eIDAS on its way into practice

September 26, 2016

“The eIDAS regulation is applicable now for all EU member states in relation to its rules on electronic trust services, but it is just the start of the journey and the cooperation and engagement with the stakeholders is paramount:“ At the CA Day Elena Alampi from the European Commission gave a comprehensive overview about the state of affairs regarding eIDAS. She said, that it was essential, that the stakeholders – companies, public administrations and trust service providers – get support in applying the new regulation in practice. „EU’s lately launched eIDAS Observatory will make the way into practice easier“, said Alampi in Berlin. The observatory works as a virtual network where stakeholders can exchange ideas and best practices. Furthermore the eIDAS Observatory offers detailed practice advice to profoundly facilitate the adaption of electronical signatures and trust services."

The path using existing practice scenarios was also recommended, for example, by Leslie Romeo, who is Head of De-Mail & Trust Services at 1&1. “In practice, there are established standards that are compatible with the eIDAS requirements, and which allow verification of compliance with these. In Germany, for instance, there is De-Mail,” said Romeo. “Any organisation that is certified as a De-Mail Provider, like 1&1, can verify and receive the status of a Qualified Trust Service Provider under the eIDAS Regulation by means of a relatively simple inspection.”

Alongside Elena Alampi from the European Commission and Leslie Romeo from 1&1, the participants followed a total of ten presentations and one podium discussion. The speakers came from Nimbus, Cryptolog, Thales e-Security, TÜVIT, ENISA, Symantec, LSTI, Colinde, the Bundesdruckerei (federal printer), and Asseco Data Systems. “From the speakers, and from that fact that the hall was filled with participants from 20 countries, one thing was clear: the importance of the event has increased again this year,” concluded Clemens Wanko, head of the specialist department for eID Certification & Trust Services at TÜVIT. 

TÜV Informationstechnik GmbH (TÜVIT), with registered office in Essen, is a company of TÜV NORD GROUP, which is one of the largest technical service providers with more than 10,000 employees and business activities in 70 countries worldwide. More than 50 percent of the DAX 30 companies and numerous international companies are among the customers of TÜVIT.

TÜVIT is one of the leading testing service providers for IT security. The Company focuses on subjects such as Industry 4.0, critical infrastructures, cyber security, data protection audits, and the evaluation of information security management systems in accordance with ISO/IEC 27001. In addition, TÜVIT audits and certifies data centers with regard to their physical security and high availability. TÜVIT acts as a completely independent service provider, since the Company is not obliged to any product providers, system integrators, shareholders, other stakeholders or government agencies. Neither development nor sales, nor implementation are included in the services of TÜVIT.