With the coming advent of a single European digital market, the role of electronic signatures, as well as other related documents and services, will play a major role in providing legal certainty to transactions.
That is why Regulation (EU) No. 910/2014 , the eIDAS regulatory rule, includes a new concept: trusted service providers. In this post, we tell you more about this new figure.
Before getting into the subject of trusted service providers, it is important to highlight the importance of the role of eIDAS in the Digital Single Market throughout the European area.
By way of summary, to say that before Europe launched Regulation (EU) No. 910/2014, each member state issued its own digital certificates, whose validity abroad depended on the agreements that the issuing entity of the same had at that time. There was no difference between regulations with member and non-member states.
Thus, there were barriers that prevented the creation of a digital space for Europe. What eIDAS does is to guarantee the validity of any digital certificate issued by any of the member states for the rest of the members of the union.
Thus, a certificate issued in Spain must have the same validity in the national territory as it will have in France.
For the creation of a Single Digital Market in Europe, it is necessary to increase the confidence that users have in the transactions that take place telematically. That is why the qualified signature – recognized digital signature – gains importance in this context as a guarantee of authenticity of such transactions.
Safer Digital Transactions
On the one hand, security systems are improving day by day. But it cannot be overlooked that threats are also growing. This is the reason for the use of figures such as the trusted service provider and various highly effective technological tools such as encryption or electronic signatures.
In this case, for example, it must be based on a recognized certificate and be produced by a secure signature device. The objective is none other than to ensure that the sender is recognized as the author of the mail or document, in addition to having legal effectiveness, similar to that of the handwritten signature when the requirements mentioned above are met.
Beyond the guarantees provided by electronic signatures in terms of authenticity, legal security in relation to telematic transactions covers a much broader field. Among other objectives, it is oriented towards confidentiality and the achievement of the presumption of accuracy with respect to different important aspects, such as the date on which the document is signed or the integrity of the data.
In turn, trust service providers are considered as support for the provision of payment services by the regulations currently in force, in accordance with the context of the eIDAS and Single Market legislation. As we shall see, this includes different services offered by the so-called trust service providers, whose main characteristics are also specified.
Trusted Suppliers: Definition according to current regulations
In order to achieve European interoperability in a climate of trust in line with the idea of a global village in the digital age, an effective regulatory legal framework is needed. It is in this still incipient regulatory environment that the definition of trusted service provider must be framed.
Addressing the definition at hand therefore implies knowing the regulations governing them; specifically, Regulation (EU) No. 910/2014 of 23 July 2014 on electronic identification and trust services for electronic transactions (eIDAS).
The eIDAS Regulation, in full force and effect on July 1, 2016, establishes the rules for trust services, while defining them. As well as establishing a legal framework for electronic signatures and seals, as well as other related documents and services related to certification and authentication.
Article 3 contains different definitions related to trust services and their providers. In general and according to said regulation, a “trust service” is considered to be an electronic service consisting of the creation, verification and validation of signatures, seals or time stamps. All of them electronic.
Or, for example, those related to certified electronic delivery services and certificates related to these services, as well as services related to the creation, verification and validation of certificates for different purposes.
Among others, authenticate websites, preserve signatures, seals or electronic certificates associated with these services.
Regulatory developments
Trust service providers, on the other hand, are individuals or legal entities that provide these services, usually in exchange for remuneration. In other words, the term encompasses all companies related to the sector of digital certificates, signature validation, time-stamping or other similar aspects, provided they meet a series of requirements.
This figure is one of the new features included in the current standard, which replaces EC Directive 1999/93, with the aim of increasing levels of trust, calling “trust service providers” to “certification service providers”, the term used in that Directive.
With respect to the old standard, repealed and replaced by the eIDAS Regulation, it affects Spanish certification service providers in a significant way with modifications that go beyond a simple change in their name.
The new regulation covers not only electronic signatures, but also seals, documents, time stamps and electronic delivery, as well as the authentication of websites. In other words, we are facing an extension of the regulated services, some of which are still awaiting development.
In the current regulations, in line with the above, a distinction is made between two types of providers: qualified and non-qualified. Service providers or suppliers based in the EU, therefore, can do so either as qualified or non-qualified trust service providers.
Thus, trust service providers provide one or more of these so-called trust services, being the “qualified trust service provider”. It is therefore a qualified service provider to whom the supervisory body has granted the qualification.
In the event that trust services are offered by third country service providers, they will have legal recognition equivalent to qualified ones following an agreement between the EU and the third country or an international organization.
Agreements reached with certification authorities, entities that deserve trust from other actors to perform transactions, are a widely used mechanism for unqualified trust service providers to comply with the applicable requirements set forth in 910/2014.
Thanks to these strategic agreements with certification entities that are qualified suppliers, it is possible to advance in the qualified provision of trustworthy services.
Apart from the specific European regulation, the concept of trusted service provider is universal and its area of action refers to an issue of great interest from a global approach. For example, Avansi, our subsidiary in the Dominican Republic, is qualified as a trusted service provider in LATAM.