At the request of the Council, the European Commission has proposed a Directive to provide a Community framework for electronic signatures. It is not the intent of this Directive to cover the whole domain of applications of authentication, but rather to focus on the legal validity of electronic signatures. In relation to the legal recognition of electronic signatures the Directive (approved on 13 December 1999, and published in the EC Official Journal) identifies minimal requirements for certificates, certification service providers and signature creation and verification devices. The Directive allows the Commission to establish and publish references of generally recognized standards for electronic signature products. As a consequence, Member States Laws shall presume compliance with the requirements laid down in the Directive when a product meets those standards.
Several standardization initiatives have already been launched at the national, regional and international levels by organizations and industry fora. Worthy of mention are the activities of the International Chamber of Commerce, the ILPF (Internet Law Policy Forum) current inventory, the IETF (Internet Engineering Task Force), the W3C (World Wide Web Consortium) and the ABA (American Bar Association) standardization activities. They are, however, at this stage, not necessarily sufficient to respond to the legal requirements. A consistent and coherent approach is necessary, so that the legal framework for electronic signatures can build, as far as possible, upon standards and other forms of voluntary agreements which can be used to provide legally recognized signatures not only across Europe, but at international level.
In order to provide timely standards permitting full and efficient implementation of a common framework, based on consistent Member States’ legislation, standardization initiatives are encouraged at an early stage, in particular so as to obtain adequate international co-operation.
Industry and European standardization bodies, within the frame of the ICTSB, have been requested by the European Commission to analyze in a coherent manner, the needs for standardization activities in support of essential legal requirements as stated in the Directive in relation to electronic signatures products and services to be made available to the market. The assessment of available standards and current initiatives at global and regional level, both in formal standardization bodies and industry consortia, did identify gaps and the need for any additional standardization initiatives in all relevant forms, such as standards, specifications, agreements, workshops or any other form of consensus building. On the basis of this analysis, a work programme has been defined and implemented.
It is for Industry and European Standardization bodies to set up the implementation framework, compliant with the minimal legal framework stated by the Directive, which answers business needs and brings the full advantage of the legal recognition of the electronic signature in support of the development of an open electronic commerce environment.
Although several standardization initiatives in the area of authentication had already been launched by standards bodies and industry fora at national, regional and international levels, it was ascertained that they lacked the necessary consistency and coherence for validity and cross-recognition.
To remedy this, the European ICT Standards Board, with the support of the European Commission, has launched an initiative bringing together industry and public authorities, experts and other market players: the European Electronic Signature Standardization Initiative (EESSI).
EESSI seeks to identify under a common approach the needs for standardization activities in support of the Directive’s requirements, and to monitor the implementation of the work programme.
EESSI has been anxious to ensure that three main principles were adhered to:
The requirements were discussed in an initial consultation meeting. The outcome was contributed to the draft report which was then presented to an open consultation meeting in Brussels. Comments, received at and after this open meeting, led to the finalization of the report and the resulting work programme.
As a result, EESSI delivered its initial recommendations (July 1999) in a report that contains an overview of the requirements for standards-related activities, as well as a detailed work programme to meet these requirements. Three key areas were identified as crucial in the work programme:
In the first instance, EESSI is mainly focussing on the use of PKI technology in support of electronic signatures. It is however clear that other technologies are relevant, and consideration is already being given to these.
The following activities have been considered to be of high priority:
The standards to be developed must address a range of security requirements for different classes of electronic signature as described in the defined framework for the EESSI standards.
The work programme is now being implemented, under the supervision of a Steering Group chaired by Mr René van den Assem (ECP, Netherlands). This Steering Group gathers representatives of the market players, including industry, service providers, users/consumers, national authorities and interested ICTSB member organizations.
The standards-related work required at European level is being carried out by the European Standards Organizations CEN and ETSI, in collaboration with other organizations as required. The relevant technical meetings of the two groups concerned will be co-located, to facilitate collaboration. The work, whether in CEN or ETSI, will be open to all interested parties.
EESSI does not seek to "re-invent the wheel". It will collaborate closely with relevant initiatives at global level, or in other regions, and will develop solutions that ensure international interoperability of electronic signature applications. To this end, contacts have already been established with a number of other initiatives.
ETSI ESI is
the technical body within ETSI carrying the main responsibility
for security infrastructures and services in the telecom environment.
As such, ETSI ESI devotes special interest to interoperability issues
at the communication and transaction levels, as well as to relevant
aspects of trust relationships. For relevant information, ETSI ESI
activity is described in details at the following address: http://portal.etsi.org/esi/el-sign.asp 
The subsequent ETSI ESI work to be carried out concerns the following subjects:
ETSI ESI has
created an electronic "open discussion area", providing
public access to the current draft documents, background material,
and supporting the exchange of ideas, comments and contributions.
These facilities can be reached through the public ETSI Web site
at the following address: http://portal.etsi.org/esi/el-sign.asp
CEN’s Information Society Standardization System (CEN/ISSS) is responsible for the part of the EESSI work programme dealing with quality and functional standards for Signature Creation and Verification products, as well as quality and functional standards for Certification Service Providers (CSPs).
In the fast-moving domain of information and communications technologies (ICT), CEN/ISSS makes use of a Workshop mechanism, in addition to the traditional CEN Technical Committees. CEN/ISSS Workshops are open to all interested parties. They operate by consensus and produce specifications, pre-Standards, guidance and other material. Their deliverables are published by CEN as CEN Workshop Agreements (CWAs).
CEN/ISSS Workshops are not permanent structures, but are created whenever there is an identified need. Workshops intensively make use of electronic working methods, enabling companies, organizations and academia to participate without attendance at Workshop meetings in person.
In order to execute its part of the work programme, CEN/ISSS has therefore created an Electronic Signature Workshop. The detailed work will be organized in parallel projects, operating within this Workshop. The Electronic Signature Workshop started its technical work in December 1999.
It covers the following areas, in addition to liaisons and inputs into the ETSI work:
The CEN/ISSS
WS/E-Sign web pages are at the following address:
http://www.cen.eu/cenorm/businessdomains/businessdomains/isss/activity/electronic_signatures.asp and
also http://www.uninfo.polito.it/WS_Esign/ .