The European Union Agency for Cybersecurity (ENISA) gathered experts from trust services providers, standardisation bodies and national authorities around the discussion tables of the Trust Services Forum organised on 27 and 28 October in Berlin.
The 8th edition of the Trust Services Forum allowed experts to address the current developments pertaining to the proposals of the Directive on Network and Information Security Systems, known as the NIS2 Directive and the new proposals of the Electronic Identification and Trust Services for Electronic Transactions in the Internal Market, known as eIDAS2. The process engaged to develop the EU framework of digital identity wallets was also on the agenda. Discussions addressed the security and trust in the global ecosystem of web certificates and certificate authorities.
The event attracted the participation of more than 600 experts, including eIDAS stakeholders.
Key topics covered included:
- Policy Developments
The event opened with keynotes by experts from the European Parliament, the European Commission and the Member States. Discussions focused on the changes brought about by the NIS2 proposal and by the eIDAS2 proposal still being tackled by the EU’s co-legislators.
- Standardisation and Certification
The sector’s needs for eID standardisation and certification was discussed. Challenges and opportunities presented by eID wallets led to an exchange of views among providers, suppliers and standardisation bodies.
- Web certificates
A panel on ʻGlobal recognition of Trust Servicesʼ included browsers representatives who shared their views on article 45 of the eIDAS revision on qualified web certificates (QWACS).
- Incident reports
ENISA gave an overview of incident reports received from the sector via the national authorities, and of the actions engaged by ENISA to support them throughout the year.
- Trust services dashboard
The European Commission presented the trust services dashboard listing all qualified trust service providers in the EU. This tool is essential for authorities to understand who delivers which trust services.
Overview of the Certificate Authority (CA) day event
The CA-day event followed in the same venue the day after. Centred around certificate authorities and the global trust market, key topics covered included:
- Policy changes with the impact of the eIDAS2 proposal on the auditing framework for trust service providers;
- Identity proofing standards with an update given by ETSI. With remote identity proofing coming up as an emerging topic, trust service providers increasingly resort to it in order to get subscribers.
- CAB Forum: Dean Coclin from the CAB forum gave an update on the recent activities of the forum.
- Qualified web certificates (QWACS), qualified seals (QSeals) and the impact of eIDAS2 on web certificates was also addressed.
Background
The ENISA Trust Services Forum is a platform for eID and trust services experts to share good practices on eID solutions, security of trust services; standards for the sector, but also new technologies like digital wallets and block chain technology.
Electronic trust services include a range of electronic services around digital signatures, digital certificates, electronic seals, timestamps, etc. used to secure electronic, online, transactions.
The eIDAS Regulation is the EU wide legal framework meant to ensure the interoperability and security of the electronic trust services across the EU. One of the goals of the eIDAS is to ensure electronic transactions can have the same legal validity as traditional paper-based transactions, to create a framework in which a digital signature has the same value as a hand-written signature.
With security as an important pillar of the framework, article 19 of the eIDAS Regulation requires trust service providers in the EU to assess risks, take appropriate security measures, and mitigate security breaches.
About the Trust Services Forum
Event webpage and event agenda: Trust Services Forum - CA Day 2022 — ENISA (europa.eu)
Further Information
ENISA topic on Incident Reporting
Remote ID Proofing — ENISA (europa.eu)
Remote Identity Proofing – Attacks & Countermeasures – ENISA report 2022
Security Framework for Qualified Trust Service Providers – ENISA report 2021
Telecom Security Incidents 2021 – ENISA Annual Report
Trust Services Security Incidents 2021 - ENISA Annual Report
Remote ID proofing – ENISA report 2021
For press questions and interviews, please contact press (at) enisa.europa.eu