Author: Marcel Kurz

Trust service provider according to EU Regulation eIDAS

Signing contracts digitally is often much more effective and cost-efficient than the traditional paper version of signing. However, to benefit from the advantages of secure digital signing, the services of so-called trust service providers are required. In this guide, you will discover what trust service providers are and their different services.

Was sind Vertrauensdiensteanbieter?

Hand about to bang gavel on sounding block in the court room

What exactly trust services and their tasks are is precisely defined in the EU eIDAS Regulation, Article 3 (16). The trust service is an electronic service usually provided for a fee. Trust services aim to enable electronic transactions securely in the digital space. Trust service providers are, therefore, companies or organizations that specialize in offering certain electronic services, such as the creation of electronic signatures, seals, or time stamps.

Qualified Trust Service providers

According to Article 3 (17) of the eIDAS Regulation, to be considered a qualified trust service provider, trust service providers must comply with the relevant requirements of eIDAS.

Compliance with these requirements is verified every two years by an accredited conformity assessment body, and the result is communicated to the competent supervisory authority. A trust list per EU member state and a seal of approval validate the qualified trust service providers. The European Commission also provides a tool through the CEF Digital program with which anyone can search the national trust lists, the so-called EU Trusted List.

Tasks of a Trust Service

According to Article 3 (16) of the eIDAS Regulation, the tasks of trust services include the following services: Creation, verification, and validation of electronic signatures, seals, time stamps, and electronic certificates
electronic certificates affected by these services. In addition, trust services also include the preservation of electronic signatures, seals, and certificates.

Relevance of Trust Services

Trust services are an essential component for the secure execution of transactions on the Internet. Trust services are necessary to be sure, for example, whether a document has been modified before it is sent or whether the person who sent it is who they claim to be.

Interesting laws, regulations, and standards for trust service providers

The eIDAS Regulation

For the European Union, the eIDAS Regulation is the legal basis for trust services. It lays down binding regulations on "electronic identification" and "electronic trust services" that all member states within the European Union must adhere to.

National legal acts of the Member States

The national legal acts ensure the implementation and execution of the eIDAS Regulation in the individual member states. In Germany, for example, the eIDAS Implementation Act describes the necessary national regulations for eIDAS implementation, which was adopted by the German Federal Government in 2017. The Signature and Trust Services Act (VDG) from 2018 exists in Austria.

Implementing Regulations of the European Commission

The implementing regulations of the European Commission concretize specific security and regulatory aspects of the eIDAS Regulation. They specify technical standards, requirements, norms, and formats. These include, for example:

  • Formats for trust lists
    • Minimum requirements for technical specifications and procedures for security levels of electronic identification means
    • Formats of advanced electronic signatures and advanced seals
    • Standards for the security evaluation of qualified signature and seal creation devices
  • Form of an EU visual trust mark for qualified trust services

ETSI standards

The specific descriptions in the supplementary eIDAS implementing regulations increasingly refer to various ETSI, CEN, and ISO standards. ETSI stands for the non-profit standardization organization, European Telecommunications Standards Institute. The organization creates globally applicable standards for information and communication technology. Further details at: www.etsi.org

Types of Trust Services

Swisscom Trust Services offers the following trust services by the EU Regulation eIDAS:

Electronic seals

An electronic seal can be used as an official seal or as a company stamp.

Electronic signatures

Electronic signatures make signing documents digitally and legally securely possible.

Electronic time stamps

Electronic time stamps prove a document was available in a corresponding form at a particular time.

 

Share this post

printer Copied! copy email facebook linkedin twitter