The Law amending the Law on electronic document, electronic identification and trust services in electronic business was published in the Official Gazette of the Republic of Serbia no. 52/2021 and it has been in force since 1 June 2021.

The Law on electronic document, electronic identification and trust services in electronic business was adopted in 2017 and it is largely harmonized with the European regulations in this field, notably with Regulation (EU) 910/2014 of the European Parliament and the Council (“eIDAS Regulation”), however in practice the text of the law needs to be further improved.

Recognition of EU electronic identification schemes

The key novelty refers to automatic recognition of electronic identification schemes in accordance with the eIDAS Regulation, since the law prescribes that the notified EU electronic identification schemes shall become an integral part of the Register of electronic identification service providers and electronic identification schemes.

In practice, this means that e.g. qualified certificate for electronic signature issued in an EU member state can be used in Serbia.

With regard to other states, the old regime still applies, meaning that mutual recognition of identification schemes is done through international agreements (there are currently bilateral agreements with Montenegro, North Macedonia and Albania).

e-Signature in cloud

The law also regulates the service of issuance of “e-signature in cloud”, which practically means remote administration of e-signature.

The means for creation of qualified electronic signature i.e. stamp are USB tokens, smart cards and special devices located on the premises of service providers that should enable “signature in cloud”. However, a great problem for certification of domestic means for such purposes was the lack of domestic authorities for conformity assessment of means for creation of qualified electronic signatures i.e. stamps аnd as a result, only foreign funds were available to trusted domestic service providers, which implied high costs.

Such situation has been overcome now as the law prescribes that, by the appointment of the first conformity assessment body, the verification of means will be done by the Ministry of Trade, Tourism and Telecommunications (“the Ministry”) within conformity assessment of the entire service providing process.

Remote identification

The law stipulates the possibility for issuance of qualified electronic certificate through remote identification, which was not possible so far since the person to whom the certificate was issued needed to be present. The law also permitted verification through public remote document  (remote ID card), however in order to apply that option it was also necessary to amend the Law on Identity Card and to declare the ID card a remote public document.

The amendment of the law enabled for identity check through remote identification, but it is envisaged that the requirements for this type of identity check will be regulated by the Regulation on specific requirements for provision of qualified trust services.

This is a significant novelty as previously mandatory physical presence often hampered the acquistion of qualified electronic signature, particularly to foreign nationals who are not staying in the Republic of Serbia and who are registered representatives of domestic companies.

Personal data

From the provision of the law stipulating trust service provider’s obligation to immediately, and not later than 24 hours upon finding out, notify the Ministry of any violation of safety or loss of integrity of the service that has significant impact on provision of trust services, the part referring to mandatory notification to the Commissioner for information of public importance and personal data protection in case of jeopardised safety of personal data has been deleted.

The reason for changing this provision was the fact that the Law on personal data protection already stipulated that any infringement of safety of personal data shall be notified to the Commissioner, hence this obligation need not be regulated by the law concerned.

This article is to be considered as exclusively informative, with no intention to provide legal advice. If you should need additional information, please contact us directly.