The European Authorities have promoted a specific and innovative framework for the use of electronic signatures, allowing the free flow of electronic signature-related products and services cross borders, and ensuring a basic legal recognition of such facilities. The core aim was to promote the emergence of the internal market for certification products, mainly intending to satisfy various requirements for the proper use and immediate “adoption” of electronic signature applications related to e-government and personal e-banking services. Thus, a number of technical, procedural, and quality standards for electronic signature products and solutions have been developed, all conforming to the requirements imposed by the EU regulation and the relevant market needs. In the present work, we examine the role of standardization activities for the promotion of several needs of an “open” European market based on the effective usage of e-signatures, and being able to affect a great variety of technological, business- commercial, regulatory, and other issues. In any case, the transposition of legal requirements into technical specifications (or business practices) needs to be harmonized at a European member-states’ level in order to enable adequate interoperability of the final solutions proposed. Appropriate technical standards for the sector can help to establish a presumption of conformity that the electronic signature products following or implementing them comply with all the legal requirements imposed, in the background of the actual European policies. Thus we discuss recent European and/or national initiatives to fulfil such a fundamental option. The European Electronic Signature Standardization Initiative (EESSI) has been set up under the auspices of the European Commission for the carrying out of a work program aiming at the development of standards (be it technical specifications or policy practices) that would facilitate the implementation of the basic legal instrument (the “Electronic Signatures Directive”). Two major streams of possible standards-setting work have been determined, covering: (i) Qualitative and procedural standards for the provision of certification services and (ii) technical standards for product interoperability. We identify (and evaluate at a primary level) the basic components/modules of EESSI’s specific results, already developed and offered in the market either as technical regulations and/or as recognized standards, with respect to essential requirements imposed by the European regulation. We also discuss relevant “feedback” already gained from various market areas and we focus on challenges for further implementation, progress, adoption, and development, especially in the framework for the promotion of converged broadband (Internet-based) communications facilities. It is important for the market that expected standardization work takes into account new technological developments as, in the future, users will move their e-signature key from device-to-device in a connected world. The added value of standards in the e-signatures sector, for both end users and assessing parties (judge, arbitrator, conformity assessment body, etc.) is of extreme importance for the future of the European electronic communications market.
TopIntroduction
The digital technological landscape has changed significantly during the past decade. New communication technologies, new media, the Internet, and devices carrying new functionalities are expected to meet consumers’ demand for seamless, simple, and user-friendly digital tools providing access to an extended range of services and content (i2010 High Level Group, 2006). In fact, electronic communication via open networks such as the Internet has been remarkably increased and expanded, on a scale unimaginable some years ago. As a consequence, electronic communication networks and information systems have been developed exponentially in recent years and are now an essential part of the daily lives of almost all European citizens (European Commission, 2002); in addition, they both constitute fundamental “tools” to the success of the broader European economy in the international scenery (Chochliouros & Spiliopoulou, 2005).
In particular, networks and information systems are converging and becoming increasingly interconnected, thus creating a variety of potential opportunities for all categories of “players” involved. This rapid expansion concerns all sectors of human activity, whether business, public services, or the private sphere. Actually, global networks have truly become the “lifeblood” of our societies and economies: An overwhelming number of employees use a mobile phone, a laptop, or a similar device to send or retrieve information for their work. Furthermore, in multiple cases, such information can represent a considerable value, for instance, describe a business transaction or contain technical knowledge (Lalopoulos, Chochliouros, & Spiliopoulou, 2004).
Despite the many and obvious benefits of the modern electronic communications development, this evolutionary process has also brought with it the worrying threat of intentional attacks against information systems and network infrastructures (European Commission, 2000). As cyberspace gets more and more complex and its components more and more sophisticated, especially due to the fast development and evolution of (broadband) Internet-based platforms, new and unforeseen vulnerabilities may emerge.
Moreover, as Internet becomes ubiquitous for all business and personal communications, the sensitivity and economic value of the content of information transmitted is highly increasing (Shoniregun, Chochliouros, Laperche, Logvynovskiy, & Spiliopoulou, 2004). The economic damage caused by network and/or service disruptions is becoming larger. Unfortunately, due to the transnational and borderless character of modern information systems, it is possible to launch an attack from anywhere in the world, to any place, at any time. This constitutes a severe threat (PriceWaterhouseCoopers, 2001) to the achievement of a safer information society and to an area of freedom and security, and therefore requires a “proper” and immediate response at the level of the European Union (EU). In particular, the economic burden imposed by various illegal actions on public bodies, companies, and individuals is considerable and threatens to make information systems more costly and less affordable to all potential users. Therefore, as so much depends on networks and information systems, their secure functioning has nowadays become a key concern, especially for the smooth operation of both internal EU market and society (European Commission, 2001).