Skip to content

eIDAS (trust service components)

Hand hält digitales Zertifikat mit Häkchen und Sternen, umgeben von Dokumentensymbolen.

Achieve eIDAS compliance for your trust service component with TÜV NORD

Do you offer specialised services that are integrated as sub-processes in a trust service and need (renewed) proof that they meet the security requirements of the eIDAS Regulation? We carry out the necessary eIDAS and ETSI tests for you, prepare a comprehensive conformity assessment report and accompany you all the way to successful certification. Following this, you can obtain certification from your competent supervisory authority - in Germany, the Federal Network Agency (BNetzA).

Are you still at the beginning of your service and want to optimise your technical infrastructure? We will provide you with competent support and help you with IT-secure implementation. We also offer workshops or provide you with insights into the world of eIDAS & ETSI as part of our exclusive eIDAS.PROFESSIONAL training programme.

Request a personalised quote now

Target group for certification in the area of trust service components

Our offer is aimed at a wide range of organisations involved in the secure, legally binding distribution and use of trust service components:

  • Companies that already operate a qualified service in the area of trust service components or are planning to set one up
  • Providers of digital identity services, certification services or trust services within the meaning of the eIDAS Regulation

The advantages of certification at a glance

  • Module confirmation at national level: You prove the eIDAS conformity of your component in the form of an audit by an independent third party.
  • Objective proof of trust & competitive advantage: Your IT security becomes verifiable - a plus point for trust service providers and your market position.
  • Transparent GAP analysis: We identify optimisation potential in your current implementation.
  • Training & expertise: With our training, your employees become your company's own eIDAS.PROFESSIONALs.

Your path to certification in the field of trust service components

This is how we support you holistically:

Training & Qualification

  • eIDAS.PROFESSIONAL training for your employees

Concept & preparation

  • Overview of the legal requirements for trust services, including the relevant eIDAS requirements, relevant ETSI standards and evaluation of these requirements in the respective context
  • Explanation of the meaning of the Trust Service Practice Statement (TSPS) and introduction to the TÜV NORD certification programme, including normative and legal requirements, interpretations and other relevant aspects
  • Workshops and preliminary audits to identify non-conformities and potential for improvement through status analyses of the PKI or trust service and GAP analysis of existing documentation and processes

Testing & conformity assessment

Audit of your implementation based on the eIDAS Regulation, including

  • Article 24: Requirements for qualified trust service providers

Application of the following ETSI standards:

  • ETSI EN 319 401: Electronic signatures and infrastructures: General requirements for trust service providers
  • ETSI EN 319 411-1: Guidelines and security requirements for trust service providers issuing certificates; Part 1: General requirements
  • ETSI EN 319 411-2: Guidelines and security requirements for trust service providers issuing certificates; Part 2: Requirements for trust service providers issuing qualified EU certificates

Certification & re-certification

  • Conformity assessment and certification

Frequently asked questions about trust service components

Certain sub-processes of a trust service can be outsourced. This is particularly useful if there are specialised service providers on the market in this context. A widespread example is identification services offered by so-called identification service providers and integrated into the process landscape of trust service providers.

One established identification service is the video identification process. This procedure is a legally authorised procedure for establishing identity. Consumers who use this procedure require a valid identification document (passport or ID card), a stable internet connection and a webcam on their smartphone, tablet, laptop or computer. The identity is checked and confirmed by a call agent using a video chat.

In addition to applications for qualified certificates, video identification is also used when opening bank accounts or concluding loan agreements.

As the component is also part of the scope of the eIDAS conformity assessment and the security of a trust service depends largely on its components, the eIDAS Regulation also requires proof of conformity here. This is the only way to ensure that outsourced sub-processes - such as the identification service - also fulfil the requirements.

A trust service is a service within the meaning of the eIDAS Regulation, e.g. for signatures or seal services. A component is a sub-service - such as an identification service - that is integrated into the processes of a trust service provider. This component can be offered independently by the trust service provider or operated by a specialised provider or company.

Yes, this is even a common use case - e.g. for identification services that are operated independently by a third party and used by various qualified trust service providers. The prerequisite is that the component is certified and fully compliant.

No. The EU Trusted List (EUTL) only lists qualified trust service providers (TSPs) and their qualified trust services - e.g. qualified electronic signatures, seals or time stamps .

Identification services are not listed separately in the EUTL, even if they are certified. If the identification service provider wants to offer its services independently in the European market for connection to a VDA, this must be demonstrably eIDAS-compliant. The other option is an eIDAS conformity assessment of a trust service provider including the trust service component used.

Sie haben Fragen? Wir helfen gerne!

Additional services

Hand stempelt Dokument, daneben schwebende Symbole von Dokumenten mit Häkchen.

Electronic seals

Become a qualified trust service provider (VDA) for electronic seals: We support you in planning your service(s), carry out tests according to eIDAS & ETSI and accompany you on your way to conformity assessment.
Read more
Hände tippen auf Laptop, umgeben von schwebenden Dokumentensymbolen.

Remote signatures & remote seals

A trustworthy environment is the be-all and end-all when creating electronic remote signatures. To prove this objectively and be officially listed as a VDA, you must fulfil the requirements of the eIDAS regulation.
Read more

Website authentication

Are you in the process of setting up or developing a qualified trust service for the creation of website certificates and would like to demonstrate compliance with the requirements of the eIDAS Regulation? Then you've come to the right (IT) address!
Read more