Identity

eIDAS Trust Service Provider Assessments

Consult our experts. We are happy to support you.

EU Member States have been using trust services and electronic ID systems for many years, but under the new eIDAS Regulation these services and systems must be available to all EU citizens, meaning that an electronic ID from one country can be used for services in the entire EU.


The eIDAS Regulation defines requirements for Trust Service Providers (TSP) and their systems providing Qualified Trust Services. Qualified TSPs (QTSP) must demonstrate compliance to these requirements to a responsible Supervisory Body via a Conformity Assessment (evaluation) performed by an accredited Conformity Assessment Body.

What atsec offers:

As an eIDAS recognized testing laboratory, atsec is able to perform the Conformity Assessment that demonstrates your products meet the requirements laid out in the eIDAS Regulation.

eIDAS Regulation:

The term eIDAS refers to the EU Regulation No 910/2014 on “electronic identification and trust services for electronic transactions”. If you are interested in knowing more or downloading the regulation, please visit:

Why our services are important to you:

By passing the assessment, providers receive a Mark of Conformity and appear on the Member State’s Trusted List. Conformity Assessments must then take place periodically for a QTSP to maintain their qualified status.

To facilitate passing the assessment, atsec brings decades of experience working with IT security and quality evaluations to the table.

More information:

For more formation regarding eIDAS, please visit:

Qualified Trust Services

There are five main Qualified Trust Services defined by the eIDAS regulation. The QTSP must comply with both the general requirements of a QTSP and those related to a specific trust service.

Issuing Qualified Electronic Signatures 
(Art. 25) The signature has the equivalent legal effect of a handwritten signature. It is based on a Qualified Certificate and created using a Qualified Signature Creation Device (QSCD).

Issuing Qualified Electronic Seals 
(Art. 35) The seal shows the correctness of the origin and integrity of the data to which the seal is linked. It is based on a Qualified Certificate and created using a Qualified Signature Creation Device (QSCD).

Qualified Validation (Signatures/Seals)
(Art. 32 or 40) Validation shall confirm the validity of a Qualified Electronic Signature or Seal provided that it has been issued correctly and the integrity has not been compromised.

Qualified Preservation (Signatures/Seals) (Art. 34 or 40) Preservation means using procedures and technologies capable of extending the trustworthiness of the Qualified Electronic Signature or Seal beyond the technological validity period.

Qualified Electronic Time Stamps
(Art. 42) The time stamp binds the date and time to data so that any changes to the data will be detected, and it is based on an accurate time source linked to UTC.

Qualified Electronic Registered Delivery Services
(Art. 43) Data sent using a delivery service shall show the integrity of the data, the sender, receipt by the addressee and the accuracy of the date and time of sending, receiving and any changes to the data.

Still have questions?

Can’t find what you’re looking for? Let’s talk!

NIST Personal Identity Verification Program (NPIVP) Testing

Through our accreditation as a NIST Personal Identity Verification (PIV) testing laboratory, atsec US offers services related to the NIST PIV program.

FIDO

FIDO, short for “Fast IDentity Online”, is a series of authentication standards that help reduce reliance on passwords. atsec China is an accredited security laboratory with the FIDO Alliance.

Cryptographic Algorithm Testing

Testing that cryptographic algorithms are implemented correctly is a prerequisite for FIPS 140-3 cryptographic module testing and NIAP Common Criteria evaluations.
 

The Information Security Provider

Read Our Latest Blog Articles

Learn the latest and greatest about information security. You’ll find insights and analyses of recent developments in technology and policy on our blog.