Skip to content

Electronic identification (eID): The basis for trustworthy communication

Person im Anzug nutzt Fingerabdrucksensor auf einem holografischen Login-Interface vor einem Laptop.

Rely on us for the security of your eID service

If you, as an identity provider, would like to offer an electronic identification solution that is also recognised at European level, you must meet the necessary legal requirements of the eIDAS Regulation and have your identification system notified accordingly. The three security levels - low, substantial and high - are of crucial importance here. They express the degree of trust in the identity of the persons behind them and go hand in hand with increasing security requirements that you must fulfil when identifying, authenticating and managing identities.

We can support you in the eID area as follows: In a workshop format, we go through the relevant verification requirements with you, answer your individual questions and optimally prepare you for an upcoming verification and notification. As part of a GAP analysis, we assess the current level of security and identify weaknesses. Following a document review and an on-site audit, we certify the level of security you have achieved. In addition, our training courses provide you with initial insights into the world of eIDAS & ETSI.

Request a personalised quote now

Target group for the certification of identity providers for electronic identification (eID)

Our offer is aimed at a wide range of organisations involved in the secure, legally binding distribution and use of electronic identification:

  • Organisations that already identify natural or legal persons
  • or are planning to set up an identification solution
  • Providers of digital identification services, certification services or trust services within the meaning of the eIDAS Regulation

The advantages of certification at a glance

  • Objective proof of security: An independent assessment confirms the level of security achieved (low, substantial or high) for your eID service - as confidence-building proof for customers and supervisory authorities.
  • Conformity assessment as a gateway to the European market: Your service can be used throughout the EU in a legally binding manner.
  • Transparent GAP analysis: We identify optimisation potential in your current implementation.
  • Training & expertise: With our training, your employees become your company's own eIDAS.PROFESSIONALs.

Your path to becoming a certified eID service

This is how we support you holistically:

Training & Qualification

  • eIDAS.PROFESSIONAL training for your employees

Concept & preparation

  • Overview of the legal requirements for identification solutions, including the relevant eIDAS requirements, relevant ETSI standards, and assessment of these requirements in the respective context
  • Introduction to the TÜV NORD certification programme, including normative and legal requirements, interpretations and other relevant aspects
  • Workshops and preliminary audits to identify non-conformities and potential for improvement through status analyses of the PKI or trust service and GAP analysis of existing documentation and processes

Testing and conformity assessment

Standards according to which we audit:

  • eIDAS Regulation: Consideration of the requirements listed in Chapter II "Electronic identification" of the eIDAS Regulation.
  • Implementing Regulation (EU) 2015/1502: Contains the minimum requirements for technical specifications and procedures for security levels of electronic identification means.

Certification & re-certification

  • Carrying out conformity assessment and certification
  • Support with inclusion in the EU Trusted Service List

FAQ - Frequently asked questions about eID services

The aim of electronic identification systems in accordance with eIDAS is to considerably simplify identification for the cross-border processing of administrative services at European level. Companies also benefit from these eID systems, as they can be used in the corporate environment. This saves time and effort and facilitates communication with customers, among other things. Electronic identification systems have already been introduced in numerous member states (such as the online ID function of the ID card in Germany).

The eIDAS Regulation provides for harmonisation of the various national eID systems at a (security) technical level. The regulation aims to establish interoperability between the systems. This is ensured by a voluntary notification procedure of the European Commission, in which member states can have their national systems notified. The eIDAS Regulation regulates the legal framework for mutual recognition. It distinguishes between three levels of assurance: "low", "substantial" and "high".

Notified eID systems are recognised across borders and enable access to national administrative services both for citizens of the member state and for EU citizens of other member states. To this end, the notified eID system used must have an equal or higher level of security than that required for the administrative service.

These three levels describe the confidence in the accuracy of a person's identification in the digital space.

  • Low: Low requirements for identity verification - suitable for low-risk applications.
  • Substantial: Extended verification with stronger protection of the transmitted data - e.g. through two-factor authentication.
  • High: Highest requirements - e.g. through personal verification or official ID documents. This level is required for particularly sensitive administrative or business processes.

The security level depends on the protection requirements of the respective application. The more sensitive the data or legal implications of a process are, the higher the security level should be. The selection is made taking into account risks, legal requirements and user groups. A GAP analysis can help to validate the desired level and define specific measures to achieve the target.

The requirements for technical, organisational and legal measures increase depending on the level of assurance:

  • At a low level, simple authentication without proof of identity is usually sufficient.
  • At a substantial level, additional verification mechanisms, such as identity documents or digital proof, must be used.
  • The high level requires proof of a government-issued identity document, encrypted communication, logging and, if necessary, manual verification processes.

Identification refers to the initial establishment of a person's identity, for example through identification documents. Authentication is the repeated verification of this identity, for example using passwords, biometric features or two-factor procedures.

Data used for electronic identification is predominantly personal and is therefore subject to strict data protection regulations in accordance with the GDPR and eIDAS.

The duration depends heavily on the preparation of the provider - with preliminary analyses, GAP analyses and documentation, periods of between 3 and 9 months are common.

Certification bodies such as TÜV NORD carry out the tests on the basis of the eIDAS specifications and relevant standards such as ETSI or BSI.

Why we are a strong partner for you

  • Independence
    Our employees are not subject to any conflicts of interest, as they are not beholden to any product providers, system integrators, shareholders, interest groups or government agencies.
  • Expertise
    With us, you have one of the leading experts in the field of cyber security at your side, certified by the BSI as an IT security service provider for IS audits and penetration tests.
  • International network of experts
    Around the globe: We support you both nationally and internationally. Our global network of experts is at your side for all IT security issues.
  • Industry experience
    Thanks to our many years of experience in a wide variety of sectors, we can serve companies from a wide range of industries.
  • Tailored to you
    We focus on customised services - and solutions - that are ideally suited to your current business situation and the goals you have set yourself.

Do you have any questions? We are happy to help!

Additional services

Hände tippen auf Laptop, umgeben von schwebenden Dokumentensymbolen.

Electronic signatures and seals

As an accredited testing and certification body, TÜVIT supports trust service providers from the planning of their services through the necessary tests to certification.
Read more
Hand stempelt Dokument, daneben schwebende Symbole von Dokumenten mit Häkchen.

Electronic seals

Become a qualified trust service provider (VDA) for electronic seals: We support you in planning your service(s), carry out tests according to eIDAS & ETSI and accompany you on your way to conformity assessment.
Read more
Hand hält Smartphone mit digitalem Dokument und Signatur-Symbol.

Remote signatures / remote seals

A trustworthy environment is the be-all and end-all when creating electronic remote signatures. To prove this objectively and be officially listed as a VDA, you must fulfil the requirements of the eIDAS regulation.
Read more

Website authentication

Are you in the process of setting up or developing a qualified trust service for the creation of website certificates and would like to demonstrate compliance with the requirements of the eIDAS Regulation? Then you've come to the right (IT) address!
Read more
Person arbeitet an Laptop, umgeben von schwebenden digitalen Symbolen für Dokumente und Ordner.

Electronic time stamps

Would you like to be officially included in the European eIDAS trusted list of qualified providers as a VDA for electronic time stamps? We can support you with services such as planning, testing and conformity assessment.
Read more
Person hält Tablet mit schwebenden E-Mail-Symbolen, Laptop und Kaffeebecher im Hintergrund.

Electronic registration and delivery services

Become a qualified trust service for electronic registration and delivery services. We offer you: Training, workshops, planning your services, testing according to eIDAS & ETSI, conformity assessment (certification).
Read more
Hände tippen auf Laptop, umgeben von schwebenden digitalen Zertifikatsymbolen.

Validation services for electronic signatures, seals and time stamps

If you want to become a qualified trust service provider and be included in the EU Trusted Service List, your service must fulfil the requirements set out in the eIDAS Regulation. We can support you with this!
Read more
Hand hält digitales Zertifikat mit Häkchen und Sternen, umgeben von Dokumentensymbolen.

Modular services

With TÜVIT for eIDAS conformity of your modular service: We carry out the necessary tests according to eIDAS & ETSI, prepare a conformity assessment report and accompany you all the way to successful certification.
Read more
Person im Anzug nutzt Fingerabdrucksensor auf einem holografischen Login-Interface vor einem Laptop.

Electronic archives and preservation services

If you as a VDA would like to offer services for the long-term (re-)storage of signed documents, you must fulfil the requirements of the eIDAS Regulation. We can provide you with all the services you need for successful qualification.
Read more
Person interagiert mit einem digitalen Dokument auf einem Laptop, während sie ein Smartphone hält.

Qualified Signature Creation Device (QSCD)

As an accredited assessment and certification body for Common Criteria and QSCDs, we support trust service providers in the planning, assessment, certification and publication of QSCDs by the EU Commission.
Read more
Stadtverkehr mit Autos, die durch digitale Netzwerksymbole verbunden sind.

Cooperative Intelligent Transport Systems (C-ITS)

We support you on your way to an IT-secure C-ITS solution: from planning or further development to testing and certification in accordance with the security requirements of the European Commission.
Read more