Skip to content

Electronic archives & storage services: Auditing & certification of your trust service

Person tippt auf Laptop mit schwebendem Interface aus Ordner- und Dokumentensymbolen.

Become a qualified trust service provider (VDA) for long-term storage and become a secure source for signed documents

If, as a qualified trust service provider (TSP), you wish to offer services for the long-term preservation of signed documents, you must fulfil the security requirements set out in the eIDAS Regulation. This includes ensuring that the legal validity of qualified electronic signatures, seals and certificates remains verifiable beyond the period of their technological validity.

We support you in the effective implementation of the eIDAS Regulation: From the necessary testing to the conformity assessment (certification), we provide you with all the services that pave the way for successful qualification (award of qualification status) with your responsible supervisory body - in Germany the Federal Network Agency (BNetzA). This is the prerequisite for inclusion in the European eIDAS Trusted List of qualified providers (EU Trusted List - EUTL).

Are you already a qualified trust service provider and need to provide renewed proof that you are implementing the applicable provisions of the eIDAS Regulation, the ETSI standards and national legislation? We check your processes and documentation and carry out the re-certification.

Request a personalised quote now

Target group for certification of trust service providers for electronic archives and preservation services

Our offer is aimed at a wide range of organisations involved in the secure, legally binding distribution and use of digital archiving:

  • Organisations that already operate a qualified electronic trust service for electronic archives and preservation services or are planning to set up such a qualified service
  • Providers of digital identity services, certification services or trust services within the meaning of the eIDAS Regulation

The advantages of certification at a glance

  • Authorisation as a qualified trust service provider: You objectively prove that you fulfil the requirements of the eIDAS Regulation.
  • European recognition: You will be included in the EU Trusted Service List (TSL).
  • Access to the European Single Market: Your service can be used throughout the EU in a legally binding manner.
  • Transparent GAP analysis: We identify optimisation potential in your current implementation.
  • Training & expertise: With our training, your employees become your company's own eIDAS.PROFESSIONALs.

Your path to becoming a certified trust service provider for electronic archives and storage services

This is how we support you holistically:

Training & Qualification

  • eIDAS.PROFESSIONAL training for your employees

Concept & preparation

  • Overview of the legal requirements for trust services, including the relevant eIDAS requirements, relevant ETSI standards and evaluation of these requirements in the respective context
  • Explanation of the meaning of the Trust Service Practice Statement (TSPS) and introduction to the TÜV NORD certification programme, including normative and legal requirements, interpretations and other relevant aspects
  • Workshops and preliminary audits to identify non-conformities and potential for improvement through status analyses of the PKI or trust service and GAP analysis of existing documentation and processes

Testing & conformity assessment

Standards according to which we test:

  • eIDAS Regulation:
  • Article 34: Qualified preservation service for qualified electronic signatures
  • Article 40: Validation and preservation of qualified electronic seals
  • ETSI EN 319 401: Electronic Signatures and Infrastructures (ESI); General Requirements for Trust Service Providers
  • ETSI TS 119 511: Guidelines and security requirements for trust service providers for the long-term preservation of digital signatures or general data using digital signature techniques

Certification & re-certification

  • Conformity assessment and certification
  • Support for inclusion in the EU Trusted Service List

FAQ - Frequently asked questions about electronic archives and preservation services

Electronic archives are on the rise in the face of advancing digitalisation. In order to keep up with the times and with regard to aspects such as document management and archiving, rights management or revision security, many companies are working on gradually digitising their documents that were previously archived in paper form.

However, electronically signed, sealed or time-stamped documents are subject to different ageing processes than their paper counterparts. This is due to the mathematical algorithms used for signatures, seals and certificates. These lose their suitability over time, which ultimately leads to a loss of evidential value. The algorithms used in signatures, seals and certificates must therefore be updated at regular intervals.

Providers of special electronic archives, so-called preservation services, take care of this and ensure that the evidential value of the signed or sealed documents is maintained by renewing the ageing algorithms in good time.

Retention primarily describes the legally required storage of data and documents over defined periods of time. Archiving, on the other hand, is aimed at structured, long-term storage and retrievability - often beyond the legal requirements.

An electronic archive must be legally compliant, tamper-proof and audit-proof. Among other things, it must ensure that digital documents are traceable, complete and reproducible unchanged at all times - key requirements in accordance with eIDAS and GoBD (principles for the proper management and storage of books, records and documents in electronic form and for data access).

Reliable digital archiving of documents protects companies from data loss, legal risks and reputational damage. It ensures that documents are still valid and verifiable years later - even if the original signature technology is no longer up-to-date.

The eIDAS Regulation sets out requirements for qualified electronic archives and preservation services. These are intended to guarantee that signed data remains legally resilient in the long term - e.g. by regularly renewing cryptographic procedures.

Why we are a strong partner for you

  • Independence
    Our employees are not subject to any conflicts of interest, as they are not beholden to any product providers, system integrators, shareholders, interest groups or government agencies.
  • Expertise
    With us, you have one of the leading experts in the field of cyber security at your side, certified by the BSI as an IT security service provider for IS audits and penetration tests.
  • International network of experts
    Around the globe: We support you both nationally and internationally. Our global network of experts is at your side for all IT security issues.
  • Industry experience
    Thanks to our many years of experience in a wide range of sectors, we can serve companies from a wide range of industries.
  • Tailored to you
    We focus on customised services - and solutions - that are ideally suited to your current business situation and the goals you have set yourself.

Do you have any questions? We are happy to help!

Additional services