eIDAS

Security Framework for Qualified Trust Service Providers

This document proposes a security framework to achieve compliance with Article 19 of the eIDAS Regulation, to which both non-QTSP and QTSP are subject. Nevertheless, Article 19.1 states that the security measures “shall ensure that the level of security is commensurate to the degree of risk”. to achieve compliance with Article 19 (valid for both, QTSPs and non-QTSPs), this series of documents recommend that the level of security implemented by non-QTSP, expected to follow ‘best practices’ when operating with due diligence, is equivalent to the one of QTSP. For this reason, the security practices applied by QTSPs are also relevant to – and can also be followed by – non-QTSPs.

Published: March 11, 2021
Language: English

Recommended publications

Remote ID Proofing - Good practices

Through this report, ENISA aims to enhance stakeholder awareness, facilitate risk analysis in evolving threat landscapes, and bolster trustworthiness...

Published on March 12, 2024
Trust Services-Secure move to the cloud of the eIDAS...

Published on June 12, 2023
Remote Identity Proofing - Attacks & Countermeasures

Published on January 20, 2022
Digital Identity: Leveraging the SSI Concept to Build Trust

Published on January 20, 2022

Recommended events

conference
Trust Services and eID Forum - CA Day 2024

On the 25th September, ENISA in collaboration with the European Commission organises, for the 10th consecutive year, the Trust Services and eID...

September 25, 2024

Crete, Greece

Past events

conference
2nd ENISA Cybersecurity Policy Conference

ENISA and the European Commission (DG CNECT), under the auspices of the Belgian presidency of the Council of the European Union, are organising the...

April 17, 2024

Brussels, Belgium
conference
Trust Services and eID Forum - CA Day 2023

October 11, 2023

ThirtyFive Conference Centre, Vienna
conference
EU Cybersecurity Policy Conference

January 26, 2023

Thon Hotel EU, Wetstraat/Rue de la loi 75, 1040 Brussels