The provision of a signature or the creation of a company seal are security-critical processes, the manip­u­lation of which can have unpleasant conse­quences for all parties involved, may be accom­panied by a high loss in monetary value or cause signif­icant damage to the reputation of a provider. For products for gener­ating the technical counter­parts of signa­tures and seals, qualified electronic signa­tures and qualified electronic seals, the legis­lator has therefore specified an approval procedure with corre­spond­ingly high security require­ments in the eIDAS Regulation.

The “eIDAS Certi­fi­cation Body” of SRC is able to certify a product in combi­nation with or based on an existing evalu­ation according to Common Criteria as a qualified electronic signature creation device or seal creation device (QSCD) according to Art. 30 para. 3 of the eIDAS Regulation.

The safety require­ments (Protection Profiles) to be applied to products are set out in Commission Imple­menting Decision (EU) 2016/650 of 25 April 2016 laying down standards for the safety assessment of qualified signature and seal-creation devices in accor­dance with Article 30(3) and Article 39(2) of Regulation (EU) No. 910/2014 of the European Parliament and of the Council on electronic identi­fi­cation and electronic trust services for electronic trans­ac­tions in the internal market” (Article 30(3)(a)).

Alter­na­tively, the eIDAS Regulation allows the appli­cation of other test methods provided that equiv­alent safety levels are applied and the test method has been notified to the EU Commission (Art. 30 para. 3 (b)). Since the above mentioned imple­menting decision (EU) 2016/650 does not yet list any PPs containing security require­ments for QSCDs for use by a trusted service provider, SRC has developed a test procedure “Certi­fi­cation of the conformity of QSCDs for server-signing with the require­ments laid down in Annex II of Regulation (EU) No. 910/2014” for the certi­fi­cation of QSCDs for use in remote signa­tures which was notified to the EU Commission.

SRC Security Research & Consulting GmbH has been desig­nated by the Federal Network Agency for Electricity, Gas, Telecom­mu­ni­ca­tions, Post and Railways as “eIDAS Certi­fi­cation Body” in accor­dance with Art. 30 para. 1 of the eIDAS Regulation.

We are pleased to offer you the oppor­tunity to use the expertise and extensive experience of our independent experts for the certi­fi­cation of your product as a qualified signature and/or seal creation device.

The EU Commission publishes and updates lists of notified “eIDAS Certi­fi­cation Bodies” and QSCDs as well as all currently notified alter­native testing procedures.