Certified e-mail, currently only available in Italy, Switzerland and Hong Kong, is an e-mail box with specific characteristics and gives messages sent through it the same legal value as registered mail with return receipt. In order to be considered as such, certified electronic mail must follow the rules laid down in Presidential Decree. 68/2005. These rules, together with others (including, in particular, the Digital Administration Code, Legislative Decree No. 235/2010), establish their legal validity. The operation of PEC, which appears to be identical to a normal mailbox, differs from traditional e-mail due to the presence of some fundamental steps that are not normally foreseen, namely: when sent, the e-mail reaches the sender’s mailbox manager, who checks it and sends a receipt with the exact time as confirmation of actual sending; once checked, it is sent to the recipient’s mailbox manager who, after confirming to the sender the exact date of receipt, sends it definitively to the recipient. PEC operators are also established by a special body, AGID (AGenzia per l’Italia Digitale), which is responsible for monitoring PEC itself.

In order to better understand the differences between PEC and traditional mail, let us examine some of the advantages and disadvantages of this service: the first advantage, as already mentioned, is that it is legally valid like a registered letter with return receipt and proves the truthfulness of the content of the message as it is unchangeable; however, this characteristic is only applicable when both communicating boxes (sender and recipient) are PEC. Another advantage of certified e-mail is that the public administration is obliged to accept PEC communications and initiate any administrative processes following requests, complaints and acts. The cost of managing a certified mailbox can also be lower than the costs of sending registered mail on paper, which increase as the number of sheets and weight increase. Another fundamental feature of the certified e-mail service is the absence of viruses, spyware and malware in the delivered messages: the managers are in charge of checking every message sent and received and eliminating any threats before they reach the user. The only obvious flaw in the PEC organisational system lies in the practicality of the service itself: since the box can be consulted from the user’s PC, it is impossible to defend the messages and their contents from malicious software already present on the computer, thus leaving part of the responsibility with the user. Furthermore, certified e-mail is unfortunately not recognised as an international security standard, unlike other tracking and digital signature methods such as RCF 3798.

Marco Serico