Www.XBRL.se Authenticity of Electronic Records in XBRL Lucas Cardholm, LL.M. Working Group...
-
Upload
rudolf-hampton -
Category
Documents
-
view
215 -
download
3
Transcript of Www.XBRL.se Authenticity of Electronic Records in XBRL Lucas Cardholm, LL.M. Working Group...
www.XBRL.se
Authenticity of Electronic Records in XBRL
Lucas Cardholm, LL.M.Working Group Authenticity and Security, XBRL Sweden
XBRL Sweden objective is to create a Swedish XBRL taxonomy applicable for companies reporting under Swedish GAAP as well as IFRS
Non-profit organisation Lucas is IT-Lawyer in WG ”Authenticity and Security” Ernst & Young, Technology & Security Risk Services
Background
Project Background
CompanyCompanyAuditorAuditor
Book-keepingBook-keeping
Sw. Companies Sw. Companies Reg. OfficeReg. Office
Signature (authenticity) Confidentiality
MarketMarket
PublicPublicAuthoritiesAuthorities
The annual report
Auditors endorsement
Members of the board, Managing Director Data
integrity
Initials, members of the board and Auditor(s)
Proof of adoption resolution, member of the board
One Signature – a variety of intentions
Paper WorldPaper World
Signers intention is defined by the nature of the document and years of practise, legal effect by the court of law.
Identify
Assure Authenticity•Integrity•Non-repudiation
Legal Effect
Declaration of Commitment
Warning
Electronic/Digital WorldElectronic/Digital World
Signers intention is often not defined when signature is created.
?
The need for Declaration of Commitment
”Figures are correct”
No commitment, but intention ”No pages are (ex)changed”
”I agree that the report is correct”
”I have audited and produced an audit report…”
”I certify that the shareholder meeting has adopted the annual report”
Proposed solution Definition of four levels of liability Recommendations on what to include within the signature
and how to attach the commitment of the signature Focus on the XBRL annual report and audit report for
them to have legal validity
Signature Liability Levels
High LiabilityElectronic Record signed by Legal Person
Personal LiabilityElectronic Record signed by Natural Person
Low LiabilityElectronic Record signed by Legal Person
No LiabilityAuthenticated Electronic Record
Withoutcontractual relationship
With or without prior contractual relationship
Not denied legal effect
Must not give any legal effect!
Legally binding signature for legal person
Legally binding signature for natural person
The need for Liability levels
Low Liability?
No Liability
Personal Liability
Personal Liability orHigh Liability
Personal Liability
Current activities Discussion paper delivered to XBRL in Europe and XBRL
International Discussions with vendors regarding pilot implementations
and adoption of signatures
More information www.xbrl.se www.xbrl.org www.etsi.org
www.XBRL.se
Brief drill-down
Fredrik Hertz, MSc, CISSPHead of Working Group Authenticity and Security, XBRL Sweden
Matrix overview
Electronic Record Application External Dependencies
Warning1 Authenticity Level
Declaration of
Commitment No DC DC
Unique
Identification Record Signer Legal Effect
Personal Liability SHOULD MUST MUST MUST Yes Yes Yes
High Liability SHOULD SHOULD MUST MUST Yes Yes Yes
Low Liability MAY MAY SHOULD SHOULD Yes By contract Not Denied
No Liability SHOULD SHOULD NOT SHOULD NOT MAY Data integrity only No No Liability
1 “No DC” denotes No Declaration of Commitment present in signature, while “DC” denotes Declaration of Commitment present in signature.
Implementation <SignedDataObjectProperties>
(CommitmentTypeIndication)
<SignedSignatureProperties>(SignatureLiability)
Specification of when the application should present a warning
Useful in this context Directive 1999/93/EC of the European Parliament and of
the Council of 13 December 1999 on a Community framework for electronic signatures
IETF RFC 3275: "XML-Signature Syntax and Processing“
ETSI TS 101 903: " XML Advanced Electronic Signatures (XAdES)”