150 likes | 338 Views
Authenticity of Electronic Records in XBRL. Lucas Cardholm, LL.M. Working Group Authenticity and Security, XBRL Sweden lucas.cardholm@se.ey.com. Background. XBRL Sweden objective is to create a Swedish XBRL taxonomy applicable for companies reporting under Swedish GAAP as well as IFRS
E N D
Authenticity of Electronic Records in XBRL Lucas Cardholm, LL.M. Working Group Authenticity and Security, XBRL Sweden lucas.cardholm@se.ey.com
Background • XBRL Sweden objective is to create a Swedish XBRL taxonomy applicable for companies reporting under Swedish GAAP as well as IFRS • Non-profit organisation • Lucas is IT-Lawyer in WG ”Authenticity and Security” • Ernst & Young, Technology & Security Risk Services
Sw. Companies Reg. Office Auditor Public Authorities Book-keeping Market Signature (authenticity) Confidentiality Project Background Company
Members of the board, Managing Director Data integrity Initials, members of the board and Auditor(s) Proof of adoption resolution, member of the board Auditors endorsement The annual report
Electronic/Digital World ? Signers intention is often not defined when signature is created. One Signature – a variety of intentions Paper World Identify • Assure Authenticity • Integrity • Non-repudiation Legal Effect Declaration of Commitment Warning Signers intention is defined by the nature of the document and years of practise, legal effect by the court of law.
The need for Declaration of Commitment ”I agree that the report is correct” ”Figures are correct” No commitment, but intention ”No pages are (ex)changed” ”I certify that the shareholder meeting has adopted the annual report” ”I have audited and produced an audit report…”
Proposed solution • Definition of four levels of liability • Recommendations on what to include within the signature and how to attach the commitment of the signature • Focus on the XBRL annual report and audit report for them to have legal validity
Signature Liability Levels Personal Liability Electronic Record signed by Natural Person Legally binding signature for natural person Without contractual relationship High Liability Electronic Record signed by Legal Person Legally binding signature for legal person Low Liability Electronic Record signed by Legal Person With or without prior contractual relationship Not denied legal effect No Liability Authenticated Electronic Record Must not give any legal effect!
The need for Liability levels Personal Liability Low Liability? No Liability Personal Liability Personal Liability or High Liability
Current activities • Discussion paper delivered to XBRL in Europe and XBRL International • Discussions with vendors regarding pilot implementations and adoption of signatures
More information • www.xbrl.se • www.xbrl.org • www.etsi.org fredrik.hertz@se.ey.com
Brief drill-down Fredrik Hertz, MSc, CISSP Head of Working Group Authenticity and Security, XBRL Sweden fredrik.hertz@se.ey.com
Electronic Record Application External Dependencies 1 Declaration of Warning Unique Authenticity Level Legal Effect Commitment Identification No DC DC Record Signer Personal Liability SHOULD MUST MUST MUST Yes Yes Yes High Liability SHOULD SHOULD MUST MUST Yes Yes Yes Low Liability MAY Matrix overview MAY SHOULD SHOULD Yes By contract Not Denied No Liability SHOULD SHOULD NOT SHOULD NOT MAY Data integrity only No No Liability 1 “No DC” denotes No Declaration of Commitment present in signature , while “DC” denote s Declaration of Commitment present in signature .
Implementation • <SignedDataObjectProperties> (CommitmentTypeIndication) • <SignedSignatureProperties> (SignatureLiability) • Specification of when the application should present a warning
Useful in this context • Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures • IETF RFC 3275: "XML-Signature Syntax and Processing“ • ETSI TS 101 903: " XML Advanced Electronic Signatures (XAdES)”