ETSI addresses requirements for Trust Services under the European eIDAS regulation 910/2014 and new requirements in the upcoming eIDAS 2 amendment to this regulation on European Digital Identity Framework. A Trust Service is a third party service used to support identification, authentication and signatures for exchanges over public networks. The most widely used type of trusted service is a Certification Authority which uses public key technology to support identification, authentication and signatures.
The eIDAS regulation recognises the following types of trust service providers:
- Certification Authorities issuing certificates for digital signatures supporting electronic signatures and seals (see ETSI page on digital signatures);
- Certification Authorities issuing certificates to support website authentication, aligned with the requirements of the CA/Browser Forum as recognised by all the major Web Browser Vendors;
- Time-stamping authorities providing proof of existence of a data object (including signed documents) at a given time;
- Providers of services for the validation and preservation of signed data;
- Providers of services for registered electronic delivery including registered electronic mail.
This has been extended in eIDAS 2 with the definition of a new form of national electronic identifier, equivalent to national identity card, called the EU Digital Identity Wallet. Alongside this, eIDAS also supports the provision of trust services for:
- Electronic Attestation of Attributes relating attributes and credentials to identified persons;
- Creation of electronic signatures and seals using removte signing devices held in the cloud, as opposed to, for example, locally held smart card;
- Electronic Archiving;
- Electronic Ledgers.
ETSI is developing standards for interfacing to the EU Digital Identity Wallet and support of the other new trust services.
See more detailed information concerning the following items on the ETSI Member Portal:
- current and upcoming ETSI Standards;
- trusted lists and additional nationally maintained information;
- qualified certificates;
- Audit Bodies that audit conformance of implementations of ETSI Standards.