The Law on Electronic Signatures in Bosnia and Herzegovina

September 2006

View the original document

National Regulations

The Law on Electronic Signatures in Bosnia and Herzegovina (published in the ‘Official Gazette of BiH’ No. 91/06) establishes the legal framework for the use, issuance, and verification of electronic signatures. Below is an overview of its most important provisions:

General Provisions

  • Scope (Article 1): Regulates the formation, use, and provision of services related to electronic signatures and certification.
  • Application (Article 2): Applies to both closed systems (based on contracts) and open electronic communication with courts and institutions, unless specified otherwise by law.
  • Definitions (Article 3): Defines key terms, such as electronic signature, secure electronic signature, certification service providers, and timestamping.

Legal Effects of Electronic Signatures

  • General Legal Effect (Article 4): Electronic signatures, regardless of security level or certificate class, are legally recognised in transactions.
  • Secure Electronic Signatures (Article 5): Equates to handwritten signatures, provided security requirements are met. Exceptions apply in cases requiring notarization or official certification.

Qualified Certificates

  • Content Requirements (Article 6): Specifies data that qualified certificates must contain, such as issuer details, validity, and restrictions.
  • Issuance Process (Article 9): Identity verification of the requester is mandatory using official documents or other reliable means.

Certification Authorities (CAs)

  • Registration (Article 7): Certification authorities (CAs) must notify the supervisory body before starting operations and maintain internal rules and security protocols.
  • Qualified CAs (Article 8): These entities must ensure the reliability of their processes, maintain secure certificate registries, and employ qualified personnel.
  • Obligations (Article 16): CAs must inform clients about service terms, potential limitations, and dispute resolution mechanisms.

Technical and Security Requirements

  • Secure Systems (Article 14): Stipulates the use of technical measures to ensure data integrity, prevent unauthorised access, and validate digital signatures.
  • Testing and Compliance (Article 15): Accredited entities certify compliance with technical and security standards.

Supervision and Enforcement

  • Supervisory Authority (Article 20): Oversees CAs, inspects compliance with the law, and maintains registries of CAs and their certifications.
  • Enforcement Powers (Article 21): The authority may suspend non-compliant CAs and ensure proper revocation of certificates.

Liabilities and Sanctions

  • Liability of CAs (Article 19): CAs are liable for damages caused by inaccuracies in issued certificates, delays in revocation, or other failures unless they prove no fault.
  • Sanctions (Article 25): Specifies fines for unauthorised use of signature creation data, non-compliance with certificate suspension, and other violations.

Recognition of Foreign Certificates

  • Recognition Framework (Article 24): Certificates from EU/EEA member states are treated as equivalent to domestic ones. Certificates from third countries are recognised if they meet equivalence requirements or are validated by accredited CAs in Bosnia and Herzegovina.

Transitional and Final Provisions

  • Implementation Deadlines (Article 26): Mandates the adoption of necessary bylaws within six months from the law’s publication.
  • Effective Date (Article 27): The law came into force six months after its publication in the official gazette.