Identity
eIDAS Trust Service Provider Assessments
Consult our experts. We are happy to support you.
EU Member States have been using trust services and electronic ID systems for many years, but under the new eIDAS Regulation these services and systems must be available to all EU citizens, meaning that an electronic ID from one country can be used for services in the entire EU.
The eIDAS Regulation defines requirements for Trust Service Providers (TSP) and their systems providing Qualified Trust Services. Qualified TSPs (QTSP) must demonstrate compliance to these requirements to a responsible Supervisory Body via a Conformity Assessment (evaluation) performed by an accredited Conformity Assessment Body.
What atsec offers:
As an eIDAS recognized testing laboratory, atsec is able to perform the Conformity Assessment that demonstrates your products meet the requirements laid out in the eIDAS Regulation.
eIDAS Regulation:
The term eIDAS refers to the EU Regulation No 910/2014 on “electronic identification and trust services for electronic transactions”. If you are interested in knowing more or downloading the regulation, please visit:
Why our services are important to you:
By passing the assessment, providers receive a Mark of Conformity and appear on the Member State’s Trusted List. Conformity Assessments must then take place periodically for a QTSP to maintain their qualified status.
To facilitate passing the assessment, atsec brings decades of experience working with IT security and quality evaluations to the table.
More information:
For more formation regarding eIDAS, please visit:
Qualified Trust Services
There are five main Qualified Trust Services defined by the eIDAS regulation. The QTSP must comply with both the general requirements of a QTSP and those related to a specific trust service.
Issuing Qualified Electronic Signatures
(Art. 25) The signature has the equivalent legal effect of a handwritten signature. It is based on a Qualified Certificate and created using a Qualified Signature Creation Device (QSCD).
Issuing Qualified Electronic Seals
(Art. 35) The seal shows the correctness of the origin and integrity of the data to which the seal is linked. It is based on a Qualified Certificate and created using a Qualified Signature Creation Device (QSCD).
Qualified Validation (Signatures/Seals)
(Art. 32 or 40) Validation shall confirm the validity of a Qualified Electronic Signature or Seal provided that it has been issued correctly and the integrity has not been compromised.
Qualified Preservation (Signatures/Seals) (Art. 34 or 40) Preservation means using procedures and technologies capable of extending the trustworthiness of the Qualified Electronic Signature or Seal beyond the technological validity period.
Qualified Electronic Time Stamps
(Art. 42) The time stamp binds the date and time to data so that any changes to the data will be detected, and it is based on an accurate time source linked to UTC.
Qualified Electronic Registered Delivery Services
(Art. 43) Data sent using a delivery service shall show the integrity of the data, the sender, receipt by the addressee and the accuracy of the date and time of sending, receiving and any changes to the data.
Still have questions?
Can’t find what you’re looking for? Let’s talk!
NIST Personal Identity Verification Program (NPIVP) Testing
Through our accreditation as a NIST Personal Identity Verification (PIV) testing laboratory, atsec US offers services related to the NIST PIV program.
FIDO
FIDO, short for “Fast IDentity Online”, is a series of authentication standards that help reduce reliance on passwords. atsec China is an accredited security laboratory with the FIDO Alliance.
Cryptographic Algorithm Testing
Testing that cryptographic algorithms are implemented correctly is a prerequisite for FIPS 140-3 cryptographic module testing and NIAP Common Criteria evaluations.
The Information Security Provider
Read Our Latest Blog Articles
Learn the latest and greatest about information security. You’ll find insights and analyses of recent developments in technology and policy on our blog.
-
Guiding the Way through the World of Cyber Security
Roughly every five years, we refresh our website with a new appearance. As a precursor to our 25th anniversary in January 2025, we are thrilled to show the world our stylish, modern look. It is atsec’s firm belief that effective security assurance can only truly be accomplished when…
-
First SP800-140Br1 Compliant FIPS 140-3 Certificates
On July 11th, 2024, the first three FIPS 140-3 certificates for NIST’s SP800-140Br1 pilot program were posted on the NIST website. atsec information security was one of the labs that took part in the pilot program. SP 800-140Br1 specifies modifications of the methods to be used by a…
-
atsec has become an official GSMA member
atsec has become an official GSMA member. The GSMA represents the interests of mobile operators worldwide, uniting more than 750 operators with almost 400 companies in the broader mobile ecosystem, including handset and device makers, software companies, equipment providers and internet companies, as well as organizations in adjacent…