Qualified electronic signature and seal creation devices (QSCDs) must fulfil the requirements of the eIDAS Regulation (Annex II) and be certified in accordance with it. Testing and certification is carried out in accordance with an authorised security assessment procedure by an independent body appointed by member states of the EU Commission. Certification by an independent and notified body is a prerequisite for the QSCD to be included in the EU list of certified QSCDs.
As an accredited testing and certification body for Common Criteria and a notified certification body for QSCDs, we support you from the assessment and certification through to the final step of publication of your QSCD by the European Commission. Depending on the type of QSCD, the assessment is carried out according to Common Criteria or is based on a certification process developed by TÜV NORD with equivalent security.
In addition, we offer you customised workshops to optimally prepare you for an upcoming certification or make you an expert in eIDAS and ETSI as part of our eIDAS.PROFESSIONAL training.
Our offer is aimed at a wide range of organisations involved in the secure, legally binding distribution and use of qualified signature and seal creation devices:
This is how we support you holistically:
Training & Qualification
Concept & preparation
Testing & conformity assessment
Audit of your implementation based on the eIDAS Regulation, including
Application of the following standards:
Alternative certification procedures
Certification & re-certification
A qualified signature or seal creation device (QSCD) is a special combination of hardware and software that securely manages cryptographic keys and can be used to create qualified electronic signatures/seals (QES). QSCDs based on crypto modules are used especially for server signatures. The QSCD uses various technical procedures and means to ensure, among other things, that signature keys remain confidential and are generated using established cryptographic procedures.
To be officially classified as a QSCD, a QSCD must fulfil the requirements of Annex II of Regulation (EU) No. 910/2014 (eIDAS). Article 1 [CID (EU) 2016/650] distinguishes between two types of QSCDs
Depending on the type of QSCD, the assessment is carried out:
- On the basis of Common Criteria, e.g. by testing against a suitable protection profile
- Alternatively - for remote QSCDs - by a security assessment procedure with an equivalent level of security approved by a notified body
Only bodies that have been designated by an EU member state in accordance with eIDAS and notified to the EU Commission are authorised to assess QSCDs. TÜV NORD is such a notified body and at the same time an accredited testing centre for Common Criteria.
Only QSCDs that have been successfully assessed may be officially considered "qualified" and are included in the EU list of certified QSCDs. This is a prerequisite for trust service providers to be authorised to use these devices as part of qualified electronic signature or seal creation services.
TÜV NORD provides you with comprehensive support:
The training provides practical knowledge about eIDAS, ETSI standards, IT security requirements and the QSCD assessment process. It qualifies your employees to better understand the requirements and implement projects efficiently.
We support you with in-depth expertise in the field of electronic seals, trust services and conformity assessment - from the initial idea to successful certification. Our experts know the regulatory requirements of the eIDAS Regulation and relevant ETSI standards in detail. With practical workshops, individual training courses (e.g. on eIDAS.PROFESSIONAL) and sound advice, we ensure that your trust service is legally compliant, secure and recognised throughout Europe. Trust in our experience - for maximum security, integrity and authenticity of your digital documents.