1. Electronic time stamp user means a person using an electronic time stamp or a party relying on that stamp.

2. Electronic signature user means a person signing with an electronic signature or a party relying on that signature.

3. Electronic seal user means a creator of an electronic seal or a party relying on the electronic seal.

4. Website authentication data means unique data used by a person holding a qualified certificate for website authentication to validate the website authentication.

5. National trusted list means a list of qualified trust service providers established in the Republic of Lithuania and of qualified trust services provided by them established, maintained and published under Article 22(1) and (2) of Regulation (EU) No 910/2014.

6. The definition of a durable medium shall be understood in accordance with the way in which it is defined in the Law on Payments of the Republic of Lithuania.

7. Other definitions for the purpose of this law shall be understood in accordance with the way in which they are defined in Regulation (EU) No 910/2014.

1. The policy of electronic identification shall be made, its implementation shall be organised, coordinated and controlled by the Ministry of the Interior of the Republic of Lithuania.

2. The policy of trust services shall be made, its implementation shall be organised, coordinated and controlled by the Ministry of Transport and Communications of the Republic of Lithuania.

3. The policy of trust services shall be implemented by the trust service providers supervisory body assigned by the Government of the Republic of Lithuania (hereinafter – the supervisory body).

1. The goal of the supervisory body is to ensure that the trust service providers and the trust services that they provide meet the requirements laid down in Regulation (EU) No 910/2014, this law and implementing legal acts.

2. The supervisory body shall exercise the following tasks:

3. The supervisory body shall, when implementing the tasks and exercising the functions set in Regulation (EU) No 910/2014 and this law, have the rights granted by Regulation (EU) No 910/2014, this law and other laws.

1. An electronic signature which does not meet the requirements for the qualified electronic signature provided for in Regulation (EU) No 910/2014 shall have the equivalent legal effect of a handwritten signature, where the users of that electronic signature agree, in writing, in advance and where it is possible to store that agreement on a durable medium.

2. An electronic seal which does not meet the requirements for the qualified electronic seal provided for in Regulation (EU) No 910/2014 shall enjoy the presumption of integrity of the electronic data and of correctness of the origin of that data to which the electronic seal is linked, where the users of that electronic seal agree, in writing, in advance and where it is possible to store that agreement on a durable medium.

3. An electronic time stamp which does not meet the requirements for the qualified electronic time stamp provided for in Regulation (EU) No 910/2014 shall enjoy the presumption of the accuracy of the date and the time it indicates and the integrity of the electronic data to which the date and time are bound, where the users of that electronic time stamp agree, in writing, in advance and where it is possible to store that agreement on a durable medium.

4. A qualified electronic signature of a representative of legal person shall have the equivalent legal effect of a handwritten signature of a legal person authenticated by the stamp of a legal person, where the obligation to have the stamp is established in the legal person’s instruments of its establishment or laws.

1. The qualified validation service for qualified electronic signatures shall enjoy the presumption of the reliable validation of the qualified electronic signature and the correct result of the validation procedure which shall allow the relying party to detect any qualified electronic signature security relevant issues.

2. The provisions of paragraph 1 herein shall mutatis mutandis apply to the qualified validation service for qualified electronic seals.

1. The qualified preservation service for qualified electronic signatures shall enjoy the presumption of the reliable protection of the qualified electronic signature and the extension of the trustworthiness of the qualified electronic signature beyond the technological validity period.

2. The provisions of paragraph 1 herein shall mutatis mutandis apply to the qualified preservation service for qualified electronic seals.

1. Trust service providers shall provide the trust services in compliance with the requirements of Regulation (EU) No 910/2014, this law and implementing legal acts.

2. The qualified trust service provider shall be insured against civil liability for the amount of at least EUR 30,000 per insured event and for the amount of at least EUR 90,000 for all insured events per year.

3. The trust service provider intending to start the provision of the qualified trust services shall, together with the documents referred to in Article 21(1) of Regulation (EU) No 910/2014, submit the following to the supervisory body:

4. Qualified trust service providers shall submit information referred to in Article 24(2)(a) of Regulation (EU) No 910/2014 to the supervisory body:

5. Qualified trust service providers or their authorised third parties shall verify the identity of person to whom qualified certificate is issued and additional specific attributes as referred to in Article 24(1) of Regulation (EU) No 910/2014 under the procedure established by the supervisory body, unless otherwise stated in the laws of the Republic of Lithuania.

6. Qualified trust service providers issuing the qualified certificates shall ensure the accuracy of the data of the qualified certificates and immediately suspend or revoke the qualified certificates in the cases and under the procedure provided for in Regulation (EU) No 910/2014 and this law.

7. Qualified trust service providers shall submit the activity report of the previous calendar year to the supervisory body on an annual basis no later than by 1 February under the procedure established by the supervisory body.

1. A person requesting to issue a qualified certificate shall enable a qualified trust service provider or its authorised third party to verify the identity and additional specific attributes indicated in the qualified certificate under the procedure established by the supervisory body, unless otherwise stated in the laws of the Republic of Lithuania.

2. A person to whom a qualified certificate is issued shall immediately contact the qualified trust service provider that has issued the qualified certificate regarding the revocation of the qualified certificate for electronic signature, electronic seal or website authentication in the following cases:

1. Qualified trust service providers shall suspend the qualified certificate for electronic signature and qualified certificate for electronic seal in the following cases:

2. Qualified trust service providers that have suspended the qualified certificate for electronic signature and qualified certificate for electronic seal on the grounds referred to in items 2, 3 and 4 of paragraph 1 herein shall, no later than within 24 hours of suspension of the qualified certificate for electronic signature and qualified certificate for electronic seal, notify the person whose qualified certificate for electronic signature and qualified certificate for electronic seal have been suspended, by available e-mail or phone, thereof and specify the grounds for suspension and duration. Where the qualified certificate for electronic signature and qualified certificate for electronic seal have been suspended on the grounds referred to in item 3 or 4 of paragraph 1 herein, the qualified trust service provider shall also notify the person, whose qualified certificate for electronic signature and qualified certificate for electronic seal have been suspended, of the right to submit a request, explanation and supporting evidence which refute the information received by the qualified trust service provider on the grounds whereof the qualified certificate for electronic signature and qualified certificate for electronic seal have been suspended within 30 working days of the date of suspension of the qualified certificate for electronic signature and qualified certificate for electronic seal in a way and form specified in the qualified trust service provider’s activity documents, as well as of the consequences referred to in Article 13(3) of this law.

3. The qualified trust service provider shall be liable for the damage made to the persons that have arisen out of the failure to fulfil or improper fulfilment of the obligations referred to in paragraph 5 herein, unless the qualified trust service provider proves that the damage occurred through no fault of the service provider.

4. A person shall not sustain any losses due to the use of the lost, stolen or unlawfully obtained qualified certificate for electronic signature and qualified certificate for electronic seal after the occurrence of the circumstances referred to in Article 12(1) of this law, except for the cases, where the person has acted in bad faith.

5. Qualified trust service providers shall immediately, but no later than within 24 hours of the occurrence of the circumstances referred to in items 1, 2, 3 and 4 of paragraph 1 herein, suspend the qualified certificate for electronic signature and qualified certificate for electronic seal and publish information on the suspension of the qualified certificate for electronic signature and qualified certificate for electronic seal in the certificate database, indicate the period of suspension of the qualified certificate for electronic signature and qualified certificate for electronic seal and ensure that this information is indicated to all relying parties by providing them with information on the status of the qualified certificate for electronic signature and qualified certificate for electronic seal.

6. Qualified trust service providers shall revoke the suspension of the qualified certificate for electronic signature and qualified certificate for electronic seal in the following cases:

1. Qualified trust service providers shall revoke the qualified certificate for electronic signature and qualified certificate for electronic seal in the following cases:

2. Qualified trust service providers that have revoked the qualified certificate for electronic signature and qualified certificate for electronic seal on the grounds referred to in items 2, 3, 4 and 7 of paragraph 1 herein shall immediately, but no later than within 24 hours of revocation of the qualified certificate for electronic signature and qualified certificate for electronic seal, notify the person whose qualified certificate for electronic signature and qualified certificate for electronic seal have been revoked, by available e-mail or phone, thereof and specify the grounds for revocation.

3. Where the person whose qualified certificate for electronic signature and qualified certificate for electronic seal have been suspended on the grounds referred to in Article 12(1)(3) or (1)(4) fails to provide the request, explanation and evidence referred to in Article 12(6)(2) within 30 working days of the suspension of the qualified certificate for electronic signature and qualified certificate for electronic seal, the qualified certificate for electronic signature and qualified certificate for electronic seal shall be revoked.

1. The national trusted list shall be referred to in order to determine whether the trust service providers established in the Republic of Lithuania and/or trust services that they provide have been granted a status of a qualified trust service provider and/or qualified trust services.

2. In order to determine whether the trust service providers established in the other Member States of the European Union and/or trust services that they provide have been granted a status of a qualified trust service provider and/or qualified trust services, the national trusted list of that Member State established, maintained and published under Article 22 of Regulation (EU) No 910/2014 shall be referred to.

1. The supervisory body shall have the right to receive all information from the public and municipal institutions and authorities, trust service providers and users, persons that have been issued qualified certificates and, where appropriate, from other persons related to the activity of trust service providers subject to verification necessary to the supervisory body and the European Commission for the implementation and exercise of the tasks and functions in compliance with the requirements of the Law on Legal Protection of Personal Data of the Republic of Lithuania regarding confidentiality of the personal data.

2. Trust service providers, users, persons that have been issued the qualified certificates and other persons shall, at the request of the supervisory body, submit, in writing, the information referred to in paragraph 1 herein within a reasonable time limit set by the supervisory body which shall be of at least 5 working days. A period for submitting information referred to herein may be extended, for objective reasons, for a period of up to 10 days by the supervisory body.

3. The supervisory body shall ensure confidentiality of information received.

4. The supervisory body requesting to provide information referred to in paragraph 1 herein shall indicate the purpose for which that information will be used.

1. The officials authorised by the supervisory body, when supervising the implementation of the provisions of Regulation (EU) No 910/2014, this law and implementing legal acts, shall have and exercise the following rights on behalf of the supervisory body:

2. The officials authorised by the supervisory body, when implementing the rights granted to them, shall make out documents (statements, protocols, requests). The forms of the documents and the procedure for completing them shall be laid down by the supervisory body.

3. The requirements of the officials of the supervisory body provided to exercise the rights referred to in paragraph 1 herein shall be binding to the persons, employees of the management bodies of legal persons and administration. Those entities shall cooperate with the officials authorised by the supervisory body.

4. The request to issue an authorisation to perform activities referred to in Article 18(1)(2) shall be filed to Vilnius Regional Administrative Court. The request shall contain the name of the trust service provider (name, surname), nature of suspected violations and intended actions. Vilnius Regional Administrative Court shall examine the request and adopt the reasonable ruling to uphold or withdraw the request no later than within 72 hours of filing the request. Where the official authorised by the supervisory body disagrees with the ruling to withdraw the request by Vilnius Regional Administrative Court, the official shall have the right to bring an appeal against the ruling before the Supreme Administrative Court of Lithuania within 7 working days. The Supreme Administrative Court of Lithuania shall examine the appeal against the ruling of Vilnius Regional Administrative Court no later than within 7 working days. A representative of the supervisory body shall have the right to be present when the complaint is examined. The ruling adopted by the Supreme Administrative Court of Lithuania shall be final and without appeal. Courts, when examining the requests and complaints concerning the issuance of authorisations to perform activities, shall ensure confidentiality of information provided and actions planned. In urgent cases, the actions of the officials of the supervisory body may be taken by the decision of the director of the supervisory body. In this case, the request to issue the authorisation to perform activities shall be brought before the court under the procedure referred to herein within 24 hours of the decision of the director of the supervisory body. Where the court refuses to issue the authorisation to perform activities, they shall be ceased, and information obtained when performing such activities shall be immediately destroyed.

1. Qualified trust service providers shall, within 3 months of the entry into force of this law, provide the supervisory body with the documents certifying that the qualified trust service provider has been insured against civil liability in accordance with the requirements laid down in Article 10(2) of this law. Where the qualified trust service provider fails to submit the documents referred to herein within a set time limit, the supervisory body shall initiate the withdrawal of a status of the qualified trust service provider under the procedure established by Regulation (EU) No 910/2014.

2. Other definitions “advanced electronic signature”, “supervisory body for electronic signature”, “advanced electronic signature created by secure signature creation device and validated by qualified certificate in force”, “qualified certificate” used for the purpose of other legal acts of the Republic of Lithuania and definitions “advanced electronic signature”, “supervisory body for trust services”, “qualified electronic signature”, “qualified certificate for electronic signature” used for the purpose of this law are identical.

3. References to the Law on Electronic Signature of the Republic of Lithuania provided in other legal acts of the Republic of Lithuania shall be construed as references to Regulation (EU) No 910/2014 and this law.