Implementation of Art 15: Security breaches notifications in trust services

Back to all publications

Publication date:December 19, 2012

The European Commission proposed on July 2012 a draft regulation on electronic identification and trust services for electronic transactions in the internal market, which will replace the existing Electronic Signature Directive 1999/93/EC. Article 15 of the proposed regulation requires that trust service providers have to undertake extensive security measures and notify competent bodies of any breach of security and loss of integrity with significant impact on the trust service provided and on personal data maintained therein. EU Member States have already largely implemented notification regimes for loss of integrity and breach of security impacting the operation of public telecommunications networks and services (Article 13a of the revised Framework Directive) as well as breaches of personal data (Article 4 of the revised e-Privacy Directive). As there are synergies between the existing notification schemes and the regime proposed under Article 15, it is important, when preparing for the implementation of this article, to make use of existing schemes as a reference.