Publicación de Anuncios de Juntas Generales Ordinarias en página web


Los administradores pueden certificar tranquilamente la publicación ininterrumpida de Anuncios Societarios, tales como los de Convocatoria de Juntas Generales Ordinarias en página web, sabiendo que están respaldados por los sistemas de comprobación fehaciente de EADTrust, European Agency of Digital Trust.

No se la juegue en la organización de las juntas generales, y tenga en cuenta estos servicios especializados, llamando al 917160555.

Cumpliendo perfectamente la Ley de Sociedades de Capital

EN 319 162 Associated Signature Containers (ASiC)


La norma TS 102 918 ahora pasa a denominarse EN 319 162 tras la armonización normativa propiciada por el Mandato 460.

El comercio electrónico se está convirtiendo en la forma en la que tendrán lugar en el futuro de los negocios entre las empresas a través de área local, amplia y redes globales. La confianza en esta forma de hacer negocios es esencial para el éxito y el desarrollo continuo del comercio electrónico .

Por tanto, es importante que las empresas que utilizan este medio electrónico en su actividad empresarial tengan controles de seguridad adecuados y mecanismos para proteger sus transacciones y garantizar la confianza  con sus socios comerciales. En este sentido, la firma electrónica es un componente de seguridad importante que se puede utilizar para proteger la información y proporcionar la confianza en el comercio electrónico y en las gestiones con las administraciones públicas.

La Directiva Europea sobre un marco comunitario para la firma electrónica [ i.3 ] define la firma electrónica como : “Los datos en formato electrónico que se adjuntan o se asocian lógicamente a otros datos electrónicos y que sirve como Método de autenticación “.

Las normas EN 319 122-1  ( CAdES ) y EN 319 132-1  ( XAdES ) definen formatos para la firma electrónica en línea con esta definición . Estos formatos incluyen modos de uso mediante los cuales la firma se disocia de los datos a los que se aplica. La norma EN 319 162 especifica el uso de estructuras de contenedores para vincular firmas disociadas (“detached”), tanto Firmas CAdES como firmas XAdES  o  sellos de tiempo (RFC 3161), con uno o más objetos firmados a de los que se derivan las firmas.

Conviene recordar la denominación anterior de estas normas:

  • CAdES: EN 319 122 anteriormente TS 101 733. Firmas electrónicas avanzadas usando sintaxis ASN.1 y basado en el formato CMS
  • XAdES: EN 319 132 anteriormente TS 101 903, Firmas electrónicas avanzadas usando sintaxis y formato XML

Ojo. Las facturas rectificativas se deben notificar de forma fehaciente


Esta recomendación es específicamente para la recuperación de IVA de las facturas que se puedan considerar incobrables.

El articulo 80 de la Ley de IVA permite la rectificación de las facturas emitidas en ciertos supuestos: cuando los créditos pueden considerarse incobrables, en el caso de concurso de acreedores del deudor o después de haberse instado el cobro judicial o por requerimiento notarial.

El Real Decreto 828/2013, de 25 de octubre modifica, entre otros, el artículo 24 del Reglamento del IVA, en lo relativo a la expedición y remisión de las facturas rectificativas, en el sentido ya definido por la Resolución nº 00/1582/2007 de Tribunal Económico-Administrativo Central (TEAC), 9 de Junio de 2009

El apartado 1 del artículo 24 queda redactado como sigue:

«En los casos a que se refiere el artículo 80 de la Ley del Impuesto, el sujeto pasivo estará obligado a expedir y remitir al destinatario de las operaciones una nueva factura en la que se rectifique o, en su caso, se anule la cuota repercutida, en la forma prevista en el artículo 15 del Reglamento por el que se regulan las obligaciones de facturación, aprobado por el Real Decreto 1619/2012, de 30 de noviembre. En los supuestos del apartado tres del artículo 80 de la Ley del Impuesto, deberá expedirse y remitirse asimismo una copia de dicha factura a la administración concursal y en el mismo plazo.

La disminución de la base imponible o, en su caso, el aumento de las cuotas que deba deducir el destinatario de la operación estarán condicionadas a la expedición y remisión de la factura que rectifique a la anteriormente expedida, debiendo acreditar el sujeto pasivo dicha remisión.” 

La norma insiste sobre la obligación de acreditar la remisión de la factura rectificativa. Para ello, una forma de remitirla será mediante sistemas de comunicación fehaciente como Noticeman. Llame al 902 365 612 para más información.

Sin la acreditación fehaciente de la remisión de la factura, Hacienda no permitirá la recuperación de la cuota de IVA repercutido.

Reached Member States’ endorsement of a final draft regulation on electronic identification and trust services for electronic transactions in the internal market


Vice-President Neelie Kroes and Commissioner Michel Barnier welcomed last friday (February, the 28th) Member States’ endorsement of a “Draft regulation on electronic identification and trust services for electronic transactions” in the internal market.

The Regulation will enable, for example, students to enrol at a foreign university online; citizens to fill on-line tax returns in another EU country; and businesses to participate electronically in public calls for tenders across the EU, to mention just a few of multiple new digital trust related services.

Neelie Kroes said: “The adoption of this Regulation on e-ID is a fundamental step towards the completion of the Digital Single Market. This agreement boost trust and convenience in cross-border and cross-sector electronic transactions. I would like to thank the European Parliament, especially ITRE’s rapporteur, Marita Ulvskog and IMCO’s rapporteur, Marielle Gallo, the shadow rapporteurs, as well as the Greek, Lithuanian, Irish and Cypriot Presidencies for all their work on this file.”

Last friday (February, the 28th), EU ambassadors endorsed the political agreement reached between representatives of the European Parliament, Commission and Council on Tuesday 25 February on the final elements of this significant single market proposal.

A predictable regulatory environment for eID and electronic trust services is key to promote innovation and stimulate competition. On the one hand, it will ensure that people and businesses can use and leverage across borders their national eIDs to access at least public services in other EU countries fully respecting privacy and data protection rules. On the other hand, it will remove the barriers to seamless electronic trust services across borders by ensuring that they enjoy the same legal value as in paper-based processes.

Michel Barnier, Commissioner for Internal Market and Services added:

“I welcome this agreement which is key to completing our work on the Single Market Act. It is an important step for the development of e-commerce, e-invoicing and e-procurement. The new rules will allow all actors in the single market – citizens, consumers, businesses and administrative authorities – to develop their “on-line” activities.”

Background regarding draft Regulation on electronic identification and trust services for electronic transactions

On 4 June 2012, the European Commission proposed a draft Regulation on electronic identification and trust services for electronic transactions in the internal market (see IP/12/558 and MEMO/12/403)

The Regulation is due to be formally endorsed by the European Parliament in the April 2014 plenary session and by the Council of Ministers in June. It will come into force on 1st July 2014 and will be directly applicable cross the EU from that date. The economic effect will be immediate, overcoming problems of fragmented national legal regimes and cutting red tape and unnecessary costs.

Foster the interoperability of eID usage and trust services. The existing EU legislation on eSignatures has been strengthened and extended to cover the full set of electronic identification and trust services and make it more fit for the digital single market. This will have a huge impact on the legal validity and interoperability of national and cross-border electronic transactions.

The so named eIDAS Regulation provides for principles, like:

  • Transparency and accountability: well-defined minimal obligations for Trust Services Providers (TSPs) and liability;
  • Trustworthiness of the services together with security requirements for TSPs
  • Technological neutrality: avoiding requirements which could only be met by a specific technology;
  • Market rules and building on standardisation

And defines digital trust related services such as:

  • Electronic identification,
  • Electronic signatures,
  • Electronic seals,
  • Time stamping,
  • Electronic delivery service,
  • Electronic documents admissibility,
  • Website authentication

After eIDAS entering into force,  a EU Member State:

  • May ‘notify’ the ‘national’ electronic identification scheme(s) used at home for access to its public services
  • Must recognise ‘notified’ eIDs of other Member States for cross-border access to its online services when its national laws mandate e-identification
  • Must provide a free online authentication facility for its ‘notified’ eID(s)
  • Is liable for unambiguous identification of persons and for authentication;

ETSI TR 119 000: “Rationalised Framework for Electronic Signature Standardisation”


Merece la pena echar un vistazo al informe técnico TR 119 000 porque describe la estructura completa del nuevo conjunto de estándares aplicables a la firma electrónica, a partir del esfuerzo de Mandato M460, desarrollado en paralelo con la gestión de aprobación del nuevo reglamento europeo de firma electrónica: REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on electronic identification and trust services for electronic transactions in the internal market

(se incluye un resumen amplio a continuación, con algunos fallos de formato que iré corrigiendo con el tiempo)

As a response to the adoption of Directive 1999/93/EC [i.1] on a Community framework for electronic signatures in 1999, and in order to facilitate the use and the interoperability of eSignature based solution, the European Electronic Signature Standardization Initiative (EESSI) was set up to coordinate the European standardization organisations CEN and ETSI in developing a number of standards for eSignature products.

Commission Decision 2003/511/EC [i.2], on generally recognised standards for electronic signature products, was adopted by the Commission following the results of the EESSI. This decision fostered the use of eSignature by publishing “generally recognised standards” for electronic signature products in compliance with article 3(5) of the Directive but has a limited impact on the mapping of the current state of the European standardisation on eSignatures, which also covers ancillary services to eSignature, and the legal provisions and requirements laid down in Directive 1999/93/EC [i.1].

Emerging cross-border use of eSignatures and the increasing use of several market instruments (e.g. Services Directive [i.3], Public Procurement [i.4] and [i.5], eInvoicing [i.6]) that rely in their functioning on eSignatures and the framework set by the Signature Directive emphasized problems with the mutual recognition and cross-border interoperability of eSignature.

Intending to address the legal, technical and standardisation related causes of these problems, the Commission launched a study on the standardisation aspects of eSignature [i.7] which concluded that the multiplicity of standardization deliverables together with the lack of usage guidelines, the difficulty of access and lack of business orientation is detrimental to the interoperability of eSignature, and formulated a number of recommendations to mitigate this. Also due to the fact that many of the documents have yet to be progressed to full European Norms (ENs), their status may be considered to be uncertain. The Commission also launched the CROBIES study [i.8] to investigate solutions addressing some specific issues regarding profiles of secure signature creation devices, supervision practices as well as common formats for trusted lists, qualified certificates and signatures.

In line with Standardisation Mandate 460 [i.9], consequently issued by the Commission to CEN, CENELEC and ETSI for updating the existing eSignature standardisation deliverables, CEN and ETSI have set up the eSignature Coordination Group in order to coordinate the activities achieved for Mandate 460. One of the first tasks in the current document establishes a rationalised framework to overcome these issues within the context of the Signature Directive, taking into account possible revisions to this Directive, and proposes a future work programme to address any elements identified as missing in this rationalise framework. The following web site was set up in the framework in Mandate 460: http://www.e-signatures-standards.eu/.

In June 2012, the European Commission has issued a proposal for a regulation on electronic identification and trust services for electronic transactions in the internal market [i.22] which is aimed to supersede the Directive 1999/93/EC [i.1]. This brings within the scope of regulation additional services for identification and as authentication alongside electronic signatures and defines additional forms of qualified certificates.

The following referenced documents are not necessary for the application of the present document but they assist the user with regard to a particular subject area.
[i.1]  Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures.
[i.2]  Commission Decision 2003/511/EC of 14.7.2003 on the publication of reference numbers of generally recognised standards for electronic signature products in accordance with Directive 1999/93/EC of the European Parliament and of the Council.
[i.3]  Directive 1998/34/EC of the European Parliament and the Council of 22.6.1998 laying down a procedure for the provision of information in the field of technical standards and regulations and of rules on Information Society services.
[i.4]  Directive 2004/18/EC of the European Parliament and Council of 31.3.04 on the coordination of procedures for the award of public works contracts, public supply contracts and public service contracts.
[i.5]  Directive 2004/17/EC of the European Parliament and Council of 31.3.04 coordinating the procurement procedures of entities operating in the water, energy, transport and postal services sectors.
[i.6]  Council Directive 2006/112/EC of 28.11.06 on the common system of value added tax.
[i.7]  “Study on the standardisation aspects of e-signatures”, SEALED, DLA Piper et al, 2007. NOTE: Available at:

http://ec.europa.eu/information_society/policy/esignature/docs/standardisation/report_esign_standard.pdf

[i.8]  “CROBIES: Study onCross-Border Interoperability of eSignatures”, Siemens, SEALED and TimeLex, 2010. NOTE: Available at: http://ec.europa.eu/information_society/policy/esignature/crobies_study/index_en.htm

[i.9]  Mandate M460: “Standardisation Mandate to the European Standardisation Organisations CEN, CENELEC and ETSI in the Field of Information and Communication Technologies Applied to Electronic Signatures”.
[i.10]  ISO/IEC 27000: “Information technology — Security techniques — Information security management systems — Overview and vocabulary”.
[i.11]  IETF RFC 3647: “Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework”.
[i.12]  W3C Recommendation: “XML Signature Syntax and Processing (Second Edition)”, 10 June 2008.
[i.13]  ISO 32000-1: “Document management — Portable document format — Part 1: PDF 1.7″.
[i.14]  Commission Decision 2011/130/EU of 25 February 2011 establishing minimum requirements for the cross-border processing of documents signed electronically by competent authorities under Directive 2006/123/EC of the European Parliament and of the Council on services in the internal market.
[i.15]  Directive 2006/123/EC of the European Parliament and of the Council of 12 December 2006 on services in the internal market.
[i.16]  IETF RFC 3161 (August 2001): “Internet X.509 Public Key Infrastructure Time-Stamp Protocol”.
[i.17]  CCMB-2006-09-001: “Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and General Model; Version 3.1, Revision 3″, July 2009.
[i.18]  ITU-T Recommendation X.509/ISO/IEC 9594-8: “Information technology – Open Systems Interconnection – The Directory: Public-key and attribute certificate frameworks”.
[i.19]  Commission Decision 2009/767/EC of 16 October 2009 setting out measures facilitating the use of procedures by electronic means through the ‘points of single contact’ under Directive 2006/123/EC of the European Parliament and of the Council on services in the internal market.
[i.20]  Commission Decision 2010/425/EU of 28 July 2010 amending Decision 2009/767/EC as regards the establishment, maintenance and publication of trusted lists of certification service providers supervised/accredited by Member States.
[i.21]  ITU-T Recommendation X.1254/ISO/IEC DIS 29115: “Information technology – Security techniques – Entity authentication assurance framework”.
[i.22]  Brussels, 4.6.2012 COM(2012) 238 final, Proposal for a regulation of the european parliament and of the council on electronic identification and trust services for electronic transactions in the internal market.
[i.23]  ETSI TR 119 001:” Rationalised Framework for Electronic Signature Standardisation: Definitions and abbreviations.”

Definitions

  • advanced electronic signature: electronic signature which meets the following requirements:

a)  it is uniquely linked to the signatory;
b)  it is capable of identifying the signatory;
c)  it is created using means that the signatory can maintain under his sole control; and
d)  it is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable.

  • certificate: electronic attestation which links signature verification data to an entity or a legal or natural person and confirms the identity of that entity or legal or natural person
  • certification service provider: entity or legal or natural person who issues certificates or provides other servicesrelated to electronic signatures
  • certificate validation:process of checking that a certificate or certificate path is validelectronic signature (eSignature): data in electronic form which are attachedto or logically associated with other electronic data and which serve as a method of authentication
  • qualified certificate: certificate which meets the requirements laid down in Annex I of Directive 1999/93/EC [i.1] andis provided by a certification service provider who fulfils the requirements laid down in Annex II of Directive1999/93/EC [i.1]
  • qualified electronic signature:advanced electronic signature which is based on a qualified certificate and which is created by a secure signature creation device
  • secure signature creation device:signature creation device which meets the requirements laid down in Annex III of Directive 1999/93/EC [i.1]
  • signatory:person who holds a signature creation device and acts either on his own behalf or on behalf of the natural orlegal person or entity he represents
  • signature creation data:unique data, such as codes or private cryptographic keys, which are used by the signatory tocreate an electronic signature
  • signature creation device:configured software or hardware used to implement the signature-creation data signature validation:process of checking that a signature is valid including overall checks of the signature againstlocal or shared signature policy requirements as well as certificate validation and signature (cryptographic) verification
  • signature verification:process of checking the cryptographic value of a signature using signature verification data signature verification data:data, such as codes or public cryptographic keys, which are used for the purpose of verifying an electronic signature
  • signature verification device:configured software or hardware used toimplement the signature-verification data
  • Data Preservation Service Provider (DPSP):Trust Application Service Provider which provides Trust Services towhich data, among which documents, is entrusted in an agreed form (digital or analogue) for being securely kept indigital form for a period of time specified in the applicable agreement .NOTE:  This service is expected to be able to exhibit all preserved data at any moment during, or at the end of, thepreservation period.
  • registered e-mail:enhanced form of mail transmitted by electronic means (e-mail) which provides evidence relating to the handling of an e-mail including proof of submission and delivery
  • registered electronic delivery: enhanced form of electronic delivery which provides evidence of relating to the handling of electronic messages including proof of submission and delivery
  • registered electronic delivery service provider:trust application service provider which provides registered electronicdelivery trust services
  • registered e-mail service provider:trust application service provider which provides registered e-mail trust services signature generationservice provider:trust service provider which provides trust services that allow secure remotemanagement of signatory’s signature creation device and generation of electronic signatures by means of such a remotely managed device
  • signature policy: set of rules for the creation and validation of one (or more interrelated) electronic signature(s) that defines the technical and procedural requirements for creation, validation and (long term) management of this (those) electronic signature(s), in order to meet a particular business need, and under which the signature(s) can be determined to be valid.

NOTE 1: When validated against a signature policy X, the validity of an electronic signature is a relative concept and will be determined against the rules defined by such a policy. The same signature can be determined as valid against signature policy X while being invalid against signature policy Y. The notion of Signature Policy here should be clearly dissociated from a legal purpose document. While the Signature Policy is expected to further precise the context in which the underlying signatures are to be considered as valid in a specific context (e.g. business process, a specific application), their potential legal effect and value will be driven by the applicable laws and/or contractual relationships between the parties involved and concerned by the signatures. Closed user group domains of application should be clearly distinguished from a purely open context to which generally applicable laws may address.

NOTE 2:  A Signature Policy covers the three following aspects related to the management of each of the considered electronic signature(s):

1.  a Signature Creation Policy: part of the Signature Policy, which specifies the technical and procedural requirements onthe signer in creating a signature;
2.  a Signature Validation Policy: part of the Signature Policy, which specifies the technical and procedural requirements on the verifier when validating a signature; and
3.  a Signature (LTV) Management Policy: part of the Signature Policy, which specifies the technical and procedural requirements on the long term management and preservation of a signature.

  • signature validation service provider: trust service provider offering services in relation to validation of Electronic Signatures
  • time-stamping service provider: trust service provider which issues time-stamp tokens. NOTE:  This entity may also be referred to as a Time-Stamping Authority.
  • time-stamp token:data object that binds a representation of a datum to a particular time, thus establishing evidence that the datum existed before that time
  • trust application service provider: trust service provider operating a value added Trust Service based on Electronic Signatures that satisfies a business requirement that relies on the generation/verification of Electronic Signatures in its daily routine. NOTE:  This covers namely services like registered electronic mail and other type of e-delivery services, as well as long term storage services related to signed data and Electronic Signatures.
  • trust service:electronic service which enhances trust and confidence in electronic transaction. NOTE:  Such Trust Services are typically but not necessarily using cryptographic techniques or involving confidential material.
  • trust service provider:entity which provides one or more electronic Trust Service. NOTE:  See annex A for discussion on certification service provider and Trust Service Provider.
  • trust service status list:list of the trust service status information, protected to assure its authenticity and integrity, from which interested parties may determine whether a trust service has been assessed as operating in conformity with recognised criteria for a given class of trust service
  • trust service status list provider:trust service provider issuing a Trust Service Status List
  • trust service token:physical or binary (logical) object generated or issued as a result of the use of a Trust Servic. NOTE:  Examples of binary Trust Service Tokens are certificates, CRLs, Time-Stamp Tokens, OCSP responses, evidence of delivery issued by a REM Service Provider.
  • trusted list:profile of the trust service status list that is the national supervision/accreditation status list of certification services from Certification Service Providers, which are supervised/accredited by the referenced Member State for compliance with the relevant provisions laid down in Directive 1999/93/EC [i.1]

Abbreviations

  • AdES  Advanced Electronic Signature
  • AdESQC
    Advanced Electronic Signature supported by a Qualified Certificate  ANSSI  (French) Agence national de la Sécurité de Systèmes d’Information
  • API  Application Program Interface
  • ASiC  Associated Signature Containers
  • BES  Basic Electronic Signature (used with CAdES/XAdES and PAdES)
  • BSI  Bundesamt für Sichereit (German Federal Office for Information Security)
  • CA Certification Authority
  • CAB Forum  CA Browser Forum
  • CAdES  CMS Advanced Electronic Signature
  • CD  [European] Commission Decision
  • CEN  Comité Européen de Normalisation
  • CMS  Cryptographic Message Syntax
  • CRL Certificate Revocation List
  • CSP  Certification Service Provider
  • CWA CEN Workshop Agreement
  • DIS Draft International Standard
  • DPS  Data Preservation System
  • DPSP  Data Preservation Service Provider
  • DSS  Digital Signature Standard (as published by OASIS)
  • E-CODEX  e-Justice Communication via Online Data Exchange
  • EESSI  European Electronic Signature Standardization Initiative
  • EN European Norm
  • EPES  Explicit Policy Electronic Signature (used with CAdES / XAdES and PAdES)
  • ETSI  European Telecommunications Standards Institute
  • HSM  Hardware Security Module
  • HTTP  Hypertext Transfer Protocol
  • IAS  Identification, Authentication and Digital Signature
  • IDPF  International Digital Publishing Forum
  • ISO  International Organization for Standardization
  • LoA  Level of Assurance
  • LTV  Long term Validation (used with PAdES)
  • MTM Mobile Trusted Module
  • NFC  Near Field Communication
  • OCSP  Online Certificate Status Protocol
  • OASIS  Organization for the Advancement of Structured Information Standards
  • OEBPS  Open E-Book Publishing Structure
  • PAdES  PDF Advanced Electronic Signature
  • PKC  Public Key Certificate
  • PEPPOL  Pan-European Public eProcurement On-Line
  • PP Protection Profile
  • QC Qualified Certificate
  • QES  Qualified Electronic Signature
  • RED  Registered Electronic Delivery
  • REM  Registered Electronic Mail
  • REM-MD  Registered Electronic Mail – Management Domain
  • SCA Signature Creation Application
  • SGSP  Signature Generation Service Provider
  • SOGIS  Senior Officials Group – Information Systems Security
  • SP Signature Policy
  • SR Special Report
  • SCD  Signature Creation Device
  • SSCD  Secure Signature Creation Device
  • SMIME  Secure Multi-Purpose Internet Mail Extensions
  • SMTP  Simple Mail Transfer Protocol
  • SOAP  Simple Object Access Protocol
  • SPOCS  Simple Procedures Online for Cross-border Services
  • STORK  Secure identity across borders linked) being the most relevant
  • SSL Secure Socket Layer
  • SVA Signature Validation Application
  • SVSP  Signature Validation Service Provider
  • TASP  Trust Application Service Provider
  • TC Technical Committee
  • TOE  Target of Evaluation
  • TEE  Trusted Execution Environment
  • TL Trusted List
  • TR Technical Report
  • TS Technical Specification
  • TSL  Trust Service Status List
  • TSP  Trust Service Provider
  • TSPPKC  Trust Service Provider issuing Public Key Certificates
  • TSPQC  Trust Service Provider issuing Qualified Certificates
  • TSSLP  Trust Service Status List Provider
  • TSSP  Time-Stamping Service Provider
  • UPU  Universal Postal Union
  • USB  Universal Serial Bus
  • WI Work Item
  • XAdES  XML Advanced Electronic Signature
  • XSL eXtensible Stylesheet Language
  • XML eXtensible Markup Language
  • XMLDSig  XML Digital Signature

Document Types

The documents required for standardisation of each of the different electronic signature functional areas have been  organised around the following five types of documents:

  1. Guidance:This type of documents does not include any normative requirements but provides business driven guidance on addressing the eSignature (functional) area, on the selection of applicable standards and their options for a particular business implementation context and associated business requirements, on the implementation of a standard (or a series of standards), on the assessment of a business implementation against  a standard (or a series of standards), etc.
  2. Policy & Security Requirements:This type of document specifies policy and security requirements for  services and systems, including protection profiles. This brings together use of other technical standards and  the security, physical, procedural and personnel requirements for systems implementing those technical  standards.
  3. Technical Specifications:This type of document specifies technical requirements on systems. This includes  but is not restricted to technical architectures (describing standardised elements for a system and their  interrelationships), formats, protocols, algorithms, APIs, profiles of specific standards, etc.
  4. Conformity Assessment:This type of document addresses requirements for assessing the conformity of a  system claiming conformity to a specific set of technical specifications, policy or security requirements  (including protection profiles when applicable). This primarily includes conformity assessment rules (e.g.  common criteria evaluation of products or assessment of systems and services).
  5. Testing Compliance & Interoperability:This type of document addresses requirements and specifications  for setting-up interoperability tests or testing systems or for setting-up tests or testing systems that will provide  automated checks of compliance of products, services or systems with specific set(s) of technical specifications.

Numbering Scheme

A consistent numbering for such documentation was searched with the aim to identify a single and consistent series of  eSignature standards and with the aim to enable each document to keep the same number whatever maturity level it  reaches through its lifetime. The numbering scheme being used is defined as follows:

  • DD L19 xxx-z

Where:

  • DD  indicates the deliverable type in the standardisation process (SR, TS, TR and EN)
  • L
    when set to 4: identifies a CEN deliverable,
    when set to 0, 1, 2, or 3: identifies an ETSI deliverable and the type of deliverable in the  standardisation process

019 for ETSI published Special Reports (SR)
119 for ETSI published Technical Specification (TS) and Technical Report (TR)
219 for ETSI published Standard (ES) and ETSI Guide (EG)
319 for ETSI published European Norm (EN)
419 for CEN published Technical Specification (TS) or European Norm (EN)

  • 19  indicates the series of standardisation documents related to eSignatures
    ETSI/CEN may further extend this numbering system in line with their own practices.
  • xxx  indicates the serial number (000 to 999):

where Xxx identifies the area:

0-generic to a number of areas;
1-Signature Creation and Validation;
2-Signature Creation Devices;
3-cryptographic suites;
4-Trust Service Providers  supporting eSignatures;
5-Trust Application Service Providers;
6-Trust Service Status Lists Providers);

where xXx identifies a sub-area within the identified area, or 0 for documents generic to a given area;
where xxX identifies the type of document:

0-Guidance;
1-Policy and Security Requirements;
2-Technical Specifications;
3-Conformity Assessment;
4- Testing Compliance and Interoperability.

  • -z  identifies multi-parts as some documents may be multi-part documents.

Additional numbering for identifying parts and versions will be in line with ETSI or CEN conventions depending on which organisation publishes the document.

Defined documents: Generic

Guidance

TR 119 000  Rationalised structure for Electronic Signature Standardisation
This document provides the framework for the x19 000 series of documents on Electronic Signature standardisation. It  specifies the schema for electronic signature standardisation. It also provides the basis for the provision of business guidance provided in the other areas and reference the business guidance for signature creation and validation (TR 119  100) as the recommended starting point for the analysis of requirements in particular for those target audiences being  stakeholders wishing to introduce and implement eSignatures in a business electronic process. It includes a basic  classification on assurance levels to be used across all the areas. In addition, it establishes definitions of commonly  applicable terms.
TR 419 010  Extended Rationalised structure including IAS
This document proposes an extension for the Rationalised structure for Electronic Signature Standardisation to cover  Electronic Identification, Authentication and Signatures.
SR 019 020  Rationalised Framework of Standards for AdES in Mobile environments
This document will provide details on the framework of standards (including potential architectures and relevant  scenarios) required for the creation and validation of advanced electronic signatures in the mobile environment  (Advanced Electronic Signatures in Mobile Environments).

Policies

TR 119 001  Rationalised Framework for Electronic Signature Standardisation: Definitions and  abbreviations
This document will list all definitions & abbreviations used in documents of the rationalised framework and serve as  reference. Documents from the rationalised framework will either include definitions / abbreviations by reference to TR  119 001 and/or by copying definitions from TR 119 001.

Defined documents: Signature generation and validation

Guidance

TR 119 100  Business Driven Guidance for implementing Signature Creation and Validation
This document provides business guidance for the use of electronic signature standards from the viewpoint of signature
creation and validation. This will include guidance on selection between the different signature formats. It proposes a
business driven process for implementing generation and validation of electronic signatures in electronic
business. Starting from their business model, stakeholders are guided for properly specifying all the relevant parameters
(hereafter “Business Scoping Parameters”) regarding the creation and the validation of electronic signatures for the
specific addressed application / business processes. Finally, stakeholders are guided for making the best choice among
the wide offer of standards from the Rationalised Framework of European Standards for Electronic Signatures in order
to ensure the best implementation of electronic signatures within the addressed application / business processes.
The process proposed by this guidance is defined in a way that ensures to stakeholders a proper and consistent treatment
of all the Business Scoping Parameters, explicitly taking into account:
•   parameters directly dependant on the specific application or business process,
•   parameters derived from the regulatory/legal framework where the business must be conducted,
•   parameters inherent to the different types of signing entities, as well as
•   other aspects that do not fall within the above three listed categories but are important to be addressed when
implementing electronic signatures.
The purported audience of this document is rather wide and includes different readers’ profiles:

1)  Business managers who potentially require support from electronic signatures in their business will find here
an understandable explanation of how electronic signatures standards may be used to meet their business
needs.
2)  Application architects who will find here material that will guide them throughout the difficult process of
designing a system that fully and properly satisfies all the business and legal/regulatory requirements specific
to electronic signatures, and will gain a better and understanding on how to select the proper standards to be
implemented and/or used.
3)  Developers of the systems who will find in this document an understanding of the business driven approach
underlying the decisions made by the business managersand application architects on the scoping parameters
to be used when creating and validating electronic signatures in the concerned business processes, as well as a
proper knowledge of the standards that exist in the field and that they must know in detail for a proper
development.
Policy and Security Requirements
EN 319 101  Policy and Security Requirements for Electronic Signature Creation and Validation
This document provides policy and security requirements for electronic Signature Creation and Validation
(Applications). This includes procedural aspects that are not directly machine processable, as well as aspects which may
be defined in a machine processable way (see EN 319 172). This includes requirements for the secure operation of
signature creation and validation applications such as might be provided by an information security management
system.
This document includes a template for a Human readable document covering the rules to be applied on the electronic
signatures to be considered in a business e-process environment.
NOTE:  This takes into account the standards for Information Security Management Systems in ISO 27000 [i.10]
and templates for practice statements as in RFC 3647 [i.11].
EN 419 111  Protection Profiles for Signature Creation & Validation Applications
This is a multi-part document covering the following topics:
•  Introduction: this document is an introduction that defines the security requirements for Signature Creation
Applications (SCA) and Signature Validation Applications (SVA). It defines terms used in all parts, the
SCA/SVA, their functions, and their environment.
•  Core PP for an Signature Creation Application: this document specifies a protection profile for an SCA. It
defines security requirements for SCA conformity from the perspective of a security evaluation. The Target of
Evaluation (TOE) considered in this Protection Profile (PP) corresponds to software, running on an operating
system and hardware, the Signature Creation Platform. The TOE, using services provided by the Signature
Creation Platform and by an SSCD allows the signatory to generate an electronic signature.
•  Extensions to Core PP for an SCA.
•  Core PP for an SVA: this document specifies a protection profile for an SVA. It defines security
requirements for SVA conformity from the perspective of a security evaluation. The Target of Evaluation
(TOE) considered in this PP corresponds to software, running on an operating system and hardware, the
Signature Validation Platform. The TOE, using services provided by the Signature Validation Platform and by
the environment allows the verifier to check an electronic signature.
•  Extensions to Core PP for an SVA.
Technical Specifications
EN 319 102  Procedures for Signature Creation and Validation
This document specifies procedures for creation and validation of an AdvancedElectronic Signature within a given
policy context. This document specifies support for validation of XAdES (XML Advanced Electronic Signature),
CAdES (CMS Advanced electronic signature), PAdES (PDFAdvanced electronic signature), AdES in Mobile
environments and ASiC (Associated Signature Containers) signatures taking into account use of Trusted Lists. This

includes a standardised structure for a list of the criteria to be checked for validation, and for the report resulting from
validation.
EN 319 122  CMS Advanced Electronic Signatures (CAdES)
This multipart document contains all the specifications related to Advanced Electronic Signatures built on top of CMS
signatures by incorporation of signed and unsigned attributes. It includes the base specification and associated profiles,
and in particular:
•  an Overview of CAdESand its profiles, and the relationship between them.
•  CMS Advanced Electronic Signatures (CAdES) – Core specifications:This document specifies the format
for a set of attributes that are added to CMS signatures to become CMS Advanced Electronic Signatures. It
also specifies requirements on their construction and incorporation to the signature as signed or unsigned
attributes.
•  CAdES Baseline Profile:This document specifies a profile identifying a minimum set of options that are
appropriate for maximizing interoperability between CAdES signatures.
NOTE 1:  The baseline profile defines a baseline profile for CAdES that provides the basic features necessary for a
wide range of business and governmental use cases for electronic procedures and communications to be
applicable to a wide range of communities when there is a clear need for interoperability of AdES
signatures to be interchanged across borders. In particular it takes into account needs for interoperability
of AdES signatures used in electronic documents issued by competent authorities to be interchanged
across borders in the context of the European Services Directive [i.15].
NOTE 2: When no specific use case would have requirements not satisfied by the baseline profile, no other specific
profile will be added. Should it be otherwise, new profiles would be build on the baseline profile, unless
the actual requirements would avoid it.
EN 319 132  XML Advanced Electronic Signatures (XAdES)
This multipart document contains all the specifications related to Advanced Electronic Signatures built on top of XML
signatures by incorporation of signed and unsigned properties.It includes the base specification and associated profiles,
and in particular:
•  an Overview of XAdESand its profiles, and the relationship between them.
•  XML Advanced Electronic Signatures (XAdES) – Core specifications:This document specifies the format
for a set of properties that are added to XML Signatures for becoming an XML Advanced Electronic
Signature. It also specifies requirements on their construction and incorporation (distributed or not-distributed)
to the signature as signed or unsigned properties.
NOTE 1:  This will need to take account of updates to XMLDSig [i.12].
•  XAdES Baseline Profile:This document specifies a profile identifying a common set of options that are
appropriate for maximizing interoperability between XAdES signatures.
NOTE 2:  The baseline profile defines a baseline profile for XAdES that provides the basic features necessary for a
wide range of business and governmental use cases for electronic procedures and communications to be
applicable to a wide range of communities when there is a clear need for interoperability of AdES
signatures to be interchanged across borders. In particular it takes into account needs for interoperability
of AdES signatures used in electronic documents issued by competent authorities to be interchanged
across borders in the context of the European Services Directive [i.15].
NOTE 3: When no specific use case would have requirements not satisfied by the baseline profile, no other specific
profile will be added. Should it be otherwise, new profiles would be build on the baseline profile, unless
the actual requirements would avoid it.

EN 319 142  PDF Advanced Electronic Signatures (PAdES)
This multipart document contains all the specifications related to Advanced Electronic Signatures embedded within
PDF documents. It includes the base specification and associated profiles, and in particular.
•  PAdES Overview – a framework document for PAdES:This document provides a framework for the set of
profiles for PAdES. It provides a general description of support for signatures in PDF documents including use
of XML signatures to protect XML data in PDF documents; it also lists the features of the different profiles
specified in other parts of the document; finally it describes how the profiles may be used in combination.
•  PAdES Basic – Profile based on ISO 32000-1 [i.13]: This document profiles the use of PDF signatures,
based on CMS, as described in ISO 32000-1 [i.13], for its use in any application areas where PDF is the
appropriate technology for exchangeof digital documents including interactive forms.
•  PAdES Enhanced – PAdES-BES and PAdES-EPES Profiles:This document profiles the use of PDF
Signatures specified in ISO 32000-1 [i.13] with an alternative signature encoding to support signature formats
equivalentto the signature forms CAdES-BES, CAdES-EPES and CAdES-T as specified in EN 319 122.
•  PAdES Long Term – PAdES-LTV Profile:This document profiles the electronic signature formats found in
ISO 32000-1 [i.13] to support Long Term Validation (LTV) of PDF signatures. It specifies a profile to support
the equivalent functionality to the signature forms CAdES-X Long and CAdES-A as specified in EN 319 122
in a single profile PAdES-LTV, by incorporation ofnewly specified PDF objects conveying the required
validation material.
•  PAdES for XML Content – Profiles for XAdES signatures:This document defines profiles for the usage of
XAdES signatures, as defined in EN 319 132, for signing XML content within the PDF containers, including
the following situations:
-  One XML document (compliant with an arbitrary XML language, like Universal Business Language for
e-Invoicing) that is completely or partially signed with at least one enveloped XAdES signature and that
is incorporated within a PDF container.
-  Signed (with XML Sig or XAdES signature) dynamic XML Forms Architecture forms.
•  Visual Representations ofElectronic Signatures:This document specifies requirements and
recommendations for the visual representations of Advanced Electronic Signatures (AdES) in PDFs. This
covers:
-  Signature appearance: The visual representation of the human act of signing placed within a PDF
document at signing time and linked to an Advanced Electronic Signature.
-  Signature validation representation: The visual representation of the validation of an Advanced
Electronic Signature.
•  PAdES Baseline Profile:This document specifies a profile identifying a common set of options that are
appropriate for maximizing interoperability between PAdES signatures.
NOTE 1:  The baseline profile defines a baseline profile for PAdES that provides the basic features necessary for a
wide range of business and governmental use cases for electronic procedures and communications to be
applicable to a wide range of communities when there is a clear need for interoperability of AdES
signatures to be interchanged across borders. In particular it takes into account needs for interoperability
of AdES signatures used in electronic documents issued by competent authorities to be interchanged
across borders in the context of the EU Services Directive [i.15].
NOTE 2: When no specific use case would have requirements not satisfied by the baseline profile, no other specific
profile will be added. Should it be otherwise, new profiles would be build on the baseline profile, unless
the actual requirements would avoid it.
TS 119 152  Architecture for Advanced Electronic Signatures in Mobile Environments
This document will identifies the architectural components, protocol requirements and sequence of interactions
required for scenarios based on those in SR 019 020
EN 319 162  Associated Signature Containers (ASiC)

This multipart document contains all the specifications related to the so-called Associated Signature Container. That is
containers that bind together a number of signed data objects with Advanced Electronic Signatures applied to them or
time-stamp tokens computed on them. This document includes the base specification and associated profiles, and in
particular:
•  an Overview of ASiCand its profiles, and the relationship between them.
•  Associated Signature Containers (ASiC) – Core specifications:This document specifies the format for a
single container binding together a number of signed objects (e.g. documents, XML structured data,
spreadsheet, multimedia content) with either AdvancedElectronic Signatures or time-stamps. This uses
package formats based on ZIP and supports the following signature and time-stamp token formats: CAdES
signature(s) as specified in EN 319 122, XAdES detached signature(s) as specified in EN 319 132; and RFC
3161 [i.16] time-stamp tokens.
•  ASiC Baseline Profile:This document specifies a profile identifying a common set of options that are
appropriate for maximizing interoperability between ASiC containers.
NOTE 1:  The baseline profile defines a baseline profile for ASiC that provides the basic features necessary for a
wide range of business and governmental use cases for electronic procedures and communications to be
applicable to a wide range of communities when there is a clear need for interoperability of AdES
signatures, on which ASiC is based, to be interchanged across borders. In particular it takes into account
needs for interoperability of AdES signatures used in electronic documents issued by competent
authorities to be interchanged across borders in the context of the European Services Directive [i.15].
NOTE 2: When no specific use case would have requirements not satisfied by the baseline profile, no other specific
profile will be added. Should it be otherwise, new profiles would be build on the baseline profile, unless
the actual requirements would avoid it..
EN 319 172  Signature Policies
This document addresses signature policies to be used in the management of electronic signatures within extended
business models. This is a multi-part document whose internal structure is shown below:
•  Part 1 – Signature Policies:This document elaborates the concept of signature policy documents, addresses
relevant aspects of their usage, and specifies the constituent parts of a signature policy and their semantics.
This provides a standardised table of content for human readable. It also includes a common EU signature
policy which may be used for qualified electronic signatures and advanced electronic signatures supported by
qualified certificates in Europe.
•  Part 2 – XML format for Signature Policies:This document specifies a XML format for those parts of the
Signature Policy that may be structured and are worth to be automatically processed by both signing and
verifying applications. This document also specifies the processes to be performed by the aforementioned
applications while using this format during the generation or the validation of electronic signatures.
•  Part 3 – ASN.1 format for Signature Policies:This document specifies an ASN.1 format for those parts of
the Signature Policy that may be structured and are worth to be automatically processed by both signing and
verifying applications. This document also specifies the processes to be performed by the aforementioned
applications while using this format during the generation or the validation of electronic signatures.
Conformity Assessment
EN 319 103  Conformity Assessment for Signature Creation and Validation Applications (& Procedures)
This document introduces the three aspects of assessment detailed in separate specifications:
a)  Assessment of user environment against policy requirements: the conformity rules for assessing conformity of
SCA or SVA against Policy Requirements. This will show the complete process for performing complete
assessment and make some reference to other conformity assessment guidance (including technical
specifications, protection profiles, signature policies.
b)  Assessment of products and applications for electronic signature creation and validation against protection
profiles.
c)  Assessment of conformity to Advanced Electronic Signature formats and protocols.

d)  Assessment of conformity of a specific machine processable signature policy to the business process policy
requirements.
NOTE:  Assessment may require use of testing compliance or interoperability.
Testing Conformance & Interoperability
TS 119 104  General requirements on Testing Conformance & Interoperability of Signature Creation and
Validation
This set of documents specifies general requirements for testing conformance and interoperability of signature creation
and validation applications.
As a general principle, TS 119×04 documents are meant to group common requirements to all potential sub-parts with
regards to testing conformance & interoperability. It could also be used as an introductory document to how testing
conformance & integrity is dealt with in the sub-areas (e.g. general principles and requirements for PlugTests).
TS 119 124  CAdES Testing Conformance & Interoperability
This document provides technical specifications for helping implementers and accelerating the development of CAdES
signature creation and validation applications. The test results may also be used in conformity assessment for signature
creation and validation applications (EN 319 103) with policies requiring conformity to CAdES formats and
procedures. First, it will define test suites as completelyas possible for supporting the organization of interoperability
testing events where different CAdES related applications may check their actual interoperability. Additionally, it will
include the specifications required for building up software tools for actually testing technical conformance of CAdES
signatures against the relevant CAdES related technical specifications.
This is a multi-part document covering the following topics:
•  Test suites for testing interoperability of CAdES signatures:This document would be used by those
entities interested in testing the interoperability of tools that generate and verify CAdES signatures not
adhering to any specific profile, but compliant with the mother CAdES specification as defined in EN 319 122.
•  Test suites for testing interoperability of Baseline CAdES signatures:This document would be used by
those entities interested in testing the interoperability of tools that generate and verify CAdES signatures that
claim to be compliant with the CAdES Baseline Profile as specified in EN 319 122.
•  Specifications for testing conformance of CAdES Signatures:This document will specify, among other
things, rules for testing conformance of signatures against the CAdES specification. It will allow developing a
tool that can automatically check that a CAdES signature is fully conformant with the relevant aforementioned
specifications, without claiming any statement on its validity.
•  Specifications for testing conformance of Baseline CAdES Signatures:This document will specify, among
other things, rules for testing conformance of signatures against the CAdES Baseline Profile specification. It
will allow developing a tool that canautomatically check that a CAdES Baseline signature is fully conformant
with the relevant aforementioned specifications, without any statement on its validity.
•  Specifications for testing conformance of CAdES Signatures validation:This will allow developing a tool
that can automatically check that a generated CAdES signature is fully conformant with the relevant
aforementioned specifications and validate the signature according to EN 319 102.
NOTE 1:  A study should be made for assessing the need of a separate part for supporting conformance testing of
signature validation.
NOTE 2:  A study should be made for assessing the need of an additional part for supporting the potential
development and/or maintenance of a reference implementation.
TS 119 134  XAdES Testing Conformance & Interoperability
This document provides technical specifications for helping implementers and accelerating the development of XAdES
signature creation and validation applications. The test results may also be used in conformity assessment for signature
creation and validation applications (EN 119 103) with policies requiring conformity to XAdES formats and
procedures. First, it will define test suites as completelyas possible for supporting the organization of interoperability
testing events where different XAdES related applications may check their actual interoperability. Additionally, it will

include the specifications required for building up software tools for actually testing technical conformance of XAdES
signatures against the relevant XAdES related technical specifications.
This is a multi-part document structured as follows:
•  Test suites for testing interoperability of XAdES signatures:This document will be used by entities
interested in testing tools that generate and verify XAdES signatures not adhered to any specific profile, but
compliant with the mother XAdES specification as defined in EN 319 132.
•  Test suites for testing interoperability of Baseline XAdES signatures:This document will be used by
entities interested in testing tools that generate and verify XAdES signatures that claim to be compliant with
the XAdES Baseline Profile as specified in EN 319 132.
•  Specifications for testing conformance of XAdES Signatures:This document will specify, among other
things, rules for testing conformance of signatures against the XAdES specification. It will allow developing a
tool that can automatically check that generated XAdES signatures are fully conformant with the relevant
aforementioned specifications, without any statement on their validity.
•  Specifications for testing compconformance liance of Baseline XAdES Signatures:This document will
specify, among other things, rules for testing conformance of signatures against the XAdES specification. It
will allow developing a tool that canautomatically check that a XAdES Baseline signature is fully conformant
with the relevant aforementioned specifications, without claiming any statement on its validity.
•  Specifications for testing conformance of XAdES Signatures validation:This should allow developing a
tool that could automatically check that the XAdES signatures generated by a certain tool are fully conformant
with the relevant aforementioned specifications and validate the signature according to EN 319 102.
NOTE 1:  A study should be made for assessing the need of a separate part for supporting conformance testing of
signature validation.
NOTE 2:  A study should be made for assessing the need of an additional part for supporting the potential
development and/or maintenance of a reference implementation.
TS 119 144  PAdES Testing Conformance & Interoperability
This document provides technical specifications for helping implementers and accelerating the development of PAdES
signature creation and validation applications. The test results may also be used in conformity assessment for signature
creation and validation applications (EN 319 103) with policies requiring conformity to PAdES formats and procedures.
First, it will define test suites as completely as possible for supporting the organization of interoperability testing events
where different PAdES related applications may check their actual interoperability. Additionally, it will include the
specifications required for building up software tools for actually testing technical conformance of PAdES signatures
against the relevant PAdES related technical specifications.
This is a multi-part document structured as follows:
•  Overview.
•  Test suites for testing interoperability of PAdES signatures:This document will be used by entities
interested in testing tools that generate and verify PAdES signatures not adhered to any specific profile, but
compliant with the mother PAdES specification as defined in EN 319 142.
•  Test suites for testing interoperability of Baseline PAdES signatures:This document will be used by
entities interested in testing tools that generate and verify PAdES signatures that claim to be compliant with
the PAdES Baseline Profile as specified in EN 319 142.
•  Specifications for testing compconformance liance of PAdES Signatures:This document will specify,
among other things, rules for testing conformance of signatures against the PAdES specification. It will allow
developing a tool that can automatically check that generated PAdES signatures are fully onformant with the
relevant aforementioned specifications, without any statement on their validity.
•  Specifications for testing conformance of Baseline PAdES Signatures:This document will specify, among
other things, rules for testing conformance of signatures against the PAdES Baseline Profile specification. It
will allow developing a tool that could automatically check that a PAdES Baseline signature is fully

conformant with the relevant aforementioned specifications, without claiming any statement on their validity
or not.
•  Specifications for testing conformance of PAdES Signatures validation:This will allow developing a tool
that can automatically check that a PAdES signature is fully conformant with the relevant aforementioned
specifications and validates the signature according to EN 319 102.
NOTE 1:  A study should be made for assessing the need of a separate part for supporting conformance testing of
signature validation.
NOTE 2:  A study should be made for assessing the need of an additional part for supporting the potential
development and/or maintenance of a reference implementation.
TS 119 154   Testing Conformance & Interoperability of AdES in Mobile environments
This document will provide technical specifications for helping implementers and accelerating the development of
creation and validation applicationsfor advanced electronic signatures in mobile environments.
TS 119 164  ASiC Testing Conformance & Interoperability
This document provides technical specifications for helping implementers and accelerating the development of ASiC
containers creation and validation applications. The test results may also be used in conformity assessment for signature
creation and validation applications (EN 319 103) with policies requiring conformity to ASiC formats and procedures.
First, it will define test suites as complete as possible for supporting the organization of interoperability testing events
where different ASiC related applications may check their actual interoperability. Additionally, it will include the
specifications required for building software tools for actually testing technical conformance of ASiC against the
relevant ASiC related technical specifications.
This is a multi-part document covering the following topics:
•  Overview.
•  Test suites for testing interoperability of ASiC:This document will be used by entities interested in testing
tools that generate and verify ASiC not adhered to any specific profile, but compliant with the mother ASiC
specification as defined in EN 319 162.
•  Test suites for testing interoperability of Baseline ASiC:This document will be used by entities interested
in testing tools that generate and verify ASiC that claim to be compliant with the ASiC Baseline Profile as
specified in EN 319 162.
•  Specifications for testing conformance of ASiC:This document will specify, among other things, rules for
testing conformance of signatures against the ASiC specification. It will allow developing a tool that can
automatically check that generated ASiC are fully conformant with the relevant aforementioned specifications,
without any statement on their validity.
•  Specifications for testing conformance of Baseline ASiC:This document will specify, among other things,
rules for testing conformance of signatures against the ASiC specification. It will allow developing a tool that
can automatically check that Baseline ASiC are fully conformant with the relevant aforementioned
specifications, without claiming any statement on their validity.
•  Specifications for testing conformance of ASiC validation:This will allow developing a tool that can
automatically check that ASiC are fully conformant with the relevant aforementioned specifications and that
validates the signature according to EN 319 102.
NOTE 1:  A study should be made for assessing the need of a separate part for supporting conformance testing of
signature validation.
NOTE 2:  A study should be made for assessing the need of an additional part for supporting the potential
development and/or maintenance of a reference implementation.
TS 119 174   Testing Conformance & Interoperability of Signature Policies
This document provides technical specifications for helping implementers and accelerating the development of
Signature Policies. The test results may also be used inconformity assessment for signature creation and validation

applications (EN 319 103) with policies requiring conformity to machine processable Signature Polices format
specifications.
First, it will define test suites as complete as possible for supporting the organization of interoperability testing facilities
where different Signature Policy based applications may check their actual interoperability.
Additionally, it will include the specifications required for building software tools for actually testing technical
conformance of machine processable Signature Policies against the relevant technical specifications.

Defined documents: Signature related devices

Guidance
TR 419 200  Business Driven Guidance for Signature Creation and Other Related Devices
This document provides guidance for the selection of standards for electronic signature devices for given business
requirements.
Policy & Security Requirements
Policy and Security Requirements for Signature Creation Devices
No requirement has been identified for this type of document as requirements for the use of signature creation devices is
addressed as part of the policy requirements of the signing environment in EN 319 101.

EN 419 211  Protection Profiles for Secure Signature Creation Devices
This document specifies the security requirements for a SSCD which is the target of evaluation. It follows the rules and
formats of the Common Criteria v3 [i.17].
This is a multi-part document covering the following topics:
•  Part 1- Overview: An introduction to the SSCD protection profiles.
•  Part 2 – Device with key generation:This document specifies a protection profile for an SSCD that performs
its core operations including the generation of signature keys in the device. This profile may be extended
through extensions specified in other parts.
•  Part 3 – Device with key import: This document specifies a protection profile for an SSCD that performs its
core operations including import of the signature key generated in a trusted manner outside the device.
•  Part 4 – Extension for device with key generation and trusted communication with certificate generation
application: This document specifies an extension protection profile for an SSCD with key generation that
support establishing a trusted channel with a certificate-generating application. This profile may be extended
through extensions specified in other parts.
•  Part 5 – Extension for device withkey generation and trusted communication with signature creation
application: This document specifies an extension protection profile for an SSCD with key generation that
additionally supports establishing a trusted channel with a signature-creation application.
•  Part 6 – Extension for device with key import and trusted communication with signature creation
application:This document specifies an extension protection profile for an SSCD with key import that
additionally supports establishing a trusted channel with a signature-creation application.
Additional protection profiles or other form of security certification and security evaluation processes may be required,
to ensure that they offer the relevant level of security, for other types of devices such as, e.g.:
•  Mobile phones with hardware-based security (TEE, MTM, etc.).
•  HSM being recognised as an SSCD.
•  SSCD used for mass signing operations (e.g. for signing a series of documents).
EN 419 221  Protection profiles for TSP Cryptographic modules
This multi-part document specifies protection for cryptographic device devices used by Trust Service Providers. It
covers the following topics:
•   Part 1 – Overview: This part of EN 419 221 provides an overview of the protection profiles specified in other
parts of TS 419 221.
•   Part 2 – Protection profile for Cryptographic module for CSP signing operations with backup – high
security level: This part of EN 419 221 specifies a protection profile for cryptographic modules used by
certification service providers (as specified in Directive 1999/93 [i.1]) for signing operations, with key backup,
at a high level of security. Target applications include root certification authorities (certification authorities
who issue certificates to other CAs and who are at the top of a CA hierarchy) and other certification service
providers where there is a high risk of direct physical attacks against the module.
•   Part 3 – Protection profile for Cryptographic module for CSP key generation services – high security
level: This part of EN 419 221 specifies a protection profile for cryptographic modules used by certification
service providers (as specified in Directive 1999/93 [i.1]) for generating signing keys for use by other parties,
at a high level of security. Target applications include root certification authorities and other certification
service providers where there is a high risk of direct physical attacks against the module.
•   Part 4 – Protection profile for Cryptographic module for CSP signing operations – high security level:
This part of EN 419 221 specifies a protection profile for cryptographic modules used by certification service

providers (as specified in Directive 1999/93 [i.1]) for signing operations, without key backup, at a high level of
security. Target applications include root certification authorities (certification authorities which issue
certificates to other CAs and is at the top of a CA hierarchy) and other certification service providers where
there is a high risk of direct physical attacks against the module.
•   Part 5: Protection profile for Cryptographic module for TSP signing and authentication – moderate
security level: This part of EN 419 221 specifies a protection profile for cryptographic modules used by trust
service providers for signing operations and authentication services at a moderate level of security. This
protection profile includes support for protected backup of keys. The target of this part is:
a)  provision of cryptographic support for TSP signing operations including applications such as
certification authorities who issue qualified and non-qualified certificates to end users, level 1 signing
services as identified in EN 419 241, data “sealing” by or on behalf of a legal entity, time-stamping
services and validation services; and
b)  provision of both symmetric and asymmetric cryptographic support for TSP authentication services ,
for example for authenticating users of signing services as specified in EN 419 241.
This profile assumes that the cryptographic module is in a physically secured environment and that there is a
low risk of untrusted personnel having direct physical access to the device.
EN 419 231  Security requirements for trustworthy systems supporting time-stamping
This document defines security requirements for a time-stamping system which consists of at least a time-stamping unit
(a set of hardware including an internal clock and software creating time-stamp tokens) and of administration and
auditing used to provide time-stamping services.
Informative annexes will provide check lists for conformity assessment.
EN 419 241  Trustworthy Systems Supporting Server Signing
This document is to become a multi-part document including general security requirements and protection profiles for
Trustworthy Systems (TWSs) supporting server signing. The document is intended for use by developers and evaluators
of a Server Signing Application and of its components. The details for this document have yet to be agreed in CEN TC
224 Working Group 17.
EN 419 251  Protection Profiles for Authentication Devices
This multi-part document defines security requirements for conformity of an authentication hardware device (such as,
for example, a smart card or USB token) from the perspective of a security evaluation.
This multi-part document covers the following aspects:
•  Part 1defines a PP for a device with only the core features and key import. It is the minimum product.
•  Part 2defines a PP for a device with key import, key generation, trusted channel with the CA, trusted
channel with the Administration application and administration.
•  Part 3defines additional featuresthat can be added to part 1 or part2 in order to define a new PP with
enhanced features.
EN 419 261  Security Requirements for Trustworthy Systems Managing Certificates for Electronic
Signatures Requirements
This document establishes security requirements for trustworthy systems and technical components that can be used by
a TSP in order to issue qualified and non-qualified certificates.
Technical specifications
EN 419 212  Application Interfaces for Secure Signature Creation Devices
This standard describes an application interface and behaviour of the SSCD in the context of Identification,
Authentication and Electronic Signature (IAS) services.

This is a multi-part document covering the following topics:
•  Part 1: Introduction.
•  Part 2 describesBasic services for electronic signatures:This document specifies mandatory mechanisms
for cryptographic devices such as smart cards, hardware security modules to be used as SSCD, and covers user
validation, signature creation, device authentication, password-based mechanisms, establishment of a secure
channel and key generation.
•  Part 3 describesAdditional servicesin the context of electronic signatures:This document specifies
mechanisms to support services around Identification, Authentication and Digital Signature (IAS) services in
addition to the SSCD mechanisms already described in Part 1 to enable interoperability and usage for IAS
services on a national or European level. It also specifies additional mechanisms like Client/Server
authentication, role authentication, symmetric key transmission between a remote server and a smart card,
signature cryptographic verification, identity management and privacy mechanisms.
•  Part 4 describesContext specific authentication protocols for SSCDs:This document specifies context
specific authentication protocols for SSCDs, covering first the migration to suitable Authentication Protocols,
e.g. for further context specific use for other transport layers e.g. NFC, and second a glossary including the
unambiguous definition of the security properties employed by the proposed protocols.
Conformity Assessment
EN 419 203  Conformity Assessment of Secure Devices and Trustworthy systems
This document provides guidance on conformity assessment of Secure Creation Devices against the specifications
EN 419 211 and guidance on conformity assessment for trustworthy systems against the specifications EN 419 221,
EN 419 231, EN 419 241, EN 419 251 and EN 419 261.The guidance is intended for use by designated bodies,
assessors, evaluators and manufacturers.
Technical Conformance & Interoperability Testing
No requirements identified so far for such a document.

Defined documents: Cryptographic Suites

Guidance
TR 119 300  Business Driven Guidance for Cryptographic Suites
This document provides guidance for the selection of cryptographicsuites for given business requirements.
NOTE:  Regular maintenance of cryptographic suites specifications should be ensured and mechanisms for
ensuring this should be proposed and implemented.

Technical Specifications
TS 119 312  Cryptographic Suites for Secure Electronic Signatures
This document defines a number of cryptographic suites for secure electronic signatures including a list of hash
functions and a list of signature schemes, as well as the recommended combinations of hash functions and signatures in
the form of “signature suites” to support Advanced Electronic Signatures.
Technical Conformance & Interoperability Testing
No requirements identified so far.

Defined documents: TSPs Supporting Electronic Signatures

Guidance
TS 119 400  Business Driven Guidance for TSPs Supporting Electronic Signatures
This document provides guidance for the selection of standards for TSPs for given business requirements.
NOTE:  When there would be a need for identifying and producing specific Business Driven Guidance for specific
types of TSPs supporting electronic signatures, the Rationalised Framework model allows usage of TR
119 410, TR 119 420, TR 119 430, etc. documents for such purpose.

Policy & Security Requirements
EN 319 401  General Policy Requirements for TSPs Supporting Electronic Signatures
This document specifies policy requirements for TSPs Supporting Electronic Signatures that are independent of the type
of TSP.
EN 319 411  Policy & Security Requirements for TSPs Issuing Certificates
This multi-part document specifies policy and security requirements for TSPs issuing certificates. It references
EN 319 401 for generic requirements.
This is a multi-part document including the following topics:
•  Part 1 – Overview: This part provides an overview of the other parts of this document. It also describes the
relationship of the policy requirements defined in this area and the use of secure devices and trustworthy
systems defined in the “Signature Creation and Other Related Device” area.
•  Part 2 – Policy requirements for TSP issuing qualified certificates.
•  Part 3 – Policy requirements for TSP issuing public key certificates.
•  Part 4 – Policy requirements for TSP issuing web site certificates.
•  Part 5 – Policy requirements for TSP issuing Attribute Certificates.
Informative annexes will provide check lists for conformity assessment.
EN 319 421  Policy & Security Requirements for TSPs providing Time-Stamping Services
This document specifies policy requirements for TSPs providing Time-stamping services based on RFC 3161 [i.16]. It
references EN 319 401 for generic requirements.
Similarly to EN 319 411, this multi-part document may be organised to include the following topics:
•  Overview: This part provides an overview of the other parts of this document. It also describes the relationship
of the policy requirements defined in this area and the use of secure devices and trustworthy systems defined
in the “Signature Creation and Other Related Device” area.
•  Policy requirements for TSPs providing Time-stamping services. Informative annexes will provide check lists
for conformity assessment.
EN 319 431  Policy & Security Requirements for TSPs providing Signature Generation Services
This document specifies policy requirements for TSPs providing signature generation services. It references EN
319 401 for generic requirements.
Similarly to EN 319 411, this multi-part document may be organised to include the following topics:
•  Overview: This part provides an overview of the other parts of this document. It also describes the relationship
of the policy requirements defined in this area and the use of secure devices and trustworthy systems defined
in the “Signature Creation and Other Related Device” area.
•  Policy requirements for TSPs providing Signature Generation services. Informative annexes will provide
check lists for conformity assessment.
EN 319 441  Policy & Security Requirements for TSPs providing Signature Validation Services
This document specifies policy requirements for TSPs providing Signature Validation Services. It references EN
319 401 for generic requirements.
Similarly to EN 319 411, this multi-part document may be organised to include the following topics:
•  Overview: This part provides an overview of the other parts of this document. It also describes the relationship
of the policy requirements defined in this area and the use of secure devices and trustworthy systems defined
in the “Signature Creation and Other Related Device” area.

•  Policy & Security requirements for TSPs providing Signature Validation services. Informative annexes will
provide check lists for conformity assessment.
Technical Specifications
EN 319 412  Profiles for TSPs issuing Certificates
This document provides specifications for specific profiles applicable to TSPs issuing certificates including qualified
and other forms of certificates. It provides certificate profiles and a profile extension which aim to facilitate
interoperability of (qualified) certificates issued to natural person, legal person or to organisation as website certificate,
for the purposes of (qualified) electronic signatures, (qualified) electronic seals, peer entity authentication, data
authentication, as well as data confidentiality.
This is a multi-part document including the following topics:
•  Part 1 – Overview.
•  Part 2 – Certificate profile for certificates issued to natural persons.
•  Part 3 – Certificate profile for certificates issued to legal persons.
•  Part 4 – Certificate profile for website certificates issued to organisation (Baseline and Extended Validation).
•  Part 5 – Qualified certificate statements for qualified certificate profiles.
EN 319 422  Profiles for TSPs providing Time-Stamping Services
This document specifies a profile for the format and procedures for time-stamping as specified in RFC 3161 [i.16].
EN 319 432  Profiles for TSPs providing Signature Generation Services
This document specifies a profile for the format and procedures for TSPs providing Signature Generation Services.
EN 319 442  Profiles for TSPs providing Signature Validation Services
This document specifies a profile for the format and procedures for TSPs providing Signature Validation Services.
Conformity Assessment
EN 319 403  Trust Service Provider Conformity Assessment – Requirements for conformity assessment
bodies assessing Trust Service Providers
This document contains requirements for the competence, consistent operation and impartiality of conformity
assessment bodies assessing conformity of Trust Service Providers (TSP) to standardized criteria for the provision of
trust services. Requirements and guidance set out in the present document are independent of the class of trust service
provided.
EN 319 413  Conformity Assessment for TSPs Issuing Certificates
This (multi-part) document specifies requirements and provides guidance for the assessment of TSPs issuing
certificates.
NOTE:  It may be assumed that any requirement relating to completion of conformity testing might be covered
here and reference the appropriate Technical Conformance & Interoperability Testing documents.
This is a multi-part document including the following topics:
•  Conformity Assessment for Policy Requirements for TSP issuing Certificates.
EN 319 423  Conformity Assessment for TSPs providing Time-Stamping Services
This document specifies requirements and provides guidance for the assessment of TSPs providing time-stamping
services.
This is a multi-part document including the following topics:

•  Conformity Assessment for Policy Requirements for TSP providing time-stamping services
EN 319 433  Conformity Assessment for TSPs providing Signature Generation Services
This document specifies requirements and provides guidance for the assessment of TSPs providing Signature
Generation Services.
This is a multi-part document including the following topics:
•  Conformity Assessment for Policy Requirements for TSP providing Signature Generation Services.
EN 319 443  Conformity Assessment for TSPs providing Signature Validation Services
This document specifies requirements and provides guidance for the assessment of TSPs providing Signature Validation
Services.
This is a multi-part document including the following topics:
•  Conformity Assessment for Policy Requirements for TSP providing Signature Validation Services.
Testing Conformance & Interoperability
Not applicable so far.
NOTE:  At the current date, no requirement for such documents has been identified. It may however be the case
that specifications for conformity checker tools could be identified in the future such as conformity
checker for generated Trust Service tokens such as qualified certificates, public key certificates against a
specific profile, or time-stamp tokens.

Defined documents: Trust Application Service Providers

Guidance
TR 119 500  Guidance for Trust Application Service Provider
This document provides guidance for the selection of standards for trusted application service providers for given
business requirements.
The document identifies a number of relevant Trusted Application Services using electronic signatures in different
business areas, and whose provision has already been standardized. Additionally, for each of the services, it provides
guidance for the selection of the suitable standards, ensuring in this way their correct provision and interoperability
across the European Union.
SR 019 530  Study on standardisation requirements for e-Delivery services applying e-Signatures

This document will define Electronic Delivery (e-delivery) services and investigate applicable requirements from those
existing in the market (ETSI, CEN, private standards and pilots’ outcome) proposing rationalised and well organized
requirements for Electronic Delivery Applying Electronic Signatures and its possible relation to Registered E-Mail.
Policy & Security Requirements
EN 319 511  Policy & Security Requirements for Registered Electronic Mail (REM) Service Providers
This document specifies policy and security requirements for REM service providers required to be recognized as a
provider of this type of services. It might define different conformity levels for each style of operation and the
corresponding set of requirements to be satisfied in each level. This document also addresses requirements on
Information Security Management and Security requirements for REM systems. It references EN 319 501 for generic
requirements.
NOTE:  Whether a “Security (Protection) Profile for Trustworthy systems used by REM Service Providers”
should be merged within those specific policy & security requirements is yet to be further analysed.
This multi-part document includes:
•  Overview. This part provides an overview of the other parts of this document. It also describes the relationship
of the policy requirements defined in this area and the use of secure devices and trustworthy systems defined
in the “Signature Creation and Other Related Device” area.
•  Policy requirements for REM Service Providers.
Informative annexes will provide check lists for conformity assessment.
EN 319 521   Policy & Security Requirements for Data Preservation Service Providers (DPSPs)
This document specifies policy and security requirements for DPSPs. It references EN 319 501 for generic
requirements.
It may address specific Information Security Management Systems or Data Preservation Systems (DPS), by specifying
specific security requirements for Data Preservation Service Providers to abide by, when implementing and managing a
DPS, in order to provide Data Preservation Services that are trustable and reliable from the Information Security
viewpoint. This document does not address any archival specific issues, like definition of data metadata structure and
methods to build them, links between data to implement virtual folders, etc.
NOTE:  Whether a “Security (Protection) Profile for Trustworthy systems used by Data Preservation Service
Providers” should be merged within those specific policy & security requirements is yet to be further
analysed.
This multi-part document includes:
•  Overview. This part provides an overview of the other parts of this document. It also describes the relationship
of the policy requirements defined in this area and the use of secure devices and trustworthy systems defined
in the “Signature Creation and Other Related Devices” area.
•  Policy requirements for Data Preservation Service Providers.
Informative annexes will provide check lists for conformity assessment.
Technical Specifications
EN 319 512  Registered Electronic Mail Services
This document provides technical specifications for the provision of Registered Electronic Mail. This is a multi-part
document whose structure is detailed below:
•  Framework, Architecture and Evidence:This is a document structured in three sub-parts, as detailed below:
-  Registered Electronic Mail Overview – a framework document:This document provides an overview
of the whole set of specifications included in the Technical Specification.

Architecture:This document provides an overall view of the standardized service, addressing the
following aspects:
Logical model, namely: components, styles of operation, Roles within a service provider, grouping
of providers in administrative domains.
Interfaces between the different roles and providers.
Relevant events in the data objects flows and the corresponding evidence.
Trust building among providers pertaining to the same or to different administrative domains.
-  Evidence semantics and format:This document fully specifies the set of evidence managed in the
context of the service provision. The document fully specifies the semantics, the components, and the
components’ semantics for all the evidence. The document also specifies different formats for all the
evidence in different syntax, namely: XML, ASN.1 and PDF.
•  Messages formats and bindings:This part specifies different formats for the messages and the different
bindings for different transport protocols. This is a document structured in two sub-parts, as detailed below:
-  SMIME on SMTP. This document specifies the format of the data objects when SMIME structures are
used for conveying them, and when the transport protocol used is SMTP.
-  SOAP on HTTP:This document specifies the format of data objects when SOAP structures are used for
conveying them, and when the transport protocol used is HTTP.
•  Interoperability profiles:This part contains several sub-parts. Each sub-part specifies profile(s) for seamless
exchange of data objects across providers that use different formats and/or transport protocols.
NOTE 1:  Its internal structure will very much depend on the different relevant systems specified and built across
Europe, as during the last years a number of specifications and non interoperable systems based on them,
have been developed.
NOTE 2:  Requirements for support of Registered Electronic Delivery requires further investigation.
EN 319 522  Data Preservation Services through signing
This document specifies technical requirements for services providing document signing in support of data preservation.
It specifies the requirements on the use of electronic signatures and time-stamping to maintain the authenticity and
integrity of documents when stored over long periods. This can be applied to a single document or a set of documents,
including multi-media objects, held in a container. An initial study will identify standardisation requirements and how
this relates to general standardisation for archiving and data preservation.
Conformity Assessment
EN 319 513  Conformity Assessment of Registered Electronic Mail Service Providers
This document specifies requirements and provides guidance for the supervision and assessment of a Registered
Electronic Mail Service Provider based on general requirements and guidance for conformity assessment specified in
EN 19 403.
EN 319 523  Conformity Assessment of Data Preservation Service Providers
This document specifies requirements and provides guidance for the supervision and assessment of a DPSP based on
general requirements and guidance for conformity assessment specified in EN 319 403.
Testing Conformance & Interoperability
TS 119 504  General requirements for Technical Conformance & Interoperability Testing for Trust
Application Service Providers
This document specifies general requirements for specifying technical conformance and interoperability testing for
TASPs.

TS 119 514  Testing Conformance & Interoperability of Registered Electronic Mail Service Providers
This document defines test suites that support interoperabilitytests among entities that plan to provide this type of
services. This is a multi-part document, whose structure is detailed below:
•  Test suites for interoperability testing of providers using same format and transport protocols:This
document is for those providers that implement the service provision using the same combination of format
and transport protocols, i.e. there will be two test-suites one for the providers using SMIME on SOAP and
another for those using SOAP on HTTP.
•  Test suites for interoperability testing of providers using different format and transport protocols: This
document is for those providers that implement the service provision using different combinations of format
and transport protocols. This document defines test-suites for the interoperability profiles for REM.
•  Testing conformance:This document specifies the tests to be performed for checking conformity against EN
319 512. This provides the basis for a tool that automatically checks that the messages and evidence set
generated by a certain provider are fully conformant with the relevant aforementioned specifications.

Defined documents: Trust Service Status Lists Providers

Guidance
TR 119 600  Business Driven Guidance for Trust Service Status Lists Providers
This document provides guidance for the selection of standards for Trusted Service Status Lists Providers for given
business requirements.
Policy & Security Requirements
EN 319 601  General Policy & Security Requirements for Trust Service Status Lists Providers
This document will specify general policy and security requirements for providers issuing status information of trusted
services. It will describe different models on which such providers may operate, how this influences the way the content
of the lists should be interpreted and specific criteria for the provision of revisions to TSL information, which should be
published by the providers.
EN 319 611  Policy & Security Requirements for Trusted List Providers
This document will specify specific policy requirements for issuers of Trusted List, a profile of Trust Service Status
List, as they are defined in CD 2009/767/EC [i.19] as amended by CD 2010/425/EU [i.20]. This would build on the
requirements in EN 319 601.
Technical Specifications
TS 119 602  Trust Service Status Lists Format

This document will contain specifications related to Trust Service Status Information Formats (Trust Service Lists -
TSL). This may be a multi-part document including:
•  Trust Service Status Lists Structure
This part specifies the Trust Service Status List structure. Each of the fields within the TSL is described to a
level of detail sufficient to derive a consistent format specification.
•  ASN.1 Representation of Trust Service Status Lists
This part specifies the ASN.1 structures to be used when implementing an ASN.1-version of TSLs.
•  XML Representation of Trust Service Status Lists
This part specifies the XML structures to be used when implementing an XML-version of TSLs.
TS 119 612  Trusted Lists
This document contains the specifications related to Trusted Lists (TL) for their use in the context of Directive
1999/93/EC [i.1] and of the Services Directive 2006/123/EC [i.14], as they are defined in CD 2009/767/EC [i.19]
amended by CD 2010/425/EU [i.20].
NOTE 1: Migration of this TS as an EN is not planned yet and will depend on the adoption of the proposal for a
regulation on electronic identification and trust services for electronic transactions in the internal market [i.2]
that will supersede Directive 1999/93/EC.
NOTE 2:  As conceptually TL or TSL can be used for providing status information on the approval of any type of
provision of any type of Trust Service Token by any type of Trust Service Provider, the document structure
proposed here is flexible enough to allocate sub-areasto determined categories of such services. As an
example, TL or TSL could be used for publishing in a Europe-wide common way, the status of the
determination of conformity of a signature creation device against the requirements laid down in Annex III of
Directive 1999/93/EC [i.1] (SSCD) made by a Member State Designated Body. It is likely that for such a
purpose, a specific baseline profile of TL specifications as per TS 119 612 would be required.
Conformity Assessment
EN 319 603  General requirements and guidance for Conformity Assessment of TSSLPs
This document will provide the rationale, rules and guidance on conformity assessment concerning the processes and
products around the issuance and processing of Trust Service Status Lists.
EN 319 613  Conformity Assessment of Trusted List Providers
This document will specify the specific conformity rules for assessing conformity against EN 319 612 specifications
related to both the generation and conformity validation of Trusted Lists, a profile of Trust Service Status Lists.
Testing Conformance & Interoperability
TS 119 604  General requirements for Testing Conformance & Interoperability of TSLs
This document will specify general requirements for specifying technical conformance and interoperability testing for
TSLs. This may include test suites and specifications for conformity testing tools testing ASN.1 and /or XML
representation of TSLs. This document will be used by those entities interested in testing tools that generate and verify
Trust Service Status Lists in their ASN.1 or XML representation compliant with the specification TS 119 602. This is a
multi-part document that includes:
•  Testing specifications for technical conformance & interoperability testing of ASN.1 representation of
the Trust Service Status Lists:This document will be used by those entities interested in testing tools that
generate and verify Trust Service Status Lists in its ASN.1 representation conformant with the specification
TS 119 602.
•  Testing specifications for technical conformance & interoperability testing of XML representation of the
Trust Service Status Lists:This document will be used by those entities interested in testing tools that
generate and verify Trust Service Status Lists in their XML representation conformant with the specification
TS 119 602.

TS 119 614  Test suites and tests specifications for Technical Conformance & Interoperability Testing of
Trusted Lists
This document provides technical specifications for helping implementers and accelerating the development of tools for
creating and issuing Trusted Lists. First, it will define test suites as completely as possible for supporting the
organization of interoperability testing events where different Trusted List related applications may check their actual
interoperability. Additionally, it will include the specifications required for building up software tools for actually
testing technical conformance of Trusted Lists against the relevant Trusted List related technical specifications:
•  Test suites for testing interoperability of XML representation of Trusted Lists:This document will be
used by those entities interested in testing tools that generate and verify Trusted Lists in their XML
representation compliant with TS 119 612.
•  Specifications for testing conformance of XML representation of Trusted Lists:This document will
specify, among other things, rules for testing compliance ofTrusted Lists against Trusted List specifications. It
should include not only rules for the static aspects of the Trusted Lists, i.e. the contents of a certain
instantiation of the Trusted List, but also rules for testing dynamic aspects of the Trusted List, i.e. specific
relationships among elements present in consecutive instantiations of one Trusted List as a result of certain
very well specified events (Trusted List life cycle-related rules). It should allow developing a tool that could
automatically check that the Trusted Lists generated by a certain tool are fully conformant with the relevant
aforementioned specifications.

Cartulario electrónico (o digital)


Según la RAE una acepción de Cartulario es la que se refiere al  Escribano, y principalmente el de número de un juzgado, o el notario en cuyo oficio se custodian las escrituras de que se habla.

En el ámbito de la Diplomática, según el artículo de Concepción Mendo,  recogido por Lía González, los cartularios son copias de documentos, recibidos por personas o entidades, que se transcriben completos o en extractos para asegurar su conservación y facilitar su consulta. Sirven como testimonio de la sociedad del momento, del estado de cuentas y propiedades de iglesias, monasterios y conventos; y de los cambios experimentados en la demografía, la cultura y las lenguas.

El cartulario es un documento público cuyo valor, como documento histórico, depende de la fidelidad con la que se reproduce el sentido sustancial del original.

La creación de los cartularios, a lo largo de su historia, está vinculada a situaciones de crisis y reformas administrativas o culturales. En estas circunstancias, en las que las se hace necesario localizar títulos relativos a bienes y derechos o documentos concernientes a la fundación o administración de entidades, los cartularios cumplen con la finalidad de facilitar la consulta de los documentos conservados en los archivos y servir como instrumento probatorio para que las instituciones puedan conocer y hacer valer sus derechos de propiedad frente a terceros.

Según Carlos Sáez los cartularios se pueden clasificar en tres grupos: “los primitivos consistían en la agrupación de originales cosidos y encuadernados, un segundo tipo son aquellos en los que se copia por extenso el texto de los documentos originales y finalmente están los que recogen un resumen del original”.

En pleno siglo XXI aparecen los cartularios electrónicos, como cartulario.net (cuya página inicial en estos momento redirige a noticeman.net), que recogen documentos electrónicos auténticos identificables con código seguro de verificación (CSV). Son servicios de “Tercero de Confianza” (y a partir de la entrada en vigor del futuro Reglamento eIDAS servicios de preservación de documentos electrónicos auténticos englobados entre los que ofrecen los Prestadores de Servicios de Confianza Digital).

Estos servicios garantizan que los documentos cuya custodia se delega a prestadores especializados no pueden modificarse por ninguno de los intervinientes, ni siquiera el que los creó originalmente, y pueden ser utilizados como prueba en juicio o en cualquier otro procedimiento de resolución de controversias (como la Negociación, la Mediación, el Arbitraje  o el Pleito).

Además, si están bien diseñados, permiten recuperar el concepto de “original electrónico” y aportar funcionalidades como la endosabilidad, obliterabilidad y completitud, ya mencionados en otros artículos de este blog.

La extensión de algunos principios de la diplomática clásica al medio digital da lugar a la diplomática digital.

Ver otros artículos relacionados:

XVII Edición Master en Negocio y Derecho de las Telecomunicaciones, Internet y Audiovisual


Este año se celebra la XVII Edición del Master en Negocio y Derecho de las Telecomunicaciones, Internet y Audiovisual organizado por el despacho Cremades & Calvo-Sotelo, en colaboración con el Centro Universitario Villanueva, y al que amablemente me han invitado, una vez más, como profesor.

El MNDTIA tiene como objetivo la formación altamente cualificada de abogados que deseen ejercer la abogacía en el sector de las telecomunicaciones, combinando los conocimientos teóricos específicos de esta rama del derecho con la realización de prácticas en empresas líderes del sector y en nuestro Despacho.

El MNDTIA es el master pionero en materia de telecomunicaciones & TIC en España, se viene impartiendo desde hace 16 años y ha sido diseñado por reputados profesionales especialistas del sector, y pensado para aquellos que quieran crecer profesionalmente adquiriendo conocimientos especializados en una rama del derecho que abarca uno de los sectores que más profundamente se ha visto transformado en los últimos años y uno de los que mayor potencial de futuro aguarda debido a la revolución digital.

Yo impartiré la sesión de Firma Digital, introduciendo algunos conceptos de Diplomática Digital.

Seguir

Recibe cada nueva publicación en tu buzón de correo electrónico.

Únete a otros 2.310 seguidores