Electronic signatures, electronic statements, electronic documents, and the terms and conditions for the provision of certification services in Bulgaria are regulated by the Electronic Document and Electronic Signature Act (EDESA) and adjacent Regulations.
According to EDESA, "electronic signature" means any information in an electronic form, added or logically associated with the electronic statement to establish its authorship. "Electronic statement" is a verbal statement submitted in a digital form through a common standard for conversion, reading and visual presentation of information.
In Bulgaria are regulated:
Advanced electronic signature, which:
- allows the identification of the author;
- is connected with the author in a unique way;
- is created by means that are under the control of the author, and
- is connected to the electronic statement in a way that ensures the establishment of any subsequent changes.
Qualified electronic signature is an advanced electronic signature that meets two additional requirements:
- is accompanied by a certificate of a qualified electronic signature issued by a certification service provider stating the relationship between the author and the public key to verify the signature, and
- is created by a device for secure signature creation, as the qualified electronic signature is analogous to a handwritten signature.
The certificate is an electronic document issued and signed by a certification service provider that contains:
- the name, address, personal identification number or unique identifier code of the certification services provider, as well as an indication of their nationality;
- the name or firm, address, registration data of the holder of the advanced electronic signature;
- grounds for authorization, the name and address of the physical person (the author), which is authorized to make electronic statements on behalf of the holder of an advanced electronic signature;
- the public key corresponding to the private key of the holder of an advanced electronic signature;
- identifiers of the algorithms by which the public keys of a holder of an advanced electronic signature and of the certification service provider are used;
- the date and time of the issuance, suspension, renewal and termination of the action;
- the term of validity;
- limits of the operation of the signature;
- the unique identification code of the certificate;
- responsibility and liability of the certification services provider;
- reference to the certificate of electronic signature of the certification service provider, as well as to their registration at the Communications Regulation Commission (CRC)
Certification service provider is a person who:
- issues certificates under the EDESA and keeps a record of them;
- provides to any third party access to the certificates published;
- may provide services for creating a private and public key for an advanced electronic signature.
Regulatory authority in Bulgaria in the field of electronic signature is the Communications Regulation Commission (CRC), which supervises the certification service providers on the reliability and security of the certification services and maintains a register of public keys.