Germany

[DE] Bundestag Adopts New Electronic Signature Act

IRIS 2001-4:1/26

Peter Strothmann

Institute of European Media Law (EMR), Saarbrücken/Brussels

On 15 February 2001, the German Bundestag (Lower House of Parliament) adopted the new Signaturgesetz (Electronic Signature Act - SigG), which was approved by the Bundesrat (Upper House of Parliament) on 9 March. Under the terms of the Act, which is designed to transpose into German law the provisions of Directive 1999/93/EC of 13 December 1999 on a Community framework for electronic signatures (see IRIS 2000-1: 5), the current 1997 Electronic Signature Act will be abolished.

A key feature of the new Act is the creation of a new security infrastructure for qualified electronic signatures, which should make it possible to ascertain the identity of the author of electronically-exchanged data and to guarantee its integrity. In accordance with the Directive, a certification office can now operate without official authorisation. However, all certification service providers are to be monitored by the appropriate State authority, which can stop them from operating in certain circumstances (Section 19.3 SigG). Certification offices can, however, voluntarily undergo an accreditation procedure for electronic signatures (Section 15 SigG), as a result of which security standards would be higher than those required by Directive 1999/93/EC. Accredited offices can use this title and refer to the proven levels of security they provide in legal and business dealings.

A new addition to the 1997 Act is that, in accordance with Article 2.5 of Directive 1999/93/EC, software-based electronic signature systems are now authorised (Section 2.10 SigG).

Over and above the liability rule in Article 6 of the Directive, Section 11 of the new Act extends the compulsory liability of certification service providers to all areas covered by the Act and by the statutory order adopted on the basis of Section 24 SigG, as well as to cases in which the providers' products fail to work for qualified electronic signatures or other technical security devices.

Section 21 of the new Act contains a comprehensive list of offences punishable by fines, according to which infringements by certification service providers against certain obligations set out in either the SigG or the statutory order adopted under Section 24 SigG can be punished with fines of up to DEM 100,000.