ãã©ã³ã¹ã«ãããé»å眲åãµãŒãã¹ãããã€ããŒã®çŸ©å
eIDAS驿 Œæ§ãRGPDé©åæ§ãANSSIèŠä»¶ïŒé»å眲åãµãŒãã¹ãããã€ããŒã¯å³æ Œãªæ³çæ çµã¿ã«çŽé¢ããŠããŸããéµå®ãã¹ããã¹ãŠã®çŸ©åãã芧ãã ããã
Certyneo ããŒã
ã©ã€ã¿ãŒ â Certyneo · Certyneo ã«ã€ããŠ
ã¯ããã«
ãã©ã³ã¹ã§é»å眲åãœãªã¥ãŒã·ã§ã³ãå°å ¥ããããšã¯ãå³èã§ã¯ã§ããŸããã驿 ŒãŸãã¯é«åºŠãªçœ²åã®èåŸã«ã¯ãä¿¡é ŒãµãŒãã¹ãããã€ããŒ(PSCo)ã«è©²åœããæ°åã®æ³ç矩åããããŸããeIDASèŠåãRGPDãäžè¬ã»ãã¥ãªãã£åç §æ ãETSIèŠæ ŒâŠèŠå¶æ çµã¿ã¯å¯éããŠãããšåæã«é²åããŠããŸããå©çšäŒæ¥ã«ãšã£ãŠããã©ã³ã¹ã®eIDAS RGPDé»å眲åãµãŒãã¹ãããã€ããŒã®æ³ç矩åãçè§£ããããšã¯ãé©åããããŒãããŒãéžæããæ³çãªã¹ã¯ãåé¿ããããã«äžå¯æ¬ ã§ããæ¬èšäºã§ã¯ããã©ã³ã¹é åã§æŽ»åããPSCoã«é©çšå¯èœãªãã¹ãŠã®èŠä»¶ã®å šäœåããã»ã¯ã·ã§ã³ããšã«è©³ãã説æããŠããŸãã
---
驿 Œä¿¡é ŒãµãŒãã¹ãããã€ããŒã®å°äœ
eIDASã®æå³ã§ã®PSCoãšã¯ïŒ
eIDASèŠå第910/2014å·ã¯ããããã€ããŒã2ã€ã®ã«ããŽãªãŒã«åããŸãïŒé驿 ŒãµãŒãã¹ãããã€ããŒãšé©æ Œãããã€ããŒ(PSCQ)ãæåã®ãã®ã¯ã第äžè ç£æ»ãªãã§ç°¡åãªé»å眲åãŸãã¯é«åºŠãªé»å眲åãæäŸããããšãã§ããŸãã2çªç®ã®ãã®âeIDASã®ç¬¬3æ¡(15)ã®æå³ã§é©æ Œçœ²åãçºè¡ããããšã®ã¿èš±å¯ããããã®âã¯ããªã峿 ŒãªèŠä»¶ãæºããå¿ èŠããããŸãã
ãã©ã³ã¹ã§ã¯ãåœå®¶æ å ±ã·ã¹ãã ã»ãã¥ãªãã£æ©é¢(ANSSI)ãeIDASã®ç¬¬17æ¡ã§äºèŠãããŠããç£èŠæ©é¢ã®åœ¹å²ãæãããŸããANSIIã¯ãã©ã³ã¹ä¿¡é Œãªã¹ã(TSL âä¿¡é ŒãµãŒãã¹ãªã¹ã)ãçºè¡ã»ç®¡çããŠãããå ¬åŒãµã€ãããã¢ã¯ã»ã¹ã§ãã驿 Œãããã€ããŒãšãã®ãµãŒãã¹ããªã¹ãã¢ããããŠããŸãã
驿 Œåæç¶ïŒç£æ»ãšé©åæ§
PSCoã驿 Œå°äœãååŸããã«ã¯ãå¿ ã以äžãè¡ããªããã°ãªããŸããïŒ
- COFRACèªå®CAB(é©åæ§è©äŸ¡æ©é¢)ã«ç£æ»ã宿œããããããã¯EN ISO/IEC 17065èŠæ Œã«åŸã£ãŠå®æœãããŸãã
- ç£æ»å ±åæžãANSIIã«æåºããANSIIã驿 Œå°äœã®ä»äžã«ã€ããŠå€æããŸãããã®å°äœã¯å°ãªããšã24ã¶æããšã«åè©äŸ¡ãããŸã(eIDAS第20æ¡Â§1)ã
- ãµãŒãã¹ã®å€§å¹ ãªå€æŽãANSIIã«éç¥ããå¿ èŠããããããã¯äºå®å€æŽã®3ã¶æåã«è¡ãå¿ èŠããããŸã(eIDAS第21æ¡)ã
ãããã®æé ãéµå®ããªãå Žåããããã€ããŒã¯TSLããåé€ãããå¯èœæ§ãããã驿 Œçœ²åã«ä»å±ããæ³çæšå®ã®å©çã倱ãå¯èœæ§ããããŸããã¯ã©ã€ã¢ã³ãäŒæ¥ã«ãšã£ãŠãTSLã«ãªã¹ããããŠããªãPSCoã䜿çšããããšã¯ãä¿¡é Œæ§ã®æ³çæšå®ã®å©çãåããªãããšãæå³ããŸãã
> eIDAS 2.0èŠåã®ããŸããŸãªã¬ãã«ã®çœ²åãšãã®æ³ç广ã«ã€ããŠããã«è©³ããç¥ãã«ã¯ãeIDASèŠåã®å®å šã¬ã€ããã芧ãã ããã
---
PSCoã«èª²ããããæè¡çããã³ã»ãã¥ãªãã£èŠä»¶
ETSIèŠæ Œãžã®æºæ
驿 Œãããã€ããŒã¯ã欧å·é»æ°éä¿¡æšæºåæ©é¢(ETSI)ãçºè¡ããäžé£ã®ãšãŒãããèŠæ Œã«æºæ ããå¿ èŠããããŸããäž»ãªãã®ã¯ïŒ
- ETSI EN 319 401 ïŒãã¹ãŠã®PSCoã«é©çšãããäžè¬çãªã»ãã¥ãªãã£èŠä»¶ã
- ETSI EN 319 411-1ããã³411-2 ïŒé©æ Œçœ²åèšŒææžãçºè¡ããèªèšŒå±ã®ããªã·ãŒããã³æ £è¡ã
- ETSI EN 319 132 ïŒé«åºŠãªé»å眲å圢åŒ(XMLã®XAdESãPDFã®PAdESãCMSã®CAdES)ã
- ETSI EN 319 122 ïŒé©æ Œçœ²åã®ããã®CAdES圢åŒã
- ETSI TS 119 431 ïŒãªã¢ãŒã眲åäœæãµãŒãã¹(é éQSCD)ã®èŠä»¶ã
ãããã®èŠæ Œã¯ä»»æã§ã¯ãããŸãããeIDASèŠå(é屿žIIãIIIããã³IV)ã¯ã驿 ŒèšŒææžããã³ããã€ã¹ã®æå°èŠä»¶ãå®çŸ©ããããã«æç€ºçã«ããããåç §ããŠããŸãã
ã»ãã¥ã¢ãªçœ²åäœæããã€ã¹(QSCD)ã®ç®¡ç
驿 Œçœ²åã®æ±ã®1ã€ã¯ãeIDASã®é屿žIIã«æºæ ããã»ãã¥ã¢ãªçœ²åäœæããã€ã¹(QSCD â驿 Œçœ²åäœæããã€ã¹)ã®äœ¿çšã§ãããããã€ããŒã¯ä»¥äžãä¿èšŒããå¿ èŠããããŸãïŒ
- 眲åè ã®ç§å¯éµã¯QSCDå€ã§çæãä¿åããŸãã¯ã³ããŒãããããšã¯ã§ããŸããã
- éµã®çæã¯èªå®ç°å¢å ã§ã®ã¿è¡ãããŸã(Common Criteria EAL 4+èªå®ãŸãã¯åç)ã
- 眲åè ã®èªèšŒã¯çœ²åè¡çºã«å ç«ã¡ãå°ãªããšã2èŠçŽ èªèšŒã«åºã¥ããŠããŸãã
ãªã¢ãŒã眲åâSaaSç°å¢ã§ã¯ãŸããŸãäžè¬çâã®æèã§ã¯ããããã®èŠä»¶ã¯ããŒããã¹ããããµãŒããŒHSM(ããŒããŠã§ã¢ã»ãã¥ãªãã£ã¢ãžã¥ãŒã«)ã«é©çšãããŸããANSIIã¯ç¹å®ã®ä¿è·ãããã£ãŒã«(PP-0075ãPP-0076)ãçºè¡ããŠãããéæãã¹ãã»ãã¥ãªãã£åºæºãå®çŸ©ããŠããŸãã
ç¶ç¶æ§ããªã·ãŒãšã€ã³ã·ãã³ãéç¥
eIDASã®ç¬¬19æ¡ã¯ããã¹ãŠã®ä¿¡é ŒãµãŒãã¹ãããã€ããŒ(驿 ŒãŸãã¯ããã§ãªã)ã«ä»¥äžã矩åä»ããŸãïŒ
- ã»ãã¥ãªãã£äŸµå®³ãæ€åºããŠãã24æé以å ã«ãç£èŠæ©é¢(ANSSI)ããã³å¿ èŠã«å¿ããŠããŒã¿ä¿è·æ©é¢(CNIL)ã«éç¥ãããããã¯ãµãŒãã¹ã®ä¿¡é Œæ§ã«ï¿œæªåœ±é¿ãäžããå¯èœæ§ããããŸãã
- 宿çã«ãã¹ããããæžé¢åãããæ¥åç¶ç¶èšç»ãç¶æããã
- ã»ãã¥ãªãã£ãªã¹ã¯ç®¡çãã€ã³ã·ãã³ã管çãããã¯ã¢ããããªã·ãŒãå«ã圢åŒåãããæ å ±ã»ãã¥ãªãã£ããªã·ãŒãæã€ã
ãããã®èŠä»¶ã¯ãNIS2æä»€(2022/2555/EU)ã®èŠä»¶ãšéšåçã«éè€ããŠããã2023幎8æ1æ¥ç¬¬2023-703æ³ã§ãã©ã³ã¹æ³ã«è»¢çœ®ãããŠãããããªãã®èŠæš¡ã®PSCoãéèŠãŸãã¯å¿ é ãšã³ãã£ãã£ã«åé¡ãã匷åããããµã€ããŒã»ãã¥ãªãã£çŸ©åã®å¯Ÿè±¡ãšãªããŸãã
> PSCoãæ³åŸäºåæåãã®é»å眲åãã©ã®ããã«ããŠãããã®å¶çŽãææžã¯ãŒã¯ãããŒã«çµ±åããå¿ èŠããããã«ã€ããŠã詳ããç¥ãããšãã§ããŸãã
---
PSCoã«åºæã®RGPD矩å
PSCoã¯è²¬ä»»è ãåŠçè ãïŒ
èŠå¶ãããRGPDãããã€ããŒã®é©æ Œæ§ã¯ãæäŸããããµãŒãã¹ã®æ§è³ªã«äŸåããŸãïŒ
- PSCoã眲åè ã®ååã§çŽæ¥é©æ ŒèšŒææžãçºè¡ããå人ããŒã¿åŠçã®ç®çãæ±ºå®ããå Žå(身å ãèªèšŒçšçäœæ å ±ããŒã¿)ãRGPD第4æ¡(7)ã®æå³ã§è²¬ä»»è ãšããŠæ©èœããŸãã
- ãããB2Bã¯ã©ã€ã¢ã³ãã®ãã©ãããã©ãŒã ã«çµ±åããããã®ã¯ã©ã€ã¢ã³ãã®æç€ºã®ã¿ã«åŸã£ãŠããŒã¿ãåŠçããå ŽåãRGPD第4æ¡(8)ã®æå³ã§åŠçè ã®è³æ Œãæã¡ãRGPD第28æ¡ã«æºæ ããDPA(ããŒã¿åŠçå¥çŽ)ãå¿ ãç· çµããå¿ èŠããããŸãã
å®éã«ã¯ãã»ãšãã©ã®PSCo SaaSã¯äž¡æ¹ã®è³æ Œãçµã¿åãããŠããŸãïŒèªç€Ÿã®èªèšŒã€ã³ãã©ã®ç®¡çã§ã¯è²¬ä»»è ã§ããã眲åè ã®ææžãšã¡ã¿ããŒã¿ã®åŠçã§ã¯åŠçè ã§ãã
çäœæ å ±ããã³èº«å ããŒã¿ã«é¢é£ããç¹å®ã®çŸ©å
眲åè ã®èå¥ãšèªèšŒâ驿 ŒèšŒææžãçºè¡ããããã®å¿ é ã¹ãããâã¯ãå€ãã®å Žåãæ©å¯ããŒã¿ã®åŠçã䌎ããŸãïŒèº«åèšŒææžã®ã¹ãã£ã³ãã»ã«ãã£ãŒãããªãé¡èªèçäœæ å ±ããŒã¿ããã®ããŒã¿ã¯RGPDã®å¯Ÿè±¡ãšãªãå人ããŒã¿ãæ§æããRGPD第9æ¡ã«è©²åœããçäœæ å ±ããŒã¿ããããããããããŸãã(ç¹å¥ãªã«ããŽãªãŒ)ã
PSCoã®çŸ©åã«ã¯ä»¥äžãå«ãŸããŸãïŒ
- æ³çæ ¹æ ïŒçäœæ å ±ããŒã¿ã®åŠçã«ã€ããŠã¯ãæç€ºçãªåæ(第9æ¡Â§2a)ãŸãã¯ç¹å®ã®å Žåã¯æ³ç矩å(第9æ¡Â§2b)ã
- ä¿ææéãéå®ãããïŒCNILã¬ã€ãã©ã€ã³ã«ãããšãèå¥ããŒã¿ã¯å³å¯ã«å¿ èŠãªæéä¿æãããå¿ èŠããããéåžžã¯èšŒææžã®æå¹æé+æ³ç蚌ææé(ç§çœ²èšŒæžã§ã¯å€ãã®å Žå10å¹Žãæ°æ³ç¬¬2224æ¡)ã«åãããããŸãã
- 圱é¿è©äŸ¡(AIPD)ãå¿ é (第35æ¡RGPD)ã§ããåŠçãé«ããªã¹ã¯ãåŒãèµ·ããå¯èœæ§ã®ããå Žåâããã¯çäœèªèšŒã§ã¯åžžã«ããã§ãã
- åŠçç»é²(第30æ¡RGPD)ãææ°ã«ä¿ãããååŠçã«ããŽãªãŒãææžåããŠããŸãã
åœéçãªããŒã¿è»¢é
å€ãã®PSCoã¯ãã€ã³ãã©ã®å šéšãŸãã¯äžéšã欧å·çµæžé å(EEE)å€ã«ãã¹ãããŠããŸãããã®å ŽåãRGPD第Vãã£ãã¿ãŒã§èŠæ±ãããé©åãªä¿éã課ãããŸãïŒé©åæ§æ±ºå®ã欧å·å§å¡äŒã®æšæºå¥çŽæ¡é (SCC)ãŸãã¯ãã€ã³ãã£ã³ã°äŒæ¥ã«ãŒã«(BCR)ãSchrems II倿±º(CJEUãC-311/18ã2020幎7æ16æ¥)ã¯ãç±³åœãžã®è»¢éããªã¹ã¯åæãäºåã«è¡ãããããšãèŠæ±ããããšãæãåºãããŸããã
> ãããã®ã«ãŒã«ãçµç¹ã«äžãã圱é¿ãçè§£ããã«ã¯ãäŒæ¥ã«ãããé»å眲åã¬ã€ããã芧ãã ããã
---
ãŠãŒã¶ãŒãžã®éææ§ãšæ å ±çŸ©å
èªå®ããªã·ãŒ(PC)ããã³èªå®å®è·µå®£èš(DPC)
èšŒææžãçºè¡ãããã¹ãŠã®PSCoã¯ãèªå®ããªã·ãŒ(PC)ããã³èªå®å®è·µå®£èš(DPC)ãçºè¡ããå¿ èŠããããŸãããããã¯ETSI EN 319 411èŠæ Œã«æºæ ããŠããŸãããããã®ææžã¯èªç±ã«ã¢ã¯ã»ã¹å¯èœã§ããã以äžã詳述ããŠããŸãïŒ
- 眲åè ã®èå¥ãšç»é²ã®æé ã
- å±éãããã»ãã¥ãªãã£å¯Ÿç(ç©ççããã³è«çç)ã
- èšŒææžå€±å¹ã®æ¡ä»¶ãšé¢é£é å»¶ã
- PSCoã®è²¬ä»»ãšä¿èšŒã®å¶éã
ãããã®ææžããªãããŸãã¯äžå®å šãªå Žåã驿 Œãããã€ããŒã«ãã£ãŠèªå®ç£æ»æã«æ€åºãããã¹ãéæºæ ãæ§æããŸãã
ã¯ã©ã€ã¢ã³ããžã®å¥çŽåããã³å¥çŽæ å ±
çŽç²ã«æè¡çãªçŸ©åãè¶ ããŠãRGPD第13æ¡ã¯ãPSCoãæç¢ºã§å ¥æå¯èœãªæ å ±ããããŒã¿ãåéããããã¹ãŠã®åäººã«æäŸããããšã矩åä»ããŠããŸãïŒ
- 責任è ã®èº«å ãšé£çµ¡å ãããã³DPOã®é£çµ¡å (å€§èŠæš¡ã«æ©å¯ããŒã¿ãåŠçããPSCoã§ã¯å¿ é ãRGPD第37æ¡)ã
- ååŠçã®ç®çãšæ³çæ ¹æ ã
- åäººã®æš©å©(ã¢ã¯ã»ã¹ãèšæ£ãåé€ãããŒã¿ããªãã£ãç°è°)ã
- ããŒã¿ã®æœåšçãªåå人(åŠçè ãåœå±)ã
ãã®æ å ±ã¯ããµãŒãã¹ã®ãã©ã€ãã·ãŒããªã·ãŒãå©çšèŠçŽãããã³å¿ èŠã«å¿ããŠã¯ã©ã€ã¢ã³ãå°éå®¶ãšç· çµãããDPAã«å«ãŸããå¿ èŠããããŸãã
驿 Œã¿ã€ã ã¹ã¿ã³ããšç£æ»èšŒè·¡
眲åã®é·æçãªèšŒæ äŸ¡å€ãä¿èšŒããããã«ãçæ¯ãªPSCoã¯éåžžãå眲åè¡çºã«é©æ Œé»åã¿ã€ã ã¹ã¿ã³ã(eIDAS第42æ¡)ãäœç³»çã«é¢é£ä»ããŠããŸãããã®ã¿ã€ã ã¹ã¿ã³ãã¯ãæå®ãããæ¥ä»ã®ããŒã¿ã®ååšã®æ³çã«æšå®ããã蚌æ ãæ§æããŠããŸããç£æ»èšŒè·¡(èå¥ãã°ãææžãããããªã³ãã眲åããŒã¿)ã®ä¿æã¯ããã®åŸã®åžæ³æ€èšŒãå¯èœã«ããããã®å®è³ªç矩åã§ãã
> é»å眲åãœãªã¥ãŒã·ã§ã³æ¯èŒã§ãããã®åºæºã«åŸã£ãŠããŒã±ãããœãªã¥ãŒã·ã§ã³ãæ¯èŒããŠãã ããã
---
eIDAS 2.0ïŒ2026ã2027幎ã«åããæ°ãã矩å
eIDAS 2.0èŠå(EU) 2024/1183
2024幎4æ30æ¥ã«EUå®å ±ã«æ²èŒãããeIDAS 2.0èŠå(EU) 2024/1183ã¯ã3ã€ã®è»žã®åšãã§PSCoã®çŸ©åãå€§å¹ ã«åŒ·åããŠããŸãïŒ
- 欧å·ããžã¿ã«èº«åãŠã©ã¬ãã(EUDI Wallet) ïŒå çåœã¯2026幎11æ2æ¥ãŸã§ã«èªå®ããžã¿ã«èº«åãŠã©ã¬ãããæäŸããå¿ èŠããããŸããPSCoã¯eIDAS 2.0身åã«ãã驿 Œçœ²åãæäŸããããã«ãã®ãŠã©ã¬ãããšçµ±åããå¿ èŠããããŸãã
- 屿§èšŒæã®ç®¡ç ïŒeIDAS 2.0ã¯é©æ Œãããã€ããŒã«ãã£ãŠçºè¡ããã驿 Œå±æ§èšŒæ(QEAAs)ãå°å ¥ããŠããŸããæ°ããç£æ»ããã³é©æ Œåæç¶ãé©çšãããŸãã
- ç£èŠã®åŒ·å ïŒåœå®¶ç£èŠæ©é¢(ãã©ã³ã¹ã®å ŽåANSSI)ã®æš©éãæ¡å€§ãããç¹ã«äºåãªãç£æ»ã宿œããççž®æéå ã«æ¯æ£æªçœ®ã課ãèœåãå«ãŸããŸãã
çŸåšã®ãããã€ããŒã®å®çšçãªåœ±é¿
eIDAS 1.0ã®äžã§æ¢ã«é©æ ŒåãããŠããPSCoã¯ãèšå®ãããæéãŸã§ã«æ®µéçãªé©åæ§æŽæ°ãé²ããå¿ èŠããããŸãããããã¯æ¬§å·å§å¡äŒã®å®è¡æ³(çºè¡ããããçºè¡äºå®)ã«ãã£ãŠå®çŸ©ãããŠããŸããäž»ãªé©å¿ã«é¢ããŠã¯ïŒ
- EUDI WalletãèªèšŒææ®µãšããŠãµããŒãããããã®èå¥ã€ã³ãã©ã®å šé¢çãªå€æŽã
- æ°ããçš®é¡ã®èšŒææžãšèšŒæãçµ±åããããã®PC/DPCã®æŽæ°ã
- ãªã¢ãŒãQSCDã®ã»ãã¥ãªãã£èŠä»¶ã®åŒ·åãæ°ããä¿è·ãããã£ãŒã«ãä»åŸå ¬éãããŸãã
ã¯ã©ã€ã¢ã³ãäŒæ¥ã«ãšã£ãŠãããã¯ãããã€ããŒãææžåããã³ç¢ºèªå¯èœãªeIDAS 2.0é©åããŒãããããæã£ãŠããããæ¢ã«ä»æ¥ç¢ºèªããããšãæå³ããŠããŸãã
é»å眲åãµãŒãã¹ãããã€ããŒã®çŸ©åã«é©çšã§ããæ³çæ çµã¿
ãã©ã³ã¹ã§æŽ»åããé»å眲åãµãŒãã¹ãããã€ããŒã«é©çšå¯èœãªèŠç¯çãã§ãŒã³ã¯ãè€æ°ã®è£å®çãªéå±€ã¬ãã«ã§æ§æãããŠããŸãã
ãã©ã³ã¹æ°æ³â第1366æ¡ããã³1367æ¡
æ°æ³ç¬¬1366æ¡ã¯ãããã®çºä¿¡è ãé©åã«ç¹å®ããããšãã§ãããã®å®å šæ§ãä¿èšŒããæ¡ä»¶äžã§ç¢ºç«ããã³ä¿æããããå Žåãé»åèšé²ãçŽã®èšé²ãšåçã®èšŒæ ã¢ãŒããšããŠèªèããŠããŸãã第1367æ¡ã¯ãé»å眲åã¯ããã®çœ²åãæ·»ä»ãããè¡çºãšã®ãªã³ã¯ãä¿èšŒããä¿¡é Œã§ããèå¥ããã»ã¹ã®äœ¿çšãããªãããšæç¢ºã«ããŠããŸããeIDASã®æå³ã§é©æ Œçœ²åã¯ä¿¡é Œæ§ã®æšå®ã®å©çã享åãã蚌æ ã®è² æ ã眲åè ã®æå©ã«å転ãããŸãã
eIDASèŠå910/2014/EU
ãã®èŠåã¯ããã¹ãŠã®å çåœã§çŽæ¥é©çšå¯èœã§ãããä¿¡é ŒãµãŒãã¹ã®æ³çæ çµã¿ã確ç«ããŠããŸãããã®ç¬¬26æ¡ã¯é«åºŠãªé»å眲åã®æ¡ä»¶ãå®çŸ©ããŠããŸãïŒãã®ç¬¬28æ¡ã¯é©æ ŒèšŒææžã®èŠä»¶ãå®çŸ©ããŠããŸãïŒãã®é屿žIã¯ãããã®èšŒææžã®å¿ é å 容ã詳述ããŠããŸãã驿 ŒPSCoã¯ãèŠåã®æè¡çããã³æ³çèŠä»¶ãžã®é©åã®æšå®ã®å©çã享åããŠããŸã(第19æ¡Â§2)ãããã¯ãªãã£ã²ãŒã·ã§ã³ã®å Žåã®å€§ããªè³ç£ãæ§æããŠããŸãã
eIDAS 2.0èŠåâ(EU) 2024/1183
2024幎4æ30æ¥ã«çºè¡ããããã®ä¿®æ£èŠåã¯ãæ°ããã«ããŽãªãŒã®ä¿¡é ŒãµãŒãã¹(驿 Œå±æ§èšŒæã驿 Œã¢ãŒã«ã€ããµãŒãã¹)ãå°å ¥ããç£èŠçŸ©åã匷åããŠããŸããæ¬§å·å§å¡äŒã®å®è¡æ³ã«åŸã段éçãªé©çšå¯èœæ§ã䌎ããèŠå910/2014ã®äžéšã廿¢ã眮ãæããŠããŸãã
RGPDâèŠå(EU) 2016/679
RGPDã¯ãé»å眲åãµãŒãã¹ã®æ çµã¿å ã§å®è¡ãããããããå人ããŒã¿ã®åŠçã«é©çšãããŸãã第5æ¡(驿³æ§ã®åå)ã第6æ¡(æ³çæ ¹æ )ã第9æ¡(æ©å¯ããŒã¿)ã第13ã14æ¡(æ å ±)ã第28æ¡(åŠçè )ã第32æ¡(ã»ãã¥ãªãã£)ã第33ã34æ¡(éåéç¥)ã第35æ¡(AIPD)ããã³ç¬¬37æ¡(DPO)ã¯æãé »ç¹ã«é©çšãããèŠå®ã§ããCNILã¯ãã©ã³ã¹ã§ã®ç®¡èœç£èŠæ©é¢ã§ããã2000äžãŠãŒããŸãã¯å¹Žéäžç売äžé«ã®4%(RGPD第83æ¡Â§5)ã®çœ°éã課ãããšãã§ããŸãã
NIS2æä»€â(EU) 2022/2555
2023幎8æ1æ¥ç¬¬2023-703æ³ã«ãã£ãŠãã©ã³ã¹æ³ã«è»¢çœ®ãããNIS2ã¯ãçžåœãªèŠæš¡ã®PSCoã匷åããããµã€ããŒã»ãã¥ãªãã£ãªã¹ã¯ç®¡ç矩åãšANSIIãžã®ã€ã³ã·ãã³ãéç¥çŸ©å(åæèŠåãŸã§24æéããã®åŸå®å šãªéç¥ãŸã§72æé)ã®å¯Ÿè±¡ãšãªãéèŠãŸãã¯å¿ é ãšã³ãã£ãã£ã«åé¡ããŸãã
ETSIèŠæ Œ
EN 319 401ãEN 319 411-1/2ãEN 319 132ãEN 319 122ããã³TS 119 431ã®ãã¹ãŠã®èŠæ Œã¯ã驿 Œåç£æ»ã®å¿ é æè¡åç §ãæ§æããŸããããããéµå®ããªããšã驿 Œå°äœãååŸãŸãã¯ç¶æã§ããŸããã
éæºæ ã®å Žåã®æ³çãªã¹ã¯
éæºæ ãããã€ããŒã¯ä»¥äžã«ãããããŸãïŒãã©ã³ã¹TSLããã®åé€ãå¥çŽäžããã³äžæ³è¡çºäžã®è²¬ä»»è¿œåãCNILè¡æ¿å¶è£ãçžåœãªèŠæš¡ã®ãšã³ãã£ãã£ã«ã€ããŠ1000äžãŠãŒããŸãã¯äžç売äžé«ã®2%ãããã³å¿ é ãšã³ãã£ãã£ã«ã€ããŠ2000äžãŠãŒããŸãã¯äžç売äžé«ã®4%ã«éããå¯èœæ§ã®ããNIS2眰éããªãã³ã«çœ²åã®æ³çæå¹æ§ã«çç±ãããçç±ã«ããæå®³ã被ã£ãã¯ã©ã€ã¢ã³ãã®åžæ³çææžã
ãŠãŒã¹ã±ãŒã¹ïŒäŒæ¥ãPSCoã®é©åæ§ã確èªããæ¹æ³
ã·ããªãª1â幎é3000ä»¶ã®ä»å ¥å å¥çŽã管çããç£æ¥ã°ã«ãŒã
æ©æ¢°è£ 眮補é ã«åŸäºããäžèŠæš¡ç£æ¥ã°ã«ãŒã(ETI)ã¯ãSaaSé»å眲åãã©ãããã©ãŒã ãä»ããŠãã¹ãŠã®ä»å ¥å å¥çŽãéç©è³ªåããŸããèŠå¶å€æŽã®ãã£ããã§éå§ãããå éšç£æ»äžã«ãæ³åéšéã¯ãæåã«äŸ¡æ Œåºæºã§éžæããããããã€ããŒãããã©ã³ã¹TSLã«ããšãŒãããã®ããããã®TSLã«ãèšèŒãããŠããªãããšã«æ°ä»ããŸããæäŸããã眲åã¯ã眲åè ã®å ç¢ãªèå¥ã¡ã«ããºã ãªãã§ãç°¡åãã¿ã€ãã§ãã
ãªã¹ã¯ã«çŽé¢â眲åããããã¹ãŠã®å¥çŽã¯ããªãã£ã²ãŒã·ã§ã³ã®å Žåããããã®èšŒæ äŸ¡å€ãç°è°ãå±ããããå¯èœæ§ããããŸãâäŒæ¥ã¯é©æ ŒANSSI PSCoãžã®ç§»è¡ãéå§ããŸããæ°ãããœãªã¥ãŒã·ã§ã³ã¯ã驿 ŒèšŒææžãæã€é«åºŠãªçœ²åã驿 Œã¿ã€ã ã¹ã¿ã³ããããã³ãšã¯ã¹ããŒãå¯èœãªç£æ»èšŒè·¡ãçµ±åããŠããŸããç§»è¡ãããžã§ã¯ãã¯8é±é以å ã«å®è¡ãããæ°ããè¡çºãé¡åçã«ä¿è·ããããšãã§ããŸããæ³åããŒã ã¯ãå®è¡ã®æ¬ åŠãšç°è°ã®ããã«å€ãå¥çŽã«é¢é£ãã蚎èšãªã¹ã¯ã¯éå®çã§ãããšæšå®ããŠããŸããããã¹ãŠã®æ°ãã眲åã¯çŸåšé©åã«ã«ããŒãããŠããŸãã
芳å¯ãããå©çïŒçœ²åã®çæ£æ§ã«é¢é£ããæœåšçãªãªãã£ã²ãŒã·ã§ã³ã®60%åæžãè€éãªå¥çŽã®å¹³å眲åé å»¶ã®3.5æ¥ã®å©çãããã¯ã¯ãŒã¯ãããŒèªååãéããŠåŸãããŸããã
ã·ããªãª2âããžãã¹æ³ãå°éãšãã25人ã®åŒè·å£«äºåæ
åŒè·å£«äºåæã¯ãå§ä»»ç¶ãçžè«ãããã³èšŽèšè¡çºã®çœ²åãããžã¿ã«åããããšèããŠãããè€æ°ã®ãããã€ããŒãè©äŸ¡ããŠããŸãããã®åæã°ãªããã«ã¯ä»¥äžã®ãã®ãå«ãŸããŸãïŒTSLäžã®ååšãã¢ã¯ã»ã¹å¯èœãªPC/DPCçºè¡ãRGPDæºæ DPAã®ååšãé£çµ¡å¯èœãªDPOãããã³ãªã¢ãŒãQSCDã®èªèšŒã
è©äŸ¡ãã5ã€ã®ãããã€ããŒã®ãã¡ã2ã€ã ãããã¹ãŠã®åºæºãæºãããŠããŸããäºåæã¯æçµçã«ãQSCDçµç±ã§é©æ Œçœ²åããã€ãã£ãã«æäŸããPSCoãéžæããŠããŸããããã«ãããæ°æ³ç¬¬1367æ¡ã®ä¿¡é Œæ§ã®æšå®ãä¿èšŒãããŸããã»ããã¢ããã«ã¯3é±éãããããã¬ãŒãã³ã°ãå«ã¿ãŸããçµæïŒ75%ã®å§ä»»ç¶ã¯çŸåš24æé以å ã«çœ²åãããŠããŸãã以åã¯5ã7æ¥ã§ãã(éµé)ãäºåæã¯é¡§å®¢ã«å¯ŸããŠããœãªã¥ãŒã·ã§ã³ãæäŸããæ³çã»ãã¥ãªãã£ã®ã¬ãã«ãæ£åœåã§ããŸããããã¯åæ¥ææ¡ã«ãããå·®å¥åèŠå ã§ãã
ã·ããªãª3âçŽ1200åºã®ç é¢ã°ã«ãŒã
ç é¢ã°ã«ãŒãã¯ãåŽåå¥çŽãã€ã³ã¿ãŒã³ã·ããå¥çŽãããã³ææºå»çæ©é¢ãšã®ããŒãããŒã·ããå¥çŽãããžã¿ã«åããããšèããŠããŸããåŠçãããããŒã¿ã®æ©å¯æ§(å»çå°éå®¶ã®å¥åº·ããŒã¿ãHR ããŒã¿)ã«ãããPSCoã®RGPD矩åã«å¯ŸããŠç¹å¥ãªæ³šæãå¿ èŠã§ãã
DSIããã³æ©é¢ã®DPOã¯ä»¥äžãèŠæ±ããŠããŸãïŒãã©ã³ã¹å ã®HDSèªå®ããŒã¿ã»ã³ã¿ãŒ(å ¬åŒå»çããŒã¿ãã¹ãã£ã³ã°ãå ¬åŒå»çæ³å žç¬¬L.1111-8æ¡ã«ããèŠå®)ã§ã®ããŒã¿ãã¹ãã£ã³ã°ãEEEå€ãžã®è»¢éãªãã眲åè èå¥åŠçã«é¢ããææžåãããAIPDãããã³æ¬çªåã®DPO眲åã
ãããã®åºæºãæºããPSCoã®éžæåŸãå±éã¯æåã«HRå¥çŽ(幎éçŽ800è¡çº)ãã«ããŒããŠããŸããææå¥çŽã®çœ²åã®å¹³åé å»¶ã¯9æ¥ãã48æéæªæºã«ççž®ãããŠãããHRéšéã®ããŒã ã«å€§å¹ ãªèœåãè§£æŸããŠããŸããæ©é¢ã¯ãåéããããã¹ãŠã®åæã®å®å šãªãã¬ãŒãµããªãã£ãæã¡ã幎次DPOç£æ»ã«ãã£ãŠæ€æ»ãããŸãã
ãŸãšã
ãã©ã³ã¹ã®é»å眲åãµãŒãã¹ãããã€ããŒã«å¯Ÿããæ³ç矩åã¯ãèŠæ±ãããèŠç¯çã³ãŒãã¹ã圢æããŠããŸãïŒeIDAS驿 Œæ§ãRGPDæºæ ãETSIèŠæ Œãžã®éµå®ãNIS2矩åãããã³eIDAS 2.0ãžã®è¿«ãæ¥ãé©å¿ãå©çšäŒæ¥ã«ãšã£ãŠãPSCoã®é©åæ§ã確ä¿ããããšã¯ãªãã·ã§ã³ã®ããã»ã¹ã§ã¯ãããŸããã眲åè¡çºã®èšŒæ äŸ¡å€ãšçœ²åè ã®å人ããŒã¿ã®ä¿è·ã®å¿ é æ¡ä»¶ã§ãã
Certyneoã¯ããã¹ãŠã®ãããã®èŠä»¶ã«å¿ããããã«èšèšãããé»å眲åãµãŒãã¹ãããã€ããŒã§ãïŒeIDASæºæ ãRGPDã®èšèšã䞻暩ãã¹ãã£ã³ã°ãããã³ææžåãããeIDAS 2.0ããŒããããã眲åãå®å šã«æºæ ã§ä¿è·ããæºåã¯ã§ããŠããŸããïŒCertyneoã§ã®ãã¢ã³ã¹ãã¬ãŒã·ã§ã³ããªã¯ãšã¹ãããããã¢ã«ãŠã³ããäœæããŠãã ããã忥ããã®ããŒãœãã©ã€ãºããããµããŒããåããŠãã ããã
Certyneoãç¡æã§è©Šã
5å以å ã«æåã®çœ²åãšã³ãããŒããéä¿¡ãæ5ãšã³ãããŒããŸã§ç¡æãã¯ã¬ãžããã«ãŒãäžèŠã
ããŒããæ·±æããã
ãã®ãããã¯ã«é¢ããåèèšäºã
ããŒããæ·±æããã
é»å眲åããã¹ã¿ãŒããããã®å æ¬çãªã¬ã€ãã
ããããã®èšäº
é¢é£ããèšäºã§ç¥èãæ·±ããŸãããã
åäŒã®ããžã¿ã«ã¬ããã³ã¹ïŒ2026幎ã¬ã€ã
åäŒã«ãšã£ãŠããžã¿ã«ã¬ããã³ã¹ã¯ãæææ±ºå®ããã»ã¹ãè¿ä»£åãããçµç¹ã«ãšã£ãŠå¿ é ã®ãã®ã«ãªã£ãŠããŸãã2026幎ã«åããããŒã«ãæ³ç矩åãããã³äž»èŠãªæŠç¥ãçºèŠããŠãã ããã
ä»®æ³ç·äŒã¬ã€ãïŒåäŒåãç·äŒç®¡çãšé»å眲å
åäŒã®ä»®æ³ç·äŒéå¬ã«ã¯ãæ£ç¢ºãªæ³çåé¡ãçããŸããé»å眲åãéããŠæ±ºè°ãå®å šã«ä¿è·ããæ¹æ³ãã芧ãã ããã
é»åçãªåäŒå®æ¬ŸïŒ2026å¹Žã®æ¹æ£
é»å眲åãéããåäŒå®æ¬Ÿã®æ¹æ£ã¯ããã©ã³ã¹æ³ã«ãã£ãŠå®å šã«èªèãããŠããŸããå®å šãªæç¶ããšæå¹æ§ã®æ¡ä»¶ãã芧ãã ããã