Recommendations for the implementation of trust services
ENISA has supported the European Commission since 2013 on the implementation of the eIDAS Regulation by providing security recommendations for the implementation of trust services, mapping technical and regulatory requirements, promoting the deployment of qualified trust services in Europe, raising awareness for relying parties and end users on to secure their electronic transactions using trust services.
In order to ensure high-level security of qualified trust services, the eIDAS Regulation foresees an active supervision scheme of qualified trust service providers (QTSP) and the qualified trust services (QTS) they provide by the national competent supervisory bodies (SB) that supervise, ex ante and ex post, fulfilment of the legal requirements and obligations. It aims at ensuring that, from initiation up to termination of such services, the QTSPs and the QTSs they provide meet the requirements laid down in the Regulation. The following reports provide recommendations and guidelines to eIDAS stakeholders:
Towards a harmonized adoption of the eIDAS regulation, further guidance is needed in order to support the fulfillment of requirements originating from the non-mandatory articles of the eIDAS regulation. TSPs should take appropriate technical and organisational measures to manage the risks posed to the security of the trust services they provide and to prevent and minimise the impact of security incidents. Moreover, guidelines are needed to support the TSPs to prepare for the conformity assessment with the respect to the eIDAS Regulation requirements and obligations. Within this scope, ENISA has prepared the following reports: