Home Site map Contact us Switch to Bulgarian
old.csd.bg
Quick search
 
CSD.bg
 
 
ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE ACT
 

DRAFT

Chapter one

GENERAL PROVISIONS

Scope of Applicability

Article 1

(1) This Act shall regulate electronic document, electronic signature and terms and procedure for providing certification services.

(2) This Act shall not apply:

1. if transactions require qualified written form;

2. when the act of holding of a document or a copy of it has any legal significance (securities, bills of lading, other).

Chapter two

ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE

Electronic Statement

Article 2

(1) Electronic statement shall be a verbal statement, represented in a digital form through a common standard for transformation, reading and visual representation of information.

(2) The electronic statement may contain as well nonverbal information.

Electronic Document

Article 3

(1) Electronic document shall be an electronic statement, recorded on magnetic, optical or other carrier that allows it to be reproduced.

(2) The written form shall be considered observed if an electronic document has been composed.

Signatory and Owner of an Electronic Statement

Article 4

Signatory of an electronic statement shall be the natural person that is named in the statement as its performer. Owner of an electronic statement shall be the person on behalf of whom the electronic statement has been performed.

Addressee of an Electronic Statement

Article 5

Addressee of an electronic statement may be a person that by virtue of an Act is obliged to receive electronic statements or that according to unambiguous circumstances may be considered to have agreed to receive the statement in an electronic form.

Intermediary of an Electronic Statement

Article 6

(1) Intermediary of an electronic statement shall be a person that upon assignment sends, receives, records, or stores an electronic statement or performs other services, related to it.

(2) The intermediary of an electronic statement shall be obliged:

  1. to have technical and technological equipment that is to ensure the trustworthiness of the used systems;
  2. to maintain staff that has the necessary expert knowledge, experience and qualification;
  3. to ensure conditions for exact determination of the time and source of the transferred electronic statements;
  4. to use trustworthy systems for the storage of the information under Point 3.

(3) The intermediary of an electronic statement shall be liable for damages caused by non-performance of his or her obligations under Paragraph 2.

Mistake in Transferring an Electronic Statement

Article 7

The owner shall take the risk of mistakes in transferring the electronic statement, unless the addressee has not exercised reasonable care.

Receipt of an Electronic Statement

Article 8

(1) The electronic statement shall be considered received if the addressee confirms the receipt.

(2) If no time for confirmation of receipt has been specified the confirmation should be made in a reasonable time.

(3) The confirmation of receipt shall not certify the content of the electronic statement.

Time of Sending an Electronic Statement

Article 9

The electronic statement shall be sent with its entering into an electronic system that is not under the control of the signatory.

Time of Receiving an Electronic Statement

Article 10

(1) The electronic statement shall be received with the sending of a confirmation for its receipt.

(2) If a confirmation is not required, the electronic statement shall be received with its entering into the information system, specified by the addressee. If the addressee has not specified an information system, the statement shall be received with its entering into an information system of the addressee, and if the addressee does not have an information system – with its retrieving by the addressee from the information system it has entered into.

Time of Electronic Statement Acquiring

Article 11

The addressee of the electronic statement shall be considered to have acquired the content of the statement in a reasonable time since its receipt.

Place of Sending and Receiving an Electronic Statement

Article 12

(1) The electronic statement shall be considered sent from the place of business of its owner.

(2) The electronic statement shall be considered received in the place of business of its addressee.

(3) If the owner or the addressee of the statement has more than one place of business, the place of business shall be considered to be the one that is most closely related to the statement and its performance, with taking into account the circumstances, which the owner and the addressee have known or have taken into consideration at any time before or during the performance of the statement.

(4) If the owner or the addressee does not have a place of business, their permanent residence shall be taken into consideration.

Electronic Signature

Article 13

(1) Electronic signature shall be:

  1. any information, related to the electronic statement in a way, concerted between the signatory and the addressee, secure enough in view of the turnover needs, that:
    1. reveals the identity of the signatory;
    2. reveals the consent of the signatory with the electronic statement; and
    3. protects the content of the electronic statement from subsequent changes.
  3. an advanced electronic signature.

(2) An electronic signature has an effect of a handwritten signature, unless the owner or the addressee of an electronic statement is the state, a state body or a local self-government authority.

Secrecy of a Signature-Creation Data

Article 14

No one except for the signatory shall have the right of access to the signature-creation data.

Contesting an Electronic Signature

Article 15

(1) The person, indicated as an owner or a signatory of the electronic statement, may not contest the authorship in relation to the addressee, if the statement has been signed with an electronic signature, and:

  1. the statement has been sent through an information system, designed to work in an automatic regime; or
  2. the statement has been performed by a person, to whom an access to the method of identification has been given.

(2) Paragraph 1, Point 2 shall not apply from the moment the addressee receives a notification that the electronic statement does not come from the signatory and the addressee has enough time to adapt his or her behavior to the notification.

(3) Paragraph 1 shall not apply when the addressee of the statement has not exercised reasonable care.

Chapter three

ADVANCED ELECTRONIC SIGNATURE

Part I

General Provisions

Definition

Article 16

(1) Advanced electronic signature shall be a transformed electronic statement, included, added or logically related to the same electronic statement before its transformation.

(2) The transformation under Paragraph 1 is done through algorithms, including the use of the private key of an asymmetric cryptosystem.

(3) The requirements to the algorithms shall be defined in a Regulation of the Council of Ministers.

Mechanisms for Creation and Verification of an Advanced Electronic Signature

Article 17

(1) Persons, creating an advanced electronic signature should apply a mechanism guaranteeing, that:

  1. the signature-creation data can occur only during the electronic signature creation and the secrecy of the data is reasonably assured;
  2. the signature-creation data is not accessible, cannot be derived and the signature is protected against forgery;
  3. the signature-creation data can be protected by the signatory against the use of others;
  4. the content of the statement is made available to the signatory and remains unaltered until the creation of the electronic signature.

(2) Persons, verifying an advanced electronic signature should apply a mechanism guaranteeing, that:

  1. the data ascertaining the use of the private key corresponds to the data, given to the person, using the public key;
  2. the use of the private key has been reliably verified and the results of that verification have been given to the person, that had used the public key.

Secrecy of the Private Key

Article 18

No one except for the signatory shall have the right of access to the private key.

Part II

Certification-Service-Providers

Activities of the Certification-Service-Providers

Article 19

(1) Certification-service-provider shall be a person, that:

  1. issues certificates under Article 24 and keeps their registry;
  2. provides a third person with access to the certificates that have been published.

(2) The certification-service-provider may offer services on the creation of the advanced electronic signature private and public key.

Organizations for Voluntary Accreditation

Article 20

(1) Certification-service-providers may set up organizations for voluntary accreditation aiming to achieve higher level in the certification services they offer.

(2) The organizations for voluntary accreditation assist the acknowledgement of the legal effect of certificates, issued by the Bulgarian service-providers abroad, and also certificates issued by the foreign service-providers in Bulgaria.

(3) Conditions for participation in the organizations for voluntary accreditation should be widely accessible and should create equality among all certification-service-providers.

Requirements towards Activities of the Certification-Service-Providers

Article 21

(1) Certification-service-providers perform their activities, while:

  1. maintaining available resources that are to ensure performance of their activities in accordance with the requirements of this Act.
  2. insuring themselves for the time of their activities against the damages caused by non-performance of their obligations under this Act;
  3. having technical and technological equipment, that is to ensure the trustworthiness of the used systems and technical and cryptographic security of the processes they perform;
  4. keeping staff that has the necessary expert knowledge, experience and qualification for the performance of activities, especially in the area of advanced electronic signatures technology, and also good level of understanding of the security procedures;
  5. ensuring conditions for exact determination of the time of issuance, suspension, renewal, and revocation of the effect of the certificates;
  6. ensuring measures against the forgery of certificates and for the confidentiality of the data they have access to in the process of signature creation;
  7. using trustworthy systems for storage and administration of certificates, that are to ensure:
    1. that only duly authorized employees have access to make changes;
    2. that the authenticity and validity of the certificates can be ascertained;
    3. possibility for a limited access to the published certificates;
    4. any appearance of technical problems in relation to security to be made known immediately to the staff;
    5. possibility for the private key confirmation to be canceled with the expiration of the term of the certificate.
  9. ensuring possibility for immediate suspension and revocation of the effect of the certificates.
  10. immediately informing the State Telecommunication Commission on the beginning of activities under Article 19.

(2) The Council of Ministers shall adopt Regulations under Points 1, 2 and 3 of Paragraph 1.

(3) The certification-service-provider may not use the information it stores for purposes, different from the ones, relating to its activities. It may give to third parties only the information, included in the certificates.

Obligations of the Certification-Service-Provider

Article 22

The certification-service-provider shall be obliged:

  1. to issue a certificate upon request by any person, while prior to that the certification-service-provider has to inform that person if it has been registered under the procedure of Chapter Four and whether it is participating in the organizations for voluntary accreditation;
  2. to inform persons, willing to have a certificate issued, on the terms for issuance and use of the certificate, including the restrictions of its effect, as well as on the procedures for complaints submission and disputes resolution;
  3. when issuing certificates, to examine by admissible means, the identity of the signatory and the owner of the advanced electronic signature and, if necessary, any other data about these persons, included in the certificate;
  4. to publish the certificate that has been issued, so as third parties to have access to it according to the instructions of the owner;
  5. not to store or copy data used for the creation of private keys;
  6. to undertake immediate actions in relation to the suspension, renewal, and revocation of the effect of the certificate, when finding the relative grounds for it;
  7. immediately to inform the owner and the signatory on circumstances relating to the validity or trustworthiness of the issued certificate;
  8. to possess an advanced electronic signature, that is to be used only in relation to its activities as a certification-service-provider.

Relations with the Owner

Article 23

The relations between the certification-service-provider and the owner shall be regulated by a written contract.

Part III

Advanced Electronic Signature Certificates

Certificate

Article 24

(1) Certificate shall be an electronic document, issued and signed by a certification-service-provider, that includes:

  1. the name, address, personal identification number (PIN) or BULSTAT of the certification-service-provider, as well as an indication of its nationality;
  2. the name or the trade name, address and court registration data of the owner of the advanced electronic signature;
  3. the grounds for authorization, the name and PIN of the natural person (signatory) that is authorized to make electronic statements on behalf of the owner of the advanced electronic signature;
  4. the public key that corresponds to the private key of the owner of the advanced electronic signature;
  5. the identifications of algorithms with the help of which the public keys of the owner of the advanced electronic signature and of the certification-service-provider are used;
  6. the date and the hour of issuance, suspension, renewal, and revocation of the effect;
  7. the term of validity;
  8. the restrictions of the effect of the signature;
  9. the unique identification code of the certificate;
  10. the liability and guarantees of the certification-service-provider;
  11. reference to the advanced electronic signature certificate under Article 22, Point 8 of the certification-service-provider and data for its registration at the State Telecommunications Commission.

(2) When the authorization of the signatory comes from other authorized persons the certificate should include the data under Point 2 of Paragraph 1 for these persons.

(3) Unless something else has been agreed the certificate shall have effect for a period of 3 years.

(4) The owner and the signatory are obliged to inform immediately the certification-service-provider for any changes in the circumstances, indicated at the certificate.

(5) Changes in the circumstances, indicated in the certificate, cannot be opposed to third conscientious parties.

Issuance of a Certificate

Article 25

(1) The certification-service-provider shall issue a certificate upon a written request from the owner.

(2) The request shall be satisfied, if:

  1. it comes from the owner or a person, duly authorized by him or her;
  2. the information concerning the owner, presented to be included in the certificate is veracious and complete; and
  3. the private key:
    1. is held by the owner;
    2. is technically usable for the creation of an advanced electronic signature; and
    3. corresponds to the public key, so that through the public key it can be certified that certain advanced electronic signature has been created using the private key.

(3) If the requested certificate concerns an advanced electronic signature of a signatory, different from the owner, the request shall be satisfied, if the requirements under Paragraph 2 have been observed, and:

  1. the information presented to be included in the certificate concerning the signatory is also veracious and complete; and
  2. the private key is held by the signatory.

(4) With the fulfillment of the request the certification-service-provider shall demand from the owner, respectively from the signatory, to accept the content of the requested certificate. It shall change the content of the certificate, if the owner, respectively the signatory, points out inexactness or incompleteness.

(5) The certification-service-provider shall immediately issue the certificate, the content of which has been accepted under the procedure of Paragraph 4 through its publication in the registry of certificates.

Suspension and Renewal of the Effect of the Certificate

Article 26

(1) Unless something else has been agreed, the certification-service-provider shall have the right to suspend the effect of a certificate, it has issued for a term needed under the circumstances, but for no more than 48 hours, if there exists a well-founded proof that the effect of the certificate has to be revoked.

(2) Unless something else has been agreed, the certification-service-provider shall be obliged to suspend the effect of a certificate, issued by it, for a term needed under the circumstances, but for no more than 48 hours:

  1. upon a request from the owner, respectively from the signatory, without having an obligation to convince itself in his or her identity or representative authority;
  2. upon a request from a person, for whom it is obvious under the circumstances that he or she may know as an agent, partner, employee, member of the family, etc., about infringements of the security of the private key;
  3. upon a request from the State Telecommunication Commission.

(3) In case of a present danger for the interests of third parties or in case of existence of enough data-evidence about the violation of the law, the Chair of the State Telecommunications Commission may suspend the effect of the certificate for a term needed under the circumstances, but for no more than 48 hours.

(4) The certification-service-provider shall immediately notify the owner and the signatory about the suspension of the effect of the certificate.

(5) The suspension of the effect of the certificate shall be made through making the access to it impossible.

(6) The effect of the certificate shall be renewed:

  1. with the expiration of the term of suspension;
  2. by the certification-service-provider in case of dropping out of the ground for suspension or upon a request from the owner after the certification-service-provider, respectively the State Commission on Telecommunication, have convinced themselves that he or she has learned of the cause for suspension as well as that the request for renewal has been made in consequence of learning.

Revocation of the Effect of the Certificate

Article 27

(1) The effect of the certificate shall be revoked:

  1. with the expiration of the term;
  2. with the dissolution of the certification-service-provider without transferring its activities to another certification-service-provider.

(2) The certification-service-provider shall be obliged to revoke the effect of the certificate upon a request from the owner or the signatory after it has convinced itself in the identity and representative authority of the owner, respectively the signatory.

(3) The certification-service-provider shall revoke the effect of the certificate in case of:

  1. death or placing under legal incapacity of the owner or the signatory;
  2. dissolution of the legal person of the owner;
  3. revocation of the representative authority of the signatory towards the owner;
  4. ascertaining that the certificate has been issued on the basis of false data.

Registry of Certificates

Article 28

(1) The certification-service-provider shall maintain a public electronic registry in which it publishes its own electronic signature certificate under Point 8 of Article 22, and the other issued certificates.

(2) Access to the published certificates have only persons, indicated by the owner.

(3) The certification-service-provider shall also publish in the registry under Paragraph 1 an information about:

  1. the terms and procedure for issuance of a certificate and also on the rules for ascertaining the identity of the owner of an advanced electronic signature;
  2. the security procedures of the certification-service-provider;
  3. the way of using the advanced electronic signature;
  4. the terms and procedure for using the advanced electronic signature, including the requirements for storing the private key;
  5. the conditions for access to the certificate and the ways of checking the advanced electronic signature;
  6. the price for receiving and using a certificate, as well as the prices of the other services, provided by the certification-service-provider;
  7. the liability of the certification-service-provider and the owner of an advanced electronic signature;
  8. the terms and procedure under which the owner makes a request for revocation of the effect of an advanced electronic signature.

(4) The organization and activities of the registry under Paragraph 1 shall be regulated with a Regulation of the Council of Ministers.

Part IV

Liability

Liability of the Certification-Service-Providers

Article 29

(1) The certification-service-provider shall be liable before the owner of the advanced electronic signature and all third parties for the damages caused:

  1. by non-performance of the requirements under Article 21 and of the obligations under Article 22 and 25;
  2. from false or missing data in the certificate from the moment of its issuance;
  3. to them in case that during the issuance of the certificate the person, pointed as a signatory, has not disposed of the private key, corresponding to the public key;
  4. by non-correspondence of the data for the use of the private key and the data disposed to the person using the public key.

(2) The agreements by which the certification-service-provider’s liability for negligence is excluded or limited shall be invalid.

(3) The certification-service-provider shall not be liable for damages, caused by the use of the certificate beyond the limits of restrictions of its effect, listed in it.

Liability of the Owner and the Signatory towards Third Parties

Article 30

(1) The owner shall be liable towards conscientious third parties, when during the creation of the key pair (public and private key) an algorithm not corresponding to the requirements of the Article 16, Paragraph 3 has been used.

(2) The owner shall be liable towards conscientious third parties, if the signatory:

  1. does not perform exactly the security requirements, specified by the certification-service-provider;
  2. does not request from the certification-service-provider revocation of the certificate, when he has learned that the private key has been used illegally or a danger of illegal use of the private key exists.

(3) The owner, who has accepted the certificate with its issuance, shall be liable towards conscientious third parties:

  1. if the signatory is not authorized to hold the private key corresponding to the public key pointed in the certificate;
  2. for false statements made before the certification-service-provider that are related to the content of the certificate.

(4) The signatory, who has accepted the certificate with its issuance, shall be liable towards conscientious third parties, if he has not been authorized to request the issuance of the certificate.

Liability of the Owner and the Signatory towards the Certification-Service-Provider

Article 31

The owner, respectively the signatory, shall be liable towards the certification-service-provider, if he or she has accepted the certificate, issued by the certification-service-provider on the basis of false data, presented by him or her, respectively on the basis of data concealed by him or her.

Part V

Regulation and Control

Powers of the State Telecommunications Commission

Article 32

(1) The State Telecommunications Commission shall have the following powers:

  1. to exercise control over the registered certification-service-providers concerning the trustworthiness and security of the certification services;
  2. to approve the manuals for the consumers and the prescribed security procedures;
  3. to work out, co-ordinate and propose to the Council of Ministers for adoption drafts Regulations under this Act and also concerning:
    1. the regulation of the activities of the registered certification-service-providers and the procedure for termination of their activities;
    2. the requirements concerning the format of certificates issued by the certification-service-providers;
    3. the requirements for the storage of information on the services provided by the certification-service-providers;
    4. the requirements for the content, form and sources in relation to the information disclosed by the certification-service-providers;

(2) In the performance of its functions the State Telecommunications Commission shall have the right:

  1. of free access to the objects liable to control;
  2. to examine the documents proving the qualification of the staff of the certification-service-providers;
  3. to request information and documents related to the exercise of control;
  4. to determine persons that would control the fulfillment of the requirements of Article 17 and Article 21, Paragraph 1 by the certification-service-providers
  5. The State Telecommunications Commission maintains and publishes the list of persons under Paragraph 2, Point 4.
  6. Requirements towards persons under Paragraph 2, Point 4 as well as procedure and conditions for their inclusion in the list under Paragraph 3 shall be defined in a Regulation of the Council of Ministers.

Chapter four

UNIVERSAL ELECTRONIC SIGNATURE

Definition

Article 33

(1) Universal electronic signature shall be an advanced electronic signature, which certificate is issued by the certification-service-provider, registered under Article 35.

(2) Universal electronic signature shall be also:

  1. the electronic signature of the State Telecommunication Commission, with which it signs acts, issued on the basis of its powers, determined by the law.
  2. electronic signatures under Point 8 of Article 22 of the registered certification-service-providers.

Effect

Article 34

(1) The universal electronic signature shall have the effect of a handwritten signature towards everybody.

(2) The Council of Ministers shall determine the state authorities, that could use in the relations among each other another type of electronic signature.

Registry Institution

Article 35

(1) The State Telecommunication Commission registers the certification-service-providers and keeps the registry of their advanced electronic signature certificates under Article 22, Point 8.

(2) The State Telecommunication Commission publishes at the registry under Paragraph 1 its own advanced electronic signature certificate under Article 33, Paragraph 2, Point 1.

Powers of the State Telecommunication Commission towards Registered Providers

Article 36

(1) The State Telecommunication Commission has the following powers:

  1. registers the certification-service-providers;
  2. refuses to register the certification-service-providers that do not fulfill the necessary requirements;
  3. deletes the registration of the certification-service-providers.

(2) The State Telecommunication Commission shall provide information about the public keys of the registered certification-service-providers. The information is provided in an electronic form, contains the certificates and it is signed with the universal electronic signature of the State Telecommunication Commission.

Registration of the Certification-Service-Providers

Article 37

(1) Along with submitting an application for registration as a certification-service-provider the applicant shall present:

  1. certificate for current court registration;
  2. an insurance policy under article 21, paragraph 1, point 2;
  3. the rules for issuance of a certificate, including the rules for ascertaining the identity of the owner of the universal electronic signature;
  4. the security procedures applied during issuance and use of the universal electronic signature;
  5. the terms and procedure for using the universal electronic signature, including the requirements for storing the private key;
  6. the price for receiving and using a certificate as well as the prices for the rest of the services, provided by the certification-service-provider;
  7. declaration that the requirements under Article 21, Paragraph 1, Points 1,3,4 have been fulfilled;
  8. documents proving the fulfillment of the requirements under Article 17 and Article 21, Paragraph 1, Points 5 – 8;

(2) The application for registration shall be considered in a one-month term. Registration may be denied only if the applicant has not presented the necessary documents, does not satisfy the requirements under Paragraph 1 of Article 21 and Article 17, or has not paid the necessary state fee.

(3) The notification for the denial should point all the defects of the application.

(4) The denial for registration shall be appealed through the procedure under the Act on Administrative Proceedings.

(5) The applicant may remove the defects and may submit a new application.

(6) The procedure for registration shall be specified with a Regulation of the Council of Ministers.

Deletion of Registration

Article 38

(1) The registration shall be deleted in case:

  1. the applicant has presented a false data;
  2. of flagrant or systematic violations of this Act and of the Regulations on its application.

(2) The activities of the registered certification-service-provider shall be terminated with the deletion of the registration, unless the activities are not transformed to the other registered certification-service-provider.

(3) The termination of the activities of the registered certification-service-providers on the issuance of the universal electronic signature certificates shall be regulated with the Regulation under Article 32, paragraph 1, Point 3 “a”.

Registry of Certification-Service-Providers

Article 39

(1) The registry of certification-service-providers shall be public. Anyone may request information for the registered certification-service-providers.

(2) Anyone may request information on the terms and procedure for registration of a certification-service-provider.

State Fees

Article 40

(1) For the registration of the certification-service-providers and issuance of certificates under Article 36, paragraph 2 a state fee shall be collected.

(2) The rate of the state fee shall be specified with a tariff, approved by the Council of Ministers.

Activities of the Registered Certification-Service-Provider

Article 41

The registered certification-service-provider that has issued a certificate for universal electronic signature certifies the date and the hour of the presentation of the electronic document signed with such a signature.

Chapter five

APPLICATION OF ELECTRONIC DOCUMENT AND UNIVERSAL ELECTRONIC SIGNATURE BY THE STATE AND MUNICIPALITIES

Obligation for Accepting and Issuing Electronic Documents

Article 42

(1) The Council of Ministers shall determine its subordinate authorities, which:

  1. may not deny acceptance of electronic documents, signed with an universal electronic signature;
  2. may not deny issuance of permits, licenses, approvals, and other administrative acts in the form of an electronic document, signed with an universal electronic signature;

(2) The acceptance and issuance in the court system of electronic documents, signed with an universal electronic signature, shall be regulated by an Act.

(3) The acceptance and issuance of electronic documents, signed with an universal electronic signature, by the other state authorities, municipalities and mayoralties, shall be regulated by their own acts. The procedure and form for performing and storing of the electronic documents shall be regulated by internal rules.

Storage of Electronic Documents

Article 43

The state bodies and municipal administration authorities shall be obliged to store the electronic documents within the established period for storing documents.

Chapter six

PROTECTION OF PERSONAL DATA

Obligation for Personal Data Protection

Article 44

(1) The protection of personal data, collected by the certification-service-providers, needed for the activities, carried out by them, and the protection of registers kept shall be regulated by an Act.

(2) The regime under Paragraph 1 shall also apply in relation to the personal data known to the State Telecommunications Commission, which during the performance of its obligations supervises the activities of the certification-service-providers.

(3) The certification-service-providers shall collect personal data about the signatory and the owner of the signature, only to the extent necessary for issuing and using a certificate.

(4) Data about a third party may be collected only with the explicit consent of the person it is related to.

(5) The collected data may not be used for purposes, different from the ones pointed in Paragraph 3, except with the explicit consent of the person it is related to or if this is permitted by an Act.

Chapter seven

RECOGNITION OF CERTIFICATES ISSUED BY CERTIFICATION-SERVICE-PROVIDERS ESTABLISHED IN OTHER COUNTRIES

Grounds and Procedure

Article 45

(1) Certificates, issued by certification-service-providers, registered in other countries in accordance with the national legislation of these countries, shall be recognized as equal to certificates, issued by a Bulgarian certification-service-provider, if one of the following conditions has been met:

  1. the obligations of the certification-service-provider that has issued the certificate and the requirements for its activities correspond to the requirements, provided in this Act, and the certification-service-provider is recognized in the country, where it is established;
  2. a Bulgarian certification-service-provider that has been accredited by the organization under Article 20 or that has been registered under Article 35, has taken an obligation to be liable for actions or failure to take actions by the certification-service-provider, established in another country, in cases falling under Article 29; or
  3. the certificate, or the certification-service-provider that has issued the certificate, were recognized according to an international agreement that has come into force.

(2) The conditions under Point 1 and 2 of Paragraph 1 shall be ascertained by the State Telecommunications Commission through the act of publishing into an electronic register of:

  1. public key certificates of foreign certification-service-providers recognized by the State Telecommunication Commission to be in conformity with Paragraph 1, Point 1.
  2. the electronic signature certificate of the foreign certification-service-provider, for which the liability has been accepted under Paragraph 1, Point 2 and the electronic signature certificate of the Bulgarian certification-service-provider that has accepted the liability and conditions upon which the liability has been accepted.

Chapter eight

ADMINISTRATIVE PENAL PROVISIONS

Article 46

(1) Anyone who commits or allows the commitment of an offence under this Act and the normative acts, issued for its application, shall be liable to a fine from 100 to 10 000 BGL, if the offence is not qualified as a crime.

(2) In cases under Paragraph 1 a legal person or a sole proprietor shall be liable to a property sanction to an amount from 500 to 50 000 BGL.

Article 47

(1) The statements on findings of the offences shall be drawn up by persons, authorized by the Chair of the State Telecommunications Commission and the penal enactments shall be issued by him or her or by an official, authorized by him or her.

(2) With the finding of the offences persons drawing up the statements may confiscate and retain the material evidence related to the ascertaining of the offences through the procedure under Article 41 of the Administrative Offences and Penalties Act.

(3) The drawing up of statements and the issuance, appeal, and execution of penal enactments shall be carried out through a procedure set up in the Administrative Offences and Penalties Act.

SUPPLEMENTARY PROVISIONS

§ 1. Within the meaning of this Act:

1. 'Qualified written form' is a form for validity or form giving proof, where the law envisages additional requirements to the written form, such as certification of a signature by a notary, deed of a notary, handwritten statement, participation of witnesses or civil servants at the time the statement was performed and others.

2.‘Asymmetric cryptosystem’ shall be a system for encryption of information, allowing the creation and use of cryptographic key pairs, that includes a private key connected through an algorithm to a public key, and having the following characteristics:

    1. the content of the electronic statement can be encrypted with one of the keys, and it can be decrypted with the other;
    2. through the use of the public key it can be undoubtedly determined whether the transformation of the original electronic statement has been made using its corresponding private key and whether the electronic statement has been altered after its transformation;
    3. if one of the keys is made known, it is practically impossible to find out the other.

3.‘Cryptographic key’ shall be a sequence of bits, used in an algorithm for the transformation of information from readable into ciphered form (encryption) or vice versa from ciphered into readable form (decryption).

4.‘Public key’ shall be the one of the key pair, used in an asymmetric cryptosystem, that is accessible to all and used by everyone for the electronic signature verification;

5.‘Private key’ shall be the one of the key pair, used in an asymmetric cryptosystem for the electronic signature creation;

6.‘Signature-creation-device’ shall be the configured software or hardware used to implement the signature-creation-data;

7.‘Signature-creation-data’ shall be the unique data such as codes or cryptographic keys, used by the signatory for an electronic signature creation.

TRANSITIONAL AND FINAL PROVISIONS

§2 In the Telecommunications Act (Promulgated: SG 93/August 11, 1998; Amended: SG 26/March 23, 1999, in force since March 23, 1999; SG 10/February 4, 2000, in force since February 4, 2000) in Article 22 a new paragraph 4 is added:

“The State Telecommunication Commission registers and supervises provision of certification services, related to electronic signatures, under the procedure set up in a separate act.”

§3 This Act comes into force six months after its promulgation.

§4 The Council of Ministers shall adopt Regulations on the application of this Act within five months after its promulgation.

§5 The application of this Act is assigned to the Council of Ministers and to the State Telecommunications Commission.

The Act was adopted by the XXXVIII National Assembly on ........2000 and affixed with State Seal.

For the Chairman of the National Assembly:              (Mr. Yordan Sokolov)
 
CSD.bg
  
E-mail this page to a friend Home | Site map | Send a link | Privacy policy | Calls | RSS feed Page top     
   © Center for the Study of Democracy. © designed by NZ
The web page you are trying to reach is no longer updated and has been archived.
To visit us, please click here.