PART 1Introduction

Citation and Commencement

1.  These Regulations may be cited as the Electronic Identification and Trust Services for Electronic Transactions Regulations 2016 and come into force on 22nd July 2016.

Interpretation

2.—(1) In these Regulations—

the “1998 Act” means the Data Protection Act 1998(5);

the “2002 Regulations” means the Electronic Signatures Regulations 2002(6);

“eIDAS Regulation” means Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market(7), as amended from time to time;

“supervisory body” has the meaning given in regulation 3(1) of these Regulations;

“the Tribunal” has the meaning given in section 70(1)(8) of the 1998 Act.

(2) Other expressions used in these Regulations, which are used in the eIDAS Regulation, have the same meaning as in the eIDAS Regulation.

PART 2Supervisory body

Supervision

3.—(1) The Information Commissioner is the supervisory body and must carry out the supervisory body tasks set out in Article 17 of the eIDAS Regulation.

(2) The supervisory body must enforce these Regulations and Chapter III of the eIDAS Regulation.

(3) Schedules 1 (monetary penalties) and 2 (enforcement powers of the Information Commissioner under the 1998 Act) have effect.

PART 3Miscellaneous

Transitional provisions and revocations

4.—(1) The Electronic Signatures Regulations 2002 are revoked.

(2) For the purposes of these Regulations, a qualified certificate issued pursuant to regulation 2 of the 2002 Regulations is to be treated as a qualified certificate for electronic signature pursuant to Article 3(15) of the eIDAS Regulation until it expires.

Consequential amendments

5.  Schedule 3 has effect.

Review

6.—(1) The Secretary of State must from time to time—

(a)carry out a review of these Regulations;

(b)set out the conclusions of the review in a report; and

(c)publish the report.

(2) In carrying out the review the Secretary of State must, so far as is reasonable, have regard to how the eIDAS Regulation is implemented in other Member States.

(3) The report must in particular—

(a)set out the objectives intended to be achieved by the regulatory system established by these Regulations;

(b)assess the extent to which those objectives are achieved; and

(c)assess whether those objectives remain appropriate and, if so, the extent to which they could be achieved by a system that imposes less regulation.

(4) The first report under this regulation must be published before the end of the period of 5 years beginning with the day on which these Regulations come into force.

(5) Reports under this regulation are afterwards to be published at intervals not exceeding 5 years.

Regulation 3(3)

SCHEDULE 1Monetary penalties

1.  If the supervisory body is satisfied that a trust service provider has contravened or is contravening Chapter III of the eIDAS Regulation, the supervisory body may issue a trust service provider with a fixed monetary penalty notice in respect of such contravention.

2.  The amount of a fixed monetary penalty under these Regulations is £1000.

3.  Before serving a fixed monetary penalty notice, the supervisory body must serve the trust service provider with a notice of intent.

4.  The notice of intent must—

(a)state the name and address of the trust service provider;

(b)state the nature of the contravention;

(c)indicate the amount of the fixed monetary penalty;

(d)include a statement informing the trust service provider of the opportunity to discharge liability for the fixed monetary penalty notice;

(e)indicate the date on which the supervisory body proposes to serve the fixed monetary penalty notice; and

(f)inform the trust service provider that it may make written representations in relation to the proposal to serve a fixed monetary penalty notice within a period of 21 days beginning with the date of service of the notice of intent.

5.  A trust service provider may discharge liability for the fixed monetary penalty if it pays to the supervisory body the amount of £800 within a period of 21 days beginning with the date of receipt of the notice of intent.

6.  The supervisory body may not serve a fixed monetary penalty notice until the expiry of a period of 21 days beginning with the date of service of the notice of intent.

7.  The fixed monetary penalty notice must state—

(a)the name and address of the trust service provider;

(b)details of the notice of intent served on the trust service provider;

(c)whether there have been any written representations;

(d)details of any early payment discounts;

(e)the grounds on which the supervisory body imposes the fixed monetary penalty;

(f)the date by which the fixed monetary penalty is to be paid; and

(g)details of, including the time limit for, the trust service provider’s right of appeal against the imposition of the fixed monetary penalty.

8.  A trust service provider on whom a fixed monetary penalty is served may appeal to the Tribunal against the issue of the fixed monetary penalty notice.

9.  Any sum received by the supervisory body by virtue of this Schedule must be paid into the Consolidated Fund.

10.  In England and Wales and Northern Ireland, the fixed monetary penalty is recoverable—

(a)if a county court so orders, under an order of that court;

(b)if the High Court so orders, under an order of that court.

11.  In Scotland, the penalty may be enforced in the same manner as an extract registered decree arbitral bearing a warrant for execution issued by the sheriff court of any sheriffdom in Scotland.

Regulation 3(3)

SCHEDULE 2Enforcement powers of the Information Commissioner under the 1998 Act

Enforcement powers

1.  For the purposes of enforcing these Regulations and the eIDAS Regulation, the following sections of the 1998 Act(9) apply subject to the modifications in paragraph 2—

(a)section 40 (enforcement notices);

(b)section 41 (cancellation of enforcement notice);

(c)section 41A(10) (assessment notices);

(d)section 41B(11) (assessment notices: limitations);

(e)section 41C(12) (code of practice about assessment notices);

(f)section 43(13) (information notices);

(g)section 47 (failure to comply with notice);

(h)section 48(14) (rights of appeal);

(i)section 49(15) (determination of appeals);

(j)section 60(16) (prosecutions and penalties);

(k)Schedule 6(17);

(l)Schedule 9(18).

2.—(1) The sections referred to in paragraph 1 are to apply as if—

(a)for “data controller”, on each occasion that it appears, there were substituted “trust service provider”;

(b)for “data protection principles” or “data protection principle or principles”, on each occasion they appear, there were substituted “requirements of Chapter III of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market (in this Part referred to as “the relevant requirements”)”; and

(c)for “principle or principles”, on each occasion that it appears, (otherwise than as set out in paragraph (b)), there were substituted “requirements”.

(2) Section 40 is to apply as if—

(a)in subsection (2), the words “or distress” were omitted;

(b)in subsection (6)(a), for “his” there were substituted “the Commissioner’s”;

(c)in subsection (8), for “he” there were substituted “the Commissioner”;

(d)subsections (3), (4), (5), (9) and (10) were omitted.

(3) Section 41(1) is to apply as if for “he” there were substituted “the Commissioner”.

(4) Section 41A is to apply as if—

(a)in subsection (1) the words “within subsection (2)” were omitted;

(b)subsections (2), (8), (9), (10), (11) and (12) were omitted; and

(c)subsections (3)(g) and (h) were omitted.

(5) Section 41B is to apply as if in subsections 3(a) and 3(b), for “this Act”, there were substituted “Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic transactions in the internal market”.

(6) Section 41C is to apply as if subsection (7) were omitted.

(7) Section 43 is to apply as if—

(a)for subsections (1) and (2) there were substituted—

“(1) If the Commissioner reasonably requires any information for the purpose of determining whether a trust service provider has complied or is complying with the relevant requirements, it may serve the trust service provider with a notice (in this Act referred to as “an information notice”).

(2) An information notice must require the trust service provider, within such time as is specified in the notice, to furnish the Commissioner, in such form as may be so specified, with such information relating to compliance with the relevant requirements as is so specified.

(3) An information notice must contain a statement that the Commissioner regards the specified information as relevant for the purpose of determining whether the trust service provider has complied or is complying with the relevant requirements and the Commissioner’s reason for regarding it as relevant for that purpose.”;

(b)in subsection (1A), for “in subsection (1)” there were substituted “in subsection (3)”;

(c)in subsection (5), for “he” there were substituted “the Commissioner”;

(d)in subsection (6) for “this Act” there were substituted “Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic transactions in the internal market”;

(e)in subsections (8) and (8B) for “this Act”, on each occasion that it appears, there were substituted “this Act as applied by the Electronic Identification and Trust Services for Electronic Transactions Regulations 2016”; and

(f)subsection (10) were omitted.

(8) Section 47 is to apply as if—

(a)in subsection (1), for “, an information notice or special information notice”, there were substituted “or an information notice”;

(b)in subsection (2) the words “or a special information notice” were omitted; and

(c)after subsection (3) there were inserted—

“(4) The Commissioner may serve a trust service provider with a withdrawal notice if the Commissioner—

(a)has served a qualified trust service provider with an enforcement notice or an information notice;

(b)the qualified trust service provider has failed to comply with such notice within the period specified; and

(c)there is no pending appeal against such notice.

(5) In subsection (4), “withdrawal notice” means a notice withdrawing the qualified status from a trust service provider or the qualified status of a service provided by the trust service provider.”.

(9) Section 48 is to apply as if—

(a)in subsection (1), for “special information”, there were substituted “withdrawal”;

(b)in subsection (3)—

(i)for “, an information notice or special information notice” there were substituted “or an information notice”; and

(ii)the words “or 44(6)” were omitted;

(c)subsection (4) were omitted.

(10) Section 49 is to apply as if subsection (5) were omitted.

(11) Section 60 is to apply as if—

(a)for “this Act”, on each occasion that it appears, there were substituted “this Act, as applied by the Electronic Identification and Trust Services for Electronic Transactions Regulations 2016”;

(b)in subsection (2), the words “section 54A and” were omitted;

(c)in subsection (3), the words “section 54A and” were omitted; and

(d)in subsection (4), subsections (a) and (b) were omitted.

(12) Schedule 6, paragraph 7, is to apply as if—

(a)for sub-paragraph (1), there were substituted “Tribunal Procedural Rules may make provision for regulating the exercise of the rights of appeal conferred by section 48 of this Act”; and

(b)in sub-paragraph (2) the words “and the Freedom of Information Act 2000” were omitted.

(13) Schedule 9 is to apply as if—

(a)in paragraph 1—

(i)for sub-paragraph (1)(a) there were substituted—

“(a)that a trust service provider has contravened or is contravening any of the requirements of Chapter III of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic transactions in the internal market (in this Schedule referred to as “the relevant requirements”), or ”;

(ii)in sub-paragraph (1)(b)—

(aa)for “this Act” there were substituted “this Act as applied by the Electronic Identification and Trust Services for Electronic Transactions Regulations 2016”;

(bb)the words “subject to sub-paragraph (2) and paragraph 2” were omitted;

(iii)in sub-paragraph (1B), the words “; but this is subject to sub-paragraph (2) and paragraph 2” were omitted;

(iv)sub-paragraph (2) were omitted;

(v)in sub-paragraph (3)(c) the words “which is used or intended to be used for the processing of personal data” were omitted;

(b)paragraph 8 were omitted; and

(c)in paragraph 9, for “this Act”, on each occasion that it appears, there were substituted “Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic transactions in the internal market”.

Regulation 5

SCHEDULE 3Consequential Amendments

Electronic Communications Act 2000

1.—(1) The Electronic Communications Act 2000(19) is amended as set out below.

(2) In section 7(2)(b), for paragraph (b) substitute—

“(b)purports to be used by the individual creating it to sign.”

(3) In section 7(3), for the words “establishing the authenticity of the communication or data, the integrity of the communication or data, or both”, substitute “signing”.

(4) After section 7, insert—

“7A    Electronic seals and related certificates

(1) In any legal proceedings—

(a)an electronic seal incorporated into or logically associated with a particular electronic communication or particular electronic data, and

(b)the certification by any person of such a seal,

shall each be admissible in evidence in relation to any question as to the authenticity of the communication or data, the integrity of the communication or data, or both.

(2) For the purposes of this section an electronic seal is so much of anything in electronic form as—

(a)is incorporated into or otherwise logically associated with electronic communication or electronic data; and

(b)purports to ensure the origin and integrity of the communication or data.

(3) For the purposes of this section an electronic seal incorporated into or associated with a particular electronic communication or particular electronic data is certified by any person if that person (whether before or after the making of the communication) has made a statement confirming that—

(a)the seal,

(b)a means of producing, communicating or verifying the seal, or

(c)a procedure applied to the seal,

is (either alone or in combination with other factors) a valid means of ensuring the origin of the communication or data, the integrity of the communication or data, or both.

7B    Electronic time stamps and related certificates

(1) In any legal proceedings—

(a)an electronic time stamp incorporated into or logically associated with a particular electronic communication or particular electronic data, and

(b)the certification by any person of such a time stamp,

shall each be admissible in evidence in relation to any question as whether the communication or data existed at the time the electronic time stamp was incorporated into or logically associated with such communication or data.

(2) For the purposes of this section an electronic time stamp is so much of anything in electronic form as—

(a)is incorporated into or otherwise logically associated with any electronic communication or electronic data; and

(b)purports to bind electronic communication or electronic data to a particular time establishing evidence that such data existed at that time.

(3) For the purposes of this section an electronic time stamp incorporated into or associated with a particular electronic communication or particular electronic data is certified by any person if that person (whether before or after the making of the communication) has made a statement confirming that—

(a)the time stamp,

(b)a means of producing, communicating or verifying the time stamp, or

(c)a procedure applied to the time stamp,

is (either alone or in combination with other factors) a valid means of establishing whether the communication or data existed at a particular point in time.

7C    Electronic documents and related certificates

(1) In any legal proceedings an electronic document shall be admissible in evidence in relation to any question as to the authenticity of an electronic transaction.

(2) For the purposes of this section an electronic document is anything stored in electronic form, including text or sound, and visual or audiovisual recording.

7D    Electronic registered delivery service and related certificates

(1) In any legal proceedings, any electronic communication or electronic data sent and received using an electronic registered delivery service shall be admissible in evidence.

(2) For the purposes of this section an electronic registered delivery service is a service which—

(a)provides for the transmission of data between third parties by electronic means;

(b)provides evidence relating to the handling of the transmitted data, including proof of sending and receiving the data; and

(c)protects transmitted data against the risk of loss, theft, damage or unauthorised alterations.”.

Medicines for Human Use (Clinical Trials) Regulations 2004

2.  In regulation 2(1) (interpretation) of the Medicines for Human Use (Clinical Trials) Regulations 2004(20)—

(a)for the definition “electronic signature”, substitute—

““electronic signature” means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign; ”; and

(b)after the definition of “serious adverse event”, insert—

““signatory” means a natural person who creates an electronic signature;”.

National Health Service (General Medical Services Contracts) (Scotland) Regulations 2004

3.  In regulation 2(1) (interpretation) of the National Health Service (General Medical Services Contracts) (Scotland) Regulations 2004(21) for the definition of “advanced electronic signature”, substitute—

““advanced electronic signature” means an advanced electronic signature within the meaning given in Article 3(11) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market(22);”.

National Health Service (Primary Medical Services Section 17C Agreements) (Scotland) Regulations 2004

4.  In regulation 2 (interpretation) of the National Health Service (Primary Medical Services Section 17C Agreements) (Scotland) Regulations 2004(23) for the definition of “advanced electronic signature”, substitute—

““advanced electronic signature” means an advanced electronic signature within the meaning given in Article 3(11) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market;”.

Hazardous Waste (Wales) Regulations 2005

5.  In the Hazardous Waste (Wales) Regulations 2005(24)—

(a)in the Welsh language text, for regulation 5(3)(ch) (general interpretation) substitute—

“mae i “llofnod electronig” yr ystyr a roddir i “electronic signature” yn Erthygl 3(10) o Reoliad (EU) Rhif 910/2014 Senedd Ewrop a’r Cyngor ar adnabod electronig a gwasanaethau ymddiried ar gyfer trafodiadau electronig yn y farchnad fewnol.”; and

(b)in the English language text, for regulation 5(3)(d) (general interpretation) substitute—

““electronic signature” (“llofnod electronig”) has the meaning given in Article 3(10) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market.”.

Producer Responsibility Obligations (Packaging Waste) Regulations 2007

6.  In regulation 2 (interpretation and notices) of the Producer Responsibility Obligations (Packaging Waste) Regulations 2007(25)—

(a)in regulation 2(2), after the definition “SIC code”, insert the definition—

““signatory” means a natural person who creates an electronic signature;”; and

(b)in regulation 2(5)(d) for the definition “electronic signature”, substitute—

““electronic signature” means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign; ”.

Defence and Security Public Contracts Regulations 2011

7.  In regulation 49(6)(a) (means of communication) of the Defence and Security Public Contracts Regulations 2011(26), for the words “Directive 1999/93/EC of the European Parliament and the Council of 13th December 1999 on a Community framework for electronic signatures”, substitute “Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market”.

Human Medicines Regulations 2012

8.—(1) In regulation 8(1) (general interpretation) of the Human Medicines Regulations 2012(27), after the definition “electronic communication”, insert—

““electronic signature” has the meaning given within Article 3(10) of Regulation (EU) 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market;”.

(2) In regulation 219(5) (electronic prescriptions) of the Human Medicines Regulations 2012, for the definition of “advanced electronic signature”, substitute—

““advanced electronic signature” has the meaning given within Article 3(11) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market;”.

National Health Service (Pharmaceutical and Local Pharmaceutical Services) Regulations 2013

9.  In regulation 2(1) (interpretation) of the National Health Service (Pharmaceutical and Local Pharmaceutical Services) Regulations 2013(28)—

(a)for the definition of “advanced electronic signature”, substitute—

““advanced electronic signature” means an electronic signature which meets the following requirements—

(b)after the definition “electronic repeatable prescription”, insert—

““electronic signature” means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign;

“electronic signature creation data” means unique data which is used by the signatory to create an electronic signature;”; and

(c)after the definition “scheme premises” insert—

““signatory” means a natural person who creates an electronic signature;”.

National Health Service (Pharmaceutical Services) (Wales) Regulations 2013

10.  In the National Health Service (Pharmaceutical Service) (Wales) Regulations 2013(29)—

(a)in the English language text, in regulation 2(1) (interpretation), for the definition “advanced electronic signature”, substitute—

““advanced electronic signature” means an advanced electronic signature as defined in Article 3(11) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market;”; and

(b)in the Welsh language text, in regulation 2(1) (Dehongli), for the definition “llofnod electronig uwch”, substitute—

“ystyr “llofnod electronig uwch” yw llofnod electronic uwch fel y’i diffinir yn Erthygl 3(11) o Reoliad (EU) Rhif 910/2014 Senedd Ewrop a’r Cyngor ar adnabod electronig a gwasanaethau ymddiried ar gyfer trafodiadau electronig yn y farchnad fewnol;”.

Reservoirs Act 1975 (Capacity, Registration, Prescribed Forms, etc.) (England) Regulations 2013

11.  In regulation 2(2)(e) (interpretation) of the Reservoirs Act 1975 (Capacity, Registration, Prescribed Forms, etc.) (England) Regulations 2013(30), for the definition “electronic signature”, substitute—

““electronic signature” has the meaning given within Article 3(10) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market.”.

Electronic Documents (Scotland) Regulations 2014

12.—(1) In regulation 1(2) (citation, commencement and interpretation) of the Electronic Documents (Scotland) Regulations 2014(31)—

(a)omit the definition “the 2002 Regulations”;

(b)for the definition “advanced electronic signature”, substitute—

““advanced electronic signature” means an advanced electronic signature within the meaning given in Article 3(11) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market;”; and

(c)for the definition “signature-creation data”, substitute—

““electronic signature creation data” has the meaning given in Article 3(13) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market;”.

(2) For regulation 3(b) (requirements of self-proving electronic document) of the Electronic Documents (Scotland) Regulations 2014, substitute—

“(b)certified by a qualified certificate for electronic signature as defined in Article 3(15) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market.”.

(3) In regulation 6 (registration of electronic documents in the Land Register) of the Electronic Documents (Scotland) Regulations 2014—

(a)in sub-paragraph (b), from the words “created by” to the end, substitute—

“(i)created by electronic signature creation data associated with a digital certificate supplied by the Keeper in accordance with paragraph (c); or

(ii)certified by a qualified certificate for electronic signature as defined in Article 3(15) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market;”; and

(b)at the beginning of sub-paragraph (c), insert “in the case of an electronic signature under paragraph (b)(i),”.

European Union (Recognition of Professional Qualifications) Regulations 2015

13.  In regulation 5(8) (functions of competent authorities in the United Kingdom) of the European Union (Recognition of Professional Qualifications) Regulations 2015(32)—

(a)for “advance electronic signatures under Article 2.2 of Directive 1999/93/EC on a Community framework for electronic signatures”, substitute “advanced electronic signatures under Article 3(11) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market”; and

(b)for “Decision 2009/76/EC”, substitute, “Decision 2009/767/EC(33)”.

National Health Service (Charges for Drugs and Appliances) Regulations 2015

14.  In regulation 2(1) (interpretation) of the National Health Service (Charges for Drugs and Appliances) Regulations 2015(34)—

(a)in the definition of “advanced electronic signature”, for the words “created using means that a signatory can maintain under their sole control”, substitute “created using electronic signature creation data that the signatory can, with a high level of confidence, use under the signatory’s sole control;”;

(b)after the definition of “electronic signature”, insert—

““electronic signature creation data” means unique data which is used by the signatory to create an electronic signature;”; and

(c)after the definition “repeatable prescription”, insert—

““signatory” means a natural person who creates an electronic signature;”.

National Health Service (General Medical Services Contracts) Regulations 2015

15.—(1) In regulation 3 (interpretation) of the National Health Service (General Medical Services Contracts) Regulations 2015(35)—

(a)for the definition of “advanced electronic signature”, substitute—

““advanced electronic signature” means an electronic signature which meets the following requirements—

(b)after the definition “electronic repeatable prescription”, insert—

““electronic signature” means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign;

“electronic signature creation data” means unique data which is used by the signatory to create an electronic signature;”; and

(c)after the definition “service provider” insert—

““signatory” means a natural person who creates an electronic signature;”.

National Health Service (Personal Medical Services Agreements) Regulations 2015

16.  In regulation 3 (interpretation) of the National Health Service (Personal Medical Services Agreements) Regulations 2015(36)—

(a)for the definition of “advanced electronic signature”, substitute—

““advanced electronic signature” means an electronic signature which meets the following requirements—

(b)after the definition “electronic repeatable prescription”, insert—

““electronic signature” means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign;

“electronic signature creation data” means unique data which is used by the signatory to create an electronic signature;”; and

(c)after the definition “Scheduled drug”, insert—

““signatory” means a natural person who creates an electronic signature;”.

Public Contracts Regulations 2015

17.—(1) The Public Contracts Regulations 2015(37) are amended as set out below.

(2) In regulation 2(1) (definitions)—

(a)after the definition of “economic operator”, insert—

““electronic document” has the meaning given in Article 3(35) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market;”;

(b)after the definition of “electronic means”, insert—

““electronic signature” has the meaning given in Article 3(10) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market;”; and

(c)after the definition of “public works contracts”, insert—

““qualified certificate for electronic signature” has the meaning given in Article 3(15) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market;”.

(3) In regulation 22(17)(c) (rules applicable to communication: technical requirements for tools and devices)—

(a)for the words “Directive 1999/93/EC of the European Parliament and of the Council”, substitute “Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market”; and

(b)for the words “qualified certificate”, wherever they occur, substitute “qualified certificate for electronic signature”.

Public Contracts (Scotland) Regulations 2015

18.  In regulation 23(19) (rules applicable to communication) of the Public Contracts (Scotland) Regulations 2015(38), for “Directive 1999/93/EC of the European Parliament and of the Council on a Community framework for electronic signatures”, substitute “Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market”.

Concession Contracts (Scotland) Regulations 2016

19.—(1) In regulation 32(18) (rules applicable to communication) of the Concession Contracts (Scotland) Regulations 2016(39), for “Directive 1999/93/EC of the European Parliament and of the Council on a Community framework for Electronic signatures”, substitute “Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market”.

Utilities Contracts Regulations 2016

20.—(1) The Utilities Contracts Regulations 2016(40) are amended as set out below.

(2) In regulation 2(1) (definitions)—

(a)after the definition of “economic operator”, insert—

““electronic document” has the meaning given in Article 3(35) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market;”;

(b)after the definition of “electronic means”, insert—

““electronic signature” has the meaning given in Article 3(10) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market;”; and

(c)after the definition of “Public Contracts Regulations”, insert—

““qualified certificate for electronic signature” has the meaning given in Article 3(15) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market;”.

(3) In regulation 40(17)(c) (rules applicable to communication: technical etc. requirements for tools and devices)—

(a)for the words “Directive 1999/93/EC of the European Parliament and of the Council”, substitute “Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market”; and

(b)for the words “qualified certificate”, wherever they may occur, substitute “qualified certificate for electronic signature”.

Utilities Contracts (Scotland) Regulations 2016

21.—(1) The Utilities Contracts (Scotland) Regulations 2016(41) are amended as set out below.

(2) In regulation 2(1) (interpretation)—

(a)after the definition of “economic operator”, insert—

““eIDAS Regulation” means Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market;”;

““electronic document” has the meaning given in Article 3(35) of the eIDAS Regulation;”;

(b)after the definition of “electronic means”, insert—

““electronic signature” has the meaning given in Article 3(10) of Regulation (EU) No 910/2014 of the eIDAS Regulation;”; and

(c)after the definition of “Public Contracts (Scotland) Regulations”, insert—

““qualified certificate for electronic signature” has the meaning given in Article 3(15) of the eIDAS Regulation;”.

(3) In regulation 38(18)(d) (rules applicable to communication), for the words “qualified certificate”, wherever they may occur, substitute “qualified certificate for electronic signature”.

(4) In regulation 38(19) (rules applicable to communication), for “Directive 1999/93/EC of the European Parliament and of the Council on a Community framework for electronic signatures” substitute, “the eIDAS Regulation”.

EXPLANATORY NOTE

(This note is not part of the Regulations)

These Regulations implement the provisions of Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market (OJ No L 257, 28.8.2014, p73) (“the eIDAS Regulation”).

The eIDAS Regulation repeals and replaces Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community Framework for electronic signatures (OJ No L 13, 19.1.2000, p12) which was implemented in the United Kingdom by the Electronic Signatures Regulations 2002 (S.I. 2002/318) (“the 2002 Regulations”) and section 7 of the Electronic Communications Act 2000 (2000 c.7) (“the ECA 2000”). These Regulations revoke and replace S.I. 2002/318 and amend the ECA 2000.

Part 2 contains the supervisory provisions. Regulation 3 appoints the Information Commissioner as the supervisory body under these Regulations. The Information Commissioner is responsible for carrying out the supervisory body tasks and enforcing these Regulations.

Part 3 sets out the transitional provisions and consequential amendments. Qualified certificates issued before 1 July 2016, under the 2002 Regulations, are considered to be qualified certificates for electronic signatures under this Regulation until their expiry.

Schedules 1 and 2 set out the penalty and enforcement regime. Schedule 1 provides that where the supervisory body is satisfied that a trust service provider is in contravention of the eIDAS Regulation, it may issue a monetary penalty. Schedule 2 provides that where the supervisory body is satisfied that a trust service provider is in contravention of the eIDAS Regulation, the supervisory body may withdraw the provider’s qualified status or serve an enforcement notice, assessment notice or an information notice. A trust service provider served with a monetary penalty or notice may appeal to the Upper or First-tier Tribunal.

A full impact assessment has not been produced for this instrument as no, or no significant impact on the private, voluntary or public sectors is foreseen.

A transposition note is available from the European Reform Directorate, Department for Business, Innovation and Skills, 1 Victoria Street, London SW1H 0ET and is also published with the Explanatory Memorandum alongside these Regulations on www.legislation.gov.uk.