What is a Trust Services Provider?
Under Regulation (EU) No 910/2014 (eIDAS), a Trust Services Provider (TSP) is defined as: “a natural or a legal person who provides one or more trust services either as a qualified or as a non-qualified trust service provider."
A Trust Services Provider provides one or more of the following services:
- Creating, verifying and validating electronic signatures, seals or time stamps, electronic registered delivery services and certificates that are related to those services
- Creating, verifying and validating certificates to be used for website authentication
- Preserving electronic signatures, seals or certificates related to those services
TSPs adhere to the strict requirements that ensure the validity and security of the certificates, keys and signatures that are the foundation of these services.
What is a Qualified Trust Services Provider?
A Qualified Trust Service Provider (QTSP) must comply with additional measures under the European Union’s eIDAS regulation to provide the highest levels of assurance in the form of qualified certificates, qualified electronic signatures, qualified electronic seals, or qualified electronic signature creation devices and other defined trust services under the eIDAS regulation.
Organizations that are recognized as QTSPs undergo an independent assessment and regular audits to ensure that they continue to adhere to the QTSP requirements as defined by eIDAS.
DigiCert, through its QuoVadis subsidiary, holds QTSP status in two EU member states: Belgium and Netherlands under eIDAS regulations and is recognized throughout the EU as a QTSP. DigiCert is also a QTSP under Swiss Federal law, ZertES, in Switzerland.
What are AATL and EUTL Trust Lists?
A Trusted List is a public list of Trust Service Providers (TSPs) that are accredited to deliver compliance with a specified security regulation.
The EUTL (European Union Trusted List) is a public list of over 200 active and legacy Trust Service Providers (TSPs) that are specifically accredited to deliver compliance with the EU's eIDAS electronic signature regulation.
Under Article 22 of the eIDAS regulation, the EU requires all member states to establish, maintain and publish a trusted list of trust service providers. Those on the EU Trust List (EUTL) are trusted service providers that provide qualified trust services according to eIDAS regulations. Trusted lists are necessary to ensure that all providers’ qualification statuses are listed. If any national level services are provided by the TSP, the TSP services must be clearly marked that the service is only for national level and not eIDAS regulations.
The Adobe Approved Trust List (AATL) is a list of certificate authorities (CAs) and trust service providers (TSPs) that issue digital signing certificates and timestamp services that can be used to comply with legal and regulatory requirements around the world, including the EU's eIDAS regulation. The AATL program enables millions of people around the world to digitally sign documents in Adobe Document Cloud solutions using the world’s most trusted digital IDs. The certificate authorities (CAs) and trust service providers (TSPs) on this list issue certificate-based digital IDs and timestamp services that are used to comply with the most stringent and regulatory requirements in the world, such as the EU's eIDAS regulation and the SAFE-BioPharma standard.
DigiCert is an AATL member, so signatures are automatically trusted by Adobe and other leading electronic document vendors. Digicert® Document Signing Manager is accredited on both AATL and EUTL Trusted Lists.