Arnaud Belleil: “A number of factors of vigilance in eIDAS v2.0 regulation”

What message would you like to convey for this workshop?

I will be here to remind you of the regulatory framework for electronic archiving, and in particular the relationship between regulation, standardization and certification, which are different areas, but with obvious interactions and complementarities. First of all, it should be borne in mind that there are no strict regulations for electronic archiving, but two short and structured texts. First of all, Article L211-1 of the Heritage Code defining archives, ie “all documents, including data, regardless of their date, place of storage, form and medium, prepared or received by any natural or legal person and from any service or public or private body in the exercise of its activity ”. It is noted that the issues of format and media are not exclusive, so the article also refers to electronic data.

Article 1366 of the Civil Code provides: “Electronic writing has the same probative value as writing on paper, provided that the person from whom it originates can be properly identified and established and kept in conditions that guarantee its integrity.” There are many other articles on more specific documents such as electronic invoices or payment slips, but they mostly refer to retention periods.

It can be noticed that these regulatory texts mostly remain at the level of principles, they explain the goal that needs to be achieved, but they do not specify how to achieve it.

Which texts describe in detail the means of ensuring the proper archiving of data and documents?

This is the role of standards, which, unlike laws, are voluntary and are drafted by experts, not legislators. Standards describe the state of the art, a set of good practices necessary to achieve the objectives described in legislative texts. In this area, the main standard, which was updated in October 2000, is the AFNOR NF Z 42-013 standard, which concerns the electronic archiving system (SAE). We can also list NF Z 42-026 on faithful digitization and NF Z 42-020 on the digital secure component.

And there are certificates related to these standards, which I often compare to a graduation degree compared to the Terminal program: it is a proof of external authority that everything has been learned and applied. For electronic archiving, the certificate NF 461 complies with the standard NF Z 42-013, NF 544 NF Z-42-026, and NF software 203 Digital Secure Component NF Z 42-020.

Thus, there are three complementary levels to the compliance of electronic archiving: a law setting out general principles, including “integrity guarantee”, standards detailing assets, especially cryptographic assets such as fingerprints, and a certificate confirming that the requirements have been met. standards are properly applied. This complementarity between the texts is a source of trust.

Electronic archiving should become a trusted service according to the draft European regulation eIDAS v2.0. What inspires you?

This is a priori good news, but there are a few points of vigilance that will need to be addressed. Electronic archiving, as defined in France, is based on principles such as integrity, durability, traceability and is therefore not limited to data storage alone, as, for example, Gafam can do. The ambition of the eIDAS regulation is to work for European digital sovereignty, there should be no gap between intention and implementation …

In your opinion, what are the most significant changes in the sector in the coming years?

I have the impression that there is a form of convergence between electronic archiving, personal data protection as we know it in the GDPR and information security, in terms of the ISO 27001 standard. These are three areas of digital trust, historically different cultures in terms of methods and practices.

It should also be noted that, by nature, archiving must absorb developments, innovations and avoid whims in order to be sustainable.

What role can FnTC play in supporting the electronic archiving market and its users?

FnTC has a strong and unique positioning thanks to the diversity of its members, software publishers, third party archivists, lawyers, technical experts, regulated professions, institutions, start-ups … The Federation is a real reservoir of expertise, a place to define the state of the art, especially with publications on best practices, reference texts and working groups. He also performs communication and awareness-raising work, not forgetting his work in the field of standardization. Through all its activities, FnTC really contributes to digital trust.

Sign up now for the “Electronic Archiving: Basic Compliance Brick” Roundtable by clicking here and connect on May 10 at 1:45 p.m.

Contact
Federation of Digital Trusted Third Parties (FnTC)

43, rue DOUAI 75009 Paris
+33 (0) 6 89 84 73 65
infos@fntc-numerique.com

Leave a Comment