Certification Practices and Policies

Declaration of Certification Practices and Policies according to Certificate

EDICOM is constituted as Certification Services Provider or Certification Authority by virtue of the document sent to the Ministry of Industry, Commerce and Tourism in accordance with that set forth in Law 59/2003 of 19th December on electronic signature, in article 30 of the same, transitory provision nº 2:

"Certification Service Providers must communicate to the Ministry of Industry, Tourism and Commerce the beginning of their activity, their identification details, including the fiscal and registry identification, and, where indicated, the data that enable communication to be established with the provider, including the Internet domain name, the customer service details, the features of the services to be provided, the certificates obtained for said services and certificates of the devices used.

EDICOM issues ACEDICOM certificates, which are Qualified certificates for identification and advanced electronic signature, for the use of physical persons or legal organisations (known collectively as subscribers) that need to engage in relations with the Public Administrations and other institutions or companies in the Electronic Data Interchange area and/or to equip themselves with certified storage systems.

ACEDICOM also issues server certificates and other types of certificates for purposes other than "electronic signature". They cannot be considered subject to that laid down in Law 59/2003 on Electronic Signature, of 19th December, since they do not come under the concept of "electronic certificate" defined in article 6 of said law, and are not suitable to provide support to the "Electronic Signature" in the same one. They are mentioned in this page exclusively because they form part of the certificate catalogue issued by ACEDICOM, although they are not subject to the criteria and procedures required for Qualified certificates, although they do share the whole physical and security infrastructure established for said certificates.

To this end, the Certification Practices Declaration which constitutes the general compendium of rules applicable to all certifying activities of the EDICOM Certification Authority as Certification Services Provider is hereby published. However, the different specialities applicable to each of the different types of certificates that are issued are stipulated in the different Certification Policies which, as complementary and specific norms, will prevail over the present Declaration of Certification Practices as regards each type of certificate. The different policies are also listed below.

Certification Practices Declaration.

• ACEDICOM Certification Practices Statement.

Certification Policies according to Certificate type.

• Certification Policies for TLS Server and Client certificate (Spanish)
• Certification Policies for Qualified certificates of signature on secure centralised device for electronic invoicing and certified storage (Spanish)
• Certification Policies for Qualified certificates of signature on secure centralised device (with limited use) (Spanish)
• Certification Policies for Qualified certificates of signature on secure centralised "Smart Card" device (with limited use). (Spanish)
• Certification Policies for Qualified certificate of signature with limited use on Software support. (Spanish)

Polices for ACEDICOM Electronic signature services.

• ACEDICOM - Politica Servicio Timestamping.pdf (Spanish)