Posted by media on June 15, 2017 at 9:00 AM
As part of the program called the Digital Agenda for Europe announced in 2010, the EU is working to build a digital single market. The main aim is to remove barriers to electronic commerce and all types of electronic transactions between the different European states, therefore creating a common space, free and safe for online interactions between citizens, companies and states in the European Union.
To achieve this goal, a series of laws have been drafted aimed at breaking down digital barriers and establishing the necessary legal bases for electronic transactions in a secure and reliable way.
One of these laws, specifically the Regulation (EU) Nº 910/2014 (eIDAS) on electronic identification and trust services for electronic transactions, defines what are the trust service providers (sometimes called electronic trust services providers).
In this post we explain who these providers are and what they do.
This post is also available in Spanish.
Prior to the approval of the eIDAS, each member state issued its own digital certificates, which are electronic documents that are used to identify people and companies.
The problem was that the validity of these documents outside of each country’s borders was not guaranteed, and depended on the existence of agreements between the issuing authority and its counterpart (in this case, any other EU state).
In order to achieve the goal of the digital single market, this problem had to be solved. And from this need the Regulation eIDAS was created - whose initials stand for Electronic Identification and Authentication Services - to set an electronic identification standard to achieve safe and smooth online transactions across Europe. And for doing that, the Regulation relies on what is called electronic trust services.
Thanks to the eIDAS, the EU guarantees the validity of any digital certificate throughout its territory, regardless of the country of origin.
Therefore, with the clear goal of eliminating borders for electronic transactions in the EU and building a climate of trust, the eIDAS establishes and regulates two concepts:
Basically, electronic trust services allow to verify the identity of the sender of a message on the Internet, and also the integrity of messages that are exchanged through the Internet. They are therefore a fundamental source in eliminating the barriers for the digital market, as they reinforce the information security and contribute to the generation of trust (thus the name).
Article 3 of Regulation eIDAS includes the definition of electronic trust services. In subsection 16 it establishes that a “trust service” is an electronic service that is usually provided in exchange for remuneration, and consists of:
2. What is an electronic trust service provider according to eIDAS?
Similarly Article 3, sub-section 19, of the Regulation eIDAS, contains the definition of a Trust Service Provider (TSP): “a natural or a legal person who provides one or more trust services either as a qualified or as a non-qualified trust service provider”.
As established in the Regulation, electronic trust service providers can be qualified or non-qualified. In order to be a qualified provider of electronic trust services, you must provide qualified electronic trust services and should have recognition as such from a supervisory body.
Qualified providers for electronic trust services are those who, in order to issue a digital certificate to a natural or legal person, must verify their identity.
“When issuing a qualified certificate for a trust service, a qualified trust service provider shall verify, by appropriate means and in accordance with national law, the identity and, if applicable, any specific attributes of the natural or legal person to whom the qualified certificate is issued.”
In order to verify the identity, the qualified providers of electronic trust services may do so directly, or relying on a third party in accordance with the national law.
The Regulation eIDAS establishes 4 ways to verify the identity:
In Spain, the Secretary of the State for the Information Society and the Digital Agenda from the Ministry of Energy, Tourism and Digital Agenda is the supervisory body responsible for verifying that qualified trust service providers meet these requirements, and also the requirements that are established for the qualified electronic trust services.
Signaturit is a company recognized as an Trust Service Provider (TSP) by the supervisory body mentioned, and as a Trusted Third party according to the Spanish Law on the Services of the Information Society (LSSI - Law 34/2002, of July 11 of the Information Services Society and Electronic Commerce).
This post is also available in Spanish.
Sign up for our Newsletter
Subscribe to our newsletter
Digitizing your company with Signaturit is very easy. Sign up for our newsletter and receive 1 email a month with tips, events and product updates.