Member of the European Commission responsible for Enterprise and the Information Society
"Standards for electronic signature"
European Electronic Signature Standardization Initiative (EESSI) Conference
Brussels, 19 June 2001
Ladies and Gentlemen,
It is a pleasure for me to address this Open meeting and to share with you some thoughts about the «European Electronic Signature Standardization Initiative», known as EESSI.
In exactly one month from now, on 19 July 2001, is the deadline for Member States to implement the provisions of the Electronic Signatures Directives into their national legislation. The timing is therefore particularly appropriate for the presentation of the results of EESSI.
I would like to congratulate the EESSI community for the tremendous achievements over the last years in support of the Electronic Signatures Directive. To adopt European legislation is sometimes a challenging task. But to put it into real life and in real business conditions, is an even bigger challenge.
The legal requirements for electronic signatures are clear. The objective is to allow for a better legal recognition of electronic signatures in the EU.
And this in a way that electronic signatures can be used legally not only in one Member State but also for cross-border transactions. This will only be the case if the legal requirements will be interpreted and applied in a consistent manner in order to ensure the interoperability of electronic signatures.
Lawmakers have done their work. It is now up to the private sector, in co-operation with public authorities, to find practical business solutions. The purpose of EESSI is to ensure that the legal requirements are implemented by workable, interoperable solutions. Or to put it differently: to develop market solutions in compliance with the legal framework. This can be called «co-regulation».
The risk is market fragmentation. Practical guidance and specifications are needed to help both the private sector and the public authorities to implement the legal framework in a clear, efficient and cost effective manner.
Let us not forget that the Directive has also a second objective, namely to facilitate the take up of electronic, commerce in Europe. The implementation of the e-signatures Directive should therefore build upon, as widely as possible, existing solutions, representing the «state of the art» and a wide consensus among market players.
EESSI will certainly help to better implement the Directive, because this initiative is an open and neutral platform, bringing together expertise from different fields and regions. What I expect from this Open meeting is the confirmation that EESSI deliverables are indeed supported by the market, not only at European level but also internationally.
«Co-regulation» represents a sharing of responsibilities between public authorities and private market players. This is particularly important for the e-economy, as the new information society services require a high level of trust and security and this in a business environment where technologies are rapidly changing.
The e-signatures Directive is, by definition, technology neutral. Standards, however, are not. They have to be built upon specific business models that are considered to be relevant. At the same time, security aspects must be fully respected to give legal recognition to electronic signatures.
Taking these requirements together, the standards in support of the e-signatures Directive must be open and internationally agreed. They must be sufficiently flexible to cover different business models and provide secure solutions for electronic signatures. These basic criteria are met by EESSI. Therefore, the EESSI deliverables are a candidate to become "reference standards" for the implementation of the e-signatures Directive.
Building strong user commitment is one of the key requirements for successful standardisation. For this reason it would be important that EESSI deliverables are as widely disseminated and promoted as possible.
I welcome that a first set of standards will be presented to all stakeholders and that they are freely available in form of a CD-ROM. Making the EESSI deliverables available for downloads from the internet would also be important. In addition, guidelines for practical implementation would help in testing and certifying secure software Europeanwide in a consistent manner. This would support the creation of an internal market for electronic signatures.
In many respects, EESSI can be considered as a good case for «co-regulation». Many lessons can be learned from this experience. One of them is that «co-regulation» depends on the efficient open platforms for consensus building. Another is that traditional European internal market legislation the so-called «New Approach» - works well with European Standard, but e-signatures are a global issue. Therefore internationally agreed standards and business practises are called for.
This means that new forms of standardisation had to be developed: more open to direct industry participation and more internationally oriented. EESSI has well responded to both challenges, but in order to do so new rules and organisational forms had to be established.
The Directive makes reference to «generally recognised standards» which may be used to provide «presumption of compliance» with the essential requirements. This type of legal framework offers an opportunity for «co-regulation», although the link between the legal requirements and standards is not as strong as in the case of the «New approach»: «standards» as described in the Directive are not a prerequisite for the implementation of the Directive.
The responsibility for the recognition of electronic signatures remains with the national authorities, whether common standards exist or not. But standards such as the EESSI deliverables will of course help Member States to work towards interoperable and mutually recognised solutions. This should provide a strong incentive for IT solution providers to actively participate in EESSI.
In the field of information and communication technologies and e-business there is no lack of standards. Indeed, there are sometimes even too many. Or those that have been agreed are not widely used by the majority of the business community.
In order to achieve true interoperability we need both: open and neutral standardisation platforms as well as the commitment to use the agreed standards. I am therefore grateful to CEN and ETSI that they are providing full support to the EESSI initiative.
The added value of the European standardisation system is to ensure the transparency, openness, inclusiveness and accountability of the consensus-building process. Only this allows public authorities to recommend privately agreed documents, such as standards, for further use.
I have already mentioned the need to make e-signatures standards available as widely as possible. Whereas ETSI standards are made available free of charge this is not yet the case for CEN standards. I welcome that CEN is now prepared to change this policy for standards in support of the eEurope initiative.
Standards don't promote interoperability per se. Only standards that are widely used have an impact on the market. And only in such standardisation will industry and service providers participate on a voluntary basis.
Exchanges at all levels between business and administrations are a potentially powerful driver for the e-economy in Europe. In particular, this is so in areas where such consensus-building will have a direct role to play.
Therefore, I appreciate that EESSI has found the right balance. In this specific case it is important that experts from the Member States remain fully involved in the technical discussions. This is the only way to ensure that the e-signatures Directive will be implemented in a consistent manner in all 15 Member States.
But many other challenges remain.
As proposed in the recently adopted Communication on network security, Member States are invited to review all relevant security standards and - if necessary to organise competitions for European encryption and security solutions.
The objective is to stimulate the development of internationally agreed standards in this area. I hope that also EESSI can contribute to this as electronic signatures strongly depend on encryption standards. In this respect I wish to express my preference for business solutions which are based on open source protocols and interfaces.
Let me summarise:
Thank you for your attention.