Commission Regulation (EU) No 920/2010 (repealed)Show full title

SECTION 2 Security, and authentication

Article 61Authentication of registries and the EUTL

1.The identity of the Union registry shall be authenticated towards the EUTL with digital certificates and usernames and passwords as indicated in the Data Exchange and Technical Specifications provided for in Article 71.

2.The Member States and the Union shall use the digital certificates issued by the Secretariat to the UNFCCC, or an entity designated by it, to authenticate their registries to the ITL for the purposes of establishing the communication link referred to in Article 5.

Article 62Accessing accounts in the Union registry

1.Account holders shall be able to access their accounts in the Union registry through the secure area of the Union registry. The Central administrator shall ensure that the secure area of the Union registry website is accessible through the Internet. The website of the Union registry shall be available in all languages of the European Union.

2.The Central administrator shall ensure that accounts in the Union registry where access through trading platforms in accordance with Article 19(3) is enabled and one authorised representative is also the authorised representative of a trading platform holding account are accessible to the trading platform operated by the holder of that trading platform holding account.

3.Communications between authorised representatives or trading platforms and the secure area of Union registry shall be encrypted in accordance with the security requirements set out in the Data Exchange and Technical Specifications provided for in Article 71.

4.The Central administrator shall take all necessary steps to ensure that unauthorised access to the secure area of the Union registry website does not occur.

5.If the security of the credentials of an authorised representative or additional authorised representative has been compromised, the authorised representative or additional authorised representative shall immediately inform the administrator of the account thereof and request a replacement.

Article 63Authentication and authorisation of authorised representatives in the Union registry

1.The Union registry shall issue each authorised representative and additional authorised representative with a username and password to authenticate them for the purposes of accessing the registry.

2.An authorised representative or additional authorised representative shall only have access to the accounts within the Union registry which he is authorised to access and shall only be able to request the initiation of processes which he is authorised to request pursuant to Article 19. That access or request shall take place through a secure area of the website of the Union registry.

3.In addition to the username and password referred to in paragraph 1, national administrators shall provide secondary authentication to all accounts administered by them. The types of secondary authentication mechanisms that can be used to access the Union registry shall be set out in the Data Exchange and Technical Specifications provided for in Article 71.

4.The administrator of an account may assume that a user who was successfully authenticated by the Union registry is the authorised representative or additional authorised representative registered under the provided authentication credentials, unless the authorised representative or additional authorised representative informs the administrator of the account that the security of his credentials has been compromised and requests a replacement.

Article 64Suspension of all access by authorised representatives due to a security breach

1.The Central Administrator may suspend access to the Union registry or the EUTL if there is a breach of security of the Union registry or the EUTL which threatens the integrity of the registries system, including the back-up facilities referred to in Article 59.

2.The administrator of a KP registry may suspend access by all users to its KP registry if there is a breach of security of the KP registry which threatens the integrity of the registries system, including the back-up facilities referred to in Article 59.

3.In the event of a breach of security that may lead to suspension of access, the administrator who becomes aware of the breach shall promptly inform the Central Administrator of any risks posed to other parts of the registries system. The Central Administrator shall then inform all other administrators.

4.If an administrator becomes aware of a situation that requires the suspension of all access to its system, it shall inform the Central Administrator and account holders with such prior notice of the suspension as is practicable. The Central Administrator will then inform all other administrators as soon as possible.

5.The notice referred to in paragraph 3 shall include the likely duration of the suspension and shall be clearly displayed on the public area of that KP registry’s website or on the public area of the EUTL's website.

Article 65Suspension of processes

1.The Commission may instruct the Central Administrator to temporarily suspend the acceptance by the EUTL of some or all processes originating from a KP registry, if that registry is not operated and maintained in accordance with the provisions of this Regulation and shall immediately notify the administrator of the KP registry thereof.

2.The Commission may instruct the Central Administrator to temporarily suspend the acceptance by the EUTL of some or all processes originating from the Union registry, if it is not operated and maintained in accordance with the provisions of this Regulation and shall immediately notify national administrators thereof.

3.The administrator of a KP registry may request the Central Administrator to temporarily suspend the transmission of all or some of the processes to its KP registry for the purposes of carrying out maintenance on its KP registry.

4.The Central administrator may temporarily suspend the initiation or acceptance of some or all processes in the Union registry for the purposes of carrying out scheduled maintenance on the Union registry.

5.A KP registry administrator may request the central administrator to reinstate processes suspended in accordance with paragraph 1 if it estimates that the outstanding issues that caused the suspension have been resolved. The Central administrator shall inform the registry administrator of its decision as soon as possible.