Archivo de la categoría: English

Trust Without Borders 2026 Speakers

Deja un comentario

The CSC Trust Without Borders Summit 2026 – Bogotá, Colombia (May 13–14, 2026) will bring together government representatives, regulators, policymakers, industry leaders, and business experts to discuss the future of digital trust and identity in Latin America and beyond

The summit focuses on interoperable digital signatures, digital identity, trust frameworks, and the policy and technical alignment needed to support secure cross-border digital services. Participants will explore emerging topics such as post-quantum readiness, trusted digital infrastructure, and global regulatory cooperation while connecting with the international community shaping the future of digital trust.

Viky Manaila

President | Cloud Signature Consortium

Viky Manaila is the President of the Cloud Signature Consortium and an internationally recognised expert in eIDAS, digital identity, electronic signatures and digital transformation. She has been instrumental in advancing secure electronic business and trusted services across Europe and globally. As former Chair of DTCE – Digital Trust and Compliance Europe and long-standing adviser to the European Commission, she contributed to the regulatory design and assessment of the eIDAS framework and its evolution toward eIDAS 2.0, shaping a secure and interoperable digital identity ecosystem for the Single Digital Market.

In parallel with her CSC presidency, Viky serves as Trust Services Director at Intesi Group, driving collaboration between industry, regulators and trust service providers to strengthen global digital trust.

Alejandro Munévar

CEO | GSE

Alejandro Munévar is the CEO of GSE and an authority in digital transformation, with over 20 years of expertise at the nexus of finance and technology. He has spearheaded the conception and deployment of smart cities solutions in Latin America. Today, he champions solutions in critical sectors that strengthen digital citizenship, enabling secure transactions through digital identity and trusted platforms. His method unites strategic foresight and technological execution to develop digital ecosystems that are robust, streamlined, and user-focused.

Admir Abdurahmanovic

SVP Strategy | Keyfactor

Admir Abdurahmanovic is SVP Strategy at Keyfactor, where he focuses on strategic planning, enterprise partnerships, and M&A activities in the field of digital trust. With a background spanning over three decades, he combines deep expertise in mathematics, computer science, and applied cryptography to address real-world challenges. Admir is a strong advocate for pragmatic, trust-based business relationships and high professional standards. 

He has played a key role in positioning organizations as leaders in PKI and cybersecurity. Passionate about innovation, he supports open source as a driver for quality and peer review, while maintaining a practical, results-oriented approach.

Andras Barsi

Aruba | Corporate Strategy and Regulatory Affairs

Andras A. Barsi is a senior executive specialised in C-level strategy, business development and legal tech. With over twenty years of international leadership experience, he has led companies in Europe, North America and the Middle East across sectors including financial services, utilities, e-commerce and government. He has held roles such as Acting Group CEO, Head of Strategy and Chief Strategy Officer, with a strong focus on digital identity, e-signatures, trust services and regulatory compliance.

Andras is recognised for building growth strategies, leading investor relations and advising organisations on secure digital transformation.

Andrea Sassetti

President | AssoCertificatori

Andrea Sassetti is the Chief Executive Officer of Aruba PEC S.p.A., Director of Trust Services and Head of Public Affairs at the Aruba Group. He has worked in the sector of qualified trust services, digital identity, and dematerialisation processes for over 24 years, contributing to the development of reliable digital solutions that comply with the main national and European regulatory frameworks. 

In his role as Head of Public Affairs, he oversees and coordinates the Aruba Group’s institutional relations activities, particularly those related to Trust Services, Cloud, and Data Centres. He engages in dialogue with authorities, industry associations, and stakeholders on matters concerning regulation, digital trust, and the evolution of infrastructure and cloud services. 

He is President of AssoCertificatori and a supporting member of ANORC, ETSI, ESD and the Cloud Signature Consortium. He actively participates in working groups on regulatory compliance, standardisation and interoperability of solutions at Italian and European levels.

Andrea Valle

Principal Product Manager | Adobe

Andrea Valle is a Principal Product Manager for Adobe Sign within Adobe Document Cloud, where he leads cross-functional teams across Engineering, Design, Product Marketing, and Legal to deliver digital signature and identity solutions aligned with customer needs and regulatory frameworks. He directs the Adobe Approved Trust List (AATL) Program and plays a key role in shaping strategic partnerships through the Cloud Signature Consortium. 

As Past President of the Cloud Signature Consortium, Andrea has actively contributed to advancing interoperability, standards adoption, and collaboration across the global digital trust ecosystem. He is a long-standing contributor to ETSI ESI standardization activities and has been directly involved in the development and review of key standards, including ETSI EN 319 142 (PAdES) and ETSI TS 119 432 (Remote Electronic Signature Protocols). He is also recognized as an expert in EU Regulation 910/2014 (eIDAS) and global electronic signature compliance

Anthony Kamers

Co-founder | Rubrix-lat

Anthony Kamers is the Co-founder of Rubrix-lat, a digital signature solution focused on interoperability in Latin America, and the founder of Zeruz IA. He also serves as a federal project manager for the Brazilian Digital Signature Standard (PBAD) and is the technical lead for high-impact national solutions, including Validar and AssinaGov.

Arno Fiedler

ETSI Working Group Electronic Signatures and Infrastructures Vice Chair

Arno Arno Fiedler joins the CSC Trust Without Borders Summit in his capacity as ETSI ESI expert, bringing more than 20 years of leadership in identity and trust service infrastructures. Founder of Nimbus Technologieberatung, he has advised numerous European institutions and trust service providers on the implementation of legal and technical frameworks including eIDAS, PSD2, DSGVO, VDG and CA/B Forum requirements.

Previously with Bundesdruckerei, Arno played a key role in shaping Germany’s trusted digitisation ecosystem. He publishes extensively on trust infrastructures and actively contributes to ETSI, CA/B Forum, Bitkom, TeleTrusT, ENISA and the board of the Secure Digital Identity Association

Carmine Auletta

Managing Director, Europe presso eMudhra

Carmine Auletta is Managing Director Europe at eMudhra and a seasoned executive with more than 20 years of international leadership experience across ICT, digital trust, innovation, regulatory affairs, and strategic transformation. Based in Italy, he has held senior leadership roles in organisations including InfoCert, Terna, Bain & Company, and the Cloud Signature Consortium, where he currently serves as Executive Board Member and Advocacy Committee Chair. Carmine brings extensive expertise in digital identity, trust services, compliance, and innovation-driven growth across global markets. He holds an engineering background and an MBA from Northwestern University’s Kellogg School of Management.

Daniel Rendon

EVP of Strategic Partnerships & Business Development | SSL.com

Board Member | Cloud Signature Consortium

Daniel Rendon is Executive Vice President of Strategic Partnerships and Business Development at SSL.com, a globally trusted provider of PKI solutions, cloud signing and identity trust services. In this role, he leads strategic growth initiatives, partnerships, enterprise sales and market expansion. With over 18 years of experience across digital media, technology, and enterprise solutions, Daniel brings a strong business-driven perspective to digital trust and secure online interactions. He joined SSL.com in 2020 as Product Manager before progressing into senior commercial leadership roles, including Head of Sales, where he oversaw sales, marketing, and complex enterprise implementations. Daniel is also a Board Member of the Cloud Signature Consortium, where he contributes to advancing interoperability, standards adoption, and collaboration across the global digital trust ecosystem.

David Kelts

Director of Digital Ecosystem Strategy | Decipher Identity

David Kelts is Director of Digital Ecosystem Strategy at Decipher Identity, LLC, with over 20 years of experience in digital identity, biometrics, and trust frameworks. He has played a key role in advancing mobile driver’s licenses (mDL) and identity ecosystems, including leading initiatives within ISO, the Secure Technology Alliance, and the FIDO Alliance. 

David has contributed to the development and deployment of interoperable identity solutions across public and private sectors, with a strong focus on privacy, standards, and user-centric design. A Certified Information Privacy Technologist, he is a recognized expert in digital trust, identity verification, and ecosystem strategy.

Donald D. Márquez

Academic Director | IDForo

Head of Business Development | Namirial

International consultant and project director with over 20 years of experience advising governments and companies on digital certification and secure digital transformation. 

He has led projects for the World Bank, the European Union, SICA, and U.S. cooperation agencies, supporting regulatory development and trust frameworks across more than 20 countries in Europe and Latin America. 

A lawyer with advanced degrees in international operations, project management, compliance, and an MBA from IESE Business School, he is also Professor at the University of Barcelona and Co-Founder & Director of IDForo, the leading Ibero-American platform on digital trust.

Edwin Cristancho Pinilla

Executive Director | Organismo Nacional de Acreditación de Colombia (ONAC)

Edwin Cristancho-Pinilla is Executive Director of the Organismo Nacional de Acreditación de Colombia (ONAC), where he leads Colombia’s national accreditation framework and oversees the institutional architecture that underpins quality, conformity assessment, and international recognition.   

With a background in economics and science and technology policy, he has held senior leadership roles across Colombia’s public innovation ecosystem, including Director of the National Institute of Metrology (INM) and Coordinator for Science, Technology and Innovation at the National Planning Department.   

Holding a PhD in Science and Technology Policy from the University of Sussex, United Kingdom, he brings a policy-driven perspective to standards, metrology, innovation governance, and the strategic alignment between accreditation, digital transformation, and international cooperation

Fábio Rego

Qualified Lawyer and Digital Trust Professional | Ascertia

Fábio Rego is a Qualified Lawyer and digital trust professional at Ascertia, specializing in electronic signatures, PKI, and trust services. With a strong focus on regulatory compliance, including eIDAS, he supports organizations in implementing secure, standards-based digital signature solutions that enable trusted digital transformation. Fábio combines legal expertise with technical and business insight, helping bridge the gap between law, technology, and innovation. He previously lectured in Digital Law at a Portuguese public university, reflecting his commitment to advancing knowledge in this evolving field. Passionate about secure digital ecosystems, he actively contributes to building trust in global electronic transactions.

Gertrudis Martínez

Executive Director & Co-Founder | ID Foro

Gertrudis Martínez is Executive Director, Board Member, and Co-Founder of ID Foro, a leading Ibero-American platform dedicated to advancing knowledge and collaboration around digital identity, electronic signatures, and digital trust services. In this role, she leads strategy and ecosystem development, coordinating ID Foro’s annual international summit and ID Day events, which bring together public authorities, industry leaders, and experts to foster dialogue on secure, inclusive, and interoperable digital transformation. 

Alongside her work at ID Foro, Gertrudis serves as Head of Marketing & Communication for Iberia and LATAM at Namirial, where she supports market positioning and stakeholder engagement across the digital trust ecosystem. She previously held senior roles in corporate affairs, institutional relations, and strategic partnerships at Uanataca and Bit4id, working closely with regulators, international organizations, and technology partners across Europe and Latin America.

Guillaume Forget

Cryptomathic | Executive VP

Guillaume Forget is Executive Vice President at Cryptomathic, leading global product and innovation strategy across key domains including digital identities and signatures, key management, mobile security and payment. With more than 20 years in the security and trust ecosystem, he has held senior leadership roles in Europe managing product portfolios, strategy execution, partner management and go-to-market development.

Guillaume is also a Board Member of the Cloud Signature Consortium, where he contributes to advancing interoperability and trust in digital ecosystems. He is recognised for his expertise in eSignature, eIDAS, cryptography and secure digital transformation.

Henry Suarez Martinez

CEO Colombia | Detecno

Strategically leads all activities related to technology, electronic invoicing, and regulatory compliance within companies. Possesses a combination of strong managerial skills, technological expertise, and in-depth knowledge of relevant industry regulations and standards.

Igor Marcolongo

Head of Business Evolution | Tinexta InfoCert 

Board Member | CSC 

Igor Marcolongo is a leading expert in digital identity, trust services and secure electronic transactions. As Head of Business Evolution at Tinexta InfoCert, he drives innovation by connecting products, markets, regulation and technology to shape scalable business models and strengthen Europe’s digital-trust ecosystem. With nearly two decades in trust services, he has helped advance eIDAS adoption, digital signatures and identity-driven services across major sectors. Igor also serves on the Boards of the Cloud Signature Consortium and AssoCertificatori, fostering collaboration between industry and regulators.

Jean Everson Martina

Associate Professor of Computer Science | Federal University of Santa Catarina (UFSC), Brazil

Jean Everson Martina is an Associate Professor of Computer Science at the Federal University of Santa Catarina (UFSC), Brazil. His work focuses on digital identity, electronic documents, interoperability, and trust services, combining applied cryptography, PKI, and large-scale public-sector infrastructures. Jean has extensive hands-on experience working with governments, regulators, and industry across Brazil and Latin America on qualified trust services, digital signatures, and cross-border interoperability initiatives aligned with frameworks such as eIDAS. He regularly advises public institutions and private providers on building scalable, interoperable, and future-ready digital trust ecosystems.

Johannes Leser

CEO, IDnow trust Services AB

Johannes Leser is Managing Director Trust Services at IDnow and a recognized expert in digital identity, trust services, and AML compliance. With more than 17 years of experience in electronic signatures, eIDAS-qualified trust services, and digital onboarding, he has played a leading role in shaping secure digital transformation initiatives across Europe. In parallel, he serves as CEO of IDnow Trust Services AB, the group’s certified Qualified Trust Service Provider in Sweden. Johannes is particularly active in the areas of eIDAS 2.0, EUDI Wallets, Qualified Electronic Signatures (QES), and verified credentials, helping organizations implement compliant and user-friendly digital trust solutions at scale.

John Jolliffe

Provider Relationship lead | eID Easy

John has more than two decades experience in roles spanning Regulatory Affairs, Strategic Partnerships and Product Management, working with companies across the digital identity and trust services arena. As Provider Relationship lead for eID Easy he oversees the development and expansion of the eID Easy marketplace, which brings together global eID, wallet and digital signature solutions for international customers.

José Fernando Medina T.

CEO | Tinexta Camerfirma LATAM

José Fernando Medina T., Industrial Engineer, Master in Finance and MBA, with over 30 years of experience in the technology sector leading sales, operations, and technology teams in Colombia, and experience opening markets in other Latin American countries. He has in-depth knowledge of the Latin American market for Software as a Service (SaaS) solutions, including products such as document management, omnichannel communication, digital marketing, data processing, electronic invoicing, biometrics, and trust services, among others. He is currently CEO of Tinexta Camerfirma LATAM.

Juan Pablo García Cairello

Digital Identity Manager | AGESIC

Juan Pablo García Cairello is a computer engineer specialising in information security, with more than 20 years of experience delivering ICT projects across Latin America. He is Digital Identity Manager at AGESIC (Uruguay’s Electronic Government Agency), where he leads the national PKI, the ID Uruguay digital identification platform, and firma.gub.uy. He works closely with multilateral organisations and regional digital government networks, including on the Latin American and Caribbean Digital Identification Model (IdLAC) and the “broker” model to standardise and integrate digital IDs across the region.

Kim Nguyen

Senior Vice President Innovation | Bundesdruckerei GmbH

Kim Nguyen is Senior Vice President Innovation at Bundesdruckerei GmbH, where he leads initiatives at the intersection of trusted AI, digital identity, quantum technologies, and digital sovereignty. With more than two decades of experience in cryptography and secure digital infrastructures, he has held senior leadership roles spanning security research, trusted services, and innovation strategy. Kim holds a PhD in Pure Mathematics with a focus on number theory and cryptography and has worked across academia, industry, and public-sector ecosystems. A frequent speaker and advisor, he focuses on translating European regulation and innovation into practical, secure solutions that strengthen digital trust and resilience across Europe

Leonardo Maldonado

Tech Partnership Director | GSE (Gestión de Seguridad Electrónica)

Leonardo Maldonado is Tech Partnership Director at GSE (Gestión de Seguridad Electrónica), Colombia’s leading digital identity and trust services provider. 

With over 20 years of experience in digital identity since 2004, Leonardo has pioneered critical projects, including biometric fingerprint authentication using Colombia’s national database for banks and notaries. 

He has championed cryptographic evolution, leading GSE’s implementation of the CSC API for cloud signatures and integration with Adobe Acrobat Sign. As local host for Trust Without Borders 2026, Leonardo brings deep expertise in digital transformation, PKI, and biometric authentication to advance interoperability and trusted digital services across borders.

Luisa Fernanda Vásquez

Bogotá Convention Bureau Manager | Invest in Bogotá

Luisa Fernanda Vásquez is a global-minded leader working at the intersection of business, cities, and international opportunities. With a background in Marketing and International Business, and graduate studies in leadership and strategy, she has built her career connecting people, institutions, and markets across borders. She has held strategic roles in Colombia’s public sector, where she contributed to strengthening the country’s tourism competitiveness and international positioning. Today, she leads the Bogotá Convention Bureau at Invest in Bogotá, where she focuses on attracting international events that not only bring visitors, but also drive investment, knowledge exchange, and long-term impact for the city. Luisa believes that events are not just moments in time, they are platforms to transform cities, industries, and connections.

Marcos Allende

Co-Founder and CEO | Blerify

Marcos Allende is the Co-Founder and CEO of Blerify, a platform than enables digital IDs and ID Wallets in Latin America and the Caribbean following eIDAS framework and ISO/IEC 18013 standard.
Marcos is Quantum Physicist who joined the Inter-American Development Bank (IDB) in 2017 and led as a specialists areas of blockchain, digital credentials, and quantum technologies. He is known by his pioneer work on quantum cryptography and blockchain, having developed the first end-to-end solution for quantum resistance in EVM-compatible blockchain networks, published in Nature’s magazine Scientific Reports in 2023 and feature as top100 Engineering Papers. 
Marcos served in leadership roles for more than 20 emerging tech projects in Latin America and the Caribbean, including the first bond tokenization in the region with the Central Bank of Colombia. Co-founder and former CTO of LACChain, the largest blockchain in LATAM. Post-grad studies in Quantum Computing & Cryptography at MIT, and Finance & Management at LSE. Marcos has also contributed to 25+ publications in collaboration with IDB, WEF, and other global thought leaders.

Markus Vesely

CEO | A-Trust GmbH

Markus Vesely is CEO of A-Trust GmbH, Austria’s leading trust service provider, where he oversees the development of secure digital identity, authentication, and signature solutions used across the public and private sectors. With a background spanning technology, strategy, and business leadership, Markus brings extensive experience in regulated environments and large-scale digital transformation. Prior to A-Trust, he held senior roles at Rohde & Schwarz and Frequentis AG, working at the intersection of critical infrastructure, cybersecurity, and innovation. His work focuses on building trustworthy, interoperable digital services that bridge regulatory requirements and real-world implementation.

Michael Rollin Wilson

Director of Business Services & Deputy General Counsel | Kentucky Secretary of State

Michael is an attorney with over 20 years of experience in commercial law and public-sector administration. He oversees business filings, record authentications, and leads digital modernization initiatives, including e-Apostille technology for cross-border authentication of public documents. He brings a policy-driven perspective to digital identity systems, emphasizing legal recognition, fraud prevention, and the durable architecture of public trust. His work bridges law and technology, turning innovation into solutions that are legally recognized and widely adopted.

Michał Tabor

Board Member | Obserwatorium.biz

Michał Tabor is a Board Member at Obserwatorium.biz with hands-on experience delivering and scaling electronic signature solutions for public and private-sector use cases, supporting Trust Service Providers in the development and compliance of their services. He contributes to ETSI standardisation work focused on trust services and interoperability, and he has co-authored and contributed to ENISA publications on digital identity and trust services. His work bridges implementation reality with regulatory and standards requirements across the European eIDAS ecosystem.

Milton Quiroga

Cryptographer, Entrepreneur and Inventor

Milton Quiroga is a cryptographer, entrepreneur, and inventor with more than 20 years of experience driving early adoption of emerging technologies to optimize business processes. He has advised leading organizations across Latin America, supporting digital transformation from the early days of TCP/IP and the internet to blockchain, cryptography, and, more recently, quantum computing. Milton is the General Manager of Cyte and a Professor at Universidad de los Andes. He holds an MSc in Security from Carnegie Mellon University and specializes in information security, post-quantum cryptography, and secure cryptographic systems

Nestor Markowicz

COO, CERTISUR

Nestor Markowicz is Chief Operating Officer at CertiSur and a highly experienced digital security professional with more than 25 years of expertise in authentication, digital signatures, PKI, SSL, brand protection, and secure document management. Based in Argentina, he has played a key role in the development and deployment of digital trust solutions across Latin America, leading complex projects for financial institutions, public entities, and enterprise clients. Throughout his career at CertiSur, Nestor has combined deep technical knowledge with strong operational leadership, helping organizations implement secure and scalable digital ecosystems. He holds a background in Information Systems Engineering and remains actively engaged in advancing digital trust and cybersecurity innovation in the region.

Sebastian Elfors

CSO | IDnow Trust Services AB / ETSI / CEN / ENISA

Sebastian Elfors is Senior Architect and Chief Security Officer at IDnow, and a recognised expert in digital identity, electronic signatures, trust services, and cybersecurity standards. He brings more than two decades of experience working at the intersection of standardisation, architecture, and secure digital service deployment.

In his current role, Sebastian focuses on eIDAS2, Qualified Trust Service Providers (QTSPs), and the European Digital Identity Wallet (EUDI Wallet). He is an active contributor to leading international and European standards bodies, including ETSI ESI, CEN TC224, W3C, the FIDO Alliance, and the Cloud Signature Consortium, where he contributes to the CSC API specifications. He also serves as an external expert to ENISA, supporting work on digital identity, remote identity proofing, and EUDI Wallet certification.

Previously, Sebastian held senior technical and leadership roles at organisations such as Yubico and TrustWeaver, building deep expertise across PKI, authentication, identity wallets, and future-ready trust architectures. He is widely recognised for bridging regulation, technology, and implementation to deliver interoperable and secure digital trust solutions.

Sven Prinsloo

CTO (Signing and PKI) at Tinexta InfoCert | CSC Technical Committee Chair 

Sven Prinsloo serves as Technical Committee Chair at the Cloud Signature Consortium, where he plays a key role in shaping global standards for interoperability and trust in digital signatures and identity services.

In parallel, he is Chief Technology Officer at Ascertia, leading the development of secure digital platforms supporting enterprise-scale identity, signing and trust services. With more than a decade of experience in PKI, remote signing, cybersecurity and digital identity, Sven has held senior positions across product operations, engineering and technical architecture. He is recognised for aligning technology innovation with strategic business needs to enable resilient and secure digital ecosystems.

Vijayakumar Manjunatha

Secretary General | Asia PKI Consortium

Vijayakumar Manjunatha is a globally recognised expert in digital trust, public key infrastructure (PKI), and digital identity, with over two decades of experience in building and scaling secure digital ecosystems. As Secretary General of the Asia PKI Consortium, he brings together government authorities, regulators and industry leaders across regions to advance interoperability, mutual recognition and cross-border digital trust frameworks. 

Vijay has played a pivotal role in shaping foundational digital trust initiatives, including contributing to India’s Aadhaar-based eSign ecosystem and leading the development of a globally trusted Certifying Authority, enabling secure digital transactions at scale for web security. He has actively contributed to international standardisation and policy forums, including the CA/Browser Forum, FIDO Alliance, Cloud Signature Consortium and United Nations initiatives on cross-border trade and digital cooperation. He is also a member of India’s national standards body, where he chairs the panel on Digital Signatures, and collaborates with ETSI on the adoption of global standards across regions. 

In addition to his global engagements, Vijay advises governments and enterprises on digital identity, trust services, compliance frameworks and emerging areas such as post-quantum cryptography and digital public infrastructure. His work focuses on bridging policy, technology and real-world implementation to enable trusted and scalable digital economies worldwide.

Qualified Certificates for PSD2 (Second Payment Services Directive)

Deja un comentario

EADTrust offers several services related to the issuance of PSD2 qualified certificates, including the issuance of test certificates.

But, what Are PSD2 Certificates?

PSD2 certificates are specialized digital certificates mandated under the European Union’s Revised Payment Services Directive (PSD2, EU Directive 2015/2366), designed to enhance the security, transparency, and interoperability of electronic payment systems across the EU. Introduced to foster open banking, PSD2 requires financial institutions, such as banks, and third-party providers (TPPs) to allow secure access to customer account data and payment services, provided customer consent is given. To facilitate this securely, PSD2 mandates the use of qualified electronic certificates compliant with the eIDAS Regulation (EU No 910/2014), which ensures trust and authenticity in electronic transactions.

These certificates serve as a digital “company ID” for payment service providers (PSPs), identifying them and their roles within the payment ecosystem while securing communications between parties, such as banks (Account Servicing Payment Service Providers, or ASPSPs) and TPPs. The certificates are critical for meeting the Regulatory Technical Standards (RTS) outlined in EU 2018/389, particularly Article 34, which specifies requirements for strong customer authentication (SCA) and secure communication channels. Issued by Qualified Trust Service Providers (QTSPs) listed in the EU Trusted List, PSD2 certificates ensure that only authorized entities can access sensitive financial data or initiate payments, thereby reducing fraud and enhancing consumer protection.

Types of PSD2 Certificates

There are two primary types of PSD2 certificates, each serving distinct purposes within the PSD2 framework:

  1. Qualified Website Authentication Certificate (QWAC):
    • Purpose: QWACs are used to establish a secure, encrypted Transport Layer Security (TLS) connection between parties, such as a TPP and a bank’s API. They authenticate the identity of the PSP or TPP and secure the communication channel, ensuring data confidentiality and integrity during transmission.
    • Use Case: QWACs are mandatory for identifying PSPs when they access a bank’s dedicated interface (API) or fallback mechanism (emergency interface). They are akin to Extended Validation (EV) TLS/SSL certificates but include additional PSD2-specific fields.
    • Technical Details: QWACs rely on a minimum key length of 2048 bits and are generated using a Certificate Signing Request (CSR) that includes the public key and specific attributes (e.g., Organization, Country).
  2. Qualified Certificate for Electronic Seal (QSealC or QSEAL):
    • Purpose: QSealCs provide a digital signature or “seal” on data or messages exchanged between parties, ensuring the data’s origin and integrity. They prevent tampering and offer non-repudiation, meaning the sender cannot deny having sent the message.
    • Use Case: QSealCs are used to sign requests or transactions (e.g., payment initiation or account information retrieval), providing evidence of the request’s authenticity. While not always mandatory, some banks or standards (e.g., Berlin Group’s NextGenPSD2) may require their use alongside QWACs.
    • Technical Details: QSealCs require a minimum key length of 3072 bits for higher security. They can be implemented as “soft seals” (stored digitally without hardware) or with hardware security modules (HSMs) or smart cards, depending on the provider.

Both certificate types are defined under the ETSI TS 119 495 standard, which outlines their technical specifications and ensures interoperability across the EU.

Information Contained in PSD2 Certificates

PSD2 certificates include standard fields found in digital certificates, as well as additional PSD2-specific information to meet regulatory requirements. The key details are:

  • Standard Certificate Fields:
    • Organization (O): The legal name of the PSP or entity.
    • Organizational Unit (OU): Optional, specifying a department or division (if applicable).
    • Common Name (CN): Typically the domain or identifier of the entity.
    • Country Code (C): The two-letter code of the entity’s home country (e.g., “DE” for Germany).
    • State or Province (S): The entity’s state or region (optional).
    • City (L): The entity’s city of operation.
  • PSD2-Specific Fields (in the Qualified Certificate Statement, QC Statement):
    • Authorization Number: A unique identifier issued by the National Competent Authority (NCA) upon registration or licensing of the PSP. This links the certificate to the official public register.
    • PSD2 Roles: The specific roles or entitlements of the PSP, indicating the services they are authorized to provide (detailed below).
    • Name of the National Competent Authority (NCA): The regulatory body overseeing the PSP (e.g., BaFin in Germany, Bank of Spain in Spain).

These fields ensure that the certificate unambiguously identifies the PSP, its authorized activities, and the supervising authority, enabling banks and other parties to verify legitimacy during transactions.

Requirements for Issuance of PSD2 Certificates

The issuance of PSD2 certificates involves strict requirements to ensure security and compliance with EU regulations. These include:

  1. Authorization by a National Competent Authority (NCA):
    • Before applying for a certificate, a PSP must obtain a license or registration from its NCA (e.g., the Financial Conduct Authority in the UK, KNF in Poland). This process confirms the entity’s eligibility to operate as a PSP under PSD2.
    • CRR credit institutions (banks with a full banking license) do not require additional authorization and can directly apply for certificates covering all roles.
  2. Application to a Qualified Trust Service Provider (QTSP):
    • Certificates must be issued by a QTSP accredited under eIDAS and listed in the EU Trusted List. Examples include DigiCert, GlobalSign, and Buypass.
    • The PSP submits a Certificate Signing Request (CSR) containing the public key and required attributes, generated with specified key lengths (2048 bits for QWACs, 3072 bits for QSealCs).
  3. Identity Verification:
    • A natural person (e.g., an authorized signatory) must be identified to represent the PSP. This can be:
      • The signatory themselves for a Qualified Seal Card PSD2.
      • A delegated representative (subscriber’s representative) for QWACs or QSealCs, authorized via a signed request form.
    • Identification methods vary by country:
      • In Germany, PostIdent is standard.
      • Elsewhere, it may involve embassies, consulates, or notaries listed in the European Directory of Notaries.
  4. Validation Against Public Registers:
    • The QTSP verifies the PSP’s authorization number and roles against the NCA’s public register or the European Banking Authority (EBA) register to ensure accuracy and legitimacy.
  5. Technical Requirements:
    • The PSP generates and manages its own private keys, ensuring they remain secure (e.g., using an HSM for QSealCs).
    • Test certificates, which do not require an NCA license, are available for pre-authorization testing but follow the same technical standards.
  6. Certificate Validity and Renewal:
    • QWACs are typically valid for one year, while QSealCs may vary depending on the QTSP. Changes (e.g., PSP name or roles) require revocation of the old certificate and issuance of a new one, as fields cannot be edited.

Roles Encoded in PSD2 Certificates

PSD2 recognizes four distinct roles for PSPs, which define their authorized activities within the payment ecosystem. These roles are encoded in the certificates and align with the ETSI TS 119 495 standard abbreviations:

  1. Account Information Service Provider (AISP, PSP_AI):
    • Description: AISPs aggregate and provide consolidated views of a customer’s payment accounts (e.g., from multiple banks). They help with budgeting, expense tracking, and financial planning.
    • Function: Read-only access to account data, with customer consent.
  2. Payment Initiation Service Provider (PISP, PSP_PI):
    • Description: PISPs initiate payments on behalf of customers directly from their bank accounts, acting as intermediaries between merchants and banks.
    • Function: Facilitates online credit transfers or direct debits, bypassing traditional card payments.
  3. Account Servicing Payment Service Provider (ASPSP, PSP_AS):
    • Description: Typically traditional banks or institutions that maintain payment accounts for customers.
    • Function: Provides account management services and must open APIs for TPPs to access customer data or initiate payments.
  4. Payment Service Provider Issuing Card-Based Payment Instruments (PSP_IC):
    • Description: Entities authorized to issue card-based payment instruments (e.g., debit or credit cards).
    • Function: Enables card payments as part of the payment ecosystem.

A single PSP can hold multiple roles (e.g., both AISP and PISP), and these are all encoded in the certificate’s QC Statement. Banks with a full CRR license can apply for all roles without additional authorization, while TPPs must specify their roles during NCA registration.

Conclusion

PSD2 certificates (QWACs and QSealCs) are vital tools for ensuring secure, authenticated, and interoperable electronic payments under the PSD2 framework. They identify PSPs, secure communications, and protect data integrity, relying on strict issuance processes overseen by QTSPs and NCAs. Containing detailed organizational and regulatory information, they encode one or more of the four PSP roles (AISP, PISP, ASPSP, PSP_IC), reflecting the diverse functions within the open banking landscape. This robust system supports PSD2’s goals of enhancing security, promoting competition, and protecting consumers across the EU.

List of Trust Service Providers confirming support of qualified seals for EPREL organization verification

2 respuestas

Within the EPREL Workspace, a section called «List of Trust Service Providers confirming support of qualified legal person certificates that allow generating qualified electronic seals for EPREL organization verification» has been published.

This is a list of Qualified Certification Service Providers (a subset of the full list of Qualified Certification Service Providers of the European Union), who have explicitly expressed to the European Commission their interest in providing qualified legal entity certificates for qualified electronic seals for use in the manner required by EPREL.

This list has been compiled exclusively to make it easier for suppliers of electrical equipment to select qualified trust service providers providing the desired «specific» service for EPREL. It may be that other Qualified Trusted Service Providers not on this list could also issue certificates suitable for this use.

As this is an open market, with the possibility to act cross-border, any Qualified Trust Service Provider established in any European country can, in principle, issue the certificate to an electrical equipment supplier established in a different country.

The providers currently included in this list are the following:

ANF Autoridad de Certificación Asoc., Bank-Verlag GmbH, Digisign S.A., DigitalSign Certificadora Digital S.A., Disig, a.s., European Agency of Digital Trust S.L. (EAD Trust), First certification autority, a.s., Intesi Group SpA, Quelified e-Seal, Krajowa Izba Rozliczeniowa S.A., Microsec zrt., Sectigo Europe sl, SEP Bulgaria JSC, SK ID Solutions, Trans Sped, TrustPro QTSP and UANATACA S.A.

Of all of them, I highlight, of course, EADTrust, European Agency of Digital Trust S.L. which includes a help service (in English and Spanish) for companies interested in registering their products in EPREL, which is sometimes a difficult task, especially the first time it is attempted. Call +34 917160555 if you need additional information regarding qualified eSeals for EPREL.

Certified Digitization, what is it and what is it for?

Deja un comentario

Certified Digitization, Certified Digitisation Certified scanning, Electronic Invoice, Electronic Signature, Electronic Certificate. EIDAS, All these concepts are related.

In the development of electronic invoicing regulations, Spanish ORDER EHA / 962/2007, of April 10, which develops certain provisions on electronic billing and electronic storage of invoices, has defined in Spain the concept of Certified Digitization. This blog has been a pioneer in dealing with Certified Digitization since 2006.

Also in english, with some posts:

The homologation procedure has been included in the resolution of October 24, 2007, of the State Tax Administration Agency, on the procedure for homologation of digitization software contemplated in Order EHA / 962/2007, of April 10, 2007 .

In a strict sense, certified digitization was defined for the procedures of the tax field, which would be outside the coverage of Law 39/2015 (eGovernment). However, the implementation of the concept and the large number of available applications make it a de facto standard , also for the public sector.

Certified digitisation is the process of converting paper documents into electronic documents that contain their facsimile reproduction and are electronically signed or sealed. The systems that manage the digitisation must meet certain criteria of integrity and unalterability in the database with which the digitisation is carried out and are required to be audited. The documents digitised with this type of system have the character of originals, so that the paper documents from which they originate can be dispensed with, which is why the legal value of these processes and of the documents to which they give rise is very relevant

Certified digitisation of invoices has led to the birth of the concept that is now also used in relation to public administrations and the digitisation of Justice.

For the certified digitisation of invoices, you can use the different variants of software approved by the Tax Agency that the AEAT also publishes on its website. The provincial councils of Navarre, Biscay, Alava and Guipuzcoa have also published equivalent regulations and have approval procedures similar to those of the Spanish National Tax Agency and have their own lists of approved software.

Electronic signature

Electronic signature is regulated in the EU Regulation 910/2014, which is abbreviated as “EIDAS”.

Advanced electronic signature is uniquely linked to the signatory; allows the identification of the signatory; It is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his sole control; and is llinked to the data signed therewith in such a way that any subsequent change in the data is detectable.

In summary, the advanced signature links the signatory with what was signed.

What is signed many times is condensed in the “Hash” value of the document, which is also a way to guarantee the integrity of the signed document after the advanced signature has been carried out. And the signer can be associated in various ways, with biometrics in the case of non-certificate-based signatures, or with the mathematical operation of the hash with the signer’s private key if a certificate-based signature is applied.

Certificate-based signing uses public key cryptography, also called asymmetric cryptography.

In asymmetric cryptography there are 2 keys that are mathematically linked to each other:

1. Private Key
2. Public Key

What is encrypted with the private key can only be decrypted with the public key, and vice versa.

Hash functions are unidirectional and generate a short string of characters from a document or a long string of characters.

A possible simile would be a sum value: if we transform each character in a string into a number (for example, its ASCII value) and add the values ​​of all the characters in the string, the resulting value depends on the content of the string. IF you change a character, the sum changes. The algorithms used in cryptography are more elaborate so that modifications to the strings that result in the same hash value cannot be made, which will allow the contents to be changed. Therefore, the sum value, although it serves to explain the hash, is not in itself a good hashing method.

Given a document and its «hash», it is possible to check if the hash truly corresponds to that document. However, from the hash it is not possible to deduce the document from which it came. There could be infinities. When two different documents produce the same hash value when calculating with a certain algorithm, a «collision» is said to have occurred.

How does an electronic signature work?

The document to be signed is hashed with a specific algorithm (for example, SHA-256) and the result obtained is mathematically operated with an asymmetric signature function (for example, RSA or ECC) with the private key of the signer (normally the private key resides in a chip card or a cryptographic token, and does not leave it, so the hash is sent to the chip and it is the chip that performs the cryptographic operation). The signature is made up of the result of that operation on the chip (which is sometimes called a PKCS # 1 value), and the signer’s certificate containing their data and the public key cryptographically related to the private one.

If the document and the signature are sent to the recipient (sometimes, the document format used allows the signature to be embedded inside, as is the case with PDF files). It can do the equivalent process in reverse to verify the signature.

Extracts the public key from the certificate, thereby applying the cryptographic function to the PKCS # 1 value from which the Hash value is extracted. Calculates the Hash value of the document and compares it with the value obtained from decrypting the PKCS # 1 signature. Both must be the same. If they are not the same there is a problem somewhere. For example, the document has changed in transmission or has been tampered with.

Therefore, an important effect of the electronic signature is that it guarantees the integrity and inalterability of the electronically signed documents.

The certificate used to sign is issued by a “certification authority” or a “trust service provider”. The issuance of electronic certificates is one of the possible trust services ”and, therefore, a“ certification authority ”is a“ trust service provider entity.

These entities verify the identity of the certificate applicants and after that they issue them an electronic certificate associating the public key of the certificate with a private key that must be secretly guarded by the certificate holder with maximum security.

The Electronic Certificate

The electronic certificates of a natural or legal person are electronic documents that contain information about the issuer, the period of validity of the certificate, the identity of the signer, …

The important thing is that this certificate links the public key with the identity of a specific person and that it is signed by the certification body, which has verified the applicant’s identity documents and their correspondence with the applicant’s characteristics. When the certificate is issued, its link with the private key is also established under the exclusive control of the signer.

Although unqualified certification authorities can issue certificates, in Europe qualified certification bodies, which issue qualified certificates, are preferred .

In Spain there are a significant number of qualified certificate issuing entities , among which we can mention Camerfirma, EADTrust, FNMT (CERES), Ivnosys or Vintegris.

In certain signature modalities (such as AdES – T or long-lived signatures) it is convenient to include information about the moment when the signature was created, which it does by adding a time stamp. Time stamps are issued by the Time Stamp Authority (TSA).

The timestamp shows that a certain combination of data existed before a given time and that none of this data has been modified since then.

In short, for the certified digitization of documents, an electronic certificate is needed with which to make the electronic signature on each of the scanned documents.

This requirement and the guarantee of integrity of the database in which the keeping of the invoice digitization process is managed are the most relevant to pass the audit that allows requesting the approval of the software from the AEAT.

Certified Digitization in the field of Justice.

Within the framework of the Lexnet regulations, the GIS for Certified Digitization has been defined by the CTEAJE (State Technical Committee of the Electronic Judicial Administration).

This standard allows any document to be digitized for presentation in legal proceedings, so it has a special value:

  • It is used in the private sector to digitize any document, not just invoices
  • It allows you to have digitized documents in case they are needed at any given time for a trial. This used to be the main reason for keeping paper documents: in case they were needed in court.

The requirements for certified digitization in the field of justice are very similar to those required in the tax field:

  • Electronic signature of scanned documents
  • Protection of the integrity and inalterability of the digitization record database

How do I start a certified digitization process?

To carry out the certified digitization of invoices in a company, it is necessary to have a software approved by the AEAT or by any of the foral estates of Alava, Guipuzcoa, Navarra or Vizcaya.

In order for the software to be able to carry out an electronic signature on each scanned invoice, it must be equipped with a qualified certificate. The current trend is to equip the software with a qualified legal entity certificate, in which case the resulting electronic signatures are called “qualified electronic seals” if they are managed in a device called “Qualified Seal Creation Device” (equipment that is also called HSM «Hardware Security Module»).

It is possible to carry out “certified digitization” or “guaranteed digitization” processes in the context of public administration, for which several of the Technical Interoperability Standards apply . In particular, that of authentic copy, that of digitization, that of signature policy and that of electronic document.

The ValidE portal provides some tools to validate electronic signatures and certificates. The EADTrust DSS tool also provides a lot of information about the certificates and signatures of electronic documents, whether or not they are the result of certified digitization.

Perhaps someone asked this question: is it necessary to start from the printed invoice document to be able to scan it in a certified digitization process or can an invoice received in pdf format be electronically signed?

The answer is given by ORDER EHA / 962/2007, of April 10, which develops certain provisions on telematic invoicing and electronic conservation of invoices in the different articles of which it consists.

Certified scanning can only be done from paper documents.

However, considering that the issuer and receiver can reach an agreement that the issuer of the invoice acts by sending “pre-invoices” in PDF format to the receiver and that the receiver converts them into electronic self-invoices by adding the electronic signature, the fundamental requirement of the electronic invoice, which is your electronic signature. The regulations allow invoices to be managed by the recipient (self-invoice) or a third party on behalf of the invoice issuer, who is usually the one who adds the electronic signatures or electronic stamps.

What to do if the device containing the electronic certificate is lost or stolen

In case of loss or theft of the device in which the private key associated with the electronic certificate is housed, it is necessary to request the revocation of the certificate by going to a Registration Authority of the Certification Authority that issued the certificate. Some certification authorities offer the possibility of remote revocation, using codes that were provided at the time the certificate was issued.

For example, EADTrust has a specific page and a form to request the revocation of the certificate .

Outsourcing of certified digitization processes

When a process is not focused on the core business of a company but can pose a significant administrative burden due to its volume, many entities resort to business process outsourcing (BPO).

A Certified Digitization service performed by third parties or a Remote Electronic Seal service managed by a qualified digital trust service provider can help in these cases.

Article 7 of Order EHA / 962/2007 indicates:

«This digitization process must meet the following requirements:

a) That the digitization process be carried out by the taxpayer himself or by a third party provider of digitization services , in the name and on his behalf, using in both cases software of certified digitization (…)
b) That the digitization process used guarantees the obtaining of a faithful and complete image of each digitized document and that this digital image is signed with an electronic signature in the terms of the previous articles of this Order based on an electronic certificate installed in the scanning system and invoked by the certified scanning software.This certificate must correspond to the taxpayer when the certified digitization is carried out by himself or to the digitization service provider in another case. «

Advantages of Certified Digitisation

These are some of the advantages of Certified Digitisation:

  • Saving time in the search for documents, since, as they are documents in electronic format, searches can be generated by keywords.
  • Increase the efficiency and productivity of employees by saving time in filing and searching invoicess, reducing errors.
  • Frequently digitization allows incorporating the information of the invoices in the accounting or ERP system.
  • By having digital documents managed by computer software and stored in a secure repository, decision-making is streamlined by being certain that all the information is available.
  • Saves storage space by not having to guard paper documents and saves other costs related to archival material
  • It facilitates the adoption of repetitive procedures with the environment and, indirectly, helps to pass a possible ISO 14.001 type audit

Give us a call

You can contact EADTrust by calling +34 917 160 555 if you need help to homologate a certified digitization software to be approved by Spanish Tax Agency or if you need electronic certificates to be used in Spain or Europe.

Trust Services Forum 2017

Deja un comentario

ENISA and the European Commission are organising a consultation workshop with industry and experts from Member States on ICT security certification.

  • Time: April 27, 2017 from 09:30 to 17:00
  • Place: Hotel Thon EU, Rue de la Loi 75, B-1040 Brussels, Belgium

The workshop is organised as a follow-up on the European Commission’s commitment to develop a proposal for a European ICT security certification framework.

Trust Services Forum 2017 – Agenda

09:45 – 10:15

Registration & Welcome Coffee

10:15 – 11:30

Welcome Statement

State of play: eIDAS Regulation, CEF, ENISA activities

Gábor Bartha – European Commission

João Rodrigues Frade – European Commission

Sławomir Górniak – ENISA

11:30 – 11:45

Coffee Break

11:45 – 12:45

Panel Discussion 1

One year after eIDAS provisions entered into force

Where do we stand?

Moderator:

Prokopios Drogkaris, ENISA

Panelists:

John Jolliffe, Adobe

Olivier Delos, SEALED

Romain Santini, ANSSI

Michał Tabor, Obserwatorium.biz

12:45 – 13:45

Lunch Break

13:45 – 14:00

Article 19 – State of play

Ilias Bakatsis, ENISA

14:00 – 15:00

Panel Discussion 2

Working on the eIDAS through guidelines and recommendations

Moderator:

Sławomir Górniak, ENISA

Panelists:

Camille Gerbert – LSTI

Björn Hesthamar – PTS SE

Leslie Romeo – 1&1

Jérôme Bordier – ClubPSCo

15:00 – 15:30

Coffee Break

15:30 – 16:30

Panel Discussion 3

Strengthening the adoption of qualified certificates for website authentication

Moderator:

Eugenia Nikolouzou – ENISA

Panelists:

Reinhard Posch – TU Graz

Arno Fiedler – Nimbus

Kim Nguyen – D-Trust

Erik Van Zuuren – TrustCore

16:30 – 17:00

Next Steps – Open Discussion – Closing Remarks

 

Certified digitization of invoices

1 respuesta

certified-digitizationIn Spain, Certified Digitization of Invoices is a computer process that allows to get digital  true copies of invoices with the same legal value as the paper based original, so the existing legislation allows to eliminate paper invoices from which the digitized invoices are obtained. The computer environment must include a Secure Data Base, which allows users and auditors to access and retrieve instantly any invoice for tax inspection or auditing purposes.

Electronic invoicing is regulated by the  Royal Decree 1619/2012 of 30 November 2012 approving the regulation of billing obligations with some provisiones defined in OrdinanceOrder EHA/962/2007 Order of 10 April 2007 implementing certain provisionsregarding electronic invoicing and storage of invoices contained in RoyalDecree 1496/2003 of 28 November 2003 approving the regulation  governing invoicing obligations.

Royal Decree 1496/2003 of 28 November was repealed by Royal Decree 1619/2012 of 30 November but the rules developed while it was of application, are still valid nowadays.

According to aforementioned RD 1619/2012 electronic invoices and digitized invoices ought to be electronically signed. “It will be valid a qualified electronic signature, as defined under Article 3.3 of Law 59/2003 of 19 December on electronic signature». A qualified signature is an advanced electronic signature based on a qualified certificate and generated by a secure signature creation device.

The Tax Agency Resolution of 24 October 2007, published in the Official State gazette (BOE) of 1 November 2007, on the procedure for approving the software for the certified digitisation of invoices set out in Article 7 of Order EHA/ 962/2007 of 10 April 2007, requires that for the digitisation software to be approved, an application must be presented to the Director of the Tax Information Department in any registry office, in which the applicant must provide a statement of compliance declaring that the software complies with the regulations, including several documents: (1) technical documentation describing the software, (2) the auditor’s report on the assessment of the software and (3) the quality management plan,plus a CD-ROM with information in digital format and a CD-ROM with a copy of the software, as per Article 8 of the aforementioned Resolution. If the documentation and software comply with regulations, a resolution will be issued with the approval, including the reference code that is to be included in every digitized invoice as metadata.

Once AEAT approves the Certified Digitization software, the electronic signed image that is obtained through digitization via such a software keeps the same validity as any paper invoice when it comes to tax purposes.

Certified digitization process involves the use of photo-electric techniques as those implemented in scanners or photo cameras, to convert the image on a paper document into a digital image encoded according to standard formats widely used and with a resolution level higher than 200 ppp acording to information published in the web page of the spanish tax Agency AEAT.

As a consequence, the destruction of large amounts of paper in the form of original documents could be authorized, leading to savings in document and file handling as well as a reduction of indirect tax related costs.

The legal and technical environment of electronic invoicing and certified digitizing (including electronic signature) in Spain is described in the book Electronic invoicing.

Although the book is from 2010, it is still valid in general terms (with minor details after new legislation have been published since 2010).

If you need advice or assessment regarding Software Approval Process, technical implementation details or legal procedures don´t hesitate to contact EAD Trust (European Agency of Digital Trust) that can help to comply with any requirements. You can do it by calling the phone number:+34 91 7160555

Certified Digitization

1 respuesta

In Spain, Certified Digitization of Invoices is a computer process though which one can get digital  true copies of invoices with the same legal value as the paper based original, so the existing legislation allows to destroy paper invoices from which the digitised images have been captured. The computer environment must include a Secure Data Base, which allows users and auditors to access and retrieve instantly all invoices even for tax inspection or audit.

This process is only possible if the company that performs the digitisation uses a certified software approved by the spanish tax Agency and adheres to the provisions of the Quality Plan managed as a contract by the software supplier.

Software Publishers willing to certify their software should apply to the  Tax Office attaching technical information describing the software and an assessment report from a specialist auditor in accordance to the Ordinance EHA 962/2007 and Resolution of 24 October on the procedure for the approval of invoices digitization software.

If you need advice or guidelines regarding these legal procedures don´t hesitate to contact EAD Trust (European Agency of Digital Trust) that can guide your company to fulfill all certified digitization  requirements and to get Tax Agency approval.

Call now to:+34 91 7160555

Reached Member States’ endorsement of a final draft regulation on electronic identification and trust services for electronic transactions in the internal market

Deja un comentario

Vice-President Neelie Kroes and Commissioner Michel Barnier welcomed last friday (February, the 28th) Member States’ endorsement of a “Draft regulation on electronic identification and trust services for electronic transactions” in the internal market.

The Regulation will enable, for example, students to enrol at a foreign university online; citizens to fill on-line tax returns in another EU country; and businesses to participate electronically in public calls for tenders across the EU, to mention just a few of multiple new digital trust related services.

Neelie Kroes said: «The adoption of this Regulation on e-ID is a fundamental step towards the completion of the Digital Single Market. This agreement boost trust and convenience in cross-border and cross-sector electronic transactions. I would like to thank the European Parliament, especially ITRE’s rapporteur, Marita Ulvskog and IMCO’s rapporteur, Marielle Gallo, the shadow rapporteurs, as well as the Greek, Lithuanian, Irish and Cypriot Presidencies for all their work on this file.»

Last friday (February, the 28th), EU ambassadors endorsed the political agreement reached between representatives of the European Parliament, Commission and Council on Tuesday 25 February on the final elements of this significant single market proposal.

A predictable regulatory environment for eID and electronic trust services is key to promote innovation and stimulate competition. On the one hand, it will ensure that people and businesses can use and leverage across borders their national eIDs to access at least public services in other EU countries fully respecting privacy and data protection rules. On the other hand, it will remove the barriers to seamless electronic trust services across borders by ensuring that they enjoy the same legal value as in paper-based processes.

Michel Barnier, Commissioner for Internal Market and Services added:

«I welcome this agreement which is key to completing our work on the Single Market Act. It is an important step for the development of e-commerce, e-invoicing and e-procurement. The new rules will allow all actors in the single market – citizens, consumers, businesses and administrative authorities – to develop their «on-line» activities.»

Background regarding draft Regulation on electronic identification and trust services for electronic transactions

On 4 June 2012, the European Commission proposed a draft Regulation on electronic identification and trust services for electronic transactions in the internal market (see IP/12/558 and MEMO/12/403)

The Regulation is due to be formally endorsed by the European Parliament in the April 2014 plenary session and by the Council of Ministers in June. It will come into force on 1st July 2014 and will be directly applicable cross the EU from that date. The economic effect will be immediate, overcoming problems of fragmented national legal regimes and cutting red tape and unnecessary costs.

Foster the interoperability of eID usage and trust services. The existing EU legislation on eSignatures has been strengthened and extended to cover the full set of electronic identification and trust services and make it more fit for the digital single market. This will have a huge impact on the legal validity and interoperability of national and cross-border electronic transactions.

The so named eIDAS Regulation provides for principles, like:

  • Transparency and accountability: well-defined minimal obligations for Trust Services Providers (TSPs) and liability;
  • Trustworthiness of the services together with security requirements for TSPs
  • Technological neutrality: avoiding requirements which could only be met by a specific technology;
  • Market rules and building on standardisation

And defines digital trust related services such as:

  • Electronic identification,
  • Electronic signatures,
  • Electronic seals,
  • Time stamping,
  • Electronic delivery service,
  • Electronic documents admissibility,
  • Website authentication

After eIDAS entering into force,  a EU Member State:

  • May ‘notify’ the ‘national’ electronic identification scheme(s) used at home for access to its public services
  • Must recognise ‘notified’ eIDs of other Member States for cross-border access to its online services when its national laws mandate e-identification
  • Must provide a free online authentication facility for its ‘notified’ eID(s)
  • Is liable for unambiguous identification of persons and for authentication;

Exploratory seminar on e-signatures for e-business transactions in the Southern Mediterranean region

Deja un comentario

Los días 22 y 23 de enero de 2014 se ha celebrado en el Palacio de Pedralbes de Barcelona el encuentro de especialistas  en firma electrónica de Europa y de los países del mediterráneo para analizar conjuntamente la posibiidad de crear modelos de confianza electrónica para permitir el despliegue de sistemas de certificación interoperables. Este encuentro, el segundo tras la reunión de Amán, fue auspiciado por el organismo europeo  Union for the Mediterranean (UfM) que tiene su sede en Barcelona y cedió sus instalaciones. Pude participar en el encuentro y pienso que fue un intercambio de pareceres muy enriquecedor.

eSignature-Barcelona

In order to promote e-signature solutions for e-business development in the Euro Mediterranean region, the European Commission organised two seminars.

The first explanatory seminar took place in Amman, Jordan on November 11/12, 2013 and was co-hosted by the Telecommunications Regulatory Commission (TRC). The principle aim was to identify some of the common business needs for intra-regional and EU-Southern Mediterranean transactions, compare the existing legislation in place and discuss the common and local challenges of implementing an e-signature framework. The seminar was attended by around 100 government and private stakeholders from over 23 different European, Southern Mediterranean and Gulf countries, as well as from UNCITRAL (United Nations Commission on International Trade Law). It confirmed that the potential and the interest to cooperate is indeed great.

The final explanatory seminar took place in Barcelona, Spain on January 22/23, 2014 and was co-hosted by the Union for the Mediterranean (UfM). The principle aim was to build on the findings of the previous seminar, include any additional information, and reach a set of concrete common conclusions and recommendations through the organisation of panels. The seminar was attended by around 60 government and private stakeholders from over 19 different European and Southern Mediterranean countries. The seminar reached 9 main conclusions.

eIDAS: The missing standard – Mandate 460

1 respuesta

Under the Mandate 460 a lot of new electronic signature european standards are being published, in some cases changing the identification code of previous stablished standards.

One of the aspects I think is missing is the standard definition of form signing in browsers.

Or what I would call form signing in «High penetration World Wide Avalilable Applications» (which would include Adobe Acrobat or similar applications).

Something browsers developers could include in the basic browser functionality without the need oj java extensions (which are hard to maintain among java virtual machine versions, browser types and versions and underlying  operating systems).

It is curious thar old Netscape Navigator versions included that option, but later browser droped the funtionality, and finally was even abandoned in Netscape an Mozilla.

Having a standard way to sign forms that works in the same way in all browser without additional software would be a nice addition. And this could help foster the adoption of the eIDAS Regulation.