By
Stewart Baker
(sbaker@steptoe.com)

Michael Hintze
(mhintze@steptoe.com)

October 1997

We have obtained information regarding the Italian digital signature law passed earlier this year, and the recently released draft regulations implementing that law. The following is a brief synopsis.

The law declares that, if the requirements of the law and the regulations are met, electronic documents and electronic signatures will be accorded the same validity as written documents and written signatures.

The law further states that certification authorities (CAs) must be registered with the government. In order to qualify as a CA, an entity apparently must meet certain technical and financial criteria.

A number of regulatory requirements are imposed upon certification authorities. CAs must meet a number of security related requirements. They also must follow the relevant rules regarding the treatment of personal data.

When a person applies for a certificate, the CA must identify that person with "certainty." The CA must also inform all applicants in a clear manner about the certification process.

In cases where the private signature key is lost, the holder of the private key is incapacitated or where there are suspected abuses or fraudulent use of the key, certification authorities are required to revoke or suspend any certificate immediately upon the request of the applicant or his representative. Such a revocation or suspension must be made public immediately, presumably through the use of a certificate revocation list (CRL).

Another requirement imposed upon certification authorities is that they may not serve as a depository of private keys. In other words, no entity can serve as both a certification authority and as a key recovery agent (or trusted third party).

Finally, the law contains a mutual recognition provision, but it does NOT apply to non-EU certification authorities. The provision states that other CAs will be recognized if they operate on the basis of requirements that are equivalent to those of the Italian law, and under the authority of "another country member of the European Community of European Economic Area."

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

For further information please contact L. Benjamin Ederington on Tel: + 202-429-6411, Fax: 202-429-3902 or E-mail: bedering@steptoe.com