S.I. No. 233/2010 - Electronic Commerce (Certification Service Providers Supervision Scheme) Regulations 2010.


Notice of the making of this Statutory Instrument was published in

“Iris Oifigiúil” of 4th June, 2010.

I, EAMON RYAN, Minister for Communications, Energy and Natural Resources, in exercise of the powers conferred on me by section 29(3) of the Electronic Commerce Act 2000 (No. 27 of 2000), as adapted by the Communications, Marine and Natural Resources (Alteration of Name of Department and Title of Minister) Order 2007 ( S.I. No. 706 of 2007 ), hereby make the following regulations:

Citation.

1. These Regulations may be cited as the Electronic Commerce (Certification Service Providers Supervision Scheme) Regulations 2010.

Definition.

2. In these Regulations “the Act” means the Electronic Commerce Act 2000 (No. 27 of 2000).

Scheme for supervision of certification service providers.

3. The scheme for the supervision of certification service providers to be established pursuant to section 29(3) of the Act is as set out in the Schedule.

Regulation 3

SCHEDULE

Scheme for supervision of certification service providers established in the State

1. A certification service provider that is established in the State shall, within 1 year after it first issues a qualified certificate—

(a) notify the Minister of that fact, and

(b) state in writing to the Minister that—

(i) qualified certificates issued by the certification service provider meet the requirements of Annex 1 in the Schedule to the Act, and

(ii) the certification service provider itself meets the requirements of Annex II in that Schedule.

2. A certification service provider that is established in the State shall, on each 2 January after it notifies the Minister in accordance with paragraph 1, provide to the Minister evidence that—

(a) qualified certificates issued by the certification service provider concerned meet the requirements of Annex 1 in the Schedule to the Act, and

(b) the certification service provider itself meets the requirements of Annex II in that Schedule.

3. The evidence required by paragraph 2 is required to be in the form of a certificate or certificates issued by a certifying body accredited for the purpose by the Irish National Accreditation Board or the national accreditation body (within the meaning given by Regulation (EC) No. 765/2008 1 of the European Parliament and of the Council) of another member State of the European Union in accordance with both of the following standards:

1 OJ L 218 of 13.8.2008, p. 30.

(a) ISO/IEC standard 17021 (entitled “Conformity assessment—requirements of bodies providing audit and certification of management systems”);

(b) ISO standard 27006 (entitled “Information technology—security techniques—Requirements for bodies providing audit and certification of information security management systems”).

4. The Minister shall maintain, and may make publicly available, lists of—

(a) certification service providers that have provided to the Minister certificates in accordance with paragraph 2, and

(b) certification service providers that have notified the Minister in accordance with paragraph 1 but have not provided to the Minister certificates in accordance with paragraph 2.

5. In paragraph 4, “make publicly available” includes publication on a website.

/images/ls

GIVEN under my Official Seal,

31 May 2010.

EAMON RYAN,

Minister for Communications, Energy and Natural Resources.

EXPLANATORY NOTE

(This note is not part of the Instrument and does not purport to be a legal interpretation.)

These Regulations fulfil the obligation on the Minister for Communications, Energy and Natural Resources to prescribe a scheme of supervision of certification service providers (CSPs), which is set out in the Electronic Commerce Act. These Regulations require that CSPs established in the State who issue qualified certificates notify the Minister within 1 year that they issue qualified certificates to the public. These Regulations enable the Minister to be satisfied that the requirements of Annex I and II of the Electronic Commerce Act, 2000 are fulfilled as appropriate. Based on the notifications and evidence of certification forwarded the Minister shall maintain lists of certification service providers established in the State who issue qualified certificates to the public.

1 OJ L 218 of 13.8.2008, p. 30.