July 1, 2016
TÜV Informationstechnik GmbH (TÜViT) is one of the first companies in Germany to be accredited as an official conformity assessment body in accordance with eIDAS (EU regulation 910/2014), the new European standard for trust services for electronic transactions. The accreditation was granted on 24 June 2016 by the German National Accreditation Body (DAkkS) and, as well as eIDAS, includes certification in accordance with the relevant ETSI (European Telecommunications Standards Institute) standards. This means that TÜViT can award the first eIDAS certificates in time for these standards to enter into force.
TÜViT received the certification, which is initially valid for two years, from DAkkS within a few months. This puts the TÜV NORD GROUP company in a situation to maintain its leading position as a certifier of electronic trust services. TÜViT has issued over 350 certificates in accordance with the German Digital Signatures Act (Signaturgesetz), which has been effective up to now. In Germany this equates to around 80 percent of all certification processes carried out in accordance with the German Digital Signatures Act. TÜViT issued more than 200 certificates for products with qualified electronic signatures and another roughly 150 for security concepts.
The DAkkS accreditation for TÜViT includes:
- Creation, verification and validation of electronic signatures, electronic stamps and electronic time tamps, services for electronic registered delivery and certificates relating to these services
- Creation, examination und validation of certificates for website authentication
- Preservation of electronic signatures, seals or certificates relating to these services
In order to ensure successful implementation of eIDAS beyond the actual conformity assessment, TÜViT also offers accompanying services. These include in particular preparatory assessments, audits, coaching and support services.
Major interest in eIDAS certificates
TÜViT has already recorded a great deal of interest in eIDAS conformity assessments. “We are receiving enquiries not only from Germany, but also from other European countries,” said Clemens Wanko, Director Certification Department for eID (electronic identification) and Trust Services at TÜViT. “We are already working with numerous companies and organisations and will be issuing around ten certificates as early as the start of July. Companies and authorities with extensive international document traffic will benefit particularly from the standardised, cross-border norms and the new services,” said Wanko.
TÜViT is an independent certifier of qualified electronic trust services, because as a company it doesn’t provide, for example, IT services as well. TÜViT works very closely with the relevant regulators, the EU Commission and standardisation organisations such as ETSI, CEN (European Committee for Standardization) and ENISA (European Network and Information Security Agency).
eIDAS takes precedence
From 1 July 2016 the new EU eIDAS regulation will supersede the German Digital Signatures Act and will therefore take precedence in its application. However for the time being, until a trust services act adapted to eIDAS is adopted in Germany, the German Digital Signatures Act remains valid. eIDAS not only regulates signatures and time stamps, it also paves the way for qualified stamps, i.e. signatures for legal entities, and other new services such as verification of stamps and signatures, electronic registered delivery and retention and storage services. In particular the new EU standard provides legal protection across Europe. This also supports the special eIDAS “qualified trust service provider” mark of quality, which a provider only obtains if it has passed the relevant audit.
TÜV Informationstechnik GmbH (TÜViT), with registered office in Essen, is a company of TÜV NORD GROUP, which is one of the largest technical service providers with more than 10,000 employees and business activities in 70 countries worldwide. More than 50 percent of the DAX 30 companies and numerous international companies are among the customers of TÜViT.
TÜViT is one of the leading testing service providers for IT security. The Company focuses on subjects such as Industry 4.0, critical infrastructures, cyber security, data protection audits, and the evaluation of information security management systems in accordance with ISO/IEC 27001. In addition, TÜViT audits and certifies data centers with regard to their physical security and high availability. TÜViT acts as a completely independent service provider, since the Company is not obliged to any product providers, system integrators, shareholders, other stakeholders or government agencies. Neither development nor sales, nor implementation are included in the services of TÜViT.