What are trust service providers?

With the advent of a European single digital market, the role of electronic signatures, as well as other documents and related services, achieve a major role in providing legal security to transactions.

This is why Regulation (EU) No. 910/2014, which regulates eIDAS, includes a new concept: reliable trust service providers. In this post, we tell you more about this new figure.

Before entering into the subject of reliable service providers, it is important to highlight the importance of the role of eIDAS in the Digital Single Market throughout the European space.

To summarize, before Europe launched Regulation (EU) No. 910/2014, each member state issued its own digital certificates, whose validity abroad depended on the agreements that the issuing entity had at that time.

There was no difference between regulations with member and non-member states.

In this way, there were barriers that prevented a digital space for Europe. What eIDAS does is to guarantee the validity of any digital certificate issued by any of the member states to the other members of the union.

Thus, a certificate issued in Spain must have the same validity in the national territory as well as it will have in France.

For the creation of a unique Digital Market in Europe, it is necessary to increase the trust that the users have in the transactions that take place telematically.

That is why the qualified firm – recognized digital signature – gains importance in this context as a guarantee of authenticity of such transactions.

Safer Digital Transactions

On the one hand, security systems are improving every day, but it cannot be ignore that threats grow too. This is the reason why they appeal to aspects like the trust service provider together with several highly efficient technological tools, such as encryption or electronic signatures.

In this case, for example, it must rely on a recognized certificate and be produced by a secure signing device. The objective is none other than to ensure that the issuer is recognized as the author of the mail or document, in addition to having legal effect, similar to that of the handwritten signature when the requirements noted above are fulfilled.

Beyond the guarantees granted by the electronic signature in terms of authenticity, legal security regarding telematic transactions covers a much broader field.

Among other objectives, it focuses on confidentiality and the achievement of the presumption of accuracy with respect to different important aspects, such as the date on which the document is signed or the integrity of the data.

On the other hand, reliable service providers are considered as support of the payment services rendered under current legislation , in accordance with the context of the eIDAS and the Single Market legislation. As we will see, this includes different services offered by so-called trust service providers, whose main characteristics are also specified.

Trust suppliers: Definition according to current regulations

With the intention of achieving European interoperability in a climate of trust according to the idea of a global village in the digital era, an effective regulatory legal framework is needed. It is in this normative environment still incipient in which, in particular, we must frame the definition of reliable service provider.

To approach the definition that concerns us implies, therefore, to know the regulation that regulates them; Specifically Regulation (EU) No. 910/2014 dated July 23, 2014 on Electronic Identification and Trusted Services for Electronic Transactions (eIDAS).

The EIDAS Regulation, in force in its entirety on July 1, 2016, sets the standards for trust services, while defining them. As well as establish a legal framework for electronic signatures and stamps, as well as other documents and services related to certification and authentication.

In its article 3 we find different definitions related to the trust services and its suppliers. In general terms and according to these regulations, the electronic service is considered to be a “trusted service”, consisting either in the creation, verification and validation of signatures, stamps or time stamps. All of them electronic.

Or, for instance, those related to certified electronic delivery services and certificates related to these services, as well as services related to the creation, verification and validation of certificates for different purposes.

Among others, to authenticate websites, preserve signatures, stamps or electronic certificates associated with these services.

News of the regulation

Trust service providers, on the other hand, are natural or legal persons who provide these services, usually in return for remuneration.

That is, the term encompasses all companies related to the digital certificate sector, validation of signatures, time stamps or other similar aspects, as long as they meet a number of requirements.

This figure is one of the innovations that, in order to increase confidence levels, includes the current standard, which replaces the EC Directive 1999/93, calling “providers of trust services” to “certification service providers “, term used in that one.

In relation to the old standard, repealed and replaced by the eIDAS Regulation, it affects Spanish certification service providers in an important way with modifications that go beyond the simple change of name of the same.

The new regulations not only cover electronic signature, also regulating the stamp, document, time stamp and electronic delivery, as well as the authentication of websites. That is, we are facing an expansion of regulated services, some of them still awaiting of their development.

In the current legislation, in line with what has been pointed out, there are two types of providers: qualified and nonqualified. Providers or service providers based in the EU can therefore do so either as a qualified or nonqualified of trusted services.

In this way, trust service providers provide one or more of these so-called trusted services, being the “qualified provider of trusted services”. It is, therefore, a provider of qualified services to which the supervisory authority has granted the qualification.

In the case of reliable services offered by third country service providers, these will have equivalent legal recognition to qualified service providers after reaching an agreement between the EU and the third country or an international organization.

Agreements reached with certification authorities, entities that deserve the confidence of other actors to carry out transactions, are a widely used mechanism for reliable non-qualified service providers to meet the applicable requirements established in standard 910/2014.

Thanks to these strategic agreements with certification entities that are qualified providers, it is possible to advance in the qualified provision of trust services.

Apart from specific European regulation, the concept of trust provider is universal and its area of action refers to a question of great interest from a global approach.

For example, Avansi, our subsidiary in the Dominican Republic, is qualified as a trust service provider in LATAM.