As you know, Parliament, with the ‘ Article 1 of Law August 7, 2015, n. 124, it has authorized the Government to intervene – through one or more legislative decrees to be issued within twelve months – on provisions contained in the CAD (Government Code) in order to promote and give effect to the digital citizenship rights of citizens and businesses.
Well just recently was fired from the Government a draft decree which contains amendments and additions to the CAD running of the parliamentary delegation. The draft decree will now be discussed in the appropriate parliamentary seats before being approved in its final form (approval which should take place in times quite fast since the legislative decree. Should enter into force as of 1 July 2016).
the evaluation of this first version of the measure, we can already identify positive and negative, as always happens when the legislature engages in the field of new technologies. Not always, unfortunately, it is easy to reconcile the complex features of a device or technological service to the specific needs of standardization and sometimes the same rules become difficult to understand.
We begin to immediately locate the first objectives that the legislator wanted to achieve with the reform and the decision to dedicate to digital citizenship rights Article 1 of the new CAD is symptomatic of the centrality that Parliament intended to recognize information technology and communication in the relationship between citizens, businesses and public administrations as a tool for the promotion of the radical reorganization of the state administration process.
The intention is to shift attention from the digitizing process to the digital rights of citizens and businesses. With the “paper of digital citizenship” recognize rights directly to citizens and enterprises, is the legal basis to implement Italy Login, the access platform, through the system of digital identity public and the National Registry of the resident population, will enable citizens to access public services – and those of private operators due to join – with a unique user name and a single password (booking for doctor visits, enrollment in school, pay taxes). This will allow to overcome the complexity of the current situation whereby every public administration or public entity that provides services online requires its record mode and use of services.
This is nothing but the SPID system (Public System for Digital Identity Management for citizens and businesses) that plays a central role in this new CAD and is defined as an open set of public and individuals who, following accreditation by dell’Agid decide on the procedure with a specific ministerial decree, identify citizens, businesses and public authorities to allow them access to network services.
The SPID, then, is a set of credentials to access the network to all services of the public administration and those of commercial operators who accept the offer. The SPID allows users to make use of digital identity management and skilled operators attributes to allow service providers the immediate verification of their identity and any qualified attributes that affect them.
With the ‘institution of the SPID public administrations will allow network access to its services, as well as with the same SPID, only through the electronic identity card and national services card that eventually they will have to do so only a residual function . The ability to access the electronic identity card and national services card remains enabled regardless of the manner defined by individual administrations.
It ‘clear, therefore, the intention of the legislature to simplify the’ access to online services for citizens, overcoming the difficulties related to the electronic charts, but the “safety” danger looms ever, since it is clear that with this system we multiply the digital identity of a citizen, that will be different for each service and the prospect perplexing. It ‘also true that the system is continuously monitored by the Authority rightly concerned, but it is also true that if a single digital identity creates problems let alone many.
In addition, the reform decree goes even beyond those that are the original functions of the SPID as Article. 52 introduces a two-paragraph f unclear: “ A legal act may be brought into being by a person identified by SPID, as part of a computer system that meets the requirements set out in the technical regulations adopted pursuant to Article 71 through processes that guarantee, manifestly and unequivocally the acquisition of his will ……… “Honestly I would see what could be the practical application of this provision somewhat cryptic.
but back to the examination of the CAD reform draft note that the legislator, also in continuity with the foregoing, introduces the definitions of art. 1 CAD new and important definitions, namely that of digital identity “computer representation of the correspondence between a user and his identity attributes, verified through the set of data collected and stored in digital form in accordance with the procedures laid down in the decree implementing Article 64 “with clear reference to the SPID, and the digital home is understood as” the certified e-mail address or the address used by other qualified service certificate number, used for communication between natural and legal persons and entities referred to in ‘ Article 2, paragraph 2 “. In fact always it has been argued that communication to a PA of their PEC address represents a real election of computer domicile and this concept, then, was implemented by regulations with an important addition, in fact, it also speaks of “other qualified service delivery certificate” and at this point it is clear the reference to the Regulations and IDAS-No. 910/2014 of 23 July 2014 on electronic identification and trust services in the internal market published in the Official Gazette European Union of 28 August 2014 which will also come into force in our legal system on 1 July 2016.
In fact, the opportunities of the entire CAD reform is also born from the need to adapt the same in this important EU regulation known by the acronym e-IDAS which stands for electronic identification Authentication and Signature (ETS electronic Trust Services), and determine the conditions for mutual recognition in the field of electronic identification and common rules for electronic signatures , the web authentication and related trust services for electronic transactions.
the Regulation entered into effect directly in all EU Member States without the need for transposition measures, 17 September 2014 , even if the same will apply July 1, 2016 , except of the provisions contained in art. 52.
The basic aim of this Community measure is the elimination of existing barriers to cross-border use of electronic identification means used in the United States at least for authentication in public services. The regulation, in fact, does not intend to intervene with regard to the electronic identity management systems and related infrastructures established in the Member States, but wants to ensure that access to cross-border online services offered by the Member States can have an identification and authentication electronic safe.
the Regulation, therefore, first of all regulates the electronic identification understood as “the process by which it makes use of personal identification data in electronic form which are single natural or legal person, or single natural person representing a legal person “, concerned the mutual recognition between member States of the electronic means of identification and authentication to access a service provided by a public sector body online in a member State.
electronic identification should be distinguished from cD “Authentication” understood as an electronic process that allows you to confirm the electronic identification of a natural or legal person, or the origin and integrity of data in electronic form.
Particular attention is paid by the Rules to providers of qualified trust services and unskilled, which must meet certain requirements, take on specific responsibilities in case of damage caused intentionally or negligently and are subject to the control of supervisory authorities and to specific checks by the conformity assessment bodies.
the section 4 of the Regulation is dedicated to electronic signatures and generally those provisions do not differ significantly from the legal rules already introduced in Italy by the Digital Administration Code (arts. 20 et seq.) .
In particular, it is stipulated that a qualified electronic signature has the same legal effect as a handwritten signature and the same probative value. Furthermore, an electronic signature based on a qualified certificate issued in one Member State must be recognized as a qualified electronic signature in all other Member States.
It is, therefore, dedicated ample space to the advanced electronic signature requirements ( already known in the Community), qualified certificates of electronic signatures, to the requirements and the certification of devices for the creation of a qualified electronic signature, and the validation of qualified electronic signatures understood as a process of verification and confirmation of the validity of a signature or an electronic seal, which is treated only as a lender of qualified trust services. Particular attention is paid also to the retention of qualified service qualified electronic signatures that can be performed only by a service provider of trust services using qualified procedures and technologies capable of extending the reliability of the electronic signature beyond the technological validity period.
the Regulation introduces, then, a new tool created for specific needs of e-business, which is the electronic seal to be understood as “data in electronic form, attached or logically associated with other data in electronic form to ensure the origin and integrity of the latter “.
The electronic seal has the same legal force and the same probative value of the electronic signature and also for this new tool is called advanced and qualified seals, identifying their characteristics. In particular, a legal person, in the context of public services, will be the holder of an electronic seal that held the emission testing function of an electronic document by a certain legal person providing the same document the origin and certainty the integrity of the content, or can also be used to authenticate any digital asset of the legal entity itself, such as software codes or servers.
even for qualified electronic seals apply the same provisions relating to the validation and the retention of qualified digital signatures.
the Section 6 of the Regulations deals instead of temporal electronic validation understood as “data in electronic form that connect other data in electronic form in a particular time and date, so as to prove that the latter existed at that time. ” In other words it is the C.D. time stamp, that beyond the recognized legal and evidentiary effects, enjoys the presumption of accuracy of the date and time indicating and integrity of data to which this date and time are associated.
Even time-stamping can be identified, and the Regulation shall determine its requirements.
the Section 7 talks about the electronic services of certificate delivery to be understood as services that enable the transmission of data between third parties by electronic means, and provide relevant evidence the processing of the transmitted data, including proof of postage and the successful reception of data, and protect the data transmitted from the risk of loss, theft, damage or unauthorized changes. In other words it is the “European” version of our certified e-mail that has never had a Community-wide recognition.
The Regulation also provides for and regulates the requirements of the electronic services of qualified certificate number.
the Community Measure devotes a specific provision (art. 46) to the recognition of the legal effects of the electronic document widely recognized as the rest of its probative value. Therefore, despite the same stipulation already contained in the provisions on electronic signatures, it was decided to include a provision most general to dispel any doubts and to establish clearly the principle of “technological neutrality” with respect to the electronic form of a document, however, the principle already introduced through the legal institution of the electronic invoice with Directive 2006/112 / EC, amended by Directive 45/2010 / EU.
All of these principles were transposed in the CAD reform decree and a clear signal to this effect it is primarily represented by the adoption “in toto” of all the definitions contained in the Regulations resulting in abrogation of many original definitions of CAD. It remains the definition of the digital signature, creating all Italian (returning as a qualified signature), while for the rest it makes room for all the definitions of the identification regulation, authentication, electronic signatures, qualified electronic signature, advanced electronic signature, electronic document, time-stamping and many others. Frankly, this “transfer Automatic definition” little known in our country is not easy to digest. An example is the historical and traditional definition of electronic document as “the computer representation of acts, facts or legally relevant” data that disappears and makes room for the cold and essential definition of the electronic document Regulation as “any content stored in electronic form , in particular text or sound, visual or audiovisual recording “. Disappears, of course, also the national figure of certifying replaced by the provider of fiduciary services, but when many of these concepts are specifically incorporated by Decree comes some confusion.
Just think, for example, the texts of Articles rinnovellati. 20:21 CAD emerges where a prospect rather worrying, and that is that the document with simple electronic signature (which is neither qualified nor advanced or digital) would satisfy the requirement of the written form and would be assessed by the court in all respects with revised so also of its probative value. In other words, then, it would no longer exist a graduation logic of the legal effectiveness and evidentiary value of electronic documents according to electronic signature that distinguishes it, but an electronic document with a simple electronic signature could have the legal value and effectiveness probative of private agreement. In this sense, probably, the national legislature says more of the Community legislature and that should be a clarification on this aspect.
Timely, however, is the modification of art. 13 CAD on the computer training of civil servants where it is rightly felt obliged to extend the same also to the managers at the end of the transition to digital mode of operation.
The Agency for Italy Digital is obviously in the new version of the CAD art. 14-bis of its full regulation with the identification of the relevant institutional functions (magazines than originally determined by art. 20 of Law Decree no. 83/2012).
The new art. 17 CAD is expected that a single general management office, provided the total number of such offices should be dedicated transition to digital mode and the consequent reorganization aimed at creating digital and open administration, easily usable services and quality, through increased efficiency and cost effectiveness. In addition, the head of this office also assumes additional and important functions such as digital ombudsman to which all citizens can turn to for justice. These provisions certainly shareable, which unfortunately in most cases remain only on paper.
Interestingly, however, is the modification of art. 18 of CAD that with regard to the composition of the “Permanent Conference for technological innovation” involves the presence of four experts who support the prime minister. In this case it seems that finally there is the intention to expel the governing bodies of any political logic. We hope that this intention is upheld on practical application.
It ‘was then corrected, in extremis, the art. 25 of the modified decree updating the art. 27 CAD originally stipulated that all providers of qualified trust services, the certified electronic mail managers, the digital identity management referred to in Article 64 and those individuals referred to in Article 44- a ) also had to meet the requirements of art. 29 paragraph 3 of the CAD citing the text only bank in the recent amendments to the Banking Law and the amount of input capital is 10 million EUR or 5 million euro depending on the type of banking institution. Obviously such an absurd prediction, which excluded from the market the majority of small and medium-sized enterprises, has been revised without prejudice to the provisions of art. 44 bis, paragraph 3 of the CAD for conservatives and art. 14, paragraph 3 of Presidential Decree no. 68/2005 for the PEC managers, but the rule still leaves much perplexed.
Article. 30 of the Reform Decree takes on particular importance, because in changing art. 32-bis of CAD introduces real borne financial penalties for providers of qualified trust services, of certified electronic mail managers, managers of digital identity and the Conservatives in the event of non-compliance. The arrangement would not flawless, if there was a rule of protection, which, by introducing the paragraph 1-bis of art. 32-bis provides that the Agid, before imposing an administrative sanction should be wary subjects to conform his conduct to the requirements laid down eIDAS Regulations and the CAD, setting a time limit and disciplining the modalities to fulfill. In this sense, it goes completely to frustrate the introduction of financial penalties, which are also likely to remain on paper.
Noteworthy is also art. 37 of the decree, that in amending art. 43 CAD in terms of preservation of electronic documents introduces an important principle, and that is, if an electronic document is preserved by law from a PA, the citizen does not have to store it and the PA must renderglielo accessible at all times (in this sense, every document will an affordable “url” via the web to those who identified via SPID entitled thereto). Undoubtedly a burden on the PA to which corresponds an important citizens’ right, but always in terms of conservation very perplexing to amend Art. 44 of CAD where you do a bit ‘of confusion between the management and conservation of electronic documents, and it seems to take a non-understandable residual aspect. Surely the distinction needs to be clarified, mainly the rules need to be better integrated.
Just as structured does not make much sense, even, the new art. 54 CAD to identify the content of corporate websites of P.A. you simply merely refers to the transparency legislation (Legislative Decree. n. 33/2013).
Disappointing is also the art. 61 of the Decree does not introduce any new legislation on sanctions for non-compliance of the CAD standards. Again any breach will be reflected only on managerial responsibility, but in fact we have already got to see the extent practically nothing of such a provision.
Many are then the repealed provisions of the old and CAD among many repeals seems incomprehensible that on article. 50-bis dedicated to disaster recovery and business continuity. A topic today, so important it can not be abandoned so I hope that the legislature intends to provide for the obligation in other locations for the P.A. to draw up specific plans for safety and which by the way is an obligation into effect.
In conclusion, then, we can say that the decree introduces important innovations that in addition to those already set out are :
- the introduction of a requirement for public authorities, publicly controlled companies, as defined in the legislative decree adopted in implementation of Article 18 of Law no. 124 of 2015, included in the consolidated income statement of the public administration, as identified in the National Statistics Institute (ISTAT) in accordance with Article 1, paragraph 5, of Law 30 December 2004 n. 311, to accept payments due for whatever reason in the electronic payment services, including the use, for micro payments, the telephone credit;
- the introduction of the principle “digital” first (the “ digital first “), also in relation to the administrative procedure;
- the introduction the obligation for authorities to make available to users, at its offices, adequate connectivity resources to Internet in wi-fi. When a public office does not use the band will be obliged to make it available to citizens through the Wi-Fi
- the reorganization and rationalization of the governance digital;
- the strengthening of the principle of ‘ open data by default and coordination of existing rules on open data with that of European origin on access to public information;
- ‘s creation of the single electronic point of access to public services;
- the simplification and rationalization of the public system rules of connectivity.
But there are many gray areas that absolutely must be clarified and that have been shown previously. Undoubtedly whenever adopt measures so incisive involved, among other things, in such a complex from a technological point of view, it is natural that some provisions need clarifying and coordination, the important thing is that in Parliament are unable to remedy.
More
(American Lawyer, 16 February 2016. Note the Michele Iaselli )
No comments:
Post a Comment