Sometimes, one word in a long denomination makes a fundamental difference. This is the case of the trusted electronic service provider, which sometimes includes the word qualified, something that in many areas of activity makes a difference. And it is so relevant that we have proposed to write a post to explain it.

Prestador cualificado frente a no cualificado

The trusted service provider (previously called trusted third party) is a natural or legal person that guarantees the technical, organizational and legal measures that give the maximum legal value to the use of the digital certificate and the electronic signature. In other words, it acts as if it were a “digital notary”.

Qualified vs. unqualified provider

But there are two types of trusted providers, qualified and unqualified. The regulation of both is found in the eIDAS Regulation and is maintained in its evolution eIDAS2. In Spain, the supervisory body for both is the Ministry for Digital Transformation and the Civil Service, which includes in its list all trusted service providers, the list of services they provide and whether or not they are qualified. You can visit it from this link.

Accreditation after a rigorous audit

AENORIn order for the provider to be considered qualified and be included in the ministry’s trusted list to be able to start the activity, it must undergo a conformity assessment, and obtain a positive report, by a national accreditation body. The audit, which is very rigorous, examines the processes and procedures that the applicant company has in place to ensure the security of its electronic service. It also verifies compliance with the European technical standards ETSI involved in the service in question, as well as in the legal, organizational and technical fields.

Once this analysis has been completed, qualified providers must submit the aforementioned report to the ministry at least every twenty-four months. In addition, as a guarantee of continuity, the standard establishes that throughout this time it will have to demonstrate that its tools and software are reliable and capable of preventing the falsification of transmitted information, as well as that its personnel are trained in information security.

Qualified reliable services

EU Regulation 910/2024 eIDAS recognizes the following as qualified trust services:

  1. Issuance of Certificates of electronic signatures / seals
  2. Time stamps
  3. Certified electronic delivery
  4. Validation of electronic signatures/seals
  5. Preservation of signatures / electronic seals
  6. Website authentication

Unlike a qualified trust service provider, a non-qualified trust service provider may offer trust services, but is not obliged to comply with rigorous and constant controls by the designated supervisory body in each Member State. Trust is, therefore, lower.

Such is the trust placed in the qualified provider that, in the event of litigation, his evidence enjoys a rebuttable presumption when presented as evidence. In other words, it is up to the opposing party to prove that the service was not properly rendered and that the evidence is therefore invalid. Unqualified providers do not benefit from this presumption.

Qualified in certified electronic notification

Entrepreneur with a cell phoneAt MailComms Group we are currently recognized by the Ministry as a qualified trust service provider. as a qualified trust service providerin its modality of certified electronic notification. In the list you will find both MailTecK and Customer Comms, the first two companies that formed the group.

This recognition provides a high level of security and confidence in the delivery of messages through our multichannel communications solutions, which also makes us an ally for our customers’ cybersecurity strategy. allies for our customers’ cybersecurity strategy.

The qualification in certified electronic notification includes, according to eIDAS, transmitting data between two parties by electronic means and providing reliable evidence related to the management of this data. This specialization also protects data against the risk of loss, theft, damage or unauthorized alteration.

Therefore, data sent and received through the system of a qualified provider will be considered as evidence in court, in case of litigation: a qualified provider has a presumption of legal validity and, in our case, this extreme legal value applies to all certified channels that we offer to send communications, such as email, WhatsApp, SMS, web and postal.

If you want to learn more about the differences between a qualified and an unqualified trusted service provider or how we can bring benefits to your day-to-day business, we offer two options. The first is to watch the video pill we propose below, in which Alonso Hurtado, partner of ECIJA in the areas of Technology, Media and Telecommunications and Regulatory Compliance, explains it. And the second is to contact us: we will be happy to talk to you about your company’s particular needs.

Soraya de Caso

Manager Consultoría Legal de Negocio.

Licenciada en Derecho por la Universidad de Valladolid. Esta especializada en protección de datos y seguridad de la información tanto en el sector publico como en el sector privado como Compliance Officer & Data Protection Officer. Posee la certificación Lead Auditor ISO/IEC 27001 y numerosas formaciones en materia de seguridad y privacidad.-

Contact us if you would like to receive more information

    Name*

    Last Name*

    Company email*

    Phone*