eIDAS

About eIDAS

The eIDAS Regulation on electronic identification and trust services for electronic transactions in the internal market is a milestone as it provides a predictable regulatory environment for electronic identification and trust services. It was established in EU Regulation № 910/2014 of 23 July 2014, which repeals Directive 1999/93/EC.

eIDAS has created standards for which electronic signatures, qualified digital certificates, electronic seals, timestamps and other proof for authentication mechanisms enable electronic transactions with the same legal standing as transactions performed on paper.

The eIDAS Regulation came into effect in July 2014 and provisions to trusts services are applicable directly in the 28 Member States since 1th of July 2016.

What can CCLab offer? How can we be at your service?

    • Conformity assessment according to eIDAS for qualified trust service providers all over in the European Union.
    • Common Criteria Evaluation for qualified signature and seal creation devices (both client and server side) according to Commission Implementing Decision 2016/650.
    • Common Criteria Evaluation of the software environment of remote electronic qualified signature according to Commission Implementing Decision 2016/650.


What is new?

The main changes introduced by eIDAS are the following:

    • Certificates for electronic signatures can only be issued to natural persons. Legal persons can only use certificates for electronic seals. Electronic seals serve as evidence that an electronic document was issued by a legal person, ensuring certainty of the document’s origin and integrity.
    • A qualified electronic signature based on a qualified certificate issued in one Member State shall be recognised as a qualified electronic signature in all other Member States.
    • The eIDAS laid down the legal and technical framework of remote qualified electronic signature.
    • The eIDAS introduced the conformity assessment terminology in order to grant the fulfilment of the requirements for the qualified trust service providers in all Member States specified by eIDAS.
    • New standards and regulations have been introduced in the electronic signature and other trust services area.

The conformity assessment - in order to ensure the compliance of qualified trust service providers and the services they provide with the requirements set out in eIDAS - should be carried out by a conformity assessment body and the resulting conformity assessment reports should be submitted by the qualified trust service providers to the supervisory body.

The Commission Implementing Decision 2016/650, laid down standards for the security assessment of qualified signature and seal creation devices (QSCD) pursuant to Articles 30(3) and 39(2) of the Regulation. The Commission Implementing Decision 2016/650 specified the mandatory standards for the certification of QSCDs where the creation data is held in an entirely but not necessarily exclusively user-managed environment (e.g. smart cards, USB tokens) and - because the protection profiles/standards have not yet been defined for remote qualified electronic signatures (e.g HSM, signatory server) - laid down the framework for an alternative certification process.