Security framework of trust service providers : technical guidelines on trust services

E-Government services have significant potential to make public services more efficient for the benefit of citizens and businesses in terms of time and money. In order to overcome both administrative and legal barriers on a cross-border level, the eIDAS Regulation was created. The main goals of this Regulation are to: ensure mutual recognition and acceptance of electronic identification across borders ; give legal effect and mutual recognition to trust services ; enhance current rules on e-signatures ; provide a legal framework for electronic seals, time stamping, electronic document acceptability, electronic delivery and website authentication ; ensure minimal security level of Trust Service Provider systems ; enforce obligation of notifications about security incidents at Trust Service Providers Article 19, which is the main focus of this document, of the eIDAS Regulation, states that Trust Service Providers have to demonstrate due diligence, in relation to the identification of risks and adoption of appropriate security practices, and notify competent bodies of any breach of security or loss of integrity that has a significant impact on the trust service provided or on the personal data maintained therein. In this context, the European Union Agency for Network and Information Security (ENISA) has decided to develop these Guidelines on Security Requirements Applicable to Trust Service Providers, with the purpose of discussing the minimal security levels to be maintained by qualified and non-qualified Trust Service Providers.