Michele Martoni and Monica Palmirani
Hence the need to determine how these provisions ought to be interpreted and what their scope and evolution ought to be, especially in light of the way the relevant technologies have advanced since the provision was written.
Because the import of the provisions at issue needed to be clarified, a formal query was submitted to CNIPA( now called Agency for Digital Italy), so as to have an authoritative interpretation of the same provisions and of the agency’ s own guidelines, for in this way it would have been possible to correctly bring them to bear in framing specific e‐Government services. 1
Specifically, four issues were raised as follows.
5.2 Object of the signature
Question( 1: How to set up the procedure enabling a signatory to activate automated digital signing( typically done by entering a PIN) in compliance with the rule requiring that such activation be ascribable to the signatory’ s own intention and that the signatory be clearly notified of the kinds and the number of documents he or she is about to automatically sign? Specifically, in which of the following ways should the procedure be framed?
( a) Compliance is achieved by enabling signatories to view and access the exact list of documents they will be digitally signing. To this end the documents will have to be uniquely identified and be made accessible in some viewing format( e. g.,. doc,. pdf,. xml) before they are signed, the minimum requisite satisfying which the signatory can be said to have acted willingly. Signatories would in this case be asked to sign a bundle of digital documents whose contents they can individually view, but without being required to do so. This is achieved by clearly identifying and making fully viewable all the documents in the bundle( a solution we will call“ fully identified and represented document bundle”).
( b) Compliance is achieved by submitting to the signatory a list of future documents whose content cannot be fully accessible in its definitive form but is nonetheless represented in outline through a set of predetermined summary data, as through record layouts, arrays, and lists( this solution we will call“ identified but not fully represented document bundle”).
( c) Compliance is achieved simply by notifying the signatory that the signing procedure will apply to an abstract class of documents which cannot not yet be specifically identified because they will be created on demand, and which are therefore identified either by their kind or nature( e. g.,“ all payment orders coming in next month”) or by their number( e. g.,“ no more than 100 documents a day”). Under this solution, signatories would no more than activate a signing procedure( whose object can only be identified through abstract predicates, as no concrete description would be available). Whenever a document meeting the specified class criteria enters the system, the procedure previously activated by the signatory will affix a digital signature to it, also taking into account any maximum number of documents allowed. This will go on regardless of whether the signatory will express a new intention( this solution we will call“ abstractly identified documents”).
CNIPA responded by unequivocally by saying:“ Signatories must explicitly accept to sign documents if the procedure is automated” and“ must be fully aware of what they are signing,” and can expect the guarantees afforded by compliance with the procedure, of which they must be adequately informed( see Question 3 below).
To this CNIPA added that“ it will be up to each signatory to decide on a case‐by‐case basis whether the abstract framing of the class, as defined by the type and number of the documents that qualify for signing, is accurate enough to afford a clear picture of what he or she is consenting to, or whether a more accurate framing will be necessary.” 1
The query in question was submitted to CNIPA on 6 July 2009 and was anwered in Protocol No. 0006272 of 15 October 2009.
315