Home page
Services
Licences and fees
Surveys and statistics
Regulations, decisions and guidelines
FICORA
Contact details

Finnish Communications Regulatory Authority (FICORA)
Itämerenkatu 3 A
P.O. Box 313
FI-00181 HELSINKI

Switchboard +358 9 69 661

Television fees
Customer service +358 9 613 161

Customer service of Fi-domain names +358 9 6966 700

About cookies

 Home page > Services > Services by subject > Strong electronic identification, electronic signature and certification activities > Provisions

Provisions

The activities of identification service providers and certification authorities providing qualified certificates are subject, for example, to the following acts, decrees, regulations, recommendations and standards:

Legal matters

  • The Act on Strong Identification and Electronic Signatures (617/2009, later The Identification Act) The Act on Strong Identification and Electronic Signatures (617/2009, later The Identification Act) entered into force on 1 September 2009.

    The Identification Act replaced the Act on Electronic Signatures (14/2003) issued in 2003, which in turn implemented Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures. There is no EC-level regulation on identification services.
  • Personal Data Act (523/1999)

FICORA's regulations

  • FICORA’s regulation 7 B/2009 M on obligation of identification service providers and certification authorities providing qualified certificates to the public to submit notifications to FICORA;
  • Explanations and application of regulation 7;
  • FICORA’s regulation 8 C/2010 M on the requirements for reliability and information security in the operation of identification service providers and certification authorities providing qualified certificates to the public;
  • Explanations and application of regulation 8.

Standards on qualified certificates

Extensive international standardisation work has been carried out to clarify the requirements of the EU Directive on Electronic Signatures. The European Commission can ratify and publish reference numbers of generally-known standards concerning products related to electronic signatures in the Official Journal of the European Communities (OJEC). In this task, the Commission is assisted by the so-called Article 9 Committee, which consists of representatives from EU Member States. If the certification-service-provider or the service or product related to an electronic signature fulfils the requirements of these standards or technical specifications, the requirements set in the Directive are also fulfilled. The European Commission published the following reference numbers of standards in the Official Journal of the European Union on 14 July 2003:

  • CWA 14167-1 (March 2003): security requirements for trustworthy systems managing certificates for electronic signatures — Part 1: System Security Requirements
  • CWA 14167-2 (March 2002): security requirements for trustworthy systems managing certificates for electronic signatures — Part 2: cryptographic module for CSP signing operations — Protection Profile (MCSO-PP)
  • CWA 14169 (March 2002): secure signature-creation devices

Page updated 20.10.2010   Print version Print version