The National Regulatory Authority for Communications and Information Technology (ANRCTI) has elaborated and is launching, for public consultation, the technical and methodological rules for the enforcement of Law no.451/2004 on time-stamp. The draft rules set up the procedure of notifying the Authority for the entities that intend to become time stamp providers, as well as the procedures of generating and checking time-stamps, as well as the conditions for creating and maintaining the electronic register of service providers.
Time-stamping is a service by which specific information is attached to an electronic document, guaranteeing that the respective document existed in a certain version at a certain moment. Temporal stamps are required for the authentication of documents and are used, in practice, in fields such as: electronic commerce, electronic signature, electronic Notary Public (an application that enables on-line document authentication and signing, without the parties’ actually visiting the Notary office), electronic archiving and electronic invoicing. For example, time-stamps allow a person to check the time of applying an electronic signature on an electronic document, the exact moment of performing various electronic commerce transactions or whether a work of art is under copyright at a certain moment.
A person who intends to become a time-stamp service provider must notify ANRCTI 30 days before the planned start-up. The notification must be accompanied by a detailed presentation of the security procedures to be used, of the steps taken for the protection of personal data, as well as by other data required by the Authority. Upon start-up, the providers must prove that fact that they have already been authorised as personal data operators.
The providers must notify ANRCTI 30 days before amending the security procedures declared. Such procedure amendments may be effected without sending a prior notification to ANRCTI only in emergency cases, should the security of time-stamp services be in jeopardy, on the condition that the respective provider should communicate the amendments and the reasons therefor to the Authority, within 24 hours.
The providers must prove that they possess sufficient financial, material, technical and human resources to ensure the security, reliability and continuity of the provided services, as well as that they have the financial instruments to guarantee the payment of the possible damages produced while performing activities associated to time-stamp services. Such a guarantee shall be provided either by underwriting an insurance policy, or by means of a letter of guarantee issued by a speciality financial institution.
The providers have the obligation to create and maintain an electronic time-stamp register, which attests the moment of issuance of the time-stamps and must keep the time-stamp records for at least 10 years since their issuance. This register will be available on-line for checking, cost-free.
The draft technical and methodological rules for the enforcement of Law no.451/2004 on time-stamp are available for consultation on the ANRCTI website. The interested persons are invited to send their comments and suggestions by 07.02.2008, to the ANRCTI headquarters (14 Libertatii Blvd., sector 5, Bucharest) or directly to the ANRCTI registration office, as well as to its territorial offices in the closest county capital city. Comments may be sent, as well, by fax, to +40 21 307 54 02, or by e-mail to consultare@anrcti.ro.