EUR-Lex Access to European Union law
This document is an excerpt from the EUR-Lex website
Document 32015D0046
Decision (EU) 2016/187 of the European Central Bank of 11 December 2015 amending Decision ECB/2013/1 laying down the framework for a public key infrastructure for the European System of Central Banks (ECB/2015/46)
Decision (EU) 2016/187 of the European Central Bank of 11 December 2015 amending Decision ECB/2013/1 laying down the framework for a public key infrastructure for the European System of Central Banks (ECB/2015/46)
Decision (EU) 2016/187 of the European Central Bank of 11 December 2015 amending Decision ECB/2013/1 laying down the framework for a public key infrastructure for the European System of Central Banks (ECB/2015/46)
OJ L 37, 12.2.2016, p. 100–103
(BG, ES, CS, DA, DE, ET, EL, EN, FR, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)
In force
|
12.2.2016 |
EN |
Official Journal of the European Union |
L 37/100 |
DECISION (EU) 2016/187 OF THE EUROPEAN CENTRAL BANK
of 11 December 2015
amending Decision ECB/2013/1 laying down the framework for a public key infrastructure for the European System of Central Banks (ECB/2015/46)
THE GOVERNING COUNCIL OF THE EUROPEAN CENTRAL BANK,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 127 thereof,
Having regard to the Statute of the European System of Central Banks and of the European Central Bank, and in particular Article 12.1 in conjunction with Article 3.1, Article 5, Article 12.3 and Articles 16 to 24 and 34 thereof,
Whereas:
|
(1) |
Regulation (EU) No 910/2014 of the European Parliament and of the Council (1) has repealed Directive 1999/93/EC of the European Parliament and of the Council (2) with effect from 1 July 2016. Therefore, it is appropriate to refer to Regulation (EU) No 910/2014 in Decision ECB/2013/1 (3). |
|
(2) |
Information concerning the ESCB-PKI certification authority, including its identity and its technical components, as set out in the Annex to Decision ECB/2013/1, needs to be updated. |
|
(3) |
Therefore, Decision ECB/2013/1 should be amended accordingly, |
HAS ADOPTED THIS DECISION:
Article 1
Amendments
Decision ECB/2013/1 is amended as follows:
|
(1) |
in Article 1, point 10 is replaced by the following:
|
|
(2) |
in Article 4, paragraph 4 is replaced by the following: ‘4. The ESCB-PKI certification practice statement is a set of rules governing the life cycle of electronic certificates, from the initial request to the subscription end or revocation, as well as the relationships between the certificate applicant or subscriber, the ESCB-PKI certification authority and the relying parties. It covers certificates falling under the scope of Directive 1999/93/EC and Regulation (EU) No 910/2014 of the European Parliament and of the Council (4) and certificates falling outside their scope. It also sets out the roles and responsibilities of all parties and establishes the procedures concerning issuing and managing certificates. It is annexed to the Level 2 — Level 3 Agreement. (4) Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (OJ L 257, 28.8.2014, p. 73).’;" |
|
(3) |
in Article 10, the introductory statement and point (a) of paragraph 1 are replaced by the following: ‘1. Unless they prove that they have not acted negligently, the Eurosystem central banks shall be liable in accordance with their functions and responsibilities in the ESCB-PKI for any damage caused to a user who reasonably relies on a qualified certificate, as defined in Directive 1999/93/EC and Regulation (EU) No 910/2014, as regards:
|
|
(4) |
the Annex is replaced by the Annex to this Decision. |
Article 2
Entry into force
This Decision shall enter into force on the third day following that of its publication in the Official Journal of the European Union.
Done at Frankfurt am Main, 11 December 2015.
The President of the ECB
Mario DRAGHI
(1) Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (OJ L 257, 28.8.2014, p. 73).
(2) Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures (OJ L 13, 19.1.2000, p. 12).
(3) Decision ECB/2013/1 of the European Central Bank of 11 January 2013 laying down the framework for a public key infrastructure for the European System of Central Banks (OJ L 74, 16.3.2013, p. 30).
ANNEX
‘ANNEX
Information concerning the ESCB-PKI certification authority, including its identity, and its technical components
The ESCB-PKI certification authority is identified in its certificate as the issuer and its private key is used to sign certificates. The ESCB-PKI certification authority is in charge of:
|
(i) |
issuing private and public key certificates; |
|
(ii) |
issuing revocation lists; |
|
(iii) |
generating key pairs associated with specific certificates, e.g. those that require key recovery; |
|
(iv) |
maintaining overall responsibility for the ESCB-PKI and ensuring that all the requirements necessary to operate it are met. |
The ESCB-PKI certification authority includes all individuals, policies, procedures and computer systems entrusted with issuing electronic certificates and assigning them to the certificate subscribers.
The ESCB-PKI certification authority includes two technical components:
|
— |
The Root ESCB-PKI certification authority: This certification authority, at the first level, only issues certificates for itself and its subordinate certification authorities. It is only in operation when carrying out its own narrowly-defined responsibilities. Its most significant data are:
|
|
— |
The Online ESCB-PKI certification authority: This certification authority, at the second level, is subordinate to the Root ESCB-PKI certification authority. It is responsible for issuing ESCB-PKI certificates for users. Its most significant data are:
|
(1) This certificate will be used only in systems that do not support higher algorithms.
(2) This certificate will be used only in systems that do not support higher algorithms.