ETSI enables chain of trust for digital signatures

Sophia Antipolis, 1 October 2015

First European Standard supporting European eIDAS regulation

ETSI has published the first of a series of European Standards to support the European Regulation on electronic identification and trust services for electronic transactions in the internal market, or eIDAS (Regulation (EU) 910/2014).

EN 319 403, developed by ETSI’s Electronic Signatures and Infrastructures (ESI) technical committee, enables conformity assessment of trust service providers.

More and more organizations today use digital signatures, stamps or certificates to authenticate their documents, whether they are banks, companies or government bodies. In today’s digital world, digital signature makes document authentication easier, greener and more secure.

ETSI enables digital signature deployment through the work of its technical committee ESI, but also through interoperability events to cross-validate digital signatures in the formats standardized by ETSI, namely CAdES, XAdES and PAdES (based respectively on Cryptographic Message Syntax, Extended Mark-up Language and Portable Document Format) and Associated Signature Containers (ASiC).

EN 319 403 is the first standard of its kind defining requirements specific to the conformity assessment and audit of trust service providers, thus strengthening the trust chain of digital signatures. It specifies requirements for the competence, consistent operation and impartiality of conformity assessment bodies auditing and certifying conformity of trust service providers (TSPs) and the trust services they provide.

The EN supports the audit requirements of the eIDAS Regulation. The Regulation requires qualified Trust Service Providers to be audited by conformity assessment bodies after 1 July 2016. Riccardo Genghini, ETSI TC ESI chairman declares: “ The Regulation recognizes the normative relevance of technical standards and provides a balanced coordination between legal and technical norms that has been praised even by The Economist, normally quite critical of EU “overregulation ”. The extended and pervasive auditing of Qualified Trust Service Providers will create a transparent chain of trust that will trigger several new digital services which will thrive cross border in Europe and beyond ”.

To allow business stakeholders to more easily implement and use products and services based on digital signatures, as well as to facilitate mutual recognition and cross-border interoperability of signatures, ETSI TC ESI has released Technical Report TR 119 000 describing the general structure for digital signature standardization and outlining existing and potential standards for such signatures.

Nineteen related European Standards are currently undergoing approval at ETSI. They cover general policy requirements for trust service providers, policy and security requirements for trust service providers issuing certificates, policy and security requirements for trust service providers issuing time-stamps, certificate and time-stamping profiles and digital signature formats.