The eIDAS Regulation applies to trust services across the EU. The eIDAS regulates the legal framework for electronic signatures, electronic seals, electronic time stamps as well as electronic registered delivery services and certificate services for website authentication. Therefore, many sections of the eIDAS replace the provisions of the German federal Digital Signature Act (“Signaturgesetz” - SigG). The qualifies trust services providers must be verified and certified with the qualified trust services.
datenschutz cert GmbH is accredited by DAkkS, and can therefore issue certificates in accordance with eIDAS.
eIDAS stands for “Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC”. eIDAS mostly repeals the German federal Digital Signature Act SigG, as the eIDAS, an EU Regulation, will take precedence over the application of the SigG. As a result, the requirements listed in both SigG and the previous Directive (“Signaturverordnung” - SigV) will no longer be applicable, and now fall within the scope of the eIDAS. The scope of SigG that remains unaffected, i.e. the requirements which do not fall within eIDAS, shall be provided for in a new German federal law, the Trust Services Act (“Vertrauensdienstegesetz”).
eIDAS regulates electronic identification means for natural and legal persons as well as for trust services. In doing so, the eIDAS provides the legal framework for electronic signatures, electronic seals, electronic time stamps as well as electronic registered delivery services and certificate services for website authentication. The eIDAS includes the following detailed services:
While electronic signatures, certificates and electronic time stamps were also provided for in SigG and SigV, electronic seals are an entirely new provision. The legislature is enacting the long-harboured wishes from national authorities and the business community, that organisations can also generate signatures.
Preservation and Electronic registered delivery services are also new. According to the eIDAS, the “electronic registered delivery service” is “a service that makes it possible to transmit data between third parties by electronic means and provides evidence relating to the handling of the transmitted data, including proof of sending and receiving the data, and that protects transmitted data against the risk of loss, theft, damage or any unauthorised alterations”.
Website certificates were already called for via the CA/Browser (CAB)-Forum: to date, those who wished to have their certificates pre-installed in the browser and operating systems, had to generate a corresponding certification. These regulations have now also been included in the eIDAS.
It is perfectly clear: the eIDAS Regulation prescribes certification for qualified trust service providers.
Aside from this prerequisite for market entry in accordance with the eIDAS, we also know from experience: both processes and products are continually improved and made more efficient, when they are reviewed and tested by independent experts.
For the assessment and certification of trust service providers and the trust services that you offer, the following ETSI-norms will be used:
As was previously the case in SigG, qualified electronic signature creation devices are required for the creation of signatures, which is loosely provided for in Annex II eIDAS. These requirements were substantiated in the Implementation Decision (EU) 2016/650 of 25 April 2016 “laying down standards for the security assessment of qualified signature and seal creation devices pursuant to Articles 30(3) and 39(2) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market”, where the Common Criteria Certifications on the basis of Common Criteria Protection Profiles norms.
The German Accredation Body (“Deutsche Akkreditierungsstelle” - DAkkS) accredits conformity assessment bodies on the basis of the ETSI EN 319 403 in connection with ISO/IEC 17065. The conformity assessment bodies that are accredited by the DAkkS will be enabled to certify the above name trust services.
datenschutz cert GmbH is accredited by DAkkS, and can therefore issue certificates in accordance with the existing ETSI norms.
We aspire not only to advise you in all matters surrounding an eIDAS certification, but also to accompany you through auditing procedures and certification as a partner.
The costs/fees that you should prepare for: As the costs are strongly dependant on the complexity of your scope, please feel free to contact us for a detailed offer.