The Electronic Identification and Trust Services for Electronic Transactions Regulations 2016

JurisdictionUK Non-devolved
CitationSI 2016/696

2016 No. 696

Electronic Communications

The Electronic Identification and Trust Services for Electronic Transactions Regulations 2016

Made 30th June 2016

Laid before Parliament 1st July 2016

Coming into force 22th July 2016

The Secretary of State is a Minister designated1for the purposes of section 2(2) of the European Communities Act 19722in relation to electronic trust services and other systems to facilitate electronic transactions in the internal market.

These Regulations make provision for a purpose mentioned in section 2(2) of the European Communities Act 1972 and it appears to the Secretary of State that it is expedient for the reference to Regulation (EU) No 910/20143of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market to be construed as a reference to that instrument as amended from time to time.

The Secretary of State makes these Regulations in exercise of the powers conferred by section 2(2) of, and paragraph 1A4of Schedule 2 to, the European Communities Act 1972.

1 Introduction

PART 1

Introduction

S-1 Citation and Commencement

Citation and Commencement

1. These Regulations may be cited as the Electronic Identification and Trust Services for Electronic Transactions Regulations 2016 and come into force on 22nd July 2016.

S-2 Interpretation

Interpretation

2.—(1) In these Regulations—

the “1998 Act” means the Data Protection Act 19985;

the “2002 Regulations” means the Electronic Signatures Regulations 20026;

“eIDAS Regulation” means Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market7, as amended from time to time;

“supervisory body” has the meaning given in regulation 3(1) of these Regulations;

“the Tribunal” has the meaning given in section 70(1)8of the 1998 Act.

(2) Other expressions used in these Regulations, which are used in the eIDAS Regulation, have the same meaning as in the eIDAS Regulation.

2 Supervisory body

PART 2

Supervisory body

S-3 Supervision

Supervision

3.—(1) The Information Commissioner is the supervisory body and must carry out the supervisory body tasks set out in Article 17 of the eIDAS Regulation.

(2) The supervisory body must enforce these Regulations and Chapter III of the eIDAS Regulation.

(3) Schedules 1 (monetary penalties) and 2 (enforcement powers of the Information Commissioner under the 1998 Act) have effect.

3 Miscellaneous

PART 3

Miscellaneous

S-4 Transitional provisions and revocations

Transitional provisions and revocations

4.—(1) The Electronic Signatures Regulations 2002 are revoked.

(2) For the purposes of these Regulations, a qualified certificate issued pursuant to regulation 2 of the 2002 Regulations is to be treated as a qualified certificate for electronic signature pursuant to Article 3(15) of the eIDAS Regulation until it expires.

S-5 Consequential amendments

Consequential amendments

5. Schedule 3 has effect.

S-6 Review

Review

6.—(1) The Secretary of State must from time to time—

(a)

(a) carry out a review of these Regulations;

(b)

(b) set out the conclusions of the review in a report; and

(c)

(c) publish the report.

(2) In carrying out the review the Secretary of State must, so far as is reasonable, have regard to how the eIDAS Regulation is implemented in other Member States.

(3) The report must in particular—

(a)

(a) set out the objectives intended to be achieved by the regulatory system established by these Regulations;

(b)

(b) assess the extent to which those objectives are achieved; and

(c)

(c) assess whether those objectives remain appropriate and, if so, the extent to which they could be achieved by a system that imposes less regulation.

(4) The first report under this regulation must be published before the end of the period of 5 years beginning with the day on which these Regulations come into force.

(5) Reports under this regulation are afterwards to be published at intervals not exceeding 5 years.

Neville-Rolfe

Parliamentary Under Secretary of State for Business, Innovation and Skills

Department for Business, Innovation and Skills

30th June 2016

SCHEDULE 1

Regulation 3(3)

Monetary penalties

SCH-1.1

1. If the supervisory body is satisfied that a trust service provider has contravened or is contravening Chapter III of the eIDAS Regulation, the supervisory body may issue a trust service provider with a fixed monetary penalty notice in respect of such contravention.

SCH-1.2

2. The amount of a fixed monetary penalty under these Regulations is £1000.

SCH-1.3

3. Before serving a fixed monetary penalty notice, the supervisory body must serve the trust service provider with a notice of intent.

SCH-1.4

4. The notice of intent must—

(a) state the name and address of the trust service provider;

(b) state the nature of the contravention;

(c) indicate the amount of the fixed monetary penalty;

(d) include a statement informing the trust service provider of the opportunity to discharge liability for the fixed monetary penalty notice;

(e) indicate the date on which the supervisory body proposes to serve the fixed monetary penalty notice; and

(f) inform the trust service provider that it may make written representations in relation to the proposal to serve a fixed monetary penalty notice within a period of 21 days beginning with the date of service of the notice of intent.

SCH-1.5

5. A trust service provider may discharge liability for the fixed monetary penalty if it pays to the supervisory body the amount of £800 within a period of 21 days beginning with the date of receipt of the notice of intent.

SCH-1.6

6. The supervisory body may not serve a fixed monetary penalty notice until the expiry of a period of 21 days beginning with the date of service of the notice of intent.

SCH-1.7

7. The fixed monetary penalty notice must state—

(a) the name and address of the trust service provider;

(b) details of the notice of intent served on the trust service provider;

(c) whether there have been any written representations;

(d) details of any early payment discounts;

(e) the grounds on which the supervisory body imposes the fixed monetary penalty;

(f) the date by which the fixed monetary penalty is to be paid; and

(g) details of, including the time limit for, the trust service provider’s right of appeal against the imposition of the fixed monetary penalty.

SCH-1.8

8. A trust service provider on whom a fixed monetary penalty is served may appeal to the Tribunal against the issue of the fixed monetary penalty notice.

SCH-1.9

9. Any sum received by the supervisory body by virtue of this Schedule must be paid into the Consolidated Fund.

SCH-1.10

10. In England and Wales and Northern Ireland, the fixed monetary penalty is recoverable—

(a) if a county court so orders, under an order of that court;

(b) if the High Court so orders, under an order of that court.

SCH-1.11

11. In Scotland, the penalty may be enforced in the same manner as an extract registered decree arbitral bearing a warrant for execution issued by the sheriff court of any sheriffdom in Scotland.

SCHEDULE 2

Regulation 3(3)

Enforcement powers of the Information Commissioner under the 1998 Act

Enforcement powers

Enforcement powers

SCH-2.1

1. For the purposes of enforcing these Regulations and the eIDAS Regulation, the following sections of the 1998 Act9apply subject to the modifications in paragraph 2—

(a) section 40 (enforcement notices);

(b) section 41 (cancellation of enforcement notice);

(c) section 41A10(assessment notices);

(d) section 41B11(assessment notices: limitations);

(e) section 41C12(code of practice about assessment notices);

(f) section 4313(information notices);

(g) section 47 (failure to comply with notice);

(h) section 4814(rights of appeal);

(i) section 4915(determination of appeals);

(j) section 6016(prosecutions and penalties);

(k) Schedule 617;

(l) Schedule 918.

SCH-2.2

2.—(1) The sections referred to in paragraph 1 are to apply as if—

(a)

(a) for “data controller”, on each occasion that it appears, there were substituted “trust service provider”;

(b)

(b) for “data protection principles” or “data protection principle or principles”, on each occasion they appear, there were substituted “requirements of Chapter III of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market (in this Part referred to as “the relevant requirements”)”; and

(c)

(c) for “principle or principles”, on each occasion that it appears, (otherwise than as set out in paragraph (b)), there were substituted “requirements”.

(2) Section 40 is to apply as if—

(a)

(a) in subsection (2), the words “or distress” were omitted;

(b)

(b) in subsection (6)(a), for “his” there were substituted “the Commissioner’s”;

(c)

(c) in subsection (8), for “he” there were substituted “the Commissioner”;

(d)

(d) subsections (3), (4), (5), (9) and (10) were omitted.

(3) Section 41(1) is to apply as if for “he” there were substituted “the Commissioner”.

(4) Section 41A is to apply as if—

(a)

(a) in subsection (1) the words “within subsection (2)” were omitted;

(b)

(b) subsections (2), (8), (9), (10), (11) and (12) were omitted; and

(c)

(c) subsections (3)(g) and (h) were omitted.

(5) Section 41B is to apply as if in subsections 3(a) and 3(b), for “this Act”, there were substituted “Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic transactions in the internal market”.

(6) Section 41C is to apply as if subsection (7) were omitted.

(7) Section 43 is to apply as if—

(a)

(a) for subsections (1) and (2) there were substituted—

SCH-2.1

“1 If the Commissioner reasonably requires any information for the purpose of determining whether a trust service provider has complied or is complying with the relevant requirements, it may serve the trust service provider with...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT