In recent years, there has been a great concern for the security and authenticity of documents signed with electronic signatures, especially in Europe. How can we prove the identity of the signer? Can we prove the document is authentic? And, can these signed documents cross borders with the same integrity as the origin country? The use of Digital Certificates that enable digital signatures tied to individual and organizational identities, as well as apply a timestamp, have addressed this need to some extent. The use of these certificates has been dramatically extended, from an individual opening an online bank account or applying for insurance, to a large bank that that uses certificates to validate and protect their documents, for example. However, each country still has had its own rules and regulations.
The European market realized it needed a means to enable the exchange of information or services in a secure manner, guaranteeing the identity of the user in a safe way. In order to achieve the goal of a transforming digital market, the European Union's regulation on Electronic Identification and Authentication Services (eIDAS) was created. eIDAS sets an electronic identification standard to achieve safe and streamlined online transactions across Europe. And for this purpose, the regulation relies on electronic trust services.
Thanks to eIDAS, the EU regulation guarantees the validity of any Digital Certificate throughout its territory, regardless of country of origin, with the clear goal of eliminating borders for electronic transactions in the EU. This is a regulation that extends to all sectors with the clear goal of eliminating borders for electronic transactions in the EU and EEA (European Economic Area).
The following question's were directed at Dawn Illing, Regional Product Manager, EMEA here at Globalsign:
What is a Qualified Trust Service Provider (QTSP)?
The qualified trust service provider (QTSP) plays an important role in the process of qualified electronic signing – the highest assurance level of signature as specified by eIDAS. The trust service providers must be given qualified status and permission from a supervisory government body to provide qualified Digital Certificates, which can be used to create qualified electronic signatures in adherence to strict guidelines. eIDAS requires that the EU will maintain an EU Trust List that lists the providers and services that have received qualified status. eIDAS requires that each EU member state maintains a Trust List of the providers and services that have received qualified status in their country. A trust service provider is not entitled to provide qualified trust services if they are not on the EU Trust List.
How Does GlobalSign View the Changes in the Market and in Particular, Competitive Advantage?
Certain electronic signatures, such as signing on a tablet or smartphone, are not recognized before a court of law. However, one of the most important new aspects of the eIDAS regulation is the use of legally recognized digital signatures on these devices across Europe. As a qualified electronic signature, the signature is valid for contracts and applications that are required by law to be laid down in writing. What this does in effect is eliminate a very tedious process such as the verification point, where someone has to verify that you are whom you say you are. The Qualified Certificate binds that identity to the qualified signature. This is just one example of how the new standards set by the regulation are helping to transform industries.
More and more companies, particularly in the financial sector, are changing as a result of technical innovation and the digital economy. In turn, this has led to new entrants in the field offering new services and improved customer experience. Along with the revised Payments Services Directive (PSD2) aiming to improve security and fraud prevention and just as importantly, customer experience, this ensures a level playing field for both new and old players resulting in a transformation from a European Single Market to a Digital European Single Market.
Customer experience is more important than ever to create real value for customers, particularly within the financial sector. The more that we can do to enable the digital economy and make processes more secure, the more we will improve user experiences and bring new opportunities that enable business growth. We are excited as eIDAS is a driver to innovate and ensure security is addressed throughout the digital workflow, which is why GlobalSign is moving ahead with plans to become a QTSP.
Why Did GlobalSign Decide to Take the Route to Becoming a QTSP?
As a leading global Certificate Authority and provider of a cloud-based managed Public Key Infrastructure (PKI) solution, we have been enabling our customers to digitally sign documents for years. Recently, we launched the GlobalSign Digital Signing Service, which is a truly revolutionary digital signing solution.
What Has Your Experience Been on the Run up to Becoming Accredited?
Accreditation hasn’t been an easy process! Nor should it be. If it was easy, too many of the wrong organizations could seek approval leading to more market confusion.
Over the past year, GlobalSign has been in various stages of audit and we are happy to say that we are now in the final stages and looking to being a QTSP by the third quarter of 2018.