Want to make use of eIDAS trust services?
We are the creators of a real Dutch Qualified Trust Service Provider (QTSP). We aim to help you with everything related to digital qualified trust services.
Discover who we are
Whether you want to establish a new QTSP or need help certifying electronic trust services, we are committed to providing you with the best service possible.
​
Do you want to know who we are? Then, please get to know us.
Our convenient online tools are designed to assist you swiftly, should you prefer a do-it-yourself approach.
Curious about what we do?
A look into our kitchen
We have successfully established a Dutch QTSP with a small, highly skilled team, from A to Z. Our team's expertise and dedication have been instrumental in this achievement, and we are eager to share our experience. While we can't reveal the entire recipe, we are here to guide you with some essential ingredients.
​
-
​Preparation and approach
-
Start with a small, skilled and experienced team. This will significantly shorten your turnaround time.
-
Set clear goals, limit the scope and ensure good project management.
-
Involve the people who will have to operate the confidential service from the start.
-
Involve the auditor and supervisor early and inform them about your plans.
-
-
Organization and technology
-
Don't just focus on technology. The design of the organisational measures is just as important
-
Select the right technology within your PKI infrastructure depending on the type of trust service.
-
-
Certification
-
Plan your ETSI, ISO or TWS certification well and prepare well. Obtaining a certification is a profession in itself.
-
Obtaining your certification is an important goal. Also, prepare well to maintain your certification.
-
-
Production
-
Ensure a controlled transition from the project phase to management by the operation.
-
Initially, the new trust service will not run optimally. Therefore, implement a continuous improvement process.
-
What are electronic trust services?
Digital trust services
Electronic trust services increase confidence in online transactions among companies and consumers. Examples include electronic signatures, digital seals, and time stamps on digital documents.
​
The eIDAS regulation
The European member states have agreed to use the same concepts, reliability levels, and mutual digital infrastructure to facilitate the international use of electronic trust services. These agreements are laid down in European Regulation No. 910/2014 on electronic identification and trust services for electronic transactions in the internal market, also called the eIDAS regulation. eIDAS stands for 'Electronic Identification And Trust Services'.
​
Qualified and advanced trust services
Qualified trust services can only be provided by Qualified Trust Service Providers (QTSPs). Following the eIDAS Regulation (Article 22), each Member State must establish and maintain a reliable list of qualified trust service providers and the trust services they offer. Consumers and organisations benefit from the legal consequences resulting from the qualified status of these trust services.
​
​In the Netherlands, you must submit a positive Conformity Assessment Report (CAR), drawn up by a Certified Assessment Body (CAB), to the supervisory authority of the National Digital Infrastructure Inspectorate (RDI). After the supervisor's approval, she may put you on this trusted list. A European Trust Service List (TSL) is currently used for this.
​
Non-qualified Trust Service Providers (TSPs) and trust services can also be admitted to this Trust Service List. Critical differences from QTSPs and qualified trust services include the following:
-
No Conformity Assessment Report (CAR) is required
-
No registration or approval from the supervisor is required to be admitted
-
Specific requirements that apply to QTSPs do not apply to TSPs.
This does not alter the fact that TSPs must meet all kinds of requirements in security, technology, and organisational measures. TSPs (just like QTSPs) will also have to report incidents that impact the security or integrity of data to the relevant supervisory authority(ies).
​​
What digital trust services exist now?
You can always consult this European eIDAS Dashboard for an updated overview of electronically qualified and advanced trust services. Below is a list of current trust services.
-
Electronic signature certificate
-
Electronic seal certificate
-
Website authentication certificate
-
Electronic signature validation
-
Validation of electronic seal
-
Retention of electronic signature
-
Preservation of electronic seal
-
Electronic time stamp
-
Electronic registered delivery
​
Which new digital trust services will be available soon?
The new eIDAS 2.0 regulation will come into effect from May 2024. Four new trust services will be added under this regulation.
-
Electronic attestation of attributes
-
Electronic archiving of digital documents
-
Electronic ledger
-
Management of remote QSCDs (= device for creating an electronic signature or seal)
​​​
​​​Electronic signature (QES)
Using an electronic signature (QES) allows you to sign documents and thus guarantee their authenticity and integrity digitally. Using an eSig creates trust between the parties signing the document. Only natural persons use electronic signatures.
​​
Other trust services associated with an electronic signature are its validation and a trust service that is part of an electronic signature.
​
Electronic Seal (QESeal)
An electronic seal is essentially the same as an electronic signature but with one crucial difference: electronic seals are used by legal entities such as companies and organisations, not by natural persons. QESeals also includes other trust services, such as validating and storing an electronic seal and managing remote QSCDs if the seal is created remotely.
​
Electronic time stamp (QTimestamp)
An electronic time stamp shows that digital data or a document existed at a specific time and date and has not been modified since it was signed. An electronic time stamp is often combined with a digital signature or seal.
​
Electronic Attestation of Attributes (QEAA)
Electronic attestation of attributes is a new trust service introduced in eIDAS 2.0. It enables individuals and organisations to electronically prove their attributes, such as name, date of birth, address, education, etc., to other relying parties securely and reliably.
​
Website Authentication Certificate (QWAC)
The electronic certificate is a form of attestation that establishes website authentication. This links the website to the natural or legal person for whom a QTSP has issued the QWAC.
​
Electronic Delivery Service (QERDS)
This electronic trust service guarantees the secure delivery of electronic data between parties. Registered delivery provides proof of shipment and receipt and protects the data against theft, loss, damage or unauthorised alteration.
​
Electronic archiving (QE-Archiving)
This new trust service under eIDAS 2.0 handles everything related to archiving electronic data and documents, including receipt, storage, retrieval, and deletion. Laws and regulations such as the GDPR and valid retention periods must be complied with. This trusted service guarantees electronic data and documents' integrity, confidentiality, and future readability.
​
Electronic ledger (QELedger)
The latest new trust service under eIDAS 2.0 is the electronic ledger, which guarantees the integrity of electronic files and the sequential correctness of date, time, chronological order, and retention. If the signature is created remotely, the management of remote QSCDs under eIDAS 2.0