Qualified trust service provider in Spain: the timestamping service

What are Trust Services, what differentiates the ones considered qualified, and what are the roles of Trust service providers? Given the fact that Viafirma is now considered a Qualified Trust Service Provider, we can answer all these questions focusing on the timestamping service. As society becomes more and more technological and connected, it is very […]

What are Trust Services, what differentiates the ones considered qualified, and what are the roles of Trust service providers? Given the fact that Viafirma is now considered a Qualified Trust Service Provider, we can answer all these questions focusing on the timestamping service.

As society becomes more and more technological and connected, it is very important that people feel safe when doing business digitally. To meet these requirements from citizens and institutions, the so-called Trust Services were established. 

In this article we explain you how these services are regulated by the European Commission,namely, the qualified type, which include timestamping. We will also mention the bodies responsible for offering these services, known as Trust Service Providers.

What is a qualified trust service providers? 

In order to know in detail the concept of a Qualified Trust Service Providers, we must analyze the eIDAS Regulation, which contains its definition.

We will start by reviewing the description of Trust Service. This definition can be found in article number 3, section 19, which stipulates that:

‘trust service’ means an electronic service normally provided for remuneration which consists of: 

  • the creation, verification, and validation of electronic signatures, electronic seals or electronic time stamps, electronic registered delivery services and certificates related to those services, or
  • the creation, verification and validation of certificates for website authentication; or
  • the preservation of electronic signatures, seals or certificates related to those services.

As we can see, within these Trust Services there are tools such as the electronic signaturethe electronic seal (very useful for working with the Administration if you are a company); timestamps and the certificates on which some of these services are based.

Let us take a further step and move towards the definition of Qualified Trust Service, which appears in section number 17 of article 3:

 ‘qualified trust service’ means a trust service that meets the applicable requirements laid down in this Regulation

Therefore, each trust service will include a set of requirements to be considered qualified.

To conclude with the definitions set out in this article, we turn again to eIDAS which defines what is a Trust Service Provider and a Qualified Trust Service Provider:

Trust Service Provider

means a natural or a legal person who provides one or more trust services either as a qualified or as a non-qualified trust service provider;

Qualified trust service provider

Means a trust service provider who provides one or more qualified trust services and is granted the qualified status by the supervisory body.

What is timestamping?

As we have seen, timestamping is included in the Trust Services list of eIDAS, defined as:

Data in electronic form which binds other data in electronic form to a particular time establishing evidence that the latter data existed at that time;

To this we must add that a time stamp displays the Government’s official date and time in the document.

Timestamping service can strongly contribute to ensuring the integrity of a digital signature. This means that a signed document has not been modified after being signed, since timestamping shows reflects the exact moment when the signature took place.

Timestamps have many uses, especially when it comes to building confidence in commercial and logistic agreements e.g. delivery notes or reducing tax fraud through electronic invoicing.

Earlier we referred to the fact that Trust Services, to be considered qualified, must meet certain requirements. In the case of timestamping, it must meet the requirements set out by eIDAS in Article 42, which are:

  1. it binds the date and time to data in such a manner as to reasonably preclude the possibility of the data being changed undetectably;
  2. it is based on an accurate time source linked to Coordinated Universal Time; and
  3. it is signed using an advanced electronic signature or sealed with an advanced electronic seal of the qualified trust service provider, or by some equivalent method.
Timestamping service

Viafirma now recognized as Trust Service Providers

At Viafirma, we are now considered Qualified Trust Service Providers by the Spanish Government, specifically in providing timestamping services. Therefore, becoming the first company in Andalusia to obtain this type of distinction, one of the 20 Spanish entities that are authorised to provide this type of service as well as being able to act within the whole European Union.

To achieve this distinction, we had to be audited by AENOR – a company belonging to ENAC (National Accreditation Body) recognised by the Spanish Government. This began in 2019 and we are now reaping the benefits.

As a result, timestamping services offered by Viafirma solutions fulfill all the requirements we’ve set out in terms of qualified timestamping, ensuring integrity of the electronic signature. The timestamp is included in our mobile signature tools as well as in our digital signature folder.

All this encourages us even more to continue improving the development of our suite so that citizens, companies and public bodies can all go digital with peace of mind, knowing full legal support and ensuring cybersecurity.

And of course, we will keep you updated on the latest developments through our blog and social media profile. Stay tuned!