Table of Contents
Current News: PDF/A-2 at the PDF/A Conference
Main Article: The Council Directive 2010/45/EU demands equal treatment for electronic and paper invoices
PDF/A Competence Center Members Introduce Themselves: E-Mission
Italy was one of the first European countries to stress the importance of electronic signatures for the development of the EU Market. Furthermore, it was the first EU country to enact an eSignature law at national level, back in 1997. According to an analysis released by FESA (Forum of European Supervisory Authorities) in 2002, Italy was the European country with the largest use of eSignatures, followed by Norway and Germany. Due to the release of the Directive 1999/93/EC, Italy had to amend the aforementioned law to comply with the principles of the “neutral approach” to the eSignature and the so called “two tier approach”.
In Italy there are currently three different kinds of eSignatures in use and regulated by the Italian “Code of the digital administration”: the electronic signature, the qualified electronic signature and the digital signature. Both QES and DS correspond to the “advanced electronic signature” pursuant to Art. 2 of the EU Directive. Moreover, according to the supervising Italian authority – the CNIPA – only the digital signature should be regarded as fully equivalent to a hand-written signature. QES as well as DS must be based on a qualified certificate and created using a secure signature creation device. The difference between them consists in the fact that only the digital signature must be based on a cryptographic PKI, for which the private key is stored on a smart card or, alternatively, onto a USB token. The root certificate authority supervising the certification service providers is the CNIPA, the national center for ICT in the public administration, a technical institution whose regulations are de facto sources of laws since 2009. Recently the CNIPA has enacted some new technical rules.
Among other things, the new rules define the algorithms for the creation, verification and validation of digital signatures, certificates and time-stamping. By doing this the CNIPA (wisely) adopted international (ISO) and European (ETSI) standards which both fulfil the present-day EU rules and meet the co-regulatory approach enacted in the directive 1999/93/EC. Among other things, the rules govern eSignatures in PDF format and foresee that they must use the Message Digest SHA-256 and conform to specification ETSI TS 102 778 part 2. So far so good. But let’s now make some considerations on a European scale. Interoperability and mutual recognition of eSignatures are a still a problem within the European framework.
As the EFVS study recently pointed out, “with respect to electronic signatures, which are not based on qualified certificates, challenges are even greater, since the eSignature directive doesn’t provide a conclusive trust framework for such signatures”. Again, the workgroup underlined that: “Schemes can be freely defined at the national level (meaning they are not equivalent between countries) and are not mandatory”. On the one hand, the lack of legal rules concerning some ancillary aspects of the electronic signature (e.g. time-stamps, validation) forces the EU states to regulate this legal vacuum themselves.
On the other hand, corollary of this phenomenon is the formation of national standards, which are bringing judges and end-users into a situation of uncertainty among European growing “models”. The remarks made in the “study on the standardisation aspects of eSignature” (SEALED, DLA Paper and Across communications) should be kept in mind, particularly the recognition that “judges still struggle with the concept of electronic signatures”.
The point here is not only theoretical. If a German purchaser would receive an Italian eInvoice and try to verify it using a German validation service, there’d be a pretty high probability the validation service would return the following answer: “Certificate not found – Signature not valid”. What should the end-user undertake in this case? Should he go before the national court? Since eSignatures are destined to become a very popular means in Europe, I personally disagree with a too extensive use of the co-regulatory approach, in particular referring to eSignature validation. The provision of the recent VAT directive (2010/45/EU) may not solve this problem on a European scale as well. A vacuum remains. The risk of a lack of interoperability could seriously compromise the need of certainty, which is the milestone of any legal and business framework, either national or – as in the case of the European Union – super-national. We need set rules. Apropos eSignature, Italy is doing a good job and – most importantly – it appears that Italian people want to use this electronic means.
Nonetheless, “trust” between countries is often more tentative than official standards or so called “models” dictate. They wither without a sustained effort. That’s why we’d prefer not to talk about a new Italian model, or any national model, but consider this improvement as a step forward towards a European standard and a new directive covering those aspects which still need regulation (e.g. validation, time-stamping).
PDF/A Competence Center, Vice-Chair Country Chapter Italy
PDF/A-2 at the PDF/A Conference
The PDF/A Competence Center is organizing its fourth international PDF/A conference this year. One point of emphasis at the event will be the new part of the standard, PDF/A-2, which is expected to be completed soon. Experts will provide information on the standard’s latest development and explain whether and when a change makes sense and how to go about it.
Moreover, some providers will present their first “PDF/A-2 ready” solutions at the accompanying exhibition. The PDF/A conference will be held from September 29 to October 1, 2010 in Rome, Italy.
The Council Directive 2010/45/EU demands equal treatment for electronic and paper invoices
The European Council, with the Council Directive 2010/45/EU dated July 13th 2010, established a series of requirements to simplify and increase the use of electronic invoices in EU Member States, who in turn must adopt and publish, by 31 December 2012 at the latest, the laws, regulations and administrative provisions necessary to comply with this Directive.
The European Council set as a target the removal of all obstacles discovered up till now in the adaption of electronic invoices, defining equal treatment between electronic and paper invoices. With these conditions, all of the obstacle that slowed down the spread of electronic documents will be definitively removed and companies can noticeably reduce their costs, becoming more competitive.
The main article of the directive is the number 233:
The authenticity of the origin, the integrity of the content and the legibility of an invoice, whether on paper or in electronic form, shall be ensured from the point in time of issue until the end of the period for storage of the invoice.
Each taxable person shall determine the way to ensure the authenticity of the origin, the integrity of the content and the legibility of the invoice. This may be achieved by any business controls which create a reliable audit trail between an invoice and a supply of goods or services.
“Authenticity of the origin” means the assurance of the identity of the supplier or the issuer of the invoice.
“Integrity of the content” means that the content required according to this Directive has not been altered.
Other than by way of the type of business controls described, the following are examples of technologies that ensure the authenticity of the origin and the integrity of the content of an electronic invoice:
(a) an advanced electronic signature within the meaning of point (2) of Article 2 of Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures, based on a qualified certificate and created by a secure signature creation device, within the meaning of points (6) and (10) of Article 2 of Directive 1999/93/EC;
(b) electronic data interchange (EDI), as defined in Article 2 of Annex 1 to Commission Recommendation 1994/820/EC of 19 October 1994 relating to the legal aspects of electronic data interchange, where the agreement relating to the exchange provides for the use of procedures guaranteeing the authenticity of the origin and integrity of the data.
The article defines that an electronic invoice should be readable from the point in time of its issue until the end of its storage period. The use of PDF/A as a storage format for electronic invoices guarantees their reproducibility in all technological contexts longer than legally required: the format characteristics guarantee conformity with the original in all environments and assures the legibility of documents longer than the minimum storage period in Italy of 10 years. The advanced electronic signatures that can be affixed to every PDF/A document completely satisfy the requirement to assure the authenticity and content integrity. This process assures that the document was really originated from his sender and that it wasn’t modified since its issue.
The use of advanced electronic signatures permits the outsourcing of issuing invoices too: the issuer of the document could give the sender the opportunity to digitally sign the invoice using whatever medium, assuring the invoice authenticity and the fiscal and legal validity.
Although Electronic Data Interchange (EDI) systems are identified as systems that can provide business controls which create a reliable audit trail between an invoice and a supply of goods or services, the PDF/A format assures the possibility of certifying the issue authenticity (who is the issuer of the invoice) and the content integrity (verify that the content was not changed after the invoice was issued) in an easier way, especially during audits.
Therefore, companies that are using PDF/A as invoices storage format are fully compliance to the Council Directive and they don’t need to make any changes to their processes.
PDF/A COMPETENCE CENTER MEMBERS PRESENT THEMSELVES
E-Mission S.r.l. started its business in October 2008 as a split of Archiva S.r.l., which has been on the market since 1979 with substitutive optical storage of documents. All document distribution services were entrusted to E-Mission with the target of completely automating and improving them.
The main activities of E-mission are:
- examination and updating of all national and international standards for document storage and transmission
- development of new technologies that includes data and document transmission and sharing between different and heterogeneous interlocutors
- consultancy to develop dedicated customer solutions that result from an analysis of their corporate requirements and processes
- implementation with customers of the data transmission and sharing services using the solutions that have been selected
- in-sourcing management of processes for providing the services that are offered
The Archiva Group, with more than 100 employees and 400 customers, offers company process integration services to manage documents and information. The secret behind Archiva’s success is our conviction that our customers are our partners.
Archiva customers enjoy full outsourcing processes. Archiva is responsible for document transmission processes, either electronic or hardcopy, and for document back-up replacement storage.
Filling and storage
Store, file, protect: these are in our DNA. Ever since the start. Our “life cycle” converts hardcopy into digital, files the information in electronic “cells”, and provides total defence with respect to confidentiality of access.
Electronic invoicing and data transmission
Based on the PDF/A standard and XML and UBL standard automation technologies, E-Mission generates, transmits, stores and archive electronic invoices on behalf of the customer.
Consultancy and Design
Highly qualified personnel are assigned by Archiva to each customer in order to single out and solve every critical point in the document processes. And there’s more: precise design and customized provision of all services helps each customer save money on his own organizational costs.
Optical Back-up Replacement Storage
Archiva replaces hardcopy documents with the equivalent document in a digital format which “freezes” the form, content and time reference by means of digital signature and time stamp. From the formal standpoint, Optical Back-up Replacement Storage is an absolutely valid filing process, regulated by an Italian state law and legally recognized by the European Union.
Archiva has developed an innovative and efficient telematic transmission service for the data contained in documents. It permits information to be exchanged between the operational systems of different, and even heterogeneous, economic sources.
Web Services ASP
The Application Service Provider (ASP) permits Archiva customers to make their data and information available to third parties through any web application.
Currently the company handles transmission of documents of any type and nature (commercial, tax, administrative, technical, etc.) by hardcopy and electronic mailing services. With Weaver it has completed its range of services being offered with transmission of data contained in the same documents, creating a new transmission engine open to all new technologies and all present and future communications standards (XML, EDI, etc.).
NEW MEMBERS IN THE PDF/A COMPETENCE CENTER
We welcome the following companies as members in the PDF/A Competence Center: