code an “electronic form” with a signature under the Signature Law (as the equivalent to written form).

 

3.                  Amendment of the Digital Signature Law

 

Adaptation to the standards of the EU Directive as well as implementation of measures to be taken following the Evaluation Report make the following amendments to the current Digital Signature Law necessary:

 

3.1              Outline

 

·        Creation of a uniform legal framework exclusively for “qualified electronic signatures” (equivalent to handwritten signature); other electronic signatures are not subject to the law (as is already the case);

·        Adjustment of the general security requirements for certification authorities and technical components corresponding to the EU Directive (a common European standard);

·        Cessation of the licensing requirement for certification authorities, and thus no need for prior examination of non-accredited certification authorities; instead, introduction of a general monitoring system under the EU Directive;

·        Retention of the security standard of the current Digital Signature Law for the examination of certification authorities and technical components and the voluntary accreditation for certification authorities, with the possibility of marketing a comprehensively-tested security standard;

·        Protection of investments for companies offering services or products under the current Digital Signature Law;

·        Introduction of a legal provision for liability of certification authorities in combination with the duty to provide precautionary financial cover, as well as provisions regarding fines;

·        Extension of the specific data protection rules under the EU Directive also to certification authorities that do not issue qualified certificates.

 

3.2              Significant Further Amendments

 

·        Adaptation of the definitions (§ 2) to the EU Directive;

·        Explicit authorization to transfer the duties of a certification authority to third parties (§ 4 para. 5);

·        The possibility of listing professional or other personal data in a qualified certificate (attribute as part of a qualified certificate), and clarification that the supervisory authority can demand that certificates be blocked if the requirements therefor have been met (§ 5 and § 8);

·        A rule for recognition of examination and verification instances (§ 14 c);

·        Adoption of regulations concerning fines (§ 14 f);

·        Adaptation of rules concerning the recognition of foreign electronic signatures and products to the EU Directive (§ 15);

·        Technically-neutral requirements for time stamps, so that procedures without signatures are also possible (§ 2 no. 14).

 

4.         Time Frame

 

·        June 2000: Approval by the Federal Cabinet

·        Fall 2000: Approval by the Parliament

Goal: Entry into force on January 1, 2001