Scroll
Digital Certification
In recent decades, we have witnessed constant technological developments, influencing the various spheres of society, namely our way of communicating, working, learning or thinking.
Nowadays, organizations seek to accelerate their digital transformation through disruptive technologies that offer various competitive advantages, as well as presenting themselves as solutions that reduce the environmental impact of various economic activities.
Although digital transformation is something fundamental to the evolution of any organization, it also brings with it new challenges, namely the inevitable increase in cyber-risk. It is in this context that we want to explore the role that the EIDAS Regulation can play as a regulatory tool for the mitigation of cyber-risk. Although this diploma has been in force for some years, there is a great lack of knowledge about the instruments introduced by it. But let's start at the beginning...
Regulation No 910/2014 of the European Parliament and of the Council of 23 July 2014 commonly known as the eIDAS Regulation entered into force with a view to creating a common legal framework for the whole of the European Union, enabling confidence in electronic transactions in the internal market to be strengthened by creating the necessary conditions for the mutual recognition of facilitating technologies. As recommended by Decree-Law No 12/2021, which ensures implementation in the internal legal order of the EIDAS Regulation: "The adoption of the Regulation aimed to increase the confidence and security of online transactions in the European Union". This regulatory clarity – as well as the establishment of demanding technical standards for electronic communications in the European single market – is essential for the mitigation of cyber-risk.
Qualified Trust Service Providers are duly accredited by supervisory entities and are required to comply with the requirements laid down by the EIDA Regulation in order to provide qualified services such as the issuance of qualified electronic signatures or the provision of a qualified electronic signature validation service. For this reason, they are essential to create and strengthen confidence in electronic transactions in all Member States.
Furthermore, the EIDAS Regulation established the assumptions for the issuance of qualified electronic signatures as well as qualified electronic seals, allowing them to be standardised within the European Union. Thus, a qualified electronic signature issued in a particular Member State will have to be recognised in all other Member States with an effect equivalent to that of a handwritten signature, as recommended in Article 25(3) of the EIDAS Regulation. Similarly, if a qualified electronic seal is issued by a particular Member State, it must be recognised by all others as such, as is apparent from Article 35(3) of that Regulation.
It is therefore concluded that it is only possible to issue a particular electronic signature qualified accordingly where it complies with the requirements of the EIDAS Regulation. In view of all this, it is essential to have tools capable of demonstrating whether a certain qualified electronic signature is valid or not. Due to the technology adjacent to the creation and affixing of qualified electronic signatures, the verification of the validity of a qualified electronic signature naturally differs from the verification of the validity of a handwritten signature. For this reason, the EIDAS Regulation introduced – through Article 33 – the qualified service to validate qualified electronic signatures. This service shall validate qualified electronic signatures or qualified electronic seals, i.e. enables the verification of whether a particular qualified electronic signature has been issued in accordance with the requirements laid down in the EIDAS Regulation, as set out in Article 32 of that Regulation.
DS Verify
DigitalSign, as Qualified Trust Service Provider, has created theDS Verify, – a qualified electronic signature validation service qualifies or qualified electronic seals – which, as mentioned aboveabove, makes it possible to verify that a particular qualified electronic signature actually complies with the requirements for the validity of qualified electronic signatures.
The combination of these three elements introduced by the EIDAS Regulation is essential for the mitigation of cyber-risk, since the Qualified Trust Services Providers act as a third part of trust by issuing qualified electronic signatures and qualified electronic seals to the various market agents and, in addition, provide qualified services for the validation of qualified electronic signatures, which enable those agents to verify the authenticity of a particular electronic document by validating the qualified electronic signatures that are affixed to them.
We can then conclude that the mitigation of cyber-risk will only be possible if both instruments are used:
In short, it is established that the dematerialization of physical processes allows organizations to operate in a faster, more agile, economic and sustainable way.
However, it is crucial that digital transformation be carried out efficiently and, above all, safely.As made clear in this exhibition, the use of the tools provided for in the EIDAS Regulation allows the establishment of management controls of all types of electronic documents received by a particular organisation, in particular by defining which types of electronic signatures should be used/accepted in each dematerialised process. In addition, the use of qualified validation services makes it possible to assess whether an electronic signature attached to a given electronic document is or is not qualified, which in turn enables organisations to ensure the authenticity of the electronic documents they receive, and this is an essential process for all organisations with regard to Cybersecurity.