Skip to content

Electronic signatures: Testing & certification of your trust service

Hände tippen auf Laptop, umgeben von schwebenden Dokumentensymbolen.

Enabling trustworthy and legally valid transactions as a qualified trust service provider for electronic signatures

Trust service providers (TSPs) that issue certificates for electronic signatures are subject to extensive legal and technical requirements.These are anchored, among other things, in the eIDAS Regulation, which aims to ensure that electronic signatures and associated transactions are legally binding and recognised throughout the EU.

If, as a trust service provider, you wish to be officially included in the European eIDAS Trusted Service List (TSL), you must therefore prove that your service fulfils the security requirements set out in the eIDAS Regulation.

We support you in keeping track of the jungle of requirements and accompany you on your way to qualification status. From checking the necessary requirements through to conformity assessment or re-certification, we offer you both the complete eIDAS package and individual services.

Request a personalised quote now

Target group for certification of trust service providers for electronic signatures

Our offer is aimed at a wide range of organisations involved in the secure, legally binding distribution and use of digital signatures:

  • Companies that already operate a qualified electronic signature service or are planning to set up a qualified electronic signature service
  • Providers of digital identity services, certification services or trust services within the meaning of the eIDAS Regulation

Your certification benefits at a glance

  • Authorisation as a qualified trust service provider: You objectively demonstrate that you fulfil the requirements of the eIDAS Regulation.
  • European recognition: Your service is included in the European eIDAS Trusted List of qualified providers (EUTL).
  • Access to the European Single Market: Your service for electronic signatures can be used legally binding throughout the EU.
  • Transparent GAP analysis: We identify optimisation potential in your current implementation.
  • Training & expertise: With our training, your employees become your company's own eIDAS.PROFESSIONALs.

Your path to becoming a certified trust service provider for electronic signatures

This is how we support you holistically:

Training & Qualification

  • eIDAS.PROFESSIONAL training for your employees

Concept & preparation

  • Overview of the legal requirements for trust services, including the relevant eIDAS requirements, relevant ETSI standards and evaluation of these requirements in the respective context
  • Explanation of the meaning of the Trust Service Practice Statement (TSPS) and introduction to the TÜV NORD certification programme, including normative and legal requirements, interpretations and other relevant aspects
  • Workshops and preliminary audits to identify non-conformities and potential for improvement through status analyses of the PKI or trust service and GAP analysis of existing documentation and processes

Testing & conformity assessment

Audit of your implementation based on the eIDAS Regulation, including

  • Article 28: Qualified certificates for electronic signatures
  • Article 29: Requirements for qualified electronic signature creation devices

Application of the following ETSI standards:

  • ETSI EN 319 401: Electronic signatures and infrastructures: General requirements for trust service providers
  • ETSI EN 319 411-1: Guidelines and security requirements for trust service providers issuing certificates; Part 1: General requirements
  • ETSI EN 319 411-2: Guidelines and security requirements for trust service providers issuing certificates; Part 2: Requirements for trust service providers issuing qualified EU certificates
  • ETSI TS 119 431-1: Electronic Signatures and Trust Infrastructures (ESI); Guidelines and security requirements for trust service providers; Part 1: TSP services operating a remote QSCD / SCDe

Certification & re-certification

  • Conformity assessment and certification
  • Support for inclusion in the EU Trusted Service List

Frequently asked questions about electronic signatures & eIDAS certification

An electronic signature serves as proof that an electronic document has been signed by a natural person. The European eIDAS Regulation also defines the advanced electronic signature and the qualified electronic signature (QES), which are relevant forms of signature for business transactions. They enable the signatory to be identified and are clearly assigned to the signatory. A qualified electronic signature is also used when the written form is required by law. It has the same legal effect as a handwritten signature, for example when contracts are concluded between companies or for legally binding transactions.

A simple electronic signature (EES) is any form of electronic data with which a person signs a document. The advanced electronic signature (AES) already offers more security, as it is clearly assigned to a person and makes changes to the document recognisable. The qualified electronic signature (QES) is the highest level - it is based on a qualified certificate and is generated with a secure signature creation device. It is legally equivalent to a handwritten signature.

A QES makes it possible to process legally binding contracts, applications or notifications completely digitally - efficiently, securely and without media discontinuity. Your company can use it to speed up processes and fulfil regulatory requirements, particularly in European business transactions.

The eIDAS Regulation (electronic IDentification, Authentication and trust Services; EU No. 910/2014) is the European legal framework for electronic identification and trust services. It regulates the recognition of e.g. electronic signatures, seals, time stamps and other trust services in all EU member states. Only those who meet the eIDAS requirements can be recognised as qualified trust service providers and offer legally binding electronic transactions.

Overall, the duration of the conformity assessment process depends on, for example, the number of trust services targeted, the complexity of your infrastructure and your current implementation status. As a rule, a complete conformity assessment process - including project kick-off, stage 1 audit, stage 2 audit, report preparation and certification - takes 6 months, although possible non-conformities during the audit can extend the duration.

As part of the conformity assessment, independent evaluators from conformity assessment bodies (CAB) (such as TÜV NORD CERT) check your documents (e.g. CP/CPS/TSPS, Policy Disclosure Statement, GTC and Termination Plan) for compliance with criteria and requirements, technical and organisational measures based on the relevant eIDAS articles and standards such as ETSI EN 319 401. The aim is to objectively determine the conformity of your trust service with the requirements of the eIDAS Regulation.

Yes, authorisation as a qualified trust service provider is subject to regular recertification, as the certificate is valid for a total of 2 years. The recertification audit takes place within the last 6 months of the certificate validity of the currently valid certificate (months 18 - 24).

We support you throughout the entire life cycle of your trust service - from training as an eIDAS.PROFESSIONAL, workshops, preliminary audits, successful conformity assessments and certifications through to successful inclusion in the EU Trusted List (EUTL). Our team of experts offers comprehensive advice, audits and technical assessments from a single source.

Why are we a strong partner for you?

We support you with the technical depth of over 500 PKI projects, years of regulatory experience as one of the first conformity assessment bodies and a clear understanding of the requirements of modern companies - from the first eIDAS.PROFESSIONAL training to the successful QES certification of your electronic signature solution.

  • Independence
    Our employees are not subject to any conflicts of interest, as they are not beholden to any product providers, system integrators, shareholders, interest groups or government agencies.
  • Expertise
    With us, you have one of the leading experts in the field of cyber security at your side, certified by the BSI as an IT security service provider for IS audits and penetration tests.
  • International network of experts
    Around the globe: We support you both nationally and internationally. Our global network of experts is at your side for all IT security issues.
  • Industry experience
    Thanks to our many years of experience in a wide range of sectors, we can serve companies from a wide range of industries.
  • Tailored to you
    We focus on customised services - and solutions - that are ideally suited to your current business situation and the goals you have set yourself.

Do you have any questions? We are happy to help!

Products & services we review:

Hand stempelt Dokument, daneben schwebende Symbole von Dokumenten mit Häkchen.

Electronic seals

Become a qualified trust service provider (VDA) for electronic seals: We support you in planning your service(s), carry out tests according to eIDAS & ETSI and accompany you on your way to conformity assessment.
Read more
Hand hält Smartphone mit digitalem Dokument und Signatur-Symbol.

Remote signatures / remote seals

A trustworthy environment is the be-all and end-all when creating electronic remote signatures. To prove this objectively and be officially listed as a VDA, you must fulfil the requirements of the eIDAS regulation.
Read more

Website authentication

Are you in the process of setting up or developing a qualified trust service for the creation of website certificates and would like to demonstrate compliance with the requirements of the eIDAS Regulation? Then you've come to the right (IT) address!
Read more
Person arbeitet an Laptop, umgeben von schwebenden digitalen Symbolen für Dokumente und Ordner.

Electronic time stamps

Would you like to be officially included in the European eIDAS trusted list of qualified providers as a VDA for electronic time stamps? We can support you with services such as planning, testing and conformity assessment.
Read more
Person hält Tablet mit schwebenden E-Mail-Symbolen, Laptop und Kaffeebecher im Hintergrund.

Electronic registration and delivery services

Become a qualified trust service for electronic registration and delivery services. We offer you: Training, workshops, planning your services, testing according to eIDAS & ETSI, conformity assessment (certification).
Read more
Hände tippen auf Laptop, umgeben von schwebenden digitalen Zertifikatsymbolen.

Validation services for electronic signatures, seals and time stamps

If you want to become a qualified trust service provider and be included in the EU Trusted Service List, your service must fulfil the requirements set out in the eIDAS Regulation. We can support you with this!
Read more
Person tippt auf Laptop mit schwebendem Interface aus Ordner- und Dokumentensymbolen.

Electronic archives and preservation services

If you as a VDA would like to offer services for the long-term (re-)storage of signed documents, you must fulfil the requirements of the eIDAS Regulation. We can provide you with all the services you need for successful qualification.
Read more
Hand hält digitales Zertifikat mit Häkchen und Sternen, umgeben von Dokumentensymbolen.

Modular services

With TÜVIT for eIDAS conformity of your modular service: We carry out the necessary tests according to eIDAS & ETSI, prepare a conformity assessment report and accompany you all the way to successful certification.
Read more
Person im Anzug nutzt Fingerabdrucksensor auf einem holografischen Login-Interface vor einem Laptop.

Electronic identification (eID)

Rely on us for the security of your eID service: We support you with training, workshops, GAP analyses, document checks and on-site audits on your way to qualification and EU notification.
Read more
Person interagiert mit einem digitalen Dokument auf einem Laptop, während sie ein Smartphone hält.

Qualified Signature Creation Device (QSCD)

As an accredited assessment and certification body for Common Criteria and QSCDs, we support trust service providers in the planning, assessment, certification and publication of QSCDs by the EU Commission.
Read more
Stadtverkehr mit Autos, die durch digitale Netzwerksymbole verbunden sind.

Cooperative Intelligent Transport Systems (C-ITS)

We support you on your way to an IT-secure C-ITS solution: from planning or further development to testing and certification in accordance with the security requirements of the European Commission.
Read more