Compliance Certificate for PkBox as Secure Device for the generation of Digital Signature

Milan, February 25, 2015 – Intesi Group S.p.A., an Italian company operating in Information & Communication Technology with specialization in products and services for Digital Signature and Application & Service Management, declares that its platform PkBox has been certified as a Secure Signature Device (SSCD – Secure Signature Creation Device) and can therefore be used for the realization of Qualified Remote Digital Signature solution with full legal validity, according to the Italian and European legislation.
PkBox in compliance with the requirements of a Secure Signature Device in reference to Annex III of the European Directive 1993/93/EC was issued by the Austrian authority A-SIT (Austria – Secure Information Technology Center) and the certificate granted, available here, is valid in all States of the European Union and is therefore compliant with the Italian legislation.
The European Directive 1993/93/EC is implemented by the Italian Codice dell’Amministrazione Digitale (CAD) paragraph 35 (Secure devices and procedures for the generation of the signature) paragraphs 5 and 6:

  • Paragraph 5: Compliance with the security requirements of devices for the creation of a qualified signature prescribed in Annex III of Directive 1999/93/EC is established, in Italy, by the Body of information security certification […]
  • Paragraph 6: The compliance referred to in paragraph 5 is also recognized if proved by an agency appointed by another Member State and notified in accordance with Article 11, paragraph 1, letter b) of Directive 1999/93/CE. According to paragraph 6 of Article 35 of CAD the conformity of a Secure Device is recognized if proved by any of the notified bodies.

The Certificate issued by A-SIT ensures that PkBox complies with the requirements of Annex III of Directive 1999/93/EC, as required by Paragraph 6 Article 35 of Italian Codice dell’Amministrazione Digitale (CAD) .
The validity of A-SIT certification comes from European Directive 99/93/EC Article 3 (Market Access) paragraph 4: “The conformity of devices to create a secure signature to the requirements of Annex III is determined by appropriate public or private bodies designated by Member States. In accordance with the procedure referred to in Article 9, the Commission shall establish the criteria under which they shall determine whether a body should be designated”.

Both the European Directive and the law transposing it into national legal order, state that A-SIT, notified body in accordance with Article 11, paragraph 1, letter b) of Directive 1999/93/EC is fully entitled to certify conformity of a Secure Signature Device.
The European Regulation #910/2014, that from July 1, 2016 will repeal Directive 99/93/EC and replace national laws, expressly provides in Article 51 the continuity of the validity of the certificates issued pursuant to the Directive even after July 1, 2016.

Finally, on 02.09.2015, AGID – Italian surveillance authority for the application of the legislation – considered appropriate to proceed to inform the main players of the market (Certification Authority firstly) of the availability of PkBox 3.0 as signature system certified and fully usable in Italy.