On 19 May 2022, the Moldovan Parliament voted on the new Law on Electronic Identification and Trust Services ("Law 124/2022"). Law 124/2022 will enter into force on 10 December 2022 and replaces the currently existing Law on Electronic Signature and Electronic Document ("Law 91/2014"). This replacement seeks to align the national legislation in the field of electronic signature with European norms, namely the harmonisation with Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC.
Recognition of EU public key certificates
Derogating from the general rule under which the recognition of public key certificates issued abroad is subject to certain formalities (e.g. a qualified trustworthy service provider domiciled or established in Moldova guarantees the recognition of the respective certificate, etc.), a qualified public key certificate issued by a trust service provider of an EU Member State will be recognised as equivalent, from the point of view of legal effects, to a public key certificate issued by a trust service provider domiciled or established in the Republic of Moldova. Still, the Moldovan Government is expected to pass secondary legislation on the manner of recognition of a qualified public key certificate issued by a trust service provider in an EU Member State.
Law 124/2022 excludes the regulation of simple electronic signatures. Instead, it introduces and regulates new instruments on the Moldovan digital market. These include trust services, advanced and qualified electronic signature & seal, electronic registered delivery services and certificates for website authentication. Also, under Law 124/2022, the notion certification services provider is changed into trust services provider similarly to EU Regulation 910/2014.
Electronic signature & seal
Electronic signatures and seals regulated under the new legal framework are grouped into two types: advanced and qualified.
Advanced electronic signatures and advanced electronic seals must cumulatively meet the following requirements: (a) refer exclusively to the holder; (b) allow the identification of the holder; (c) be created using electronic signature creation data or electronic seal creation data, which the signatory or the creator of the electronic seal can use with an enhanced level of confidence, under their sole control; and (d) be linked to the data to which they relate in such a way that any subsequent changes to such data can be detected.
The use of advanced electronic signatures and advanced electronic seals is not allowed for: (i) application to electronic documents containing information classified as a state secret; or (ii) application to electronic documents in legal relations of legal persons under public law with natural persons and legal persons (companies) under private law.
Qualified electronic signatures and qualified electronic seals meet all the requirements of electronic signatures or advanced electronic seals, and additionally: (a) rely on a qualified public key certificate issued by a qualified trust service provider; and (b) are created by means of the electronic signature or electronic seal creation device and verified by means of the electronic signature or electronic seal verification device and/or product, which have confirmation of compliance with the requirements of the law.
Introduction and regulation of electronic registered delivery services and certificates for website authentication
The new electronic registered delivery service allows the electronic transmission of data between third parties and provides evidence related to the management of the transmitted data, including evidence regarding data transmission and reception. At the same time, the service is meant to protect data transmitted against the risk of loss, theft, damage or any unauthorised modification. The qualified electronic registered delivery service must be provided by one or more qualified trust services providers in compliance with the law. Data transmitted and received through a registered electronic delivery service will not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that they are in electronic form or that they do not meet the requirements for a qualified registered electronic delivery service. Data transmitted and received by means of a qualified registered electronic delivery service will be presumed (until the contrary is proven) to be complete, to have been sent by the identified sender and received by the identified recipient, and to have been sent and received by the registered electronic delivery service at the correct time.
Also, Law 124/2022 expressly provides the requirements for granting qualified certificates for website authentication, which is an attestation that makes it possible to authenticate a website and links the website to the natural or legal person to whom the certificate is issued.
Presumption of integrity of data provided by digital tools
Pursuant to Law 124/2022, digital instruments benefit the presumption of integrity of the data they refer to. Additionally, a qualified electronic signature and qualified electronic seal presume the correctness of the origin of the respective data. Electronic registered delivery services and website authentication also benefit from the presumption that the respective data is sent by the identified sender and received by the identified recipient, as well as the accuracy of the date and time the data were sent and received as indicated by the registered electronic delivery service. Likewise, it is presumed that a qualified electronic time stamp correctly indicates the date and time.
Suspension of validity and revocation of public key certificate at managing director's request
With the entry into force of Law 124/2022, the managing director (administrator) (RO conducător) of the legal entity (company) in which the holder of the public key certificate operates and uses the key when representing the legal entity, can request the trusted service provider to revoke the public key certificate.
Presumption of intention or negligence of qualified trust service providers
Another novelty under Law 124/2022 is the introduction of the presumption of intention or negligence of the qualified trust service provider until proven otherwise.
The new amendments aim to boost the use and development of electronic services. The introduction of new digital tools will essentially facilitate remote business communication between local natural persons or legal entities and those of EU Member States. The new law is not only a stage in achieving harmonisation with the community legislation, but also an essential advantage for the users of electronic services.