The eIDAS Regulation aims to make e-business easier and more trustworthy across Europe. It provides rules for legal certainty and technical interoperability for eIDs and eSignatures and the Trust Service Providers (TSPs) that offer these services.
SigningHub meets both the eIDAS Regulation and the ETSI/CEN standards for creating and verifying eSignatures and eSeals, as well as for certificate issuance, validation and timestamping.
SigningHub closely adheres to the eIDAS requirements for Advanced Electronic Signatures (AES):
SigningHub meets the eIDAS AES requirements:
A QES is a secure form of signature which provides the highest level of assurance and non-repudiation – it in fact reverses the burden of proof in case of disputes, i.e. with a QES the signer has to prove that they did not create the signature! Technically QES are the same as AES but required the use of a qualified signature creation device and a qualified digital certificate issued by a trusted Qualified Certificate Authority (CA). SigningHub meets the eIDAS QES requirements.
SigningHub remote qualified signature capability provides the best user experience since there is no need for users to handle smartcards/tokens and can sign from anywhere on any device – all with high degree of security and legal acceptance across Europe. Remote qualified signatures are considerably more cost-effective as there is no need to provide secure smartcards/tokens to users. However, where a user already holds an eID card with a signing key and qualified certificate these can be easily used with SigningHub’s local signing capability.
An eSeal is a digital signature created by a legal entity. eIDAS compliant eSeals have the same properties as eSignatures and are possible at both advanced or qualified levels. The main difference is that eSeals can be created automatically using a corporate key i.e. without human intervention. This is beneficial when signing huge number of documents, e.g. millions of e-invoices, e-statements or e-bills on a daily basis.
SigningHub meets all technical requirements of eIDAS for advanced and qualified eSignatures and eSeals. To operate as an eIDAS compliant qualified TSP however requires more than just technology, but also physical, procedural and personnel security countermeasures, as well as a secure enrolment process to verify the identity of users and issue qualified certificates.
Ascertia works through its network of Qualified TSP partners in a number of European countries to offer SigningHub as a qualified signature creation and verification service. Our Qualified TSPs partners are responsible for vetting the identity of users, issuing qualified certificates and also operating SigningHub in their secure facilities. This ensures highest levels of physical, procedure and personnel security and adherence to eIDAS requirements for TSPs, particularly:
EN 319 401 – General policy requirements for Trust Service Providers
EN 319 411 – Policy and security requirements for Trust Service Providers issuing Qualified Certificates
EN 319 421 – Policy and security requirements for Trust Service Providers issuing time-stamps