Commission Regulation (EU) No 920/2010 (repealed)Show full title

CHAPTER VII TECHNICAL REQUIREMENTS OF THE REGISTRIES SYSTEM

SECTION I Availability

Article 59Availability and reliability of the Union registry and the EUTL

1.The EUTL shall respond to any message from any registry within 24 hours of its receipt.

2.The Central Administrator shall take all reasonable steps to ensure that:

(a)the Union registry is available for access by account holders 24 hours a day, 7 days a week;

(b)the communication links referred to in Article 5(1) and (2) between the Union registry and the EUTL are maintained 24 hours a day, 7 days a week;

(c)backup hardware and software necessary in the event of a breakdown in operations of the primary hardware and software is provided for;

(d)the Union registry and the EUTL respond promptly to requests made by account holders.

3.The Central Administrator shall ensure that the Union registry and EUTL incorporate robust systems and procedures for the safeguarding of all data and the prompt recovery of all data and operations in the event of a disaster.

4.The Central Administrator shall keep interruptions to the operation of the Union registry and EUTL to a minimum.

Article 60Helpdesks

1.National administrators shall provide assistance and support to holders of accounts in the Union registry that are administered by them through national helpdesks.

2.The Central Administrator shall provide support to national administrators through a Central Helpdesk for the purposes of helping them to provide assistance in accordance with paragraph 1.

SECTION 2 Security, and authentication

Article 61Authentication of registries and the EUTL

1.The identity of the Union registry shall be authenticated towards the EUTL with digital certificates and usernames and passwords as indicated in the Data Exchange and Technical Specifications provided for in Article 71.

2.The Member States and the Union shall use the digital certificates issued by the Secretariat to the UNFCCC, or an entity designated by it, to authenticate their registries to the ITL for the purposes of establishing the communication link referred to in Article 5.

Article 62Accessing accounts in the Union registry

1.Account holders shall be able to access their accounts in the Union registry through the secure area of the Union registry. The Central administrator shall ensure that the secure area of the Union registry website is accessible through the Internet. The website of the Union registry shall be available in all languages of the European Union.

2.The Central administrator shall ensure that accounts in the Union registry where access through trading platforms in accordance with Article 19(3) is enabled and one authorised representative is also the authorised representative of a trading platform holding account are accessible to the trading platform operated by the holder of that trading platform holding account.

3.Communications between authorised representatives or trading platforms and the secure area of Union registry shall be encrypted in accordance with the security requirements set out in the Data Exchange and Technical Specifications provided for in Article 71.

4.The Central administrator shall take all necessary steps to ensure that unauthorised access to the secure area of the Union registry website does not occur.

5.If the security of the credentials of an authorised representative or additional authorised representative has been compromised, the authorised representative or additional authorised representative shall immediately inform the administrator of the account thereof and request a replacement.

Article 63Authentication and authorisation of authorised representatives in the Union registry

1.The Union registry shall issue each authorised representative and additional authorised representative with a username and password to authenticate them for the purposes of accessing the registry.

2.An authorised representative or additional authorised representative shall only have access to the accounts within the Union registry which he is authorised to access and shall only be able to request the initiation of processes which he is authorised to request pursuant to Article 19. That access or request shall take place through a secure area of the website of the Union registry.

3.In addition to the username and password referred to in paragraph 1, national administrators shall provide secondary authentication to all accounts administered by them. The types of secondary authentication mechanisms that can be used to access the Union registry shall be set out in the Data Exchange and Technical Specifications provided for in Article 71.

4.The administrator of an account may assume that a user who was successfully authenticated by the Union registry is the authorised representative or additional authorised representative registered under the provided authentication credentials, unless the authorised representative or additional authorised representative informs the administrator of the account that the security of his credentials has been compromised and requests a replacement.

Article 64Suspension of all access by authorised representatives due to a security breach

1.The Central Administrator may suspend access to the Union registry or the EUTL if there is a breach of security of the Union registry or the EUTL which threatens the integrity of the registries system, including the back-up facilities referred to in Article 59.

2.The administrator of a KP registry may suspend access by all users to its KP registry if there is a breach of security of the KP registry which threatens the integrity of the registries system, including the back-up facilities referred to in Article 59.

3.In the event of a breach of security that may lead to suspension of access, the administrator who becomes aware of the breach shall promptly inform the Central Administrator of any risks posed to other parts of the registries system. The Central Administrator shall then inform all other administrators.

4.If an administrator becomes aware of a situation that requires the suspension of all access to its system, it shall inform the Central Administrator and account holders with such prior notice of the suspension as is practicable. The Central Administrator will then inform all other administrators as soon as possible.

5.The notice referred to in paragraph 3 shall include the likely duration of the suspension and shall be clearly displayed on the public area of that KP registry’s website or on the public area of the EUTL's website.

Article 65Suspension of processes

1.The Commission may instruct the Central Administrator to temporarily suspend the acceptance by the EUTL of some or all processes originating from a KP registry, if that registry is not operated and maintained in accordance with the provisions of this Regulation and shall immediately notify the administrator of the KP registry thereof.

2.The Commission may instruct the Central Administrator to temporarily suspend the acceptance by the EUTL of some or all processes originating from the Union registry, if it is not operated and maintained in accordance with the provisions of this Regulation and shall immediately notify national administrators thereof.

3.The administrator of a KP registry may request the Central Administrator to temporarily suspend the transmission of all or some of the processes to its KP registry for the purposes of carrying out maintenance on its KP registry.

4.The Central administrator may temporarily suspend the initiation or acceptance of some or all processes in the Union registry for the purposes of carrying out scheduled maintenance on the Union registry.

5.A KP registry administrator may request the central administrator to reinstate processes suspended in accordance with paragraph 1 if it estimates that the outstanding issues that caused the suspension have been resolved. The Central administrator shall inform the registry administrator of its decision as soon as possible.

SECTION 3 Automated checking, recording and completing of processes

Article 66Automated checking of processes

1.All processes must conform to the general IT-requirements of electronic messaging that ensure the successful reading, checking and recording of a process by the Union registry. All processes must conform to the specific process-related requirements set out in Chapters IV to VI of this Regulation.

2.The EUTL shall conduct automated checks for all processes to identify irregularities, hereinafter referred to as ‘discrepancies’, whereby the proposed process does not conform to the requirements of Directive 2003/87/EC and of this Regulation.

Article 67Detection of discrepancies

1.In case of processes completed through the direct communication link between the Union registry and the EUTL referred to in Article 5(2), the EUTL shall terminate any processes where it identifies discrepancies upon conducting the automated checks referred to in Article 66(2), and shall inform thereof the Union registry and the administrator of the accounts involved in the terminated transaction by returning an automated check response code. The Union registry shall immediately inform the relevant account holders that the process has been terminated.

2.In case of transactions completed through the ITL referred to in Article 5(1), the ITL shall terminate any processes where discrepancies are identified either by the ITL or the EUTL upon conducting the automated checks referred to in Article 66(2). Following a termination by the ITL, the EUTL shall also terminate the transaction. The ITL informs the administrators of the registries involved of the termination of the transaction by returning an automated check response code. If one of the registries involved is the Union registry, the Union registry shall also inform the administrator of the Union registry accounts involved in the terminated transaction by returning an automated check response code. The Union registry shall immediately inform the relevant account holders that the process has been terminated.

Article 68Detection of discrepancies by the registries

1.The Union registry and every other KP registry shall contain check input codes and check response codes to ensure the correct interpretation of information exchanged during each process. The check codes shall correspond to those contained in the Data Exchange and Technical Specifications provided for in Article 71.

2.Prior to and during the execution of all processes the Union registry shall conduct appropriate automated checks to ensure that discrepancies are detected and incorrect processes are terminated in advance of automated checks being conducted by the EUTL.

Article 69Reconciliation — Detection of inconsistencies by the EUTL

1.The EUTL shall periodically initiate data reconciliation to ensure that the EUTL's records of accounts, holdings of Kyoto units and allowances match the records of these holdings in the Union registry. For that purpose the EUTL shall record all processes.

2.The ITL periodically initiates data reconciliation to ensure that the ITL's records of the holdings of Kyoto units match the records of these holdings in the Union registry and every other KP registry.

3.If during the data reconciliation process referred to in paragraph 1, an irregularity, hereinafter referred to as ‘inconsistency’, is identified by EUTL, whereby the information regarding accounts, holdings of Kyoto units and allowances provided by the Union registry as part of the periodic reconciliation process differs from the information contained in the EUTL, the EUTL shall ensure that no further processes may be completed with any of the accounts, allowances or Kyoto units which are the subject of the inconsistency. The EUTL shall immediately inform the Central Administrator and the administrators of the relevant accounts of any inconsistency.

Article 70Finalisation of processes

1.All transactions communicated to the ITL in accordance with Article 5(1) shall be final when the ITL notifies to the EUTL that it has completed the process.

2.All transactions and other processes communicated to the EUTL in accordance with Article 5(3) shall be final when the EUTL notifies to the Union registry that it has completed the processes.

3.The data reconciliation process referred to in Article 69(1) shall be final when all inconsistencies between the information contained in the Union registry and the information contained in the EUTL for a specific time and date have been resolved, and the data reconciliation process has been successfully re-initiated and completed.

SECTION 4 Specifications and change management

Article 71Data Exchange and Technical Specifications

Following an opinion of the Climate Change Committee pursuant to Article 3 of Council Decision 1999/468/EC(1), the Commission shall adopt the Data Exchange and Technical Specifications necessary for exchanging data between registries and transaction logs, including the identification codes, automated checks and response codes, as well as the testing procedures and security requirements necessary for the launching of data exchange. The Data Exchange and Technical Specifications shall be consistent with the functional and technical specifications for data exchange standards for registry systems under the Kyoto Protocol elaborated pursuant to Decision 12/CMP.1.

Article 72Change management

If a new version or release of a KP registry, including the Union registry is required, that registry shall complete the testing procedures set out in the Data Exchange and Technical Specifications provided for in Article 71 before a communication link is established and activated between the new version or release of that registry and the EUTL or ITL.