What is a Qualified Trust Service Provider?

In an increasingly technological and connected society, it is necessary to achieve a climate of trust that guarantees the security of electronic transactions. In the business environment, trusted electronic services are the foundation for secure interactions between companies and their environment, especially those qualified services that are covered under the figure of the Qualified Trust Service Provider. 

Be sure to read this post to learn about the role of a Qualified Trust Service Provider and the advantages of entrusting them with the digital transformation of your company. 


The figure of the Qualified Trusted Service Provider

Regulation No. 910/2014 of the European Parliament and of the Council of 23 July 2014, commonly known as eIDAS, establishes two types of trust service providers: qualified and non-qualified. 

To understand in detail what exactly a Qualified Service Trust Provider (QSTP) is, we must first understand what a trust service is and when it is qualified. According to its definition, a trust service is one that is usually provided in exchange for remuneration and consists of: 
- Creating, verifying and validating electronic signatures, electronic time stamps, as well as certificates related to these services, complying with the requirements established by the eIDAS Regulation.  

On the other hand, a trust service is considered qualified when, in addition to the above, it complies with the applicable requirements established in the eIDAS Regulation.

Once we know in more detail what a qualified trust service is, we move on to the eIDAS definition of the QTSP: "a trust service provider who provides one or more qualified trust services and has been granted qualification by the supervisory body".

In view of its definition, it is important to note that there is a competent body designated to validate a natural or legal person as a qualified trust service provider. This body is responsible for verifying that QTSPs comply with the requirements to achieve this status and with the established requirements

At the same time, each Member State maintains and publishes a list of Trusted Electronic Service Providers together with information related to the qualified trusted electronic services they provide. This information is primarily intended for the validation of services provided by QTSP established in the member state, e.g., qualified electronic signatures or electronic seals.


Qualified trust services that only a PCSC like Uanataca can provide
ISSUANCE OF QUALIFIED DIGITAL CERTIFICATES FOR ELECTRONIC SIGNATURES

The eIDAS Regulation differentiates between two types of digital certificates: unqualified digital certificates and qualified digital certificates, the latter having a presumption of legal validity.


📢 What is a digital certificate? A digital certificate is an identification credential issued to natural persons, legal entities or services. Together with the private key associated with the certificate, it allows electronic signatures and authentication in applications over the internet.


For a digital certificate to be qualified, it must be issued exclusively by a QTSP. In turn, it must contain a series of elements, such as the set of data that unequivocally identifies the QTSP, electronic signature validation data, data relating to the start and end of the certificate's validity period and the certificate's identity code, among others.

If the qualified certificate is used for a qualified signature, it offers real guarantees that prevent the signatory from easily denying its legal effects: authenticity, integrity and non-repudiation.

Qualified electronic signature

According to its definition, a qualified electronic signature is "an advanced electronic signature that is created by a qualified electronic signature creation device and is based on a qualified electronic signature certificate".

Of the three types of signature set out in the eIDAS Regulation, only the qualified electronic signature is considered to be the equivalent of a handwritten signature. Also referred to as a non-repudiation signature, it offers the highest legal guarantees and, contrary to what one might think, is extremely simple to use

QUALIFIED ELECTRONIC TIME STAMP

Qualified time stamping assigns a reliable date and time to a document or transaction, guaranteeing that the data has not been altered as of a specific instant in time.

In this process, the figure of the QTSP as an impartial and reliable issuer is a key element, providing certainty about the existence of certain electronic data at a specific moment in time, such as evidence of submission of documents for processing, or the issuance of an invoice. 

Qualified electronic seal

The European eIDAS regulation defines this qualified service as "an advanced electronic seal, which is created by a qualified electronic seal creation device, and that is based on a qualified certificate for electronic seal"

With it, legal persons and corporations will be able to authenticate an automated administrative action, such as the mass signing of official documents.


Particular guarantees that a PCSC offers to the digitisation of your business 

When choosing an electronic signature service provider, its reliability and the guarantees it offers are an aspect to be taken into account. In this regard, we highlight the set of conditions established for the QTSP that guarantee that, through their infrastructure and human team, they will develop services characterised by their legality and security.

Once the requirements have been met and recognition has been obtained, the Qualified Trust Service Providers are supervised by the competent bodies. To this end, they are audited at least every 24 months and may be audited at any time. This procedure ensures compliance with the requirements that guarantee their reputation as a safe and reliable figure.

Another mandatory requirement under the eIDAS Regulation is to have staff with the necessary expertise, reliability, experience and qualifications, having received appropriate training in security and personal data protection rules.

With regard to security and protection, they must use systems that are reliable and secure. They are also obliged by law to take measures against falsification and theft of data.


Uanataca, Qualified Trust Service Provider

Uanataca is recognised as a Qualified Trust Service Provider at European level in accordance with Regulation (EU) No. 910 / 2014 on electronic identification and trust services for electronic transactions (eIDAS).

Therefore, Uanataca's services offer the maximum guarantees of security and protection thanks to the integrated and audited services under the European eIDAS regulation and the ISO27001 standard

If you want to leave us your comment on this article, you can do so in the following form ⬇️ 

0 Comments Leave a Reply
Please, wait…
Leave a Reply
*This is a required field
5 ways to reduce expenses in your company Regtech: new technologies for regulatory compliance
Newsletter

If you want to stay up to date and discover new trends in digital identification, join us and you will receive our newsletter with exclusive articles on electronic signatures, digital certification and other current issues. And so you don’t miss a thing, we will keep you informed of relevant dates and events in the sector.