Primary tabs

InfoCert S.p.A.

the reference to Regulation (EU) No. 910/2010 should be more accurate. On one hand, reference should be made only to identification electronic means that not only provide a high level of assurance but also have been notified as electronic identification scheme in accordance with art. 9 of the Regulation. On the other hand, it should be specified that even the use of an electronic signature based on a qualified certificate for electronic signatures does not of itself give rise to increased ML/TF risk. Indeed, qualified certificates can be issued only by Qualified Trust Service Providers (QTSPs) in accordance with art. 24 of the Regulation that provides the admissible identification methods at European level. Moreover, within the Guidelines it should be highlighted the importance of the use of the Legal Entity Identifiers (LEIs) for a standardized, consistent and unique identification for legal entities as part of the CDD.
9.10 (a) clarification of “electronic signature” and “electronic identification certificates” is needed. Regulation (EU) No. 910/2010 refers both to qualified and non-qualified trust services. The main difference between these services is their level of trustworthiness. While electronic signatures (advanced or not) can be created very easily, a qualified certificate for electronic signatures can be issued only by a QTSP, has to pass the conformity assessment according to Regulation (EU) No. 910/2010, belongs under the supervision of the nationally designated supervisory and requires the Holder to be identified in accordance with art. 24 of the Regulation. In particular, as admissible identification methods for advanced electronic signatures aren’t provided at European level and national regulations are highly fragmented, it’s fundamental to clarify, that to be considered an adequate safeguard, the electronic signature must base on a qualified certificate (see definition article 3, no. 15, Regulation (EU) No. 910/2014). The text should therefore be amended as follows, by adding the relevant specification: a) non-face-to-face business relationships, where no adequate additional safeguards – for example qualified certificates for electronic signatures issued in accordance with Regulation EU (No) 910/2014 and antiimpersonation fraud checks – are in place.
10.8 (a) clarification of “electronic signature” and “electronic identification documents” is needed. The reference to “electronic signature” should be replaced by “qualified certificate for electronic signatures” for the same reasons as those listed in point 9.10. The reference to electronic identification “documents” seems inaccurate as Regulation (EU) No 910/2014 defines electronic identification “means” and not "documents". Reference should therefore be made only to identification electronic means that provide a high level of assurance and have also been notified as electronic identification scheme in accordance with art. 9 of the Regulation.
14.10 clarification of “electronic signature” and “electronic identification documents” is needed. The reference to “electronic signature” should be replaced by “qualified certificate for electronic signatures” for the same reasons as those listed in point 9.10. The reference to electronic identification “documents” seems inaccurate as Regulation (EU) No 910/2014 defines electronic identification “means” and not "documents". Reference should therefore be made only to identification electronic means that provide a high level of assurance and have also been notified as electronic identification scheme in accordance with art. 9 of the Regulation.
17.7 (a) clarification of “electronic signature” and “electronic identification documents” is needed. The reference to “electronic signature” should be replaced by “qualified certificate for electronic signatures” for the same reasons as those listed in point 9.10. The reference to electronic identification “documents” seems inaccurate as Regulation (EU) No 910/2014 defines electronic identification “means” and not "documents". Reference should therefore be made only to identification electronic means that provide a high level of assurance and have also been notified as electronic identification scheme in accordance with art. 9 of the Regulation.
Others
InfoCert S.p.A.