The Polish National Certification Centre is an organisation which runs a list of trust services providers and qualified electronic signatures accepted in Poland. The legal frames of this institution functioning is provided by the Act of 5 September 2016 on Trust Services and Electronic Identification.
In the article 2 of this Act we can read that:
Art. 2. [Tasks of the minister]
The Polish minister responsible for the informatization ensures the functioning of the national trust infrastructure, which includes:
1) a register of trust service providers, hereinafter referred to as the “register”;
2) trusted list;
3) a national certification center.[1]
The Polish National Certification Centre tasks are included in Article 10 and this article is crucial for the trust services providers, because the National Certification Centre tasks include:
Currently the National Certification Centre’s tasks are taken over by the National Polish Bank (article 11 of this Act). And on the National Polish Bank website we can find a link to the National Certification Centre: https://www.nccert.pl/.
The homepage of the Polish National Certification Centre includes information about the main tasks and duties of the National Certification Centre with reference to the legal acts (especially the abovementioned Act). The latter include: abbreviations for validation data; presentations certificates of the National Certification Centre and the list of trust services qualified providers with links to their websites.
The full list of certificated trust services providers can be found in the Certificates tab. There are 2 lists:
The full lists can be found under this link: https://www.nccert.pl/zaswiadczenia.htm.
The National Certification Centre website presents a Register of Qualified Trust Services with the list of 28 entities registered in the said Register run by the National Polish Bank since October 2005. The chart in the Register contains the provider’s name, trust service’s type and registration date.
For instance:
There is also a Trust Services list tab available to visit and check under this link: https://www.nccert.pl/tsl.htm.
An asymmetric key (the so-called public-private key pair) is often used in an electronic signature. The private key is known only to the user and its confidentiality is one of the most important elements of signature security. The public key is open and an electronic signature is created with its use. In asymmetric encryption methods, both the sender and receiver have a separate pair of keys. The sender uses the recipient’s public key to encrypt the message. The addressee can read it using his secret private key. The asymmetry results from the fact that data encrypted with the mentioned pair of the public keys can only be decrypted using the private key of the pair. When a user wants to receive confidential messages in encrypted form via e-mail, he creates a key pair with special software. Then it reveals the public key or sends it to people who intend to send it encrypted messages. The other activities are performed by the sender and the recipient as described below.[2]
Basic elements of the contract
In the case of trust services provision agreement the elements of the contract are:
Agreement entered into between Parties:
XYZ Limited Liability Company, with its registered office at ABC,
entered into the register of qualified trust service providers, XXX Joint Stock Company represented in accordance with the rules for representation by an authorized representative: John Smith, etc.
In this case the subject of the agreement may be boiled down to:
The Provider and Subscriber obligations
Reservations, statements and payments terms
In such agreements there are also such elements as:
Trust Services Provider guarantees
The Trust Services Provider may make guarantees such as:
The qualified electronic signature based on the qualified certificate issued in one of the Member States will be effective in other European member state in accordance to eIDAS Regulation:
Article 25
Legal effects of electronic signatures
It is at the same time recommended to obtain a qualified electronic signature including authorization key based on the Polish Personal Identification Number (PESEL) which provides the highest level of electronic reliability. Thereby before the conclusion of the trust services provision agreement the foreigner should first put forward a motion to the proper authority for the issuance the Personal Identification Number and then conclude the agreement. After doing that the electronic certificate will contain the reliable authorization key and the electronic signature itself may be used in every EU member state.
Sources:
[1] https://sip.lex.pl/#/act/18344658/2870950/uslugi-zaufania-oraz-identyfikacja-elektroniczna?keyword=ustawa%20o%20elektronicznej%20identyfikacji&cm=SFIRST, (access date: 12th August, 2021).
[2] https://oia.waw.pl/podpis-elektroniczny-szczegoly-rodzaje-i-zastosowanie/, (access date: 12th August, 2021).
[3] https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32014R0910&from=EN, (access date: 12th August, 2021).