Table of Contents
- eIDAS: What is the purpose of this European regulation?
- What is a “trusted service provider” under the eIDAS regulation?
- What is the difference between a qualified and an unqualified trusted service provider?
- What does it mean to be recognized as a qualified provider of certified electronic delivery?
- Why choose a specific qualified supplier?
- How does it benefit your company to have a reliable service provider?
1. eIDAS: What is the purpose of this European regulation?
Regulation (EU) No. 910/2014 is better known by eIDAS, which stands for Electronic Identification and Authentication Services. And the European Commission says of it, “eIDAS is a key enabler for secure cross-border transactions.”
This regulatory text, which refers to transactions, identification and trusted electronic services, was born in 2014 with the aim of transferring to the digital world the facilities brought by the harmonization of the European common market. In short, thanks to eIDAS:
- Individuals, businesses and public administrations can use their national electronic identification systems to interact with each other, regardless of their Member State.
- It creates a European internal market for trusted cross-border electronic services that will operate in the same way, with the same guarantees and the same legal status as their paper-based counterparts.
In other words, since eIDAS, the rules of the game in the electronic world are the same for all subjects, entities and administrations of the European Union. And also the instruments. For example, a digital certificate issued in Spain will be used to carry out a procedure in Poland and an electronic signature is as valid in Finland as in Italy, as long as they are designed according to eIDAS.
This regulation also regulates the figure of the trusted electronic service provider, a key figure for electronic security.
What is a “trusted service provider” under the eIDAS regulation?
The eIDAS regulation defines a qualified provider as a “trust service provider that provides one or more qualified trust services and has been granted qualification by the supervisory body.” And the qualified trust services covered by the regulations are as follows:
- Issuance of Certificates of electronic signatures / seals
- Time stamps
- Certified electronic delivery
- Validation of electronic signatures/seals
- Preservation of signatures / electronic seals
- Website authentication
What is the difference between a qualified and an unqualified trusted service provider?
The difference lies in the verification and approval, by the Ministry of Economic Affairs and Digital Transformation, of compliance with the technical and organizational obligations established by the regulations, both European and national. In other words, a prior audit by an accredited entity is required. After passing the audit, the Ministry verifies the trust service provider’s performance and therefore qualifies it.
On the other hand, an unqualified trust service provider has not been evaluated or audited by the Ministry.
A company that wants to be officially recognized as a qualified trust service provider has to pass a rigorous audit that verifies the processes and procedures that the company puts in place to guarantee the security of its electronic service, as well as compliance with the requirements of the ETSI European technical standards that apply to the service. Measures pertaining to the legal, organizational and technical areas.
Access from here to the list of trusted electronic service providers qualified by the Ministry, where you can find us.
4. What does it mean to be recognized as a qualified provider of certified electronic delivery?
According to the definition of the European eIDAS regulation, a certified electronic delivery service allows data to be transmitted between third parties by electronic means and provides evidence related to the management of this data, including proof of sending and receiving the data. It also protects data against the risk of loss, theft, damage or unauthorized alteration.
This means that data sent and received through a provider with this recognition will be admissible as evidence in legal proceedings even if it is in electronic format. In other words, the judge will not only not doubt the validity of the certification presented, but will not even review it as this qualification is granted by the ministry and supported by the European eIDAS regulation. A Trusted Qualified Service Provider (TQSP) has a presumption of legal validity.
In the specific case of this certified electronic delivery service, the recognition provides a high level of security and confidence in the delivery of messages through our multichannel communications services and solutions. The whole process is completed with the necessary evidence to prove it in a reliable manner before a court of law, for example.
5. Why choose a specific qualified supplier?
The qualifications offered by the Ministry of Economic Affairs and Digital Transformation are varied. Whether or not a piece of evidence is irrefutable in court depends on the qualifications of the supplier you choose. MailTecK & Customer Comms are qualified service providers in “qualified electronic delivery”. That is, a qualification in electronic signatures or time stamps does not include electronic communications.
This surname “certified electronic delivery” is crucial and, in addition to being significant, it refers to the core of our business. We are qualified in our core business and what defines us: communications.
In the shipments we make, this qualification certifies:
- We identify the parties: sender and addressee.
- That we verify that there has been an exchange of messages or documents with specific content.
- That this process has occurred at a particular time by applying time stamps.
- That we keep documents and evidence in our digital archives.
All of the above has the legal force of the European eIDAS regulations to be considered as evidence of the highest legal value.
In other words, we act as a “digital notary” of your communications.
6. How does it benefit your company to have a reliable service provider?
Through our CertySign platform, a self-developed technological solution, your company can manage all its omnichannel communications with full legal reliability and collect the evidence and time stamps necessary for their validity in case of a lawsuit. These evidences, when the service is qualified, are kept for fifteen years in a secure environment. Through our services, including message design, your communications with customers, suppliers and employees will not only be attractive and fluid, but will also have full legal guarantees.
For confidence and legal guarantee. If you work with us, your company will have the extra peace of mind of being protected against litigation related to the delivery of notices, contracts, renewals or cancellations, among many other cases.