The ambition of the European eIDAS regulation is to increase confidence in electronic transactions on the internal market of the European Union (EU). It provides a legal framework for secure electronic exchanges between citizens, businesses and public authorities. And also defines what the legislator calls trust services.
Here is the list and the uses of the trust services provided for by the eIDAS regulation:
- Issuance of certificates for electronic signature, electronic seal and website authentication. They make it possible to confirm the identity of people, servers or websites. They are the basis of electronic exchanges.
- Validation of electronic signatures and electronic seals. This service guarantees the legal security of a signature or stamp by providing proof of validation by a qualified third party.
- Storage of electronic signatures and electronic seals. This service makes it possible to extend the reliability of signatures and stamps over time, beyond their period of technological validity.
- Electronic timestamping. Electronic timestamping allows him to certify that data in electronic form existed at a given moment. It is used for example to affix a date of dispatch or receipt of an e-mail.
- Electronic recommended. This type of sending allows data to be transmitted between third parties electronically by providing proof of processing, including proof of sending and receipt.
For each service, there are qualified or unqualified trusted solution providers. The term “qualified” refers to the fact that the services of these service providers comply with the eIDAS requirements and are certified by the national authorities in terms of competence to identify and control threats and risks (for example: ANSSI for France).
Prioritize eIDAS-qualified trust service providers
So in fact, each company can opt for a non-qualified service. But one of the advantages of a service offered by a qualified trust service provider is that its service is recognized throughout the EU.
The only way to be sure that a service provider actually complies with European requirements is that it has been qualified for eIDAS by its national authority and is considered a “Trust Services Provider” in European terminology.
In France, it is therefore the ANSSI which is responsible for verifying that the service provider meets its security and quality requirements for the service delivered. If so, the service provider receives an eIDAS qualification.
Where can I find qualified European certificate providers?
De facto, many European providers already present on the digital certificate market have taken the plunge and display an eIDAS qualification.
ANSSI has compiled a list of products and services that currently benefit from this eIDAS qualification. This “National List of Trust” has 716 pages in its version of February 23, 2023, with service providers from multiple countries of the Union, proof that the eIDAS approach has enabled the emergence of a single trust market.
At European level, the reference list is called the EU Trusted List. And each national authority is obliged to keep it up to date.
Finally, it should be noted that each eIDAS qualified trust service provider has the right to use the EU Trusted Mark logo for each qualified service they offer.