eIDAS compliant and electronic signatures

Driving transparency, interoperability and innovation across the European Union with eIDAS.

Delivering on the eIDAS vision

eIDAS (electronic IDentification, Authentication and trust Services) is an EU regulation (EU N°910/2014) on electronic identification and trust services for electronic transactions across the European Union. It was adopted in 2014, took effect in 2016 and provides a predictable regulatory environment to enable secure and seamless electronic interactions between businesses, citizens and public authorities across the digital European single market.

The aim of eIDAS is to spur digital growth within the EU. By creating standards to be eIDAS compliant for eIDAS electronic signatures, eIDAS advanced electronic signature, qualified digital certificates, electronic seals, time-stamps and other proof for authentication mechanisms, eIDAS enable electronic transactions with the same legal standing as transactions performed on paper.

Discussing smart meter security

Two core concepts of eIDAS

The eIDAS vision centers around two core concepts, the first one being interoperability; member states are required under eIDAS to create a common framework that will recognize eIDs from other member states, while ensuring its authenticity and security. This is key in allowing citizens and companies to easily do business across borders. The second is transparency; if organizations are eIDAS compliant, eIDAS provides a clear and accessible list of trusted services that may be used within the centralized signing framework. This allows security stakeholders the ability to engage in dialogue about the best technologies and tools for securing digital signatures for the whole European single market.

The eIDAS regulation has created an internal market area for trust services within Europe. Trust service providers (TSPs) are the companies or organization, that provides third-party trust services in the form of cert issuance, signatures and authentication. The eIDAS regulation specifies the requirements that any public TSP operating within the EU must meet, ensuring the entire EU is operating using the same set of standards for certificate trustworthiness. eIDAS also introduces the concept of qualification for TSPs, where all TSPs across the EU must adhere to some basic requirements which are audited periodically at least every 24 months.

Becoming a Trust Service Provider and eIDAS compliant

PrimeKey’s Public Key Infrastructure and electronic signing solutions goes a long way in reducing the complexity of becoming an eIDAS compliant TSP. PrimeKey EJBCA eIDAS edition provides issuance, registration and validation services within the eIDAS context and is a proven solution to cost-efficiently establish core TSP capabilities. The PrimeKey EJBCA eIDAS edition is available both as software and as a hardware appliance.

eIDAS electronic signatures - group discussing
Talking about smart meter security concerns

Benefits of PrimeKey EJBCA eIDAS edition for Trust Service Providers

PrimeKey is one of the world’s leading companies for PKI and electronic signing solutions, having developed successful technologies such as EJBCA Enterprise, SignServer Enterprise and PrimeKey PKI Appliance. The EJBCA eIDAS edition offers an easy and secure way of establishing the core capabilities of an eIDAS compliant TSP. The capabilities provided include:

  • Certificate Issuance
  • Registration Point
  • Validation Service
  • High availability clustering
  • Support for FIPS 140-2 level 3 certified and Common Criteria PP5 certified Hardware Security Modules (HSMs)

EJBCA Enterprise and SignServer Enterprise deployment options

PrimeKey understands that organizations have unique business challenges, including security requirements, compliance, budgets and the availability of internal resources.

We give you the choice to combine software, hardware Appliance and Cloud deployments for your PKI solution. This means the infrastructure can be deployed in the manner best suited to your business needs and can grow flexibly and expand over time. EJBCA Enterprise for eIDAS TSPs is available as:

The same packing will be available soon for SignServer Enterprise.

The eIDAS relevant core features of the PrimeKey PKI Appliance and the PKI Appliance eIDAS edition include:

Segregation of duties and access control

  • Registration authority with role-based access control and approval mechanisms
  • Support for smart card protected crypto token activation
  • Cryptographically protected audit log, recording all security events

Cryptographic controls

  • The standard PKI Appliance has a built in FIPS 140-2 level 3 certified HSM
  • The PKI Appliance eIDAS edition has a built in Common Criteria PP5 certified HSM
  • Reset-to-factory defaults mechanism including secure key zeroization
  • Common criteria certified software components

Physical and environmental security, operational security

  • Built in backup and restore functionality
  • SNMP monitoring
  • Support for 2 and 3 node cluster setups offering fail-over or high-availability
  • Dual Gigabit Ethernet ports with separation of management and application networks
  • Redundant, field-replaceable power supply
  • Easy to use update mechanism for firmware and application software

Network Security

  • SNMP monitoring
  • Dual Gigabit Ethernet ports with separation of management and application networks

Incident Management

  • Cryptographically protected audit log, recording all security events

Compliance

  • Registration Authority with role-based access control and approval mechanisms
  • Support for operating multiple, independent PKI hierarchies within one installation
  • Built in backup and restore functionality

PrimeKey’s role in the eIDAS community

Enabling a broad adoption of electronic signatures in Europe will take more than regulation. Delivering on the eIDAS vision requires a community of different actors, including trust service providers and technology providers, working together to support the eIDAS requirements.

PrimeKey has numerous eIDAS and ETSI Webtrust audited customer installations and so far we have appreciated working with 30+ eIDAS (Q)TSPs.

As one of the world’s leading companies for PKI and signing solutions, PrimeKey is committed to continuing to drive the adoption of digital signatures across Europe.

eIDAS discussions

Get in touch with us

Fill in your contact information below and we will get in touch with you.

    I accept that PrimeKey stores my information, and I accept cookies for analysis and business identification. Read more about cookies and privacy policy here.

Selected blog posts

eIDAS is truly a long-term vision and a journey aimed to bring great benefits to citizens, government, businesses and society at large

ENISA Trust Services Forum and CA Day 2019 – My reflections from the events and the eIDAS evolution. [...]