The role of a qualified trust service provider
Going digital has long ceased to be an option. It is a prerequisite for all organisations, regardless their size, profile or sector. Naturally, the digital services market has exploded. A myriad of solutions and service providers are now just a click away. It is great to have a large variety of options and competitors to choose from, but a close scrutiny is required. Some electronic means of doing business need more security and authenticity guarantees than others. This is the case of trust services, which include for example electronic identification or electronic signature. In this area, the qualified trust service provider (QTSP) makes the difference. What sets it apart from other trust service providers on the market?
A qualified trust service provider is eIDAS certified
The QTSP status has been established by Regulation (EC) No 910/2014/EU or eIDAS Regulation, the key legal reference in Europe when it comes to electronic identification and authentication.
To guarantee some security for the trust services and level the ground for all competitors, eIDAS defines a set of minimal requirements for all trust service providers (TSPs) to meet. However, eIDAS goes even further by introducing stricter standards for qualified trust services and qualified trust service providers. This ensures the highest level of security for trust services on the market and consolidates their legal recognition and acceptance across EU member states.
When partnering up with a QTSP, you have the guarantee that:
- the natural or legal person’s identity (to whom the qualified certificate is issued) is clearly verified.
- any information concerning data issued and received by QTSP is safely recorded. This also serves as evidence in case of litigation.
- the QTSP’s staff has the necessary knowledge, expertise and qualification to work in trust services.
You can find and check the eIDAS detailed list of requirements for a QTSP under article 24.
A QTSP is regularly audited and controlled
According to eIDAs a QTSP is “a trust service provider who provides one or more qualified trust services and is granted the qualified status by the supervisory body” (article 3.20). So, to gain the QTSP status, a TSP must undergo a conformity assessment against eIDAS requirements. This process is performed by a supervisory body, usually set by national states. Once the status gained, the QTSP is audited every two years to ensure that it still follows eIDAS strict requirements. In addition, a QTSP must submit to any other audits requested by the supervisory body..
A qualified trust service provider vouches for the authenticity of your electronic signature
The QTSP is the only one authorized to provide qualified trust services which can be hardly contested in court. For example, only a QTSP can issue the certificates required for a qualified electronic signature which is the only type of e-signature that has the same legal value and effect as the handwritten one. In case of litigation, its authenticity is presumed and reversal of burden of proof is applied. It will be up to the party who challenges its authenticity to bring evidence and prove its inaccuracy.
Furthermore, a series of qualified trust services which add extra layers of security can be provided only by a QTSP such as:
- qualified preservation service that extends the validity of a qualified electronic signature;
- qualified electronic seal (for companies);
- qualified website authentication certificate (QWAC) that are also used to become compliant with PSD2.
A QTSP is clearly differentiated
For greater transparency, eIDAS instated the so called EU Trusted List which contains up-to-date information about the providers and their services with a qualified status. Only QTSPs are allowed to be published in EU Trusted List. If an entity is not there, they do not supply qualified trust services.
Also, only QTSPs may use the EU trust mark to clearly differentiate the qualified trust services they provide. This mark offers assurance about the qualified status of the provider. So, by cross-checking the mark with the Trusted List, you will have the certainty that the chosen provider is certified as QTSP and you can, implicitly, benefit from the legal effect associated with a qualified trust service.
By choosing to work with a QTSP, you benefit from services compliant with EU regulation and with the highest level of security on the market. Even if you do not necessarily opt for a qualified signature (or any other qualified services) you will still exchange with a reliable, trustworthy partner with extended expertise and qualifications in trust services.
Being a QTSP listed in EU Trusted List, LuxTrust provides a large variety of trust services that can be tailored to each business’s needs.