전자서명법 개정안 연구 (Research on Amendments to the Digital Signature Act)

In the The current “Digital Signature Act” has the following problems. First, the safety of digital signature certification became dangerous by abolishing the public certificate system and simultaneously deleting laws and regulations regarding the reliability and safety of digital signature certification. Second, the European Union eIDAS regulations do not mean that all digital signatures recognize the effect of the signer’s signature, signature seal, or name seal. The legal effect of Korea’s Digital Signature Act is treated the same the digital signatures between recognized and non-recognized businesses. Third, although there should be a difference in legal effect between recognized businesses and non-recognized businesses, this is not the case, and there is legal discrimination between recognized businesses that are identity verification agencies and recognized businesses that are not identity verification organizations. Fourth, businesses wishing to use authentication based on biometric information must review whether the information processed during the identity verification process is general biometric information or biometric information and determine whether it is sensitive information under the Personal Information Protection Act. Fifth, regarding the validity period of recognition, the Enforcement Decree of the Digital Signature Act stipulates that it is one year from the date of recognition. Sixth, according to the Digital Signature Act, the management and supervision of administrative agencies, such as inspections and correction orders, can only be imposed on recognized businesses, and it is difficult to take measures such as canceling the selection of an evaluation agency.
As a way to improve the Digital Signature Act, first, there is a need to stipulate in law the ‘Accreditation Committee’, which is currently operated under internal regulations, to deliberate and decide on matters related to the recognition of compliance with the operating standards of digital signature certification businesses. Second, the Digital Signature Act does not make any provisions regarding ‘renewal’, ‘succession’, or ‘recognition of changes’ of recognition. Therefore, there must be a provision for renewal of recognition. Third, the current Digital Signature Act does not provide for authority to investigate or inspect the business performance of evaluation agencies, making it difficult to take actions such as canceling the selection of evaluation agencies. Therefore, there is a need to prepare an amendment that sets the validity period of evaluation agency selection to 3 years. Fourth, regarding the validity period of recognition, the Enforcement Decree of the Digital Signature Act sets the validity period to one year from the date of recognition. There is a need to revise the recognition of compliance with operating standards and the validity period of the certificate to 2 years.

In the The current “Digital Signature Act” has the following problems. First, the safety of digital signature certification became dangerous by abolishing the public certificate system and simultaneously deleting laws and regulations regarding the reliability and safety of digital signature certification. Second, the European Union eIDAS regulations do not mean that all digital signatures recognize the effect of the signer’s signature, signature seal, or name seal. The legal effect of Korea’s Digital Signature Act is treated the same the digital signatures between recognized and non-recognized businesses. Third, although there should be a difference in legal effect between recognized businesses and non-recognized businesses, this is not the case, and there is legal discrimination between recognized businesses that are identity verification agencies and recognized businesses that are not identity verification organizations. Fourth, businesses wishing to use authentication based on biometric information must review whether the information processed during the identity verification process is general biometric information or biometric information and determine whether it is sensitive information under the Personal Information Protection Act. Fifth, regarding the validity period of recognition, the Enforcement Decree of the Digital Signature Act stipulates that it is one year from the date of recognition. Sixth, according to the Digital Signature Act, the management and supervision of administrative agencies, such as inspections and correction orders, can only be imposed on recognized businesses, and it is difficult to take measures such as canceling the selection of an evaluation agency.
As a way to improve the Digital Signature Act, first, there is a need to stipulate in law the ‘Accreditation Committee’, which is currently operated under internal regulations, to deliberate and decide on matters related to the recognition of compliance with the operating standards of digital signature certification businesses. Second, the Digital Signature Act does not make any provisions regarding ‘renewal’, ‘succession’, or ‘recognition of changes’ of recognition. Therefore, there must be a provision for renewal of recognition. Third, the current Digital Signature Act does not provide for authority to investigate or inspect the business performance of evaluation agencies, making it difficult to take actions such as canceling the selection of evaluation agencies. Therefore, there is a need to prepare an amendment that sets the validity period of evaluation agency selection to 3 years. Fourth, regarding the validity period of recognition, the Enforcement Decree of the Digital Signature Act sets the validity period to one year from the date of recognition. There is a need to revise the recognition of compliance with operating standards and the validity period of the certificate to 2 years.