Text consolidated by Valsts valodas centrs (State
Language Centre) with amending laws of:
6 May 2004 [shall come into
force from 27 May 2004];
28 October 2004 [shall come into force from 24 November
2004];
22 June 2006 [shall come into force from 21 July
2006];
24 May 2007 [shall come into force from 26 June
2007];
24 September 2009 [shall come into force from 22 October
2009].
If a whole or part of a section has been amended, the
date of the amending law appears in square brackets at
the end of the section. If a whole section, paragraph or
clause has been deleted, the date of the deletion appears
in square brackets beside the deleted section, paragraph
or clause.
|
The Saeima1 has adopted
and the President has proclaimed the following Law:
Electronic Documents
Law
Chapter I
General Provisions
Section 1. Terms Used in this
Law
The following terms are used in this Law:
1) secure electronic signature-creation devices -
software packages, hardware and electronic signature-creation
data that conform to the following requirements:
a) the electronic signature-creation data shall be created
only once, and the secrecy thereof is ensured,
b) the electronic signature-creation data cannot be derived
and, utilising technologies, the electronic signature is secured
against forgery,
c) the electronic signature-creation data are securely
protected against being used unlawfully by third persons,
d) the secure electronic signature-creation devices do not
alter the electronic document to be signed and do not prevent
becoming acquainted with such a document before its signing;
2) secure electronic signature - an electronic
signature that conforms to all of the following requirements:
a) it is linked only to the signatory,
b) it ensures the personal identification of the
signatory,
c) it is created with secure electronic signature-creation
devices, which may be controlled only by the signatory,
d) it is linked to a signed electronic document so that later
changes in the electronic document are detectable,
e) it is certified by a qualified certificate;
3) electronic document - any data which is created,
stored, sent or received electronically, which ensures the
possibility of utilising such data for the performance of some
activity, realisation of a right and protection;
4) electronic signature - electronic data that is
attached to or logically associated with an electronic document,
and ensures the authenticity of the electronic document and
confirms the identity of the signatory;
5) electronic signature-verification data - data that
is utilised in order to verify an electronic signature;
6) electronic signature-creation data - data created
only once, which are utilised by the signatory in order to create
an electronic signature;
7) qualified certificate - a certificate which contains
the information laid down in this Law and which has been issued
by a trusted certification service provider;
8) time-stamp - an electronically signed confirmation
of the fact that at a specified date and time the electronic
document has been signed at the certification service
provider;
9) signatory - a natural person who has electronic
signature-creation devices and who acts either in his or her own
name or the name of the natural person or legal person or
institution that he or she represents;
10) certification services - the issuance and
cancellation of certificates, the suspension and renewal of the
validity of certificates, registration of certificates, the
maintenance of a electronic signature-verification data register,
the stamping of electronic documents with time-stamps, as well as
the provision of consultancy services in relation to electronic
signatures;
11) certificate - an electronic confirmation that links
the electronic signature-verification data with a signatory and
serves to specify the identity of the signatory.
[24 May 2007]
Section 2. Application of this
Law
(1) This Law determines the legal status of electronic
documents and electronic signatures.
(2) The provisions of this Law are not applicable if a natural
person or legal person who is not a certification service
provider performs the stamping of electronic documents with a
time-stamp.
Chapter II
Electronic Documents and the Derivation thereof
Section 3. Electronic Documents
(1) The requirement for a document in written form in relation
to an electronic document shall be fulfilled if the electronic
document has an electronic signature and the electronic document
conforms to the requirements of other laws and regulations.
(2) An electronic document shall be considered to have been
signed by hand if it has a secure electronic signature. An
electronic document shall be considered to have been signed by
hand also in such cases where it has an electronic signature and
the parties have agreed in writing regarding the signing of
electronic documents with an electronic signature. In such case,
the written agreement shall be drawn up and signed on paper or
electronically with a secure electronic signature.
(3) If laws and regulations provide that, in addition to other
requisites for a document to acquire legal effect, it also
requires the imprint of a seal, then this requirement in relation
to an electronic document shall be fulfilled if the electronic
document has a secure electronic signature and a time-stamp or
electronic signature if the parties in accordance with the
procedures laid down in Paragraph two of this Section have agreed
in writing regarding the signing of electronic documents with an
electronic signature.
(4) An electronic signature is legal evidence and the
submission of an electronic document as evidence to competent
institutions has no restrictions, based only upon the fact
that:
a) the document is in electronic form; or
b) it does not have a secure electronic signature.
(5) In the circulation of electronic documents between State
and local government institutions or between these institutions
and natural persons and legal persons, the electronic document
shall be considered to be signed if it has a secure electronic
signature and time-stamp or electronic signature if the parties
in accordance with the procedures laid down in Paragraph two of
this Section have agreed in writing regarding the signing of
electronic documents with an electronic signature.
(6) The provisions of this Law are not applicable to:
1) contracts with which rights are created or transferred to
immovable property, except for rental rights;
2) contracts which, in accordance with law, are not in effect
if they have not been certified according to special procedures
by law;
3) guarantee contracts if the guarantee grants, and security
for pledges if such is provided by persons who engage in
purposes, which are not related to the trade of such person,
entrepreneurial activity or occupation;
4) transactions in the field of family law and inheritance
law.
[28 October 2004]
Section 4. Original Electronic
Documents
(1) If laws and regulations require the storage or
presentation of the original of a document, this requirement in
relation to electronic documents shall be fulfilled if it
conforms to the requirements of Section 3, Paragraphs two and
three of this Law.
(2) Paragraph one of this Section applies to a requirement
expressed in the form of a duty or in a case, where the laws and
regulations provide for a legal effect regarding the non-storage
of documents or the non-presentation of document originals.
Section 5. Derivation of Electronic
Documents
(1) A copy, true copy or extract in paper form of an
electronic document shall have the same legal effect as the
original if the correctness of the copy, true copy or extract is
certified in accordance with the requirements of laws and
regulations and if the issuer of the copies, true copies or
extracts in paper form can, on the basis of a request, present
the document original in electronic form, and it conforms to the
requirements laid down in this Law.
(2) A copy, true copy or extract in electronic form of a paper
document shall have the same legal effect as the original if the
person who, in accordance with the requirements of laws and
regulations, has the right to certify document original copies,
true copies or extracts has certified its correctness with a
secure electronic signature and time-stamp or electronic
signature if the parties in accordance with the procedures laid
down in Section 3, Paragraph two of this Law have agreed in
writing regarding the signing of electronic documents with an
electronic signature, and it conforms to the requirements of laws
and regulations.
(3) A duplicate of a paper document in electronic form shall
have the same legal effect as the original if the duplicate has
been issued and drawn up in conformity with the requirements of
this Law and other laws and regulations.
(4) The making of derivations of electronic documents in paper
form shall be only from such electronic documents as is possible
to present in a readable or graphic form.
[28 October 2004]
Chapter III
Provisions for the Circulation and Storage of Electronic
Documents
Section 6. General Provisions for
the Circulation and Storage of Electronic Documents
(1) If laws and regulations determine requirements for the
preparation, drawing up and storage of documents in a separate
way, these same provisions shall be applicable also to electronic
documents.
(2) The procedures for the preparation, drawing up, storage
and circulation of electronic documents in State and local
government institutions, and the circulation procedures between
State and local government institutions, or between these
institutions and natural persons and legal persons shall be
governed by Cabinet regulations.
(3) The Latvian State Archive Directorate shall be responsible
for the evaluation and selection of electronic documents for
long-term and permanent storage, and it shall also monitor that
State and local government archives ensure the storage and
accessibility of electronic documents.
(4) State and local government institutions shall develop
internal circulation instructions for electronic documents which
comply with this Law and the regulations of the Cabinet referred
to in Paragraph two of this Section, as well as the work
specifics of the institution, and shall ensure the possibility of
natural persons and legal persons to submit and receive State and
local government institution documents, their copies, true
copies, extracts and duplicates electronically or in another form
according to the choice of the person.
(5) The type of evaluation of electronic documents, procedures
for storage, and time periods for the transfer of such documents
to State archives for storage shall be governed by Cabinet
regulations.
[6 May 2004]
Section 7. Special Provisions for
the Storage of Electronic Documents
(1) If laws and regulations provide for the storage of
specific documents, records or data, this requirement in relation
to electronic documents is fulfilled if:
1) the data contained therein is accessible for
utilisation;
2) the electronic document is preserved in such a form as it
was initially created, sent or received, or in such a form as the
initially created, sent or received data can be shown;
3) the preserved data allows the origin or final destination
of the electronic document to be specified, and the time of
sending or receipt.
(2) The provisions of Paragraph one, Clause 3 of this Section
shall not apply to data that is automatically created in the
process of receiving or sending an electronic document.
(3) A person may fulfil the provisions of Paragraph one of
this Section by utilising the services of another person if the
provisions of this Law are conformed to.
Chapter IV
Certificate Service Providers and Trusted Certification Service
Providers
Section 8. Certification Service
Providers
(1) A certification service provider is a natural or legal
person, who provides certification services without the receipt
of a special permit.
(2) Accreditation of a certification service provider is
voluntary.
(3) A certification service provider shall be considered to be
trustworthy if he or she conforms to all the requirements of
Section 9 of this Law.
Section 9. Trusted Certification
Service Provider
A trusted certification service provider shall be considered
to be a natural or legal person who conforms to all of the
following requirements:
1) utilises trustworthy personnel who have the necessary
specialised knowledge, experience and qualifications for the
provision of certification services, who have become acquainted
with the relevant security provisions for the provision of
certification services, and have not been convicted for the
intentional committing of a criminal offence;
2) utilises trustworthy and secure information systems and
products which are appropriately protected against unauthorised
access and modification;
3) maintains sufficient financial resources in order to
implement this Law and the regulatory enactment requirements
issued on the basis of this Law, and has insured its professional
activity for civil liability in the amount and in accordance with
the procedures laid down in Section 14 of this Law;
4) is accredited with the State Data Inspection (hereinafter
also - supervisory institution) in accordance with the procedures
laid down in this Law;
5) ensures the on-line regime accessibility of the
signature-verification data register;
6) ensures the possibility of immediate revocation, suspension
of operation and renewal of qualified certificates in the cases
laid down in this Law;
7) ensures that at any moment the date and time of the
issuance, revocation, suspension of operation and renewal of
qualified certificates can be determined;
8) utilises a secure system for qualified certificate storage
in a verifiable form and shall ensure that:
a) only the authorised persons of the trusted certification
service provider may make entries or their changes,
b) it is possible to check and determine changes in
information,
c) the qualified certificates issued are not publicly
accessible, except in a case where the written consent of the
signatory has been obtained,
d) any technical changes that affect security requirements are
apparent to the systems administrator,
e) such technology is utilised as will ensure that when using
electronic signature-creation data they can never be copied;
9) in stamping the electronic document with a time stamp,
ensures the possibility to specify without doubt the date and
time when the electronic document was electronically signed and
such signature was valid;
10) ensure that the time-stamp does not alter the signed
electronic document.
[28 October 2004; 24 May 2007]
Section 10. Accreditation of Trusted
Certification Service Providers
(1) In order to receive accreditation, the following documents
shall be submitted to the supervisory institution:
1) a written application;
2) the certification service provision regulations;
3) a description of the certification service provision
information system and procedure security;
4) an examination opinion of the certification service
provision information system and procedure security;
5) a document that certifies the fulfilment of the
requirements of Section 9, Clause 3 of this Law.
(2) The amount and payment procedures of the State fee for
accreditation and renewal of accreditation of a certification
service provider shall be determined by the Cabinet.
[24 September 2009]
Section 11. Certification Service
Provision Regulations
(1) The certification service provision regulations shall
include:
1) the firm name of the trusted certification service
provider, registration number or given name, surname, personal
identity number, telephone address and electronic mail
address;
2) information regarding the information system, equipment,
technology, computer programmes to be utilised for the provision
of certification services and the documents certifying their
right of use;
3) a model trusted certification service provider and
signatory contract;
4) information regarding the issuing procedures for qualified
certificates and their security;
5) information regarding various possibilities of restricting
the use of the secure electronic signature by the signatory;
6) information regarding the revocation, suspension of
operation and renewal procedures for qualified certificates;
7) information regarding the technical and technological
possibilities which are offered by the certification service
provider in order to protect secure electronic signature-creation
devices, electronic signature-verification data and qualified
certificates from unlawful use;
8) information regarding how the on-line free access regime,
free access shall be ensured to the electronic
signature-verification data and the issued, revoked, suspended
and renewed certificate registers;
9) information regarding the stamping of electronic documents
with a time-stamp and the security of the procedures thereof;
10) information regarding how the on-line regime, free access
shall be ensured to the time stamp register regarding signed
submitted time stamps.
(2) If the information included in the certification service
provision regulation changes, the trusted certification service
provider shall, without delay, submit amendments to the
certification service provision regulations to the supervisory
institution.
[24 May 2007]
Section 12. Description of the
Certification Service Provision Information System, Equipment and
Procedure Security
(1) Information to be indicated in the description of the
certification service provision information system, equipment and
procedure security shall be determined by the Cabinet.
(2) If the information indicated in the description of the
certification service provision information system, equipment and
procedure security changes, the trusted certification service
provider shall, without delay, submit amendments to the
description of the certification service provision information
system, equipment and procedure security to the supervisory
institution.
Section 13. Examination of the
Certification Service Provision Information System, Equipment and
Procedure Security
(1) The examination of the certification service provision
information system, equipment and procedure security and the
opinion regarding such shall be provided by an expert who is
included in a list approved by the supervisory institution.
(2) The list approved by the supervisory institution shall
include persons who conform to all of the following
requirements:
1) he or she has the technical possibility to specify the
conformity of the certification service provision information
system, equipment and procedure security with the requirements of
laws and regulations;
2) he or she is legally and financially independent from
trusted certification service providers and supervisory
institutions;
3) he or she or his or her employed personnel have the
necessary knowledge;
4) he or she is not engaged in the manufacture and supply of
certification service provision information systems and other
information technologies.
(3) Procedures for the examination of certification service
provision information system, equipment and procedure security
and time periods shall be determined by the Cabinet.
Section 14. Civil Liability
Insurance
(1) It is mandatory to insure against the possible risk of
losses associated with the activities of a trusted certification
service provider.
(2) The insurance of the risk of the activities of a trusted
certification service provider shall secure claims, which may
arise in relation to his or her activities.
(3) The trusted certification service provider shall enter
into an insurance contract prior to receipt of accreditation, and
the insurance contract shall be maintained in effect for the
whole of the time period of the provision of certification
services.
(4) If as a result of the actions or inaction of the trusted
certification service provider, losses are incurred, the
insurance company on the basis of the insurance contract shall
cover such losses from the insurance compensation of the trusted
certification service provider.
(5) The Cabinet shall determine the minimum amount of
insurance.
[28 October 2004]
Section 14.1 Technical
and Organisational Requirements
The Cabinet shall determine the technical and organisational
requirements to which the qualified certificate, the trusted
certification service provider, and the secure electronic
signature transmission facilities shall conform, as well as the
procedures by which the secure verification of electronic
signatures shall be performed.
[28 October 2004]
Section 15. Personal Data
Protection
(1) A certification service provider may only acquire personal
data directly from the natural person or from a third person if
the natural person has consented in writing that his or her data
shall be acquired by the concrete certification service provider
from the third person.
(2) A certification service provider may process the personal
data only for the provision of certification services.
(3) A certification service provider may not process the
personal data, which are acquired for provision of certification
services, for other purposes.
[24 May 2007]
Chapter V
Qualified Certificates
Section 16. Information to be
included in Qualified Certificates
(1) A qualified certificate shall include the following
information:
1) an indication that it is a qualified certificate;
2) the firm name, registration number and the state in which
the trusted certification service provider is established or
given name, surname and personal identity number;
3) the given name and surname of the signatory or a pseudonym
(indicating that it is a pseudonym);
4) personal identity number of the signatory;
5) the commencement and end of the time period of the quality
certificate;
6) the consecutive number of the certificate granted by the
trusted certification service provider;
7) the electronic signature-verification data which correspond
to the existing secure electronic signature-creation data under
the control of the signatory;
8) limitations of transaction amounts, which may be performed
utilising the qualified certificate.
(2) In addition to the information referred to in Paragraph
one of this Section, a qualified certificate may also include the
following information:
1) restrictions on the scope of operation of the certificate
or other certificate operation restrictions;
2) specific legal facts in relation to the signatory (if such
is necessary) depending upon the purpose for which the
certificate is intended;
3) [24 May 2007];
4) the identity number of the signatory if information
regarding the signatory is not included in the Population
Register.
(3) A qualified certificate shall be signed with the
electronic signature of the trusted certification service
provider. The electronic signature shall conform to the following
requirements:
1) it is linked only to the trusted certification service
provider;
2) it ensures the identification of the trusted certification
service provider;
3) it is created with the secure electronic signature-creation
devices of the trusted certification service provider;
4) it is linked to a signed electronic document so that later
changes in the signed electronic document are detectable.
(4) Secure electronic signature-creation devices of the
trusted certification service provider in this Law shall mean
software packages, hardware and electronic signature-creation
data that conform to the following requirements:
1) the electronic signature-creation data are created in a
strongly controlled environment and the secrecy thereof is
ensured;
2) the electronic signature-creation data cannot be derived
and, utilising technologies, the electronic signature is secured
against forgery;
3) the electronic signature-creation data are securely
protected against being used unlawfully by third persons;
4) the secure electronic signature-creation devices do not
alter the electronic document to be signed and do not prevent
becoming acquainted with such a document before its signing.
[22 June 2006; 24 May 2007]
Section 17. Issuance of Qualified
Certificates
(1) In order to receive a qualified certificate, the signatory
shall submit a personally signed written application.
(2) Before the issuance of a qualified certificate, the
trusted certification service provider shall, in the presence of
the signatory, be satisfied regarding the identity of the
signatory on the basis of the personal identification document
presented by the signatory.
(3) A trusted certification service provider shall, on the
basis of a written application of the signatory, include in the
qualified certificate information regarding the powers of the
signatory or other important information, which is referred to in
Section 16, Paragraph two of this Law.
(4) A trusted certification service provider on the basis of a
written application of the signatory in place of the given name
and surname of the signatory in the qualified certificate may
record a pseudonym, in respect of which making a relevant
indication in the certificate.
(5) The trusted certification service provider shall issue the
qualified certificate to the signatory.
(6) A signatory may be issued several qualified
certificates.
(7) The trusted certification service provider, preserving the
liability laid down in this Law, on the basis of a contract may
entrust another person to perform the activities laid down in
Paragraphs two, three, four and five of this Section if the
supervisory institution has given written consent for this.
[24 May 2007]
Section 18. Revocation, Suspension
of Operation and Renewal of Qualified Certificates
(1) The revocation of a qualified certificate is the
recognising of the certificate as invalid. The operation of a
revoked qualified certificate shall not be renewed.
(2) A trusted certification service provider shall revoke
without delay a qualified certificate in the following cases:
1) the signatory requests the revocation of the
certificate;
2) the trusted certification service provider receives
official information regarding the death of the signatory or
other information included in the certificate changes;
3) the signatory has provided the trusted certification
service provider with false or misleading information in order to
receive a qualified certificate;
4) fulfilment of a court adjudication regarding the revocation
of the certificate;
5) in the cases stipulated in the contract regarding provision
of certification services.
(3) The suspension of operation of a qualified certificate is
recognition of the certificate as invalid for a time. The
operation of a suspended qualified certificate may be
renewed.
(4) The renewal of the operation of a qualified certificate is
the recognition of the qualified certificate as valid, the
operation of which was suspended.
(5) A trusted certification service provider shall suspend and
renew the operation of a qualified certificate in the following
cases:
1) in fulfilment of a court adjudication;
2) on the basis of a written request of the signatory;
3) in the cases stipulated in the contract regarding provision
of certification services.
(6) A qualified certificate may not be revoked, and its
operation suspended or renewed with a retroactive date.
(7) A secure electronic signature, which has been created
after the cancellation of a qualified certificate or in the
period when the operation of the qualified certificate has been
suspended, shall not be valid.
(8) A secure electronic signature, which has been created
after the death of the signatory, shall not be valid.
(9) If a trusted certification service provider without a
legal basis, on wrongful purpose or due to negligence revokes a
qualified certificate, suspends or renews the operation of a
qualified certificate, the trusted certification service provider
shall compensate losses caused to a person that have arisen
because of the unfounded revocation of the qualified certificate,
and the suspension or renewal of operation of the qualified
certificate.
[22 June 2006; 24 May 2007]
Chapter VI
Supervision of Trusted Certification Service Providers
Section 19. Trusted Certification
Service Provider Supervisory Institution
(1) The State Data Inspection shall be the supervisory
institution for trusted certification service providers.
(2) The supervisory institution shall regularly supervise the
conformity of the work of the trusted certification service
providers with the requirements of this Law and other laws and
regulations.
Section 20. Duties of the
Supervisory Institution
(1) The supervisory institution has the following duties:
1) to accredit certification service providers in accordance
with the voluntary accreditation principles;
2) to check whether the trusted certification service
providers comply with the certification service provision
regulations;
3) to monitor that the security of the trusted certification
service provider information system and procedures conform to
this Law, other laws and regulations and the description of the
trusted certification service provider information system,
equipment and procedure security;
4) to monitor that the electronic signature-verification data
and time-stamp registers for qualified certificates issued,
revoked, suspended and renewed by trusted certification service
providers is accessible in an on-line regime;
5) to ensure that the Latvian accredited trusted certification
service provider register in which information regarding
certification service providers from other states is also
included, the issued qualified certificates of which are
guaranteed by a Republic of Latvia accredited trusted
certification service provider, is freely accessible in an
on-line regime.
(2) The supervisory institution shall maintain an on-line
freely accessible trusted certification service provider
register, in which the following information shall be
accessible:
1) the firm name of the trusted certification service provider
or given name and surname;
2) the address, telephone number and electronic mail address
of the trusted certification service provider;
3) the certification service provision regulations;
4) [24 May 2007];
5) an examination opinion of the certification service
provision information system, equipment and procedure
security;
6) the date of accreditation;
7) information regarding reprimands, warnings or revocation of
accreditation by the supervisory institution.
(3) If the documents submitted and the certification service
provider conform to the requirements of this Law and other laws
and regulations, the supervisory institution shall issue, within
10 days from receipt of all the documents referred to in Section
10 of this Law, to the certification service provider an
accreditation certificate and shall include the information
referred to in Paragraph two of this Section in the trusted
certification service provider register.
(4) If the documents submitted or the certification service
provider do not conform to the requirements of this Law and other
laws and regulations, the supervisory institution shall issue,
within 10 days from receipt of all the documents referred to in
Section 10 of this Law, a written refusal of accreditation.
[24 May 2007]
Section 21. Supervisory Measures
(1) The supervisory institution has the right to give
instructions to trusted certification service providers to
rectify non-conformity with this Law, other laws and regulations,
the certification service provision regulations included in the
trusted certification service provider register or the
description of the certification service provision information
system, equipment and procedure security.
(2) The time period for rectification of non-conformity shall
be determined by the supervisory institution.
(3) If the supervisory institution's instructions are not
carried out within the time period specified by it, the
supervisory institution shall warn the trusted certification
service provider regarding the possible revocation of
accreditation.
(4) If, within 10 days following the supervisory institution's
warning regarding the possible revocation of accreditation, the
supervisory institution's instructions are not carried out, the
accreditation of the trusted certification service provider shall
be revoked without delay and the information regarding the
revocation of the accreditation shall be included in the trusted
certification service provider register.
(5) After the revocation of the accreditation of the trusted
certification service provider, the provisions of Section 22,
Paragraphs two, three, four and five of this Law shall be
applied.
(6) In performing supervision, officials of the supervisory
institution shall present a service identification document. The
person referred to has the following rights:
1) to freely visit any commercial premises in which the
information systems and equipment of the trusted certification
service provider is located, and in the presence of the
certification service provider to perform the necessary
examination or other measures, in order to determine the
conformity of the certification service provision process with
this Law, other laws and regulations, certification service
provision regulations published in the trusted certification
service providers register;
2) to request written or oral explanations from the trusted
certification service provider representatives and employees;
3) to become acquainted with documents and other information
which relate to certification service provision;
4) to request the examination of the information systems,
equipment and procedures of the trusted certification service
provider and to specify the issues to be investigated in the
independent expert-examination.
(7) The supervisory institution has the right to bring an
action in court to terminate the activities of a trusted
certification service provider if the relevant trusted
certification service provider violates this Law or other laws
and regulations.
(8) The decisions of the supervisory institution may be
appealed to a court. Appeal of the decision of the supervisory
institution shall not suspend the operation thereof.
[24 May 2007]
Section 22. Termination of the
Activities of a Trusted Certification Service Provider,
Declaration of Insolvency and Suspension of Service Provision
(1) A trusted certification service provider shall, without
delay, inform in writing the supervisory institution and
signatories with whom a certification service provision contract
has been entered into, that the activities thereof have been
terminated, it has been declared insolvent, the provision of
certification services have been suspended or the accreditation
of the certification service provider has been cancelled.
(2) In the cases referred to in Paragraph one of this Section,
the trusted certification service provider shall ensure the
preservation of the data associated with the certification
service, information, databases, registers, other pertinent
information, the information system and certification service,
and on the basis of mutual agreement transfer them to other
trusted certification service providers.
(3) In respect of all transfer procedures and time periods,
the supervisory institution shall be informed without delay in
writing.
(4) If the transfer referred to in Paragraph two of this
Section is not possible, the trusted certification service
provider shall transfer the data associated with the
certification service, information, databases, registers, other
pertinent information, the information system and certification
service under the supervision of the supervisory institution to
the State archives.
(5) A signatory after receiving information regarding the
termination of the activities of the trusted certification
service provider, declaration of insolvency or suspension service
provision is entitled to transfer his or her own data associated
with the issued qualified certificate to another trusted
certification service provider at his or her discretion.
(6) The supervisory institution shall, without delay, revoke
the accreditation of the terminated, declared insolvent or
service provision suspended trusted certification service
provider, and shall include the information regarding this in the
trusted certification service provider register.
[24 May 2007]
Chapter VII
Duties and Liability of Trusted Certification Service Providers
and Signatories
Section 23. Duties of Trusted
Certification Service Providers
A trusted certification service provider has the following
duties:
1) to use secure certification service provision information
systems, equipment and procedures that appropriately guarantee
the security of certification services;
2) to take necessary measures in order to guarantee the
secrecy of secure electronic signature-creation data and
protection against illegal processing and utilisation of
electronic signature-creation data, protection against forgery of
qualified certificates and accessibility to such certificates
only with the consent of the signatory;
3) to ensure that the certification service provision
information system, equipment and procedures conforms to this Law
and other laws and regulations;
4) to ensure that signatory personal identification
information is included in the qualified certificate only on the
basis of a personal identification document presented in the
presence of the signatory;
5) to ensure that the qualified certificate is issued by
entering into a contract with the signatory regarding the
provision of certification services;
6) before entering into a contract, informing the signatory in
writing regarding the regulations and conditions that relate to
the use of qualified certificates, including regarding any
restrictions on the use of certificates, regarding procedures for
examining complaints and disputes, regarding the civil liability
of the certification service provider, as well as regarding the
cases in the contract providing for the suspension, cancellation
and renewal of the operation of a qualified certificate.
Information may be sent electronically and confirmed with the
electronic signature of the trusted certification service
provider. Relevant parts of this information shall be made
available to persons who rely on the qualified certificate upon
the request of such persons;
7) before entering into a contract, informing the signatory in
writing regarding the certification service provision regulations
and security measures, which are performed by the trusted
certification service provider in order to prevent the illegal
use of the issued qualified certificate;
8) in issuing a qualified certificate, to inform the signatory
in writing regarding the conditions included in the certificate
and restrictions regarding the use of the certificate;
9) to comply with this Law, other laws and regulations, the
description of the certification service provision information
system and procedure security, as well as the certification
service provision regulations included in the trusted
certification service providers register;
10) to inform the supervisory institution, without delay,
regarding all circumstances that hinder conformity with this Law,
other laws and regulations, certification service provision
regulations published in the trusted certification service
providers register and the description of the certification
service provision information system and procedure security;
11) to ensure without delay, the revocation of a qualified
certificate, the suspension or renewal of the operation thereof
in the cases laid down in this Law;
12) [24 May 2007];
13) to inform the signatory, his or her authorised persons or
heirs, without delay, regarding the revocation of the qualified
certificate or its suspension of operation;
14) to maintain in the free of charge and freely accessible
on-line regime, full electronic signature-verification data, and
issued, revoked, suspended and renewed qualified certificate
registers;
15) to perform full accounting of the issuance, revocation,
suspension of operation and renewal of qualified certificates, as
well as of time-stamp procedures;
16) to preserve information associated with qualified
certificates and time-stamps for a specified time in accordance
with the procedures laid down in this Law and other laws and
regulations;
17) to regularly perform with the information system
associated with the provision of certification services, an
equipment and procedure security audit and to preserve the audit
notes; In the audit notes shall be recorded all measures which
are associated with the issuance, revocation, suspension of
operation and renewal of qualified certificates, and measures
which are associated with the stamping of electronic documents
with a time stamp, as well as any other data changes; The audit
notes shall be preserved permanently. The audit notes shall be
secured by the physical and logical protection laid down in laws
and regulations;
18) to perform measures against the possible forgery of
qualified certificates and time-stamps, and to guarantee the
confidentiality of electronic signature-creation data during the
time period of its creation;
19) not to store and copy secure electronic signature-creation
data;
20) to ensure that the time-stamp indicates an internationally
co-ordinated precise time;
21) in accordance with the procedures laid down in laws and
regulations, to provide information to a court, the Office of the
Prosecutor and inquiry institutions regarding the issued,
revoked, suspended and renewed certificates and time-stamps;
22) to conform to the Personal Data Protection Law and laws
and regulations that govern the security of information
systems;
23) to transfer revoked and operation terminated qualified
certificate registers to the State archive in accordance with
Cabinet regulations that determine the procedures and time
periods in which electronic documents shall be evaluated,
collected and transferred to the State archive;
24) to insure for its own civil liability.
[22 June 2006; 24 May 2007]
Section 24. Liability of Trusted
Certification Service Providers
(1) A trusted certification service provider shall be liable
for losses that are caused to a person who reasonably relied upon
the qualified certificate in relation to:
1) conformity with the requirements of this Law or other laws
and regulations in the issuing a qualified certificate, the
description of the certification service provision information
system, equipment and procedure security, as well as conformity
with and fulfilment of the trusted certification service
provision regulations included in the trusted certification
service providers register;
2) the information included in the qualified certificate;
3) the conformity of the electronic signature-creation data
with the electronic signature-verification data included in the
certificate at the moment of the issue the qualified
certificate;
4) the utilisation of the electronic signature-creation data
and electronic signature-verification data in an appropriate
way.
(2) A trusted certification service provider shall be liable
for losses that are caused to a person who reasonably relied upon
the qualified certificate if the revocation or suspension of
operation of such certificate has not registered.
(3) A trusted certification service provider shall not be
liable for losses that are caused to a person who reasonably
relied upon the qualified certificate that is utilised
disregarding the conditions or restrictions included therein or
exceed the transaction amount restriction indicated in the
certificate.
[24 May 2007]
Section 25. Duties and Liability of
Signatories
(1) A signatory has the following duties:
1) to provide the trusted certification service provider with
truthful information;
2) before entering into a contract regarding certification
service provision, to confirm in writing that he or she has
become acquainted with the description of the certification
service provision information system, equipment and procedures,
with the security certification service provision regulations
included in the trusted certification service providers register,
and other security measures which the trusted certification
service provider has performed in order to prevent the illegal
use of the qualified certificate;
3) after receipt of the qualified certificate to confirm in
writing that he or she has become acquainted with the conditions
and restriction included in the qualified certificate;
4) to ensure that the electronic signature-creation data is
not utilised without the knowledge of the signatory;
5) to request without delay that the trusted certification
service provider to revoke the qualified certificate or to
suspend the operation thereof if there is a basis to believe that
the electronic signature-creation data have been utilised without
the knowledge of the signatory;
6) to request without delay that the trusted certification
service provider revoke the qualified certificate if there are
changes to the information indicated therein.
(2) A signatory is liable for losses that are caused to a
person who reasonably relied upon the qualified certificate
if:
1) the signatory provided the trusted certification service
provider with false information;
2) the signatory has not appropriately taken care regarding
the protection of the electronic signature-creation data against
unauthorised utilisation;
3) there has been a basis to believe that the electronic
signature-creation data has been utilised without the knowledge
of the signatory, but the signatory has not requested the trusted
certification service provider to revoke the qualified
certificate or to suspend its operation.
[24 May 2007]
Chapter VIII
Recognition of Qualified Certificates Issued in Foreign
States
Section 26. Recognition of Qualified
Certificates Issued in Foreign States
Qualified certificates issued in foreign states shall have the
legal status and legal effect stipulated in this Law if the
status of the certificate and the electronic
signature-verification data associated with the certificate can
be verified being located in the Republic of Latvia, and the
qualified certificate conforms to at least one of the following
conditions:
1) it conforms to all of the requirements of this Law and
other laws and regulations;
2) a certification service provider voluntarily accredited to
the supervisory institution has submitted it;
3) a certification service provider voluntarily accredited to
the supervisory institution has guaranteed it;
4) it is recognised in the Republic of Latvia in accordance
with international agreements;
5) a certification service provider registered in a Member
State of the European Union has issued it or a certification
service provider registered in a Member State of the European
Union guarantees it.
[28 October 2004]
Transitional Provisions
1. State and local government institutions have a duty to
accept electronic documents from natural persons and legal
persons no later than 1 January 2004.
2. The Cabinet shall by 1 January 2005 issue the regulations
provided for in Section 14.1 of this Law.
[28 October 2004]
3. The Cabinet shall by 1 January 2010 issue the regulations
regarding the State fee for accreditation and renewal of
accreditation of a certification services provider. Until the day
of coming into force of new Cabinet regulations, Cabinet
Regulation No. 159 of 8 April 2003, Regulations Regarding the
State Fee for Accreditation and Renewal of Accreditation of a
Certification Services Provider, shall be applicable insofar they
are not in contradiction with this Law.
[24 September 2009]
Informative Reference to European
Union Directives
Included in this Law are legal norms arising from Directive
1999/93/EC of the European Parliament and of the Council of 13
December 1999 on a Community framework for electronic
signatures.
[22 June 2006]
This Law shall come into force on 1 January 2003.
The Law has been adopted by the Saeima on 31 October
2002.
Acting for the President,
Chairperson of the Saeima I. Ūdre
Rīga, 20 November 2002
Transitional Provisions Regarding
Amendments to the Electronic Documents Law
Transitional
Provision
(regarding amending law of 28 October
2004)
With the coming into force of this Law, Cabinet Regulation No.
711, Amendments to the Electronic Documents Law (Latvijas
Republikas Saeimas un Ministru Kabineta Ziņotājs, 2004, No.
18) issued in accordance with Article 81 of the Constitution of
the Republic of Latvia is repealed.
Transitional
Provision
(regarding amending law of 22 June 2006)
With the coming into force of this Law, Cabinet Regulation No.
340, Amendments to the Electronic Documents Law (Latvijas
Vēstnesis, 2006, No. 69) issued in accordance with Article 81
of the Constitution of the Republic of Latvia is repealed.
1 The Parliament of the Republic of
Latvia
Translation © 2014 Valsts valodas centrs (State
Language Centre)