Law N° 1.483 on Digital Identity

It is one of the components of the Principality’s digital development, with Law No. 1.482 for a Digital Principality (passed and published on the same days) and Draft Law No. 995 on Blockchain technology.

The legislator has been inspired by the standards of the European Union, the texts and e-services of foreign States [Explanatory Memorandum to Draft Law No. 992, pp. 3-5]:

> Creation and assignment of a digital identity to natural persons (nationals and holders of a residence permit, persons registered in a registry of a public service maintained for the application of a legislative or regulatory provision) and legal persons (registered in a registry of a public service maintained for the application of a legislative or regulatory provision).

> Possibility for persons in the private sector to create and assign a digital identity to natural and legal persons.

> Creation of the Monegasque National Registry of Digital Identity (Registre National Monégasque de l’Identité Numérique), where, for example, the following may be registered and stored: for natural persons, surname, first name(s), domicile, date and place of birth, nationality(ies); for legal persons, legal form, company name, corporate purpose, registered office, place of operation in Monaco and abroad.

Art. 1: Definitions (digital identification, personal identification data, authentication, means of digital identification, digital identification, biometric data, personal data, sensitive data, identity provider, electronic identification scheme, trust service).

Art. 2: Concept of digital identity; possibility of using biometric data transformed into digital data, which are not stored beyond their registration on a medium.

Art. 3: Three levels of guarantee (low, substantial, high) as to the reliability of a person’s identity.

Art. 4: Creation and attribution of a digital identity (providing a high level of guarantee) to natural persons of Monegasque nationality or holders of a residence permit (implementing rules laid down by Sovereign Order).

Art. 5: Creation and attribution of a digital identity to natural or legal persons who are registered in a registry of a public service maintained for the application of a legislative or regulatory provision (list published by Sovereign Order), and also by persons in the private sector (specifications and guarantee levels determined by Sovereign Order).

Art. 6: Creation of the Monegasque National Registry of Digital Identity (Registre National de l’Identité Numérique); purposes of the Registry; Interconnection and interoperability between the files from which the personal data originate and the personal identification data recorded and stored in the Registry (implementing rules established by Sovereign Order).

Art. 7: Purposes for which the Registry cannot be used.

Art. 8: Registration and storage in the Registry of data strictly necessary for the identification of persons; prohibition to register and store sensitive data (list of data recorded and stored in the Registry published by Sovereign Order).

Art. 9: Guarantee of the accuracy of the data recorded on the basis of supporting documents in the Registry.

Art. 10: Storage period for information recorded in the Registry may not exceed the period necessary for the purpose for which it was collected; beyond that, storage solely for the purpose of archiving in the public interest.

Art. 11: Security of the Registry (availability, integrity, confidentiality, traceability) ensured by the person in charge of the Registry; purposes of access to the Registry by duly and specially authorized persons.

Art. 12: Submission of persons who manage the Registry to professional secrecy under the conditions of art. 308 of the Criminal Code.

Art. 13: Request from public services and persons in the private sector for the communication of data recorded and stored on the Registry (implementing rules determined by Sovereign Order).

Art. 14: Right of access and rectification of the person concerned (with the department in charge of managing the Registry).

Art. 15: Directory ensuring the traceability of consultations of the Registry by authorized persons and of requests for communication, kept at the disposal of the Personal Data Protection Authority (CCIN); period of conservation of the elements for 10 years from the date of their registration; right of access and rectification.

Art. 16: Effect of the registration of information in the Registry for the person concerned, not required to communicate it to the executive services of the State (interconnection and interoperability).

Art. 17: Concept of identity provider.

Art. 18: Digital identifiers (permanent or temporary) assigned and centralized in the Registry, are issued on electronic or non-electronic media, and allow access to service and electronic administration platforms (implementing procedures set by Sovereign Order).

Art. 19: Criminalisation of knowingly using anonymized or pseudonymised information from the Registry to re-identify a person (imprisonment from 6 months to 1 year and fine from €18,000 to €90,000).

Art. 20: Equivalent meaning of the terms “electronic” and “digital” used in laws and regulations, in matters of identity and trust services.