Chapter I

General Provisions

1. Scope of application of Act

This Act provides the necessary conditions for using digital signatures and the procedure for exercising supervision over the provision of certification services and time-stamping services.

2. Digital signature

(1) A digital signature is a data unit, created using a system of technical and organisational means, which a signatory uses to indicate his or her connection to a document.

(2) A digital signature is created by a signatory using a signature creating device (hereinafter private key) to which a signature verification device (hereinafter public key) uniquely corresponds.

(3) A digital signature and the system of using the digital signature shall:

1) enable unique identification of the person in whose name the signature is given;

2) enable determination of the time at which the signature is given;

3) link the digital signature to data in such a manner that any subsequent change of the data or the meaning thereof is detectable.

3. Legal consequences of digital signatures

(1) A digital signature has the same legal consequences as a hand-written signature if these consequences are not restricted by law and if the compliance of the signature with the requirements of subsection 2 (3) of this Act is proved.

(2) The compliance of a digital signature given according to the principles provided for in Chapters II-V of this Act with the requirements of subsection 2 (3) of this Act need not be proved separately if data and the digital signature enable unique determination of the certificate which contains the public key to which the private key with which the digital signature is given corresponds.

(3) A digital signature does not have the consequences provided for in subsection (1) of this section if it is proved that the private key was used for giving the signature without the consent of the holder of the corresponding certificate.

(4) The giving of a digital signature without the consent of the holder of the corresponding certificate is deemed to be proved if the certificate holder proves circumstances which existed and due to which it may be presumed that the signature was given without his or her consent.

(5) In the cases specified in subsection (3) of this section, the certificate holder shall compensate damage caused to another person who erroneously presumed that the signature was given by the certificate holder, if the private key was used without the consent of the certificate holder due to the intent or gross negligence of the certificate holder.

4. Use of digital signatures

(1) In relations in private law, digital signatures shall be used according to agreement between the parties.

(2) In relations in public law, digital signatures shall be used pursuant to this Act and legislation issued on the basis thereof.

(3) State and local government agencies, legal persons in public law, and persons in private law performing public law functions are required to provide access through the public data communication network to information concerning the possibilities and procedure for using digital signatures in communication with such agencies and persons.

4¹. Application of Administrative Procedure Act

The provisions of the Administrative Procedure Act (RT I 2001, 58, 354; 2002, 53, 336) apply to administrative proceedings prescribed in this Act, taking account of the specifications provided for in this Act.

(19.06.2002 entered into force 01.08.2002 – RT I 2002, 61, 375)

Chapter II

Certificates

Division 1

Certificates and Requirements for Certificates

5. Certificates

(1) For the purposes of this Act, a certificate is a document which is issued in order to enable a digital signature to be given and in which a public key is uniquely linked to a natural person.

(2) A certificate shall set out:

1) the number of the certificate;

2) the name of the holder of the certificate;

3) the public key of the certificate holder;

4) the period of validity of the certificate;

5) the issuer and registry code of the issuer;

6) a description of the limitations on the scope of use of the certificate.

(3) The issuer of a certificate shall confirm each certificate issued thereby.

(06.06.2001 entered into force 07.07.2001 – RT I 2001, 56, 338)

6. Certificate holder

For the purposes of this Act, a certificate holder is a natural person to whose personal data the public key contained in the certificate is linked in the same certificate.

Division 2

Application for and Issue of Certificates

7. Creation of private and public keys

(1) A private key and a public key shall be created by an applicant for a certificate or, at his or her request and according to an agreement between the parties, by a certification service provider or another person or agency.

(2) Persons who create private and public keys for other persons shall not create copies of the keys for themselves or for third parties.

8. Application for certificates

(1) In order to obtain a certificate, a person (hereinafter applicant for the certificate) shall submit a written application to a certification service provider setting out:

1) the given name and surname of the applicant for the certificate;

2) the personal identification code of the applicant for the certificate or, in the absence of a personal identification code, the day, month and year of birth of the applicant for the certificate;

3) the public key of the applicant for the certificate or an authorisation of the applicant for the certificate to the certification service provider for the creation of a private and public key;

(06.06.2001 entered into force 07.07.2001 – RT I 2001, 56, 338)

4) the contact details of the applicant for the certificate;

5) the period of validity of the certificate applied for;

6) a description of the limitations on the scope of use of the certificate;

7) other data which the applicant applies to have added to the certificate.

(2) If the public key of an applicant for a certificate is set out in an application specified in subsection (1) of this section, the applicant for the certificate shall prove that the private key corresponding to the public key is in his or her possession.

(06.06.2001 entered into force 07.07.2001 – RT I 2001, 56, 338)

9. Issuer of certificates

For the purposes of this Act, an issuer of a certificate is a person or agency who issues the certificate and is responsible for the accuracy of the data contained in the certificate.

10. Issue of certificates

(1) The issuer of a certificate is required to verify that the application submitted in order to apply for the certificate complies with this Act and that the data contained in the application is accurate.

(2) A certificate shall be issued to a person promptly after entry of the corresponding data in the database of certificates which is maintained by the issuer of the certificate.

(3) The issuer of a certificate is required to notify the applicant for the certificate of the conditions of use of the certificate, the rights and obligations of the certificate holder, and other circumstances related to the use of the certificate.

Passed 8 December 2004
(RT2 I 2004, 87, 593),
entered into force 1 January 2005
amended by the following Acts:

24.01.2007 entered into force 20.07.2007 – RT I 2007, 12, 64;
24.01.2007 entered into force 01.05.2007 – RT I 2007, 15, 76;
21.12.2006 entered into force 17.01.2007 – RT I 2007, 3, 12;
07.12.2006 entered into force 01.01.2007 – RT I 2006, 58, 439;
14.06.2006 entered into force 16.07.2006 – RT I 2006, 31, 234;
11.05.2006 entered into force 02.06.2006 – RT I 2006, 25, 187;
15.12.2005 entered into force 01.01.2006 – RT I 2005, 71, 545.

Chapter 1
General Provisions

1. Purpose and scope of application of Act

(1) The purpose of this Act is to create the necessary conditions for the development of electronic communication to promote the development of electronic communications networks and communications services without giving preference to specific technologies and to ensure the protection of the interests of users of electronic communications services by promoting free competition and the purposeful and just planning, allocation and use of radio frequencies and numbering.

(2) This Act provides requirements for the publicly available electronic communications networks and communications services, conduct of radiocommunication, management of radio frequencies and numbering, for apparatuses and state supervision over compliance with the requirements and liability for violation of the requirements.

(3) This Act does not apply to Information Society services within the meaning of the Information Society Services Act (RT I 2004, 29, 191; 54, 387).

(4) The provisions of the Administrative Procedure Act (RT I 2001, 58, 354; 2002, 53, 336; 61, 375; 2003, 20, 117; 78, 527) apply to administrative proceedings prescribed in this Act, taking account of the specifications provided for in this Act.

2. Definitions

In this Act, the following definitions are used:

1) “local sub-loop” is the physical circuit connecting the network termination point to an intermediate distribution point;

2) “apparatus” is any equipment that is either terminal equipment or radio equipment or both;

3) “putting an apparatus into service” is an activity which consists of the first intended use of the apparatus in a Contracting State to the European Economic Area;

4) “placing on the market of an apparatus” is an activity by which the apparatus is made accessible in a Contracting State to the European Economic Area for the first time either for the purpose of distribution or putting it into service;

41) “electromagnetic compatibility” is the capability of an apparatus to satisfactorily function in an electromagnetic environment without causing electromagnetic interference to other equipment located in that environment.
(24.01.2007 entered into force 20.07.2007 – RT I 2007, 12, 64)

5) “electronic communications undertaking” (hereinafter communications undertaking) is a person who provides a publicly available electronic communications service to the end-user or to another provider of a publicly available electronic communications service;

6) “electronic communications service” is a service which consists wholly or mainly in the transmission or conveyance of signals on electronic communications networks under the agreed conditions. Network services are also electronic communications services;

7) “user of electronic communications service” (hereinafter user of communications service) is a person using a publicly available electronic communications service;

electronic communications network” is a transmission system including switching equipment and other support systems which enable the transmission or conveyance of signals by way of a cable and by radio, optical or other electromagnetic means. Electronic communications networks include also the satellite network, telephone network, data communication network, mobile telephone network, broadcasting transmitters network, cable television network and electric cable system, if used for the transmission or conveyance of signals, regardless of the nature of information broadcast through them;

9) “self-planned frequency band” is a radio frequency band the use of which is regulated by the user of radio frequencies pursuant to the conditions established by a frequency authorisation;

10) “surveillance equipment” is a technical infrastructure used by a surveillance agency or a security authority to restrict the right to the confidentiality of messages;