Estonia- Digital signatures Act 2000
Chapter I
General Provisions
1. Scope of application of Act
This Act provides the necessary conditions for using digital signatures and the procedure for exercising supervision over the provision of certification services and time-stamping services.
2. Digital signature
(1) A digital signature is a data unit, created using a system of technical and organisational means, which a signatory uses to indicate his or her connection to a document.
(2) A digital signature is created by a signatory using a signature creating device (hereinafter private key) to which a signature verification device (hereinafter public key) uniquely corresponds.
(3) A digital signature and the system of using the digital signature shall:
1) enable unique identification of the person in whose name the signature is given;
2) enable determination of the time at which the signature is given;
3) link the digital signature to data in such a manner that any subsequent change of the data or the meaning thereof is detectable.
3. Legal consequences of digital signatures
(1) A digital signature has the same legal consequences as a hand-written signature if these consequences are not restricted by law and if the compliance of the signature with the requirements of subsection 2 (3) of this Act is proved.
(2) The compliance of a digital signature given according to the principles provided for in Chapters II-V of this Act with the requirements of subsection 2 (3) of this Act need not be proved separately if data and the digital signature enable unique determination of the certificate which contains the public key to which the private key with which the digital signature is given corresponds.
(3) A digital signature does not have the consequences provided for in subsection (1) of this section if it is proved that the private key was used for giving the signature without the consent of the holder of the corresponding certificate.
(4) The giving of a digital signature without the consent of the holder of the corresponding certificate is deemed to be proved if the certificate holder proves circumstances which existed and due to which it may be presumed that the signature was given without his or her consent.
(5) In the cases specified in subsection (3) of this section, the certificate holder shall compensate damage caused to another person who erroneously presumed that the signature was given by the certificate holder, if the private key was used without the consent of the certificate holder due to the intent or gross negligence of the certificate holder.
4. Use of digital signatures
(1) In relations in private law, digital signatures shall be used according to agreement between the parties.
(2) In relations in public law, digital signatures shall be used pursuant to this Act and legislation issued on the basis thereof.
(3) State and local government agencies, legal persons in public law, and persons in private law performing public law functions are required to provide access through the public data communication network to information concerning the possibilities and procedure for using digital signatures in communication with such agencies and persons.
41. Application of Administrative Procedure Act
The provisions of the Administrative Procedure Act (RT I 2001, 58, 354; 2002, 53, 336) apply to administrative proceedings prescribed in this Act, taking account of the specifications provided for in this Act.
(19.06.2002 entered into force 01.08.2002 – RT I 2002, 61, 375)
Chapter II
Certificates
Division 1
Certificates and Requirements for Certificates
5. Certificates
(1) For the purposes of this Act, a certificate is a document which is issued in order to enable a digital signature to be given and in which a public key is uniquely linked to a natural person.
(2) A certificate shall set out:
1) the number of the certificate;
2) the name of the holder of the certificate;
3) the public key of the certificate holder;
4) the period of validity of the certificate;
5) the issuer and registry code of the issuer;
6) a description of the limitations on the scope of use of the certificate.
(3) The issuer of a certificate shall confirm each certificate issued thereby.
(06.06.2001 entered into force 07.07.2001 – RT I 2001, 56, 338)
6. Certificate holder
For the purposes of this Act, a certificate holder is a natural person to whose personal data the public key contained in the certificate is linked in the same certificate.
Division 2
Application for and Issue of Certificates
7. Creation of private and public keys
(1) A private key and a public key shall be created by an applicant for a certificate or, at his or her request and according to an agreement between the parties, by a certification service provider or another person or agency.
(2) Persons who create private and public keys for other persons shall not create copies of the keys for themselves or for third parties.
8. Application for certificates
(1) In order to obtain a certificate, a person (hereinafter applicant for the certificate) shall submit a written application to a certification service provider setting out:
1) the given name and surname of the applicant for the certificate;
2) the personal identification code of the applicant for the certificate or, in the absence of a personal identification code, the day, month and year of birth of the applicant for the certificate;
3) the public key of the applicant for the certificate or an authorisation of the applicant for the certificate to the certification service provider for the creation of a private and public key;
(06.06.2001 entered into force 07.07.2001 – RT I 2001, 56, 338)
4) the contact details of the applicant for the certificate;
5) the period of validity of the certificate applied for;
6) a description of the limitations on the scope of use of the certificate;
7) other data which the applicant applies to have added to the certificate.
(2) If the public key of an applicant for a certificate is set out in an application specified in subsection (1) of this section, the applicant for the certificate shall prove that the private key corresponding to the public key is in his or her possession.
(06.06.2001 entered into force 07.07.2001 – RT I 2001, 56, 338)
9. Issuer of certificates
For the purposes of this Act, an issuer of a certificate is a person or agency who issues the certificate and is responsible for the accuracy of the data contained in the certificate.
10. Issue of certificates
(1) The issuer of a certificate is required to verify that the application submitted in order to apply for the certificate complies with this Act and that the data contained in the application is accurate.
(2) A certificate shall be issued to a person promptly after entry of the corresponding data in the database of certificates which is maintained by the issuer of the certificate.
(3) The issuer of a certificate is required to notify the applicant for the certificate of the conditions of use of the certificate, the rights and obligations of the certificate holder, and other circumstances related to the use of the certificate.
