What is the eIDAS Regulation?

The eIDAS regulation creates a cross-border legal framework that ensures interoperability of electronic identification mechanisms across all EU member states.

Electronic identification and trust services

Regulation (EU) No. 910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation) adopted on 23 July 2014 provides a predictable regulatory environment to enable secure and seamless electronic interactions between businesses, citizens and public authorities.

The aim is to remove barriers and provide digital signature identification and systems with validity so that individuals and legal entities can use their e-identification in any country in the European Union.

Electronic signatures, electronic seals, electronic time stamps, certified electronic delivery and website authentication are the five trust services that eIDAS regulates.

What does the eIDAS Regulation bring to the table?

It establishes a legal framework for the electronic signatures, electronic seals and electronic time stamps and the electronic delivery and website authentication services.

It regulates qualified trust service providers: from the security requirements needed to comply with this function to the audit processes necessary for the companies to be able to provide electronic trust services with validity across the whole of Europe.

It determines the conditions in which EU countries must accept the electronic means of identification of individuals and businesses from other Member States, ensuring interoperability.

What is a Qualified Trust Service Provider?

A Qualified Trusted Service Provider has the certifications required and the technical capacity necessary to equip electronic transactions with the required security mechanisms. Additionally, it provides legal and judicial validity to documents, granting them the status of burden of proof before third parties in the scope of the European Union.

Trust service providers may be unqualified or qualified. The main difference between them is that the latter have passed a series of requirements and are audited by a nationally and European accredited supervisory body to perform this activity. This is also the reason why they provide greater legal and technical security guarantees in electronic transactions than unqualified ones.

EDICOM is a Qualified Trust Service Provider

This Europe-wide certification recognises EDICOM as a trust service provider with the certifications required and the technical capability needed to provide electronic transactions with the required trust mechanisms. The services accredited as qualified are:

The qualified digital signature is the only one with legal equivalence to a handwritten signature and the same validity across the whole of the European Union.

It is an advanced electronic signature created via a qualified e-signature creation device and based on a qualified digital signature certificate. These certificates can only be issued by accredited certification authorities that comply with the eIDAS requirements.

It also delivers on these three characteristics:

  • Authentication: Permits the identification of data source and signer.
  • Integrity: Prevents changes from being made to the signed document.
  • Non-repudiation of origin and receipt. Offers proof of issue and receipt, so neither issuer nor recipient can deny having sent or received the document. This increases legal security. 

An electronic seal is another e-identification system that works in a similar fashion to the physical seal used with paper documents. This service is used to ensure the authenticity of electronic documents.

Qualified e-seal certificates must contain:

  • An indication that the certificate was issued as a qualified e-seal certificate.
  • Data that unmistakeably represent the qualified trust service provider that issued the certificate.
  • The name of the creator of the seal and, where applicable, the record number.
  • The e-seal validation data corresponding to the e-seal creation data.

An electronic time stamp is used to demonstrate that a series of data exist and have not been altered since a specific moment. The eIDAS Regulation establishes that a qualified electronic time stamp must comply with these requirements:

  • Link the date and time with the data so that the possibility of modifying the data without being detected is reasonably eliminated.
  • Be based on a temporary information source linked to Coordinated Universal Time.
  • Have been signed using an advanced electronic signature or stamped with an advanced electronic stamp of the provider of qualified trust services or by any equivalent method.

Thanks to the certification of our qualified e-seal qualified preservation service, EDICOM is able to preserve the legal conditions of archived documents and files with long-term authenticity and integrity guarantees.

However, secure digital archiving will still be needed to preserve the legal conditions of documents and files processed with qualified trust services.

EDICOMLta (EDICOM Long Term Archiving) is the long-term electronic archiving system that EDICOM offers as a qualified trust service provider.

The system applies the identification, digital signature and electronic time stamping methods covered under the eIDAS Regulation, submitting the documents stored in it to permanent audits by the EDICOM trust service provider to ensure the long-term integrity and authenticity of safeguarded files.

EDICOMLta implements a certified platform to safeguard electronic documents for the time period that companies require or as the law determines in each case. The solution guarantees permanent access and full retrieval of documents uploaded onto the platform, along with management of evidence that makes it possible to demonstrate the integrity of the archived documents.