Certification of the eIDAS conformity of qualified signature and seal creation devices

Trust service providers (TSPs) that use or issue qualified signature creation devices (QSCD) together with qualified certificates for the creation of qualified electronic signatures and seals have to deploy certified devices either by choosing one from the published list of QSCDs or by getting their proper device certified.

As an accredited evaluation and certification body for Common Criteria and QSCDs, TÜViT supports trust service providers, from the planning over the evaluation and certification to the final step of getting the devices published by the European Commission.

Certification of QSCDs

The regulation (EU) 910/2014 (eIDAS) mandates certified QSCDs as prerequisite for the creation of qualified electronic signatures and qualified seals. Article 1 of [CID (EU) 2016/650] distinguishes two types of QSCD:

  1. QSCDs where the electronic signature creation data or electronic seal creation data is held in an entirely but not necessarily exclusively user-managed environment. Here the evaluation and certification is based on the Common Criteria evaluation.
  2. QSCDs where the qualified trust service provider manages the electronic signature creation data or seal creation data on behalf of a signatory or of a creator of a seal (remote-QSCD or server signing QSCD). Due to the absence of applicable standards for the evaluation of remote-QSCDs alternative certification procedures may be used which fulfil comparable security levels like the Common Criteria evaluation. For this TÜViT developed an own certification process which is recognized at the EU commission.

Our approach

As an evaluation and certification basis, we offer the certification of QSCDs according to eIDAS. Depending on the QSCD type, the evaluation is performed against Common Criteria or it is based on certification process with equivalent assurance developed by TÜV Informationstechnik GmbH for that purpose.

Our IT security experts apply an agile approach during the project, evaluation and certification. You thus have the opportunity after each concluded phase, whether in the project or during the evaluation, to consult our experts. This allows the risk of unprofitable investments to be reduced.

The following standards would apply for the preparation of certificates for QSCDs:

  • [eIDAS]
  • Annex II [eIDAS]: requirements for the certification of the conformity of QSCDs
  • [ISO/IEC 15408-1]
  • [ISO/IEC 15408-2]
  • [ISO/IEC 15408-3]
  • Certification Process for eIDAS conformant QSCDs of the TÜV Informationstechnik GmbH

Our services at a glance

  • conduct of workshops, one-day or multi-day
  • overview of the certification process
  • overview of test requirements and joint evaluation of the requirements relevant to you
  • coordination of your detailed questions on standard requirements, on tests and certifications
  • project support according our agile approach
  • evaluation and certification of the QSCD

  • result: QSCD certificate
  • validity: Depends on the strength of security mechanisms and algorithms that are implemented, shall not exceed a maximum period of 5 years 
  • if all criteria are fulfilled, a certificate is issued and published on the TÜViT website
  • submission of the QSCD certificate to the EU Commission for publication on the official list of QSCDs

Your benefits at a glance

  • minimizing unprofitable investments through agile approach
  • cost reduction through gap analysis
  • targeted project implementation regarding your budget, schedule and standard specifications
  • QSCD certificate
  • verification that legislation and legal requirements are fulfilled, where these derive from the corresponding requirements
  • verification that your QSCD is applied in a targeted, effective and sustainable manner
  • audit and certification by the market leader: e.g. TÜViT has issued over 350 certificates under the German Digital Signature Act and eIDAS, and 150 for PKIs using other criteria, e.g. ETSI

TÜViT has been testing trust services and their products for 15 years.

Peter Kania

Sales & Account Manager eID & Trust Services

+49 201 8999-513
Fax : +49 201 8999-555

Matthias Wiedenhorst

Head of Certification Division Trust Service Provider

+49 201 8999-536
Fax : +49 201 8999-555

Further services

Electronic signatures and seals

Electronic Signatures and Seals

As an accredited testing and certification body, TÜViT supports trust service providers, from the planning of their services to the necessary tests and certification.
Read more
Website Authentication

Website Authentication

Servers and websites available on the internet must be clearly attributed to their operators if users are to trust them. The secure identification of websites and server systems on the internet takes place using electronic certificates.
Read more
Validation Services for Electronic Signatures, Seals and Timestamps

Validation Services for Electronic Signatures, Seals and Timestamps

Validation services are indispensable for assessing the correctness and integrity of electronically signed, sealed and timestamped documents. They review certificates in real time and ensure transparency.
Read more
Electronic Archives and Archiving Services

Electronic Archives and Archiving Services

Documents that are electronically signed or marked with a timestamp are subject to ageing, just like their hard copy counterparts. If the certificates or mathematical algorithms used there are no longer up to date, this results in them losing their value as evidence.
Read more
Electronic Identification (eID)

Electronic Identification (eID)

Electronic identification systems have the great advantage that they save companies time and expense, and significantly simplify communication for customers – provided that the systems work securely and that they are trustworthy.
Read more