What is the eIDAS Regulation?
The eIDAS Regulation creates a cross-border legal framework that ensures the interoperability of electronic identification systems across all EU member states.
- Learning Center
- What is EDI?
- What is an electronic invoice?
- What is an electronic tax declaration?
- What is GS1?
- What is the eIDAS Regulation?
- What is Peppol?
- What is an Electronic Signature?
Electronic Identification and Trust Services
Regulation (EU) nº 910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation), adopted on July 23, 2014, defines a regulatory framework to ensure secure and seamless electronic transactions between businesses, citizens, and public authorities.
The 5 trust services governed by the eIDAS Regulation are e-Signature, electronic seal, electronic time stamp, certiﬁed electronic delivery, and website authentication.
The eIDAS Regulation creates a cross-border legal framework that ensures the interoperability of electronic identification systems in all EU member states. The purpose is to remove barriers and grant validity to electronic identification and e-Signature systems so that both individuals and legal entities can use their electronic identification in any country of the European Union.
What does the eIDAS Regulation 910/2014 provide?
It establishes a legal framework for e-Signature, electronic seal, electronic time stamp, electronic delivery services, and website authentication.
It regulates the role of the qualified trust service provider: from the security requirements required to fulfill this role to the audit processes necessary for companies to provide electronic trust services that are valid throughout Europe.
It determines the conditions under which the countries of the EU must accept the electronic identification means of persons and companies belonging to other member states, thus guaranteeing interoperability.
What is a Qualified Trust Service Provider?
A Qualified Trust Service Provider has the certifications and technical capacity to incorporate security mechanisms for electronic transactions. Additionally, it contributes to providing legal and regulatory validity to electronic documents, granting them qualified status within the European Union.
Trust service providers can be either non-qualified or qualified. The main difference is that the latter has passed a series of requirements and is audited by a supervisory body accredited at the national and European level to perform such activity. This is also why they provide greater legal guarantees and technical security in electronic transactions than non-qualified ones.
The Qualified Trust Services Are as Follows
Issuing of Qualified Electronic Certificates of e-Signatures
The qualiﬁed e-Signature is the only one with legal equivalence to the handwritten signature and universal validity throughout the European Union.
It is an advanced e-Signature that has been created utilizing a qualiﬁed e-Signature creation device and is based on a qualiﬁed e-Signature certiﬁcate. These certiﬁcates can only be issued by accredited Certiﬁcation Authorities that meet the requirements of the eIDAS Regulation.
In addition, it complies with these three characteristics:
- Authentication: It allows the identiﬁcation of the data source and the signatory.
- Integrity: Prevents changes to the signed document.
- Non-repudiation at origin and destination: It provides evidence of both sending and receiving, so that sender and recipient cannot deny sending or receiving the document. This increases legal certainty.
Issuing of Qualified Electronic Certificates of an Electronic Seal
The electronic seal is another electronic identiﬁcation system that works similarly to the physical seal used on paper documents. This service is used to guarantee the authenticity of electronic documents.
Qualiﬁed certiﬁcates of electronic seals must contain:
- The statement that the certiﬁcate has been issued as a qualiﬁed certiﬁcate of an electronic seal.
- The data unequivocally represents the qualiﬁed trust service provider that has issued the certiﬁcate.
- The name of the creator of the seal and, if applicable, the registration number.
- The validation data of the electronic seal which corresponds to the creation data of the same.
Issuing of Qualified Electronic Time Stamps
An electronic time stamp serves to prove that a data series has existed and has not been altered since a specific moment in time. The eIDAS Regulation states that a qualiﬁed electronic time stamp must meet these requirements:
- Link the date and time to the data in a way that reasonably eliminates the possibility of modifying the data without detection.
- Be based on a time information source linked to Coordinated Universal Time.
- Have been signed using an advanced e-Signature or stamped with an advanced electronic seal of the qualiﬁed trust service provider or by any equivalent method.
Preservation of Qualified Electronic Seals
Thanks to the Qualified Electronic Seals Preservation Service certification, EDICOM can preserve the legal status of documents and files stored with authenticity and integrity guarantees over time.
However, to preserve the legal status of documents and files processed with qualified trust services, it is necessary to have secure digital archives.
EDICOMLta (EDICOM Long-Term Archiving) is the long-term archiving service offered by EDICOM as a Qualified Trust Service Provider. The service applies the identification, digital signature, and electronic time stamping methods provided in the eIDAS Regulation, subjecting the documents stored in the system to permanent audits by an EDICOM trusted third party to guarantee the integrity and authenticity of the files held in storage over time.
EDICOMLta provides a certified platform for safeguarding electronic documents for the time required by companies or determined by law in each case. The solution guarantees permanent access and 100% recovery of the documents uploaded to the platform and evidence management to prove the integrity of the archived documents.
EDICOM, Qualified Trust Service Provider
This European-level certification recognizes EDICOM as a Trusted Third Party. We have the required certifications and the technical capacity to provide the trust mechanisms required for electronic transactions.