eIDAS & Trust Services
The strategy for an European Internal Market has long been at the top of the EU Commission’s list of priorities. As a result, legal regulations such as the eIDAS – REGULATION (EU) No 910/2014 or the Payment Services Directive 2 (PSD2, DIRECTIVE (EU) 2015/2366) have been established. The Regulations provide a common foundation for secure electronic interaction between citizens, businesses and public authorities. They define the EU-wide legally binding basis for digital financial transactions and trade relations as well as for secure data exchange in other areas of economy and administration.
Providers and users are confronted with a number of binding laws – like eIDAS and the local EU-Member State regulations detailing the rules for Trust Services. Technically the law is supported by a number of ETSI and CEN norms. Most important to be mentioned here are: ETSI EN 319 401 (for all Trust Services), ETSI EN 319 411-1/2 (for Trust Services issuing electronic certificates for natural and legal persons or for websites) and ETSI EN 319 421 (for Trust Services issuing electronic time stamps).. Others focus on Validation Services, Registered Electronic Delivery or Preservation Services. All these services can be implemented on EU qualified level with the services provider listed on the official EU Trusted List.
With regard to server and website certificates there are requirements of the CA/Browser-Forum to be considered. Amongst these there are the Baseline Requirements (BRG), Network Security Requirements, Extended Validation Guidelines (EVCG), Code-Signing Guidelines to be mentioned as well as the Browser Root Store Policies. TUV TRUST IT is active in the Forum in order to keep track and ensure up to date support for our clients.
We are happy to support you – whether service provider or user – with our expertise for many years in the interpretation of legal, normative and CA/B-Forum requirements. We carry out GAP-analyses together with you and examine your questions on the subject in tailor-made workshops and training sessions. Furthermore, we support you in implementing and developing your service in a way that it meets the legally binding requirements. The relevant audits and certifications afterwards can then be carried out via our accredited conformity assessment body providing a corresponding conformity assessment report (CAR) after successful eIDAS audit.