Hubbry Logo
Certified emailCertified emailMain
Open search
Certified email
Community hub
Certified email
logo
7 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Certified email
Certified email
Certified email
View on Wikipedia
from Wikipedia

Certified email (known as Posta elettronica certificata in Italy, or PEC in short) is a special type of email in use in Italy,[1] Switzerland,[2] Hong Kong[3] and Germany.[4] Certified email is meant to provide a legal equivalent of the traditional registered mail, where users are able to legally prove that a given email has been sent and received by paying a small fee.

Registered mail is mainly used in Italy,[5] but there are present efforts to extend its legal validity according to the framework of the European Union.[6]

Description

[edit]

A certified email can only be sent using a special Certified Email Account provided by a registered provider. When a certified email is sent, the sender's provider will release a receipt of the successful (or failed) transaction. This receipt has legal value and it includes precise information about the time the certified email was sent. Similarly, the receiver's provider will deliver the message in the appropriate certified email account and will then release to the sender a receipt of successful (or failed) delivery, indicating on this receipt the exact time of delivery. If either of these two receipts are lost by the sender, providers are required to issue a proof of transaction with equal legal validity, if this proof is requested within 30 months of delivery.

In terms of user experience, a certified email account is very similar to a normal email account. The only additional features are the receipts, received as attachments, providing details and timestamps for all transactions. A certified email account can only handle certified email and cannot be used to send regular email.

Technical process

[edit]

The development of this email service has conceptual variations that are dominated by two-party scenarios with only one sender and one receiver as well as a trusted third party (TTP) serving as a mediator. As in traditional registered mail, many certified email technologies call for the parties involved to trust the TTP, or the "postman", because it has the capacity to reveal the identity of the sender to the recipient once the protocol is initiated.[7] There are, however, some applications based on multi-party email protocols; these include the technology originally proposed by Markowitch and Kremer, that involves an online or offline TTP in addition to the sender and receiver.[8] There is also a multi-party version, wherein a user can send the same email to multiple recipients. In this system, those who acknowledge the receipt are able to view the data. Some applications also offer add-in features, such as the integration of the concept of timeliness, wherein a participant to the process can terminate a session in finite time in order to avoid waiting for a reply forever.[9]

The mediation of a trusted third party (TTP) requires both parties, the sender and the recipient, to come to terms in approving who will be the mediator. In compliance scenarios, where a regulation may simply require a party to deliver a notice to a given recipient and be able to prove having done so (i.e. GDPR), the role of a TTP can be trusted to an electronic registered delivery service capable to secure timestamped evidence of the contents and delivery of the electronic message, without the recipient's intervention.[10]

Certified email in Italy

[edit]

The Italian certified email (Posta elettronica certificata, PEC) was established in 2005[11] and it uses protocols described in the RFC 6109 (Request for Comments 6109), which was drafted in order to make the protocols public to the Internet community.

Since July 1 of 2013, all communications between enterprises and the Italian public administration are required to be sent through PEC and paper documents are no longer accepted.[12]

All matters concerning PEC in Italy are supervised and regulated by a special government agency called AgID ("Agenzia per l'Italia digitale") which determines the authorized certified email providers, the legal framework of PEC and the rules and terms of use.

Anyone may register a PEC address through a certified provider or reseller.

Starting from 2022, Italy is migrating from PEC to an EIDAS-compliant protocol, called Registered Electronic Mail. The switch over to the new protocol is being led by Roberto Reale[13] and Alessandra Antolini on behalf of AgID.

Comparison of Certified E-Mail providers in Italy
PEC provider eidas compatible 2024? DMA friendly (Google or Apple independent) Limitation address portability
Intesi Group will be in 2024[needs update] ? Unknown No
Aruba (Actalis) Yes No No
Infocert Yes No No
Università degli Studi di Napoli Federico II ? Only for students and other business partners No
TWT No ? No
Sogei N/a ? Only for business partners No
register.it No ? No
Regione Marche - Posta Raffaello N/a ? suppressed No
Poste Italiane N/a ? No
Consiglio Nazionale del Notariato No ? private No
Namirial S.p.A. No ? N/a No
Cedacri Cert ? No
IN.TE.SA. S.p.A offline ? offline No
Irideos S.p.A. (kolst) No ? No
Notartel S.p.A. ? No
Sogei No ? N/a No

Certified email in UE

[edit]

It's called REM (registered email) and has different provider here listed in the table.[14]

Comparison of Certified E-Mail providers in Europe
Nation PEC provider DMA friendly (Google or Apple independent) Limitation address portability Active Qualified Trust Services Active but NOT qualified Trust Services
Belgium Connect Solutions Unknown only B2B Unknown QeRDS
Belgium SA UNIFIEDPOST Unknown only B2B Unknown QeRDS
Belgium IPEX Unknown only B2B Unknown QeRDS
Belgium Dioss Smart Solutions Yes (SMS\e-mail OTP) only B2B Unknown QeRDS
Belgium Postalia Belgium Unknown only B2B Unknown QeRDS
Bulgaria BORICA AD Unknown only B2B Unknown QCert for ESig

QCert for ESeal QWAC QVal for QESig QPres for QESig QVal for QESeal QPres for QESeal QTimestamp QeRDS

Non-Regulatory
Bulgaria Evrotrust Technologies JSC Unknown only B2B Unknown QCert for ESig

QCert for ESeal QWAC QVal for QESig QPres for QESig QVal for QESeal QPres for QESeal QTimestamp QeRDS

Non-Regulatory
Germany bitkasten GmbH Unknown Unknown Unknown QeRDS
Spain EDICOM CAPITAL, S.L. Unknown Unknown Unknown QCert for ESig

QCert for ESeal QVal for QESig QVal for QESeal QPres for QESeal QTimestamp QeRDS

Spain SISTEMAS INFORMATICOS ABIERTOS S.A.U. Unknown Unknown Unknown QCert for ESigQCert for ESealQTimestampQeRDS
Spain IVNOSYS SOLUCIONES S.L.U. QCert for ESigQCert for ESealQTimestampQeRDS
Spain Logalty Prueba por Interposición, S.L. QCert for ESealQTimestampQeRDS
Spain LLEIDANETWORKS SERVEIS TELEMATICS, S.A. Yes (SMS) QeRDS
Spain DIGITEL ON TRUSTED SERVICES S.L.U. QCert for ESigQCert for ESealQTimestampQeRDS
Spain MAILTECK, S.A. QeRDS
Spain CUSTOMER COMMUNICATIONS TECKNALIA, S.L. QeRDS
Spain WISE SECURITY GLOBAL S.L. QeRDS
Spain SERVICIOS DE MAILCERTIFICADO SL QeRDS
Spain FACTORYNET AUGUSTA, S.L. QeRDS
Spain FULL CERTIFICATE S.L. QeRDS
Spain ANF Certification Authority, S.L. QCert for ESigQCert for ESealQWACQVal for QESigQPres for QESigQVal for QESealQPres for QESealQTimestampQeRDS
Spain CGI INFORMATION SYSTEMS AND MANAGEMENT CONSULTANTS ESPAÑA SA Only B2B QeRDS
Spain FACTUM IDENTITY SOLUTIONS, S.L.U. QeRDS
Spain ANF AUTORIDAD DE CERTIFICACIÓN ASOCIACIÓN ANF AC QCert for ESigQCert for ESealQWACQVal for QESigQPres for QESigQVal for QESealQPres for QESealQTimestampQeRDS
France STAMPEE QeRDS
France AR24 Only B2B QeRDS
France DARVA QTimestampQeRDS
France Equisign QeRDS
France TESSI DOCUMENTS SERVICES Only B2B QeRDS
France CLEARBUS QTimestamp QeRDS
France DOCUMENT CHANNEL QeRDS
France DATASURE QCert for ESigQCert for ESealQTimestampQeRDS
Croatia HP d.d. QeRDS
Italy inPoste.it S.p.A. No (proprietary authentication app only on Gatekeepers appstore) QeRDS
Italy PagoPA Spa No (proprietary authentication app only on Gatekeepers appstore) QeRDS
Italy Postel S.p.A. No (proprietary authentication app only on Gatekeepers appstore) QeRDS
Italy InfoCert S.p.A. No (proprietary authentication app only on Gatekeepers appstore) QCert for ESigQCert for ESealQWACQVal for QESigQVal for QESealQTimestampQeRDS Timestamp

Non-Regulatory

Italy Aruba Posta Elettronica Certificata S.p.A. No (proprietary authentication app only on Gatekeepers appstore) No QCert for ESigQCert for ESealQWACQTimestampQeRDS Timestamp

Non-Regulatory

Luxembourg LuxTrust S.A. No (proprietary authentication app only on Gatekeepers appstore) QCert for ESigQCert for ESealQVal for QESigQVal for QESealQTimestampQeRDS
Netherlands Aangetekend B.V. Yes QeRDS
Netherlands Secumail B.V. Only B2B QeRDS
Poland Polish Security Printing Works Only B2B QCert for ESigQCert for ESealQTimestampQeRDS Timestamp
Poland Asseco Data Systems S.A. No QCert for ESigQCert for ESealQVal for QESigQPres for QESigQVal for QESealQPres for QESealQTimestampQeRDS Non-Regulatory
Poland KFJ Inwestycje Sp. z o.o. QeRDS
Poland Poczta Polska S. A. only for Polish citizens QeRDS
Poland Autenti Sp. z o.o. Yes (SMS) only B2B QeRDS
Slovenia EIUS d.o.o. QVal for QESigQVal for QESealQTimestampQeRDS

See also

[edit]

References

[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

Certified email

View on Grokipedia
from Grokipedia
Certified email is a secure electronic messaging system designed to provide verifiable proof of sending, delivery, and receipt for digital communications, serving as a legally equivalent alternative to traditional certified postal mail for documents requiring non-repudiation and audit trails. It typically incorporates cryptographic elements, including digital signatures, timestamps from trusted authorities, and secure delivery protocols, to generate tamper-evident records that can be presented as evidence in legal proceedings. Originating from regulatory frameworks in Europe—such as Italy's Posta Elettronica Certificata (PEC) system, mandated for official government interactions since 2005—the technology has expanded globally through commercial providers like RMail and eEvidence, enabling uses in contract executions, dispute resolutions, and notifications where standard email lacks evidentiary weight. In the United States, certified email proofs are admissible under the Electronic Signatures in Global and National Commerce Act (E-SIGN) when they demonstrate delivery and content integrity, though acceptance varies by jurisdiction and often requires supplementary validation. Key advantages include reduced costs and faster processing compared to physical mail, with services ensuring compliance to standards like eIDAS in the EU for qualified electronic registered delivery services (ERDS), though challenges persist in universal interoperability and dependence on recipient cooperation for full receipt acknowledgments.

Definition and Purpose

Core Concept and Objectives

Certified email, a general term for services that provide legally valid proof of sending, content, and delivery, constitutes a secure electronic messaging protocol that delivers verifiable proof of dispatch, transmission integrity, delivery status, and receipt acknowledgment, mirroring the evidentiary guarantees of physical registered postal services; registered electronic mail (REM) refers to the EU-standardized profile under eIDAS for qualified electronic registered delivery services. This system employs digital signatures, timestamps, and cryptographic hashing to certify the message content, sender identity, recipient details, and exact timing, rendering the communication tamper-evident and admissible as legal evidence in jurisdictions recognizing such protocols. Unlike conventional email, which lacks inherent mechanisms for non-repudiation, certified email generates automated receipts from accredited providers, confirming operational success at each stage without relying on recipient action for basic delivery proof. The core objectives of certified email include establishing causal accountability in digital exchanges by preventing sender or recipient denial of transmission events, thereby reducing litigation risks over disputed communications. It seeks to bridge the evidential gap in electronic correspondence, particularly for contractual notices, official notifications, and commercial disputes, where standard email's vulnerability to forgery or alteration undermines reliability. By mandating provider-issued certificates with full probative value—equivalent to a registered letter with return receipt in systems like Italy's Posta Elettronica Certificata (PEC)—the service aims to foster trust in e-governance and business transactions, minimizing reliance on physical mail while ensuring interoperability through standardized formats. Under European Technical Standards Institute (ETSI) specifications, such as EN 319 532-4, certified email functions as an electronic registered delivery service (ERDS), prioritizing objectives of authenticity, confidentiality where required, and cross-border compatibility to support the digital single market. This framework addresses the limitations of unverified email by embedding procedural safeguards, including secure routing and audit trails, to yield forensically robust records that withstand judicial scrutiny, as validated in national implementations since PEC's inception in Italy on January 1, 2006. Ultimately, the system's design promotes efficiency in legal workflows, with objectives centered on scalable, cost-effective alternatives to analog methods, evidenced by mandatory adoption in Italian public administration for inter-institutional exchanges.

Distinction from Standard Email

Certified email fundamentally differs from standard email in its incorporation of cryptographic and procedural safeguards that confer legal equivalence to traditional registered mail, ensuring non-repudiation of origin, receipt, and content integrity. Standard email, governed by protocols like SMTP, provides no inherent authentication of sender or recipient identities, allowing for spoofing, forgery, or denial of transmission without verifiable evidence. In certified systems, such as those compliant with EU eIDAS Regulation (Article 43), a trusted third-party service provider generates qualified electronic timestamps and digital signatures to prove that a message was sent from a verified sender, delivered unaltered to the intended recipient, and acknowledged upon receipt, thereby preventing disputes over these events. A core distinction lies in legal validity: certified email transmissions are admissible as evidence in judicial proceedings across jurisdictions recognizing electronic registered delivery services, with the same probative force as paper-based registered letters, whereas standard email lacks this presumption of authenticity and requires additional corroboration to hold evidential weight. For instance, Italian PEC (Posta Elettronica Certificata) mandates government-accredited providers to issue receipts for sending and delivery, including metadata like IP addresses and exact timestamps, which standard email servers do not systematically record or certify. This non-repudiation feature—achieved through asymmetric cryptography and certificate authorities—ensures neither party can plausibly deny involvement, contrasting with standard email's vulnerability to post-transmission alterations or claims of non-receipt. Technically, certified email envelopes the original message in a secure "transport envelope" containing certification data, such as hash values for integrity checks and qualified signatures, which standard email omits, relying instead on optional, non-binding features like read receipts that can be disabled or falsified. Certified email systems prioritize non-repudiation and evidentiary integrity through such mechanisms, with encryption in transit via TLS standard but end-to-end and at-rest encryption varying by provider, restricting access to authenticated parties more effectively than standard email, which exposes content to intermediaries without certification controls. These mechanisms elevate certified email from a mere communication tool to a forensically robust record, particularly for contractual notices, official communications, or disputes where standard email's informality renders it inadmissible without supplementary proof.

Historical Development

Origins and Early Adoption in Italy

The concept of certified email, known as Posta Elettronica Certificata (PEC), originated in Italy as part of efforts to digitize public administration and grant electronic messages the legal equivalence of registered postal mail. Legge n. 3 of January 16, 2003, first introduced PEC into the Italian legal framework under Article 27, delegating the government to establish regulations for its implementation to ensure certified delivery, non-repudiation, and timestamping of electronic documents. This legislative foundation aimed to reduce reliance on paper-based communications while maintaining evidentiary standards for official acts. On February 11, 2005, Decreto del Presidente della Repubblica n. 68 formalized the operational rules for PEC, specifying requirements for service providers (gestori accreditati), including accreditation by the Ministry of Economic Development, secure transmission protocols, and the generation of certified receipts for sending (ricevuta di consegna) and delivery (ricevuta di invio). The decree, effective from its publication in the Gazzetta Ufficiale on March 29, 2005, enabled the accreditation of initial managers such as Poste Italiane and Infocert, marking the system's technical rollout. Complementary technical guidelines followed via a ministerial decree on November 2, 2005, outlining interoperability and security standards based on existing email protocols adapted for certification. Early adoption focused on public sector integration, with ministries and local administrations required to provide PEC addresses for citizen interactions by 2006, facilitating over 1 million messages in the first year as agencies transitioned notifications from physical mail. Voluntary uptake among businesses and professionals grew modestly, driven by the system's equivalence to raccomandata A/R (registered mail with return receipt), though full mandates awaited later reforms; for instance, Decreto Legge n. 185/2008 (converted into Law n. 2/2009) extended obligations to enterprises for tax and commercial filings. By 2010, PEC registrations exceeded 2 million, reflecting initial success in streamlining administrative processes amid Italy's broader e-government push under the Codice dell'Amministrazione Digitale. This phase established PEC as a cornerstone of Italian digital infrastructure, prioritizing reliability over widespread private use initially.

Evolution of Technical Standards

The technical standards for certified email were initially defined in Italy through Ministerial Decree of November 2, 2005, which established the protocols for Posta Elettronica Certificata (PEC) following pilot testing from 2003 to 2005. These specifications outlined a closed architecture involving certified access points for message submission and receipt, utilizing SMTP over TLS for inter-provider transport (per RFC 3207), S/MIME v3 (RFC 5751) for enveloped signatures and certifications, and an LDAP-based directory for authentication and domain validation among PEC providers. Custom headers, such as X-Ricevuta for delivery receipts, ensured non-repudiation of sending, acceptance, and delivery events, with messages encapsulated in transport envelopes to separate certified content from standard email flows. Early limitations in PEC's proprietary mechanisms, including restricted interoperability beyond national boundaries, prompted proposals for evolution toward open standards integration by the mid-2010s. Researchers advocated transitioning from closed certification processes to hybrid models incorporating standard SMTP extensions and public key infrastructures, aiming to enhance scalability while preserving legal evidentiary value, though implementation remained tied to Italian regulatory accreditation. By 2011, RFC 6109 formalized these protocols for broader awareness, documenting PEC's reliance on Italian National Unification (UNI) technical rules without introducing alterations. European harmonization accelerated with the eIDAS Regulation (EU) No 910/2014 revisions, leading ETSI to publish Registered Electronic Mail (REM) specifications starting in 2018. ETSI EN 319 532-1 (September 2018) defined interoperability profiles for REM messages, specifying XML-based semantic structures for certified payloads, advanced electronic signatures (AdES), and protocol bindings to SMTP/IMAP for cross-provider and cross-border exchange. Complementary standards, including EN 319 531 for policy and security requirements (updated iteratively) and EN 319 532-3/4 for delivery and receipt protocols, mandated qualified trust service provider conformance to enable mutual recognition of delivery evidence under EU law. This shift from Italy's national PEC framework to REM standards, finalized in ETSI technical reports like TR 119 530 (February 2019), facilitates migration deadlines—such as Italy's phased transition by 2026—prioritizing enhanced security against forgery and support for qualified electronic registered delivery services (ERDS). Updates through 2024, including version 1.3.1 releases, refine conformance testing and integration with eIDAS trust lists, ensuring backward compatibility for legacy systems while enforcing stricter auditability.

Expansion to EU and International Contexts

Following the successful implementation of Italy's Posta Elettronica Certificata (PEC) system in 2005, which provided legally binding delivery receipts equivalent to registered mail, the European Union initiated efforts to standardize certified email for cross-border interoperability. These efforts culminated in the development of Registered Electronic Mail (REM), defined as a qualified electronic registered delivery service under the eIDAS Regulation (EU) No 910/2014, enabling mutual recognition of certified communications across member states. REM specifications were formalized by the European Telecommunications Standards Institute (ETSI) through standards such as EN 319 532-2 (published September 2018), which outlines REM as a subtype of electronic registered delivery services (ERDS) with protocols for secure messaging, non-repudiation, and data integrity. The transition to REM addresses limitations of national systems like PEC, which lack inherent EU-wide validity due to Italy-specific authentication. REM mandates stronger user verification, such as through national digital IDs (e.g., SPID or CIE in Italy) and two-factor authentication, contrasting with PEC's optional methods, to enhance security against forgery and ensure qualified status under eIDAS. ETSI EN 319 531 further specifies requirements for REM service providers, including interoperability profiles for message formats and delivery protocols. In Italy, the shift from PEC to REM is underway but not yet mandatory; a governmental decree (DPCM) is anticipated by late 2025 or early 2026 to enforce the change, driven by eIDAS 2.0 proposals for broader digital service harmonization. Other EU member states have developed analogous national systems—such as Spain's certified electronic mail services (Correo Electrónico Certificado) offered by accredited private operators (e.g., Correos, Lleida.net) in compliance with the EU eIDAS regulation for qualified electronic registered delivery, without a single unified official system equivalent to Italy's PEC, along with the Dirección Electrónica Habilitada (DEH) or DEHú for electronic notifications with public authorities, and France's secure messaging equivalents—but widespread REM adoption remains nascent, focused primarily on facilitating B2G and cross-border B2B communications rather than full replacement of local variants. Beyond the EU, certified email concepts have seen limited but targeted adoption. Switzerland implemented zertifizierte E-Mail, providing legal proof of delivery akin to registered post, integrated into its federal e-government framework since the early 2010s. Germany utilizes certified electronic mail through provider-specific services compliant with national signature laws, offering evidentiary value in disputes, though not as ubiquitously mandated as in Italy. In Hong Kong, certified email services emerged around 2010, endorsed by the government for contractual and official notifications with timestamped receipts equivalent to physical registered mail. These implementations prioritize non-repudiation via digital signatures but lack the unified standardization of EU REM, resulting in fragmented international interoperability.

Technical Mechanisms

Sending and Delivery Process

The sending process for certified email, as implemented in systems like Italy's Posta Elettronica Certificata (PEC), begins with the sender authenticating to their certified email provider's Access Point (AP) using credentials such as a user ID, password, or electronic identification. The AP conducts formal validations, including checks on message headers, attachments, and size limits (typically capped at 30 MB), before generating a server-user acceptance receipt that confirms the message's intake and provides proof of submission with a timestamp. This receipt, digitally signed by the provider, is returned to the sender, establishing non-repudiable evidence of dispatch initiation. The original message is then encapsulated in a PEC transport envelope, secured with S/MIME v3 signatures using the provider's private key and CMS enveloping for integrity and authenticity. Transmission occurs between providers using SMTP over TLS for secure channel encryption, directing the envelope to the recipient's Incoming Point (InP). Upon receipt, the InP verifies the digital signature, performs virus scanning (with infected messages quarantined for up to 30 months), and issues a server-server acceptance notification back to the sender's AP, confirming interoperability and receipt at the provider level. The InP then forwards the envelope to the recipient's Delivery Point (DP), which authenticates the recipient, deposits the message into their certified mailbox, and generates a delivery receipt containing details like the delivery timestamp and any header information. This receipt, also digitally signed, is relayed back through the providers to the original sender, providing legal proof of successful delivery equivalent to registered mail. In cases of failure, such as timeouts, invalid recipients, or detected malware, corresponding non-delivery or error notifications are issued with specific codes and timestamps, ensuring traceability while preventing unauthorized access or denial of service. Provider directories, queried via LDAP or HTTPS, facilitate routing by maintaining certified domain and certificate details, with all notifications including XML-embedded certification data for auditability. These mechanisms, rooted in digital signatures and timestamping, enforce non-repudiation, where neither sender nor recipient can plausibly deny the transaction's occurrence or content integrity post-delivery.

Security and Certification Protocols

Certified email systems prioritize security through protocols that guarantee message integrity, sender and recipient authenticity, non-repudiation of sending and delivery, and protection against tampering or unauthorized access. These mechanisms rely on cryptographic techniques, including digital signatures generated by certified providers using private keys stored in dedicated hardware, as recommended for Italian Posta Elettronica Certificata (PEC) implementations. Messages are processed within a closed network of accredited providers, avoiding external SMTP relays to minimize interception risks, with transport secured via TLS for internal communications. In PEC, the core certification protocol involves enveloping the original message in an S/MIME v3 CMS structure signed by the access point provider's X.509v3 certificate, which includes the digitalSignature key usage extension. Upon receipt at the incoming point, the signature is verified using SHA-1 hashes of the enveloped content and certificate revocation list (CRL) checks to confirm validity and unaltered state. Receipts for sending (Ricevuta di Accettazione), delivery (Ricevuta di Consegna), and non-delivery errors are generated as digitally signed XML documents containing timestamps in RFC 3339 format, precise to seconds, along with sender/recipient identities and event details, ensuring legally binding proof. Additional safeguards include mandatory virus scanning at access and incoming points with up-to-date signatures, quarantine of infected messages for 30 months, and formal checks on message size (under 30 MB) and valid PEC addresses. User authentication to PEC services employs mechanisms such as user-ID/password or electronic identification, while provider systems enforce access controls and audit logs. Confidentiality is not end-to-end by default but supported through optional S/MIME encryption; however, the system's legal focus emphasizes evidentiary integrity over secrecy, with HTTPS required for directory queries. As PEC transitions to the EU-wide Registered Electronic Mail (REM) under eIDAS Regulation (EU) No. 910/2014, protocols align with ETSI EN 319 531 for provider security policies and EN 319 532-4 for message formats. REM mandates CAdES baseline signatures (with SHA-256 digests) for messages and XAdES-B-T (including timestamps) for Electronic Registered Delivery Service (ERDS) evidence, using qualified X.509 certificates from trusted lists published by certification authorities. SMTP relays require TLS, and integrity checks cover all evidence components via signed digests, supporting interoperability across REM Interoperability Domains (REMIDs) while prohibiting modifications post-signing. Providers must comply with risk management, including key generation in hardware security modules and continuous monitoring, to qualify as trust services.

Interoperability and Standards Compliance

Certified email systems, particularly Italy's Posta Elettronica Certificata (PEC), adhere to specific technical protocols outlined in RFC 6109, which formalizes the architecture for sending, delivery, and certification while ensuring compatibility among accredited providers through standardized messaging formats and accreditation by the Italian Postal and Communications Certification Authority (CNIPA). Interoperability among PEC providers is maintained via mandatory compliance with Decree 2.11.2005, requiring uniform XML-based receipt generation and secure transport layers that preserve evidentiary integrity across networks. As part of the European Union's eIDAS Regulation revisions, PEC is transitioning to Registered Electronic Mail (REM), a qualified electronic delivery service (SERCQ) designed for cross-border interoperability, with implementation mandates accelerating from mid-2024 onward to replace national silos with harmonized protocols. REM standards, governed by ETSI EN 319 532-4, specify interoperability profiles for message formats, including advanced electronic signatures and timestamps, enabling seamless exchange between EU member states' systems while addressing prior limitations in PEC's national confinement. Complementary ETSI TS 102 640-3 establishes information security policies for REM management domains, ensuring consistent risk controls and auditability across providers. The e-SENS REM profile further facilitates technical alignment by defining open specifications for evidential services, such as delivery status notifications and non-repudiation proofs, tested through pilot interconnections that demonstrated reliable message routing between disparate REM implementations as early as 2015. In practice, Italian providers like Aruba PEC achieved REM conformity certification in June 2024, validating adherence to these standards for qualified electronic registered delivery services and paving the way for EU-wide operability without loss of legal equivalence. Challenges persist in retrofitting legacy PEC investments to REM protocols, but federated architectures proposed in academic frameworks support gradual interoperability by standardizing gateway exchanges between certified mail systems.

Italian PEC System

The Italian Posta Elettronica Certificata (PEC) system establishes a legally binding electronic communication method equivalent to registered paper mail with return receipt, ensuring certified proof of sending, delivery, and content integrity. Regulated under the Codice dell'Amministrazione Digitale (CAD), primarily Decreto Legislativo 7 marzo 2005, n. 82, PEC transmissions under Article 48 provide receipts opposable to third parties, guaranteeing non-repudiation of submission and delivery through timestamped electronic protocols. The Agenzia per l'Italia Digitale (AgID) oversees the system, defining technical rules, accrediting service providers, and maintaining a public register of qualified managers who must comply with security and interoperability standards. As of December 2024, approximately 16.2 million PEC addresses were active, reflecting widespread institutional adoption. PEC messages carry full evidentiary weight in legal proceedings, with authenticity and integrity protected unless disproven by the recipient, akin to judicial recognition of registered mail. Mandatory use applies to public administrations for all electronic interactions requiring certification, as stipulated in Article 6 of the CAD, extending to professionals enrolled in professional orders since November 2009 and to enterprises upon registration or by specific deadlines. From January 1, 2025, company directors must register a personal PEC address with the Companies Register, separate from the entity's address, with non-compliance risking administrative penalties. This framework supports official notifications, contractual exchanges, and administrative procedures, with alternatives like other certified delivery services permitted only if equivalently secure under eIDAS Regulation (EU) 910/2014.

Implementations in Other Jurisdictions

In France, the Lettre Recommandée Électronique (LRE) serves as a qualified electronic registered delivery service, granting the same legal effects as traditional paper registered letters, including proof of sending, receipt, and content integrity. Authorized since January 1, 2019, under French law implementing eIDAS Regulation (EU) No 910/2014, LRE requires qualified electronic signatures and timestamps from accredited providers to ensure non-repudiation and admissibility in court. Providers such as AR24 and La Poste offer LRE services, with over 10 million annual electronic registered mailings reported by 2023, primarily for contractual notifications, dismissals, and official summons. In Spain, there is no single official government-run certified email system directly equivalent to Italy's PEC. Functional equivalents are offered by accredited private operators providing "Correo Electrónico Certificado" services compliant with the EU eIDAS Regulation (EU) No 910/2014 for qualified electronic registered delivery services, delivering legal proof of sending, receipt, and content integrity comparable to registered mail. Notable providers include Correos and Lleida.net. For communications with public authorities, Spain uses the "Notificaciones Electrónicas" system via the "Dirección Electrónica Habilitada" (DEH) or its upgraded version DEHú, enabling public administrations to send legally binding electronic notifications to citizens and businesses with registered electronic addresses. Germany's De-Mail system, enacted via the De-Mail Act of 2011 and operational from 2012, enables legally secure electronic exchanges between citizens, businesses, and public authorities, equivalent to registered mail for evidentiary purposes. It mandates encrypted transmission, sender-recipient authentication via qualified certificates, and tamper-proof logging, accredited by the Federal Office for Information Security (BSI). Despite initial promotion for reducing administrative burdens, adoption remained low—with fewer than 1 million active accounts by 2020—leading to service discontinuations by major providers like Deutsche Telekom in 2023 and a government phase-out, shifting reliance to broader eIDAS-compliant alternatives. In Switzerland, Swiss Post's IncaMail provides encrypted email delivery with verifiable proof of sending, receipt, and content, suitable for confidential official correspondence and recognized under Swiss data protection laws for non-repudiation. Launched in 2004, it integrates with public administration platforms, allowing authorities to send legally binding documents without requiring recipients to have special software, though it lacks full equivalence to physical registered mail in all civil proceedings. Outside Europe, the United States lacks a national government-mandated certified email system but relies on commercial services like RPost's RMail, which generates court-admissible proof of content, timestamps, and delivery under the Uniform Electronic Transactions Act (UETA) and ESIGN Act of 2000. These services encrypt messages and provide forensic records, accepted in federal and state courts for evidentiary value, though they do not confer presumptive legal delivery like registered mail without additional judicial validation. Adoption is voluntary, primarily in legal, financial, and compliance sectors, with millions of annual transactions but no mandatory public infrastructure.

EU REM Transition and Harmonization Efforts

The European Union has pursued harmonization of certified email services through the development of Registered Electronic Mail (REM) standards, primarily under the eIDAS Regulation (EU) No. 910/2014, which establishes a framework for electronic registered delivery services (ERDS) to ensure cross-border recognition and interoperability. REM, defined as a qualified electronic delivery service, extends national systems like Italy's Posta Elettronica Certificata (PEC) by mandating compliance with EU-wide technical and security protocols, allowing messages sent via qualified REM providers to hold evidentiary value across member states. Key standardization efforts were led by the European Telecommunications Standards Institute (ETSI), which in 2019 published core specifications for REM, including ETSI EN 319 531 for policy and security requirements applicable to REM service providers (REMSP). These standards require providers to implement robust identity verification—such as through recognized electronic identification schemes and two-factor authentication—along with cryptographic protections for message integrity, non-repudiation, and delivery receipts, differing from PEC's national trust model by relying on EU Trusted Lists for cross-border validation. Complementary ETSI EN 319 532 documents outline protocols for REM message interoperability, formats, and conformance testing, facilitating migration from siloed national systems to a unified EU framework. Transition efforts in Italy, where PEC has been mandatory for businesses and public administrations since 2005, began accelerating in 2023–2024 to align with REM requirements, prompted by eIDAS revisions emphasizing ERDS. Italian providers must obtain qualified status as SERCQ (Servizio Elettronico di REConsegna Qualificato) under REM protocols, involving audits for compliance with ETSI baselines; for instance, Aruba PEC became the first Italian provider to receive REM conformity certification in June 2024. While full mandatory migration awaits a Decree of the President of the Council of Ministers (DPCM), voluntary adaptations enable Europe-wide PEC/REM interoperability from mid-2024, with PEC addresses resolvable via DNS for REM routing. Broader EU harmonization focuses on mutual recognition among qualified trust service providers, reducing fragmentation where only 10–15% of certified emails currently cross borders due to incompatible standards. The 2023 eIDAS proposal integrates REM into ERDS governance, requiring providers to meet ETSI EN 319 531 thresholds for qualified status, with ongoing ETSI work (e.g., TR 119 520-1 in 2024) extending baselines to full ERDS interoperability. Challenges include varying national implementation paces, but the framework prioritizes evidentiary equivalence to traditional registered mail, supported by EU funding for digital single market initiatives.

Adoption Patterns

Mandatory Usage Requirements

In Italy, the Posta Elettronica Certificata (PEC) system mandates that all companies register a PEC address with the Companies Register upon incorporation, serving as their official digital domicile under Legislative Decree No. 82/2005. This requirement extends to professionals enrolled in mandatory professional orders, such as lawyers, accountants, and engineers, who must obtain and declare a PEC address for official communications. Since June 20, 2014, all electronic communications between enterprises and Italian public administrations must be conducted via PEC to ensure legal validity equivalent to registered mail. Effective January 1, 2025, and as of 2026, company directors, including those of corporations and partnerships, are required to personally obtain and register an individual PEC address with the Companies Register, as clarified by the Ministry of Enterprises and Made in Italy. Outside Italy, no equivalent certified email systems impose broad mandatory usage for businesses or government interactions as of 2025; implementations in jurisdictions like Switzerland, Germany, and Hong Kong provide certified options but lack equivalent legal compulsions for registration or primary use in official dealings. Within the EU, ongoing harmonization toward Registered Electronic Mail (REM) under revised eIDAS regulations emphasizes interoperability and legal recognition but does not yet enforce mandatory adoption across member states.

Voluntary and Commercial Applications

In commercial contexts, certified email services are voluntarily adopted by enterprises to establish verifiable delivery and content integrity for non-mandated communications, such as contract proposals, invoice transmissions, and supplier confirmations, thereby minimizing disputes over receipt or terms. These applications leverage the technology's audit trails, which record timestamps, sender identity, and recipient acknowledgment, providing evidentiary value admissible in courts under frameworks like the U.S. ESIGN Act. For example, financial institutions use certified email to dispatch billing statements and transaction confirmations, ensuring compliance with record-keeping requirements while reducing reliance on physical mail. Human resources and legal departments in businesses employ certified email for voluntary notifications, including policy updates, termination letters, and non-litigious settlements, where proof of delivery supports internal audits and employee relations without invoking statutory mandates. Insurance providers similarly apply it for claim acknowledgments and premium reminders, enhancing operational efficiency by automating proof generation over traditional methods. Commercial services facilitate this through subscription-based platforms; RPost's RMail, operational since 2000, offers certified delivery for $15 per user monthly, integrating with enterprise systems for scalable use in credit collections and contract management. In jurisdictions like Italy, where PEC is required for corporate entities, voluntary extensions occur among professionals and individuals for commercial dealings, such as freelance invoicing or partnership agreements, yielding cost savings over registered post—estimated at significant reductions via digital substitution rates derived from adoption trends. Providers like Keliweb emphasize its utility in unlimited-volume exchanges for bureaucratic-commercial hybrids, underscoring voluntary uptake for efficiency in sectors beyond strict regulatory needs. Overall, these applications prioritize causal reliability in asynchronous business interactions, with services verifying non-repudiation to foster trust in voluntary digital workflows.

Comparative Global Penetration

Certified email penetration varies markedly across jurisdictions, driven primarily by legal mandates and integration with public administration. Italy exhibits the highest adoption globally through its Posta Elettronica Certificata (PEC) system, where usage is compulsory for all enterprises since 2013, professionals, and public authorities. As of 2022, approximately 15 million active PEC addresses were in use, facilitating over 2.5 billion certified messages annually, equivalent to roughly 25% population coverage given Italy's 59 million residents, though concentrated among commercial and governmental entities. Projections indicate growth to 20 million addresses and 3.5 billion messages by 2026, underscoring sustained high penetration amid ongoing digitization efforts. In other European nations, similar systems exist but with comparatively lower uptake due to less stringent enforcement. Germany's De-Mail, launched in 2012 for authenticated electronic correspondence with authorities, has failed to achieve meaningful adoption rates, hampered by public preference for traditional methods and implementation challenges. France mandated certified email addresses for corporate directors and partnerships effective January 1, 2025, signaling emerging but currently limited penetration focused on business leadership rather than broad usage. Spain does not have a single official system directly equivalent to Italy's PEC. Instead, functional equivalents consist of "Correo Electrónico Certificado" services provided by accredited private operators (such as Correos and Lleida.net) that comply with the EU eIDAS regulation for qualified electronic registered delivery. For communications with public authorities, Spain uses the "Notificaciones Electrónicas" system via the "Dirección Electrónica Habilitada" (DEH) or DEHú. Adoption in Spain and other EU states remains tied to voluntary or sector-specific requirements rather than universal mandates. The European Union's Registered Electronic Mail (REM) standard, defined by ETSI in 2019, seeks cross-border interoperability to supplant fragmented national systems like PEC, but implementation remains transitional as of 2025, with penetration confined to early adopters in compliant member states. Switzerland recognizes electronic registered mail platforms for legal equivalence to postal services, primarily through private providers like IncaMail, though without mandatory adoption, resulting in niche rather than widespread use. Hong Kong employs certified email for evidentiary purposes akin to registered post, but data on user base indicate specialized application without broad societal penetration. Beyond Europe and select adopters, certified email penetration is negligible, absent national frameworks and reliant on commercial services offering proof-of-delivery without inherent legal presumptions of validity. In the United States, United Kingdom, Australia, and Canada, private tools like RMail provide certified delivery records admissible in courts, yet these serve isolated legal or contractual needs rather than systemic integration, yielding adoption rates far below 1% for routine communications. This disparity highlights certified email's concentration in regulatory-heavy environments, where mandates correlate directly with usage scale.

Benefits and Efficacy

Evidentiary and Operational Advantages

Certified email systems deliver evidentiary advantages through mechanisms that establish non-repudiation, proof of dispatch, delivery, and content integrity, rendering them equivalent to traditional registered mail in jurisdictions like Italy's PEC framework. Under Italian DPR 68/2005, Article 48, a PEC message sent to another PEC address possesses full legal probative value for transmission and receipt, certified by timestamps, sender/recipient identities, and cryptographic hashes that prevent alteration or denial of participation. This structure ensures courts accept PEC receipts (.eml or .msg formats) as authentic evidence without requiring additional validation, unless contested with counterproof, thereby streamlining dispute resolution in civil and administrative proceedings. Operational benefits stem from the instantaneous delivery and automation inherent to email protocols, combined with legal safeguards that eliminate the delays and manual handling of physical mail. PEC adoption in Italy has yielded €6 billion in cumulative savings from 2008 to 2026 by replacing registered paper letters, including €3.5 billion realized by 2022 and €2.5 billion projected for 2023-2026, primarily through reduced printing, postage, and processing costs. Individual communications via certified email can achieve up to 87% cost reductions relative to equivalent postal services, while offering API integrations for workflow efficiency and inherent protections against malware in transit. These advantages extend to enhanced traceability, with delivery reports providing verifiable audit trails that support compliance in regulated sectors, outperforming unsecured email in reliability without sacrificing speed.

Empirical Evidence of Effectiveness

A joint study commissioned by certified email providers TIM, Aruba, and InfoCert estimated that Italy's PEC system generated approximately €6 billion in cumulative savings from 2008 to 2026, primarily through reduced paper-based correspondence, administrative processing times, and postal costs associated with traditional registered mail. These savings stem from PEC's role in digitizing legal notifications, invoices, and public administration communications, with operational efficiencies quantified via replacement of physical mail volumes tracked by AgID data. In 2022, PEC usage reached 15 million active addresses and over 2.5 billion messages exchanged, reflecting sustained reliability in high-volume legal and commercial contexts without reported systemic delivery failures in official records. Projections from IDC indicate growth to 20 million addresses and 3.5 billion annual messages by 2026, underscoring PEC's effectiveness in scaling secure electronic delivery for mandatory uses like company registrations and court filings. Italian courts consistently affirm PEC's evidentiary value, equating its digitally signed receipts for sending and delivery to traditional registered mail, with case law upholding notifications even in edge cases such as full mailboxes. This legal robustness has facilitated its integration into civil proceedings, reducing notification disputes compared to paper methods, though comprehensive independent audits of dispute resolution rates remain limited. For the emerging EU REM framework, empirical data is nascent due to its post-2024 rollout, but interoperability tests demonstrate equivalent proof mechanisms to PEC, with initial cross-border pilots confirming delivery integrity under eIDAS standards. Overall, while provider-led analyses dominate available metrics, PEC's track record provides causal evidence of enhanced efficiency in evidentiary communications, tempered by the absence of large-scale, peer-reviewed comparisons to non-certified alternatives.

Criticisms and Limitations

Practical Drawbacks and Costs

Certified email systems, particularly national implementations like Italy's Posta Elettronica Certificata (PEC), operate as closed networks requiring both sender and recipient to maintain dedicated certified mailboxes, which limits interoperability with standard email addresses and necessitates fallback to physical or alternative digital methods for non-participants. This restriction reduces practical utility in diverse communication scenarios, as recipients without accounts cannot receive certified messages, potentially delaying legal or official notifications until account setup or alternative channels are used. Subscription costs for certified mailboxes represent an ongoing expense absent in conventional email, with annual fees typically ranging from €5 to €25 plus VAT, varying by provider, storage limits, and features such as invoice reading services. For example, Aruba's standard PEC plan charges €9.90 plus VAT per year for 1GB storage, while European-oriented PEC services start at €24.99 for the initial year. Low-volume users may find these fees disproportionate, as sending is bundled into the subscription but storage constraints (e.g., 1GB limits) can incur additional upgrade costs or require manual archiving. Users face administrative burdens from managing separate certified accounts, often via provider-specific web portals or clients incompatible with seamless integration into everyday email workflows, leading to fragmented communication practices. Reliance on accredited trust service providers under regulations like eIDAS introduces risks of service outages or provider failures, as seen in transitional phases from national systems to EU-wide REM, where incomplete harmonization can amplify setup complexities and temporary disruptions. While cheaper than physical registered mail (e.g., €25–€40 per burofax delivery), the cumulative costs of subscriptions, training, and hybrid workflows erode efficiency gains for infrequent users.

Security and Reliability Concerns

Certified email systems, while designed to provide non-repudiation and legal proof of delivery, remain susceptible to account credential theft, enabling attackers to impersonate senders and dispatch fraudulent messages with apparent legal validity. In Italy's Posta Elettronica Certificata (PEC) system, criminals have exploited stolen credentials to send scam emails disguised as legitimate invoices, prompting recipients to engage with malware-laden attachments due to the binding nature of certified delivery receipts. Such incidents, including campaigns distributing MintsLoader malware via PEC, have affected businesses by wasting resources on verification and remediation, with one reported case involving losses in the thousands of euros across hundreds of addresses. Underlying cryptographic protocols in certified email, such as S/MIME for digital signatures and encryption, inherit vulnerabilities from standards like PGP and S/MIME, including the EFAIL attack vector identified in 2018, where attackers can exploit HTML rendering or external links to exfiltrate plaintext from supposedly encrypted messages if they compromise email servers or metadata. European researchers demonstrated that these flaws allow retroactive exposure of message contents without decrypting ciphertext directly, recommending discontinuation of PGP/S/MIME in favor of alternatives like Signal for sensitive communications. Although patches exist, incomplete adoption and reliance on email clients for rendering exacerbate risks in certified systems, where signatures provide authenticity but not foolproof confidentiality against targeted attacks. Reliability concerns arise from provider-dependent architectures, where lax spam filtering—imposed by legal mandates to avoid blocking valid certified messages—permits malicious traffic to reach inboxes, as evidenced by Italian court rulings holding recipients responsible for checking spam folders in PEC disputes. This minimal intervention by operators creates single points of failure; service outages or breaches, such as the 2024 Infocert hack affecting PEC-linked data, undermine trust in delivery proofs and timestamps. Transition to EU-wide Registered Electronic Mail (REM) under eIDAS may amplify these issues by expanding the attack surface across borders without fully resolving national vulnerabilities.
  • Key Mitigation Gaps: Certified email protocols like ETSI EN 319 532 prioritize interoperability over robust endpoint security, leaving systems exposed to phishing-induced compromises that bypass non-repudiation features.
  • Empirical Incidence: In 2024, multiple malspam waves via PEC targeted Italian entities, leveraging certified status for higher open rates than standard phishing.

Ongoing Challenges and Future Outlook

Interoperability and Cross-Border Issues

National implementations of certified email, such as Italy's Posta Elettronica Certificata (PEC) established by Presidential Decree No. 68/2005, provide legal equivalence to registered mail domestically but fail to ensure automatic cross-border recognition within the EU due to divergent technical and regulatory frameworks. Similar systems in other member states, including France's AR24 and Spain's equivalents, operate under local laws without inherent compatibility, complicating secure electronic delivery for international business and public administration. This fragmentation has historically required fallback to traditional postal services or alternative notarized methods for cross-border validity, increasing costs and delays. The EU's eIDAS Regulation addresses these gaps by recognizing Qualified Electronic Registered Delivery Services (QERDS), which mandate proof of sending, receipt, and content integrity with EU-wide legal effect. The Registered Electronic Mail (REM) protocol, standardized by ETSI in EN 319 532 series documents since 2019, facilitates interoperability through specified message formats, advanced electronic signatures, and secure transport mechanisms compatible with national systems. REM evolves from protocols like PEC, enhancing authentication via qualified certificates while enabling federated trust among providers. Implementation challenges remain, including transitional mismatches during national migrations—Italy's shift from PEC to REM, for instance, is slated for late 2025 to early 2026 pending final decree approval. Commission Implementing Regulation (EU) 2025/1944, adopted on September 29, 2025, imposes interoperability requirements for QERDS such as standardized authentication (REQ-QERDS-5.2) and security protocols, but compliance varies by provider qualification and member state enforcement. A May 2025 public consultation on the QERDS Act highlighted needs for refined standards to balance innovation with trust ecosystem reliability, underscoring ongoing hurdles in cross-border scalability. Beyond the EU, interoperability is negligible, as jurisdictions like the United States rely on general ESIGN Act provisions without certified delivery equivalents, necessitating case-by-case legal bridges or hybrid approaches.

Potential Reforms and Technological Integrations

The Registered Electronic Mail (REM) system, introduced as a European Union standard, seeks to reform national certified email frameworks like Italy's Posta Elettronica Certificata (PEC) by establishing EU-wide legal validity and interoperability. REM mandates stronger user identification through systems such as SPID or CIE, along with two-factor authentication like OTP, contrasting PEC's optional measures and national scope. This reform facilitates secure cross-border communications for businesses and administrations, with providers interconnected via a Common Service Interface (CSI) and domain detection through DNS protocols, replacing PEC's centralized mechanisms. Migration timelines project completion between late 2025 and early 2026, following regulatory approvals, to minimize disruptions while aligning with eIDAS regulations. Technological integrations propose leveraging blockchain to decentralize certified email processes, eliminating reliance on a single trusted third party (TTP). Protocols developed in research utilize blockchain for fair delivery and receipt verification, achieving properties such as non-repudiation, confidentiality, and resistance to collusion without offline TTP intervention. These approaches distribute trust across a network, potentially reducing single points of failure and enhancing scalability for global use, though practical deployment remains exploratory as of 2021 publications. Further reforms emphasize federated standards for interoperability among disparate certified mail systems. A proposed framework enables arbitrary systems to interconnect through a federated architecture, allowing message routing and certification equivalence without proprietary silos. This addresses cross-border legal gaps, where technical compatibility exists but harmonized recognition lags, as noted in European analyses calling for unified evidentiary rules. Such integrations could extend to advanced signatures like XAdES in REM, supporting broader digital ecosystem compatibility.

References

  1. https://www.tecalis.com/blog/certified-email-registered-what-is-electronic-mail-digital-e-mail-certificates-free-send-emails
  2. https://blog.eevidence.com/en/what-is-a-registered-email/
  3. https://www.signaturit.com/blog/what-is-a-certified-email/
  4. https://www.afilnet.com/en/certified-email/everything-you-need-to-know-about-certified-email/
  5. https://mailcommsgroup.com/en/blog/email-certificate-legal-industry/
  6. https://registeredemail.com/legality/legal-email-delivery-proof-united-states
  7. https://focus.namirial.com/en/what-is-a-certified-email/
  8. https://detulliolawfirm.com/rem-registered-electronic-mail/
  9. https://link.springer.com/article/10.1007/s11623-010-0094-3
  10. https://www.keliweb.it/billing/knowledgebase/10247/PEC--Certified-E-mail-why-when-and-how-to-use-it.html
  11. https://docbox.etsi.org/esi/open/Archive/RegisteredEmail/Questionnaire/STF318-REM-overview-1.0.pdf
  12. https://www.etsi.org/deliver/etsi_en/319500_319599/31953204/01.03.01_60/en_31953204v010301p.pdf
  13. https://www.vianova.it/en/services/cem/
  14. https://www.vademecumitalia.com/pec-what-is-it-why-should-you-need-a-pec-address-and-how-to-get-one/
  15. https://en.360nrs.com/bulk-emails/certified-email
  16. https://www.altapec.it/en/frequently-asked-questions/
  17. https://mejor-hosting.com/en/mailbox-standard-mail-vs-mail-pec-what-are-the-differences/
  18. https://aruba.it/magazine/pec/andamento-del-mercato-pec-negli-anni.aspx
  19. https://www.normattiva.it/uri-res/N2Ls?urn:nir:stato:legge:2003-01-16;3!vig=
  20. https://www.normattiva.it/uri-res/N2Ls?urn:nir:presidente.repubblica:decreto:2005-02-11;68
  21. https://www.agid.gov.it/sites/default/files/repository_files/leggi_decreti_direttive/dpr_11-feb-2005_n.68.pdf
  22. https://www.hostingsolutions.it/en/regulation/pec-services
  23. https://datatracker.ietf.org/doc/rfc6109/
  24. https://www.odcec.cl.it/media/attachments/2016/12/10/20140512850.pdf
  25. https://interoperable-europe.ec.europa.eu/collection/egovernment/document/it-italian-certified-electronic-mail
  26. https://www.rfc-editor.org/rfc/rfc6109.html
  27. https://ieeexplore.ieee.org/document/7182467
  28. https://ec.europa.eu/digital-building-blocks/sites/download/attachments/619382040/eDelivery_ICN_4%2520set%2520of%2520slides_11052023.pdf?version=1&modificationDate=1684853313341&api=v2
  29. https://www.etsi.org/deliver/etsi_en/319500_319599/31953201/01.01.01_60/en_31953201v010101p.pdf
  30. https://www.etsi.org/deliver/etsi_en/319500_319599/31953203/01.03.01_60/en_31953203v010301p.pdf
  31. https://www.etsi.org/deliver/etsi_tr/119500_119599/119530/01.01.01_60/tr_119530v010101p.pdf
  32. https://dl.acm.org/doi/fullHtml/10.1145/3560107.3560256
  33. https://www.intesa.it/en/rem-certified-email-the-new-european-standard-for-secure-communications/
  34. https://www.etsi.org/deliver/etsi_en/319500_319599/31953202/01.01.01_60/en_31953202v010101p.pdf
  35. https://dl.acm.org/doi/10.1145/3560107.3560256
  36. https://datatracker.ietf.org/doc/html/rfc6109
  37. https://www.altapec.it/en/pec/how-does-a-pec-work/
  38. https://www.etsi.org/deliver/etsi_en/319500_319599/319531/01.00.00_20/en_319531v010000a.pdf
  39. https://www.etsi.org/deliver/etsi_en/319500_319599/31953204/01.03.00_20/en_31953204v010300a.pdf
  40. https://www.intesa.it/en/what-changes-with-the-rem-or-european-pec-in-5-points/
  41. https://www.etsi.org/deliver/etsi_ts/102600_102699/10264003/02.01.02_60/ts_10264003v020102p.pdf
  42. https://ec.europa.eu/digital-building-blocks/sites/display/DIGITAL/Connector%2Bspecifications
  43. https://uktechnews.co.uk/2024/06/14/aruba-pec-the-first-company-in-italy-to-obtain-a-certificate-of-conformity-for-qualified-electronic-registered-delivery-services-based-on-rem-standards/
  44. https://www.sciencedirect.com/science/article/abs/pii/S0920548912000463
  45. https://www.normattiva.it/uri-res/N2Ls?urn:nir:stato:decreto.legislativo:2005-03-07;82~art48
  46. https://www.agid.gov.it/it/piattaforme/posta-elettronica-certificata
  47. https://www.normattiva.it/uri-res/N2Ls?urn:nir:stato:decreto.legislativo:2005-03-07;82
  48. https://www.infocert.it/pec-obbligo-normativo
  49. https://aruba.it/magazine/pec/dal-2025-pec-obbligatoria-per-gli-amministratori-di-societa.aspx
  50. https://www.milomb.camcom.it/en/obbligo-di-iscrivere-il-domicilio-digitale-degli-amministratori-e-liquidatori-delle-societa
  51. http://eur-lex.europa.eu/legal-content/IT/TXT/?uri=CELEX:32014R0910
  52. https://www.service-public.fr/particuliers/vosdroits/F31463
  53. https://www.laposte.fr/entreprise-collectivites/actualites/lettre-recommandee-electronique-pour-professionnels
  54. https://www.ar24.fr/
  55. https://www.correos.es/es/es/particulares/herramientas/correo-electronico-certificado
  56. https://www.lleida.net/en/certified-email
  57. https://www.administracionelectronica.gob.es/pae_Home/pae_Servicios/pae_NotificacionesElectronicas/pae_DireccionElectronicaHabilitada.html
  58. https://www.bsi.bund.de/EN/Themen/Verbraucherinnen-und-Verbraucher/Informationen-und-Empfehlungen/Digitale-Verwaltung/De-Mail/de-mail_node.html
  59. https://www.fp-dbs.com/en/de-mail
  60. https://www.ftapi.com/en/blog/de-mail-alternative-what-do-i-need-to-consider-now
  61. https://digital-solutions.post.ch/en/digital-business/data-security-solutions/incamail
  62. https://web.incamail.com/en/
  63. https://registeredemail.com/product/registered-email-and-the-law
  64. https://rmail.com/features/certified-proof-of-content-delivered
  65. https://it.andersen.com/en/pec-compliance-with-european-standards/
  66. https://www.etsi.org/deliver/etsi_tr/119500_119599/11952001/01.01.01_60/tr_11952001v010101p.pdf
  67. https://www.milomb.camcom.it/en/certified-email-pec
  68. https://italianbusinesslawyers.com/pec-obligations-for-companies-in-italy/
  69. https://www.keliweb.com/billing/knowledgebase/10247/PEC--Certified-e-mail-why-when-and-how-to-use-it.html
  70. https://www.gazzettaufficiale.it/eli/id/2014/06/24/14G00105/sg
  71. https://www.cocuzza.it/en/2025/03/26/mandatory-certified-e-mail-pec-for-company-directors-what-changes-in-2025/
  72. https://it.andersen.com/en/pec-obligation-for-company-directors-what-will-change-from-2025/
  73. https://www.auxadi.com/blog/2025/07/23/italy-obligation-directors-certified-mail-pec/
  74. https://rpost.com/
  75. https://shop.rpost.com/products
  76. https://enterprise.aruba.it/documents/whitepapers/en/benefits-and-opportunities-of-italian-certified-email-whitepaper-2024.aspx
  77. https://www.keliweb.com/billing/knowledgebase/10247/PEC--Certified-E-mail-why-when-and-how-to-use-it.html
  78. https://www.gruppotim.it/en/press-archive/market/2024/PR-Study-PEC-TIM-Aruba-Infocert-ENG.html
  79. https://carnegieendowment.org/posts/2019/05/the-encryption-debate-in-germany?lang=en
  80. https://www.osborneclarke.com/insights/new-certified-email-address-obligation-confirmed-directors-corporations-and-partnerships
  81. https://web.incamail.com/en/e-mail-encryption/electronic-registered-mail-with-incamail
  82. https://registeredemail.com/
  83. https://www.letterasenzabusta.com/news/863/raccomandata-elettronica-valore-probatorio.htm
  84. https://studiolegalespreafico.com/la-validita-della-posta-elettronica-certificata-e-dei-suoi-allegati/
  85. https://www.altalex.com/documents/2025/05/05/efficacia-probatoria-pec-formato-originale-garanzia-contraddittorio
  86. https://www.firstonline.info/en/pec-6-miliardi-di-risparmi-attive-in-italia-15-milioni-di-caselle/
  87. https://www.roedl.com/insights/italy-pec-civil-proceedings-certified-electronic-mail-inter-private-realtionships
  88. https://italychronicles.com/to-pec-or-not-to-pec/
  89. https://aruba.it/en/pec-price-list.aspx
  90. https://europeanpec.it/
  91. https://itsolutionsrl.it/2021/09/certified-e-mail-an-efficient-and-secure-service/?lang=en
  92. https://blog.eevidence.com/en/registered-email-vs-burofax-legal-economic-and-practical-comparison/
  93. https://www.spamhaus.org/resource-hub/cybercrime/pec-invoice-scam/
  94. https://www.forcepoint.com/blog/x-labs/malicious-javascript-code-sent-via-pec-email-italy
  95. https://www.reuters.com/article/technology/popular-encrypted-email-standards-are-unsafe-european-researchers-idUSL5N1SL3XT/
  96. https://en.ilsole24ore.com/art/spid-hackers-against-infocert-stolen-information-from-millions-of-users-AGnDOQ2B
  97. https://www.etsi.org/deliver/etsi_en/319500_319599/31953203/01.03.00_20/en_31953203v010300a.pdf
  98. https://www.recordedfuture.com/research/uncovering-mintsloader-with-recorded-future-malware-intelligence-hunting
  99. https://dl.acm.org/doi/abs/10.1145/3560107.3560256
  100. https://www.sciencedirect.com/science/article/abs/pii/S0267364912001987
  101. https://www.eurlexa.com/act/en/32025R1944/present/text
  102. https://ec.europa.eu/digital-building-blocks/sites/pages/viewpage.action?pageId=902432030
  103. https://www.researchgate.net/publication/353203966_Blockchain-Based_Fair_and_Secure_Certified_Electronic_Mail_Without_a_TTP
  104. https://www.researchgate.net/publication/257319195_An_interoperability_standard_for_certified_mail_systems
Add your contribution
Related Hubs
User Avatar
No comments yet.