ENISA studies on qualified trust services
The eSignatures Directive introduced already in 1999 in the EU market a clarified regulatory context for electronic signatures by setting in place the qualification scheme. The eIDAS Regulation broadens the scope of this framework, by establishing the possibility to become qualified for the new types of trust services:
- Electronic signatures
- Electronic seals
- Electronic time stamps
- Electronic delivery services
- Electronic certificates for website authentication
In this respect, the aim of the Regulation is to enhance consumer's trust in the digital environment and to improve the trust services market's transparency by introducing a clarified and comprehensive legal framework.
The eIDAS Regulation provisions for trust services will enter into force on July 2016. ENISA started in 2015 to conduct activities to support the successful introduction in the market of qualified trust services. IN 2015, ENISA launched this lines of work by focusing on one of the newly introduced services, qualified certificates for website authentication. Certificates for website authentication, widely known as SSL/TLS certificates, play a critical role in the security of online transactions and have been long employed by websites. This number has grown sharply in the last years driven by business needs rather than any regulatory framework, and the market has evolved to be highly concentrated in a small number of players, mostly from outside Europe.
Based on these features, qualified certificates for website authentication (QWAC certificates) present a particular case among the new trust services defined in the eIDAS Regulation. They will need to enter in an already mature, global and unregulated market. For their successful introduction, it will be necessary to create a demand by properly communicating to consumers their benefits, while at the same time supporting providers to ensure enough supply.
In 2016 the Agency will continue with this line of activities and will produce recommendations for end users and relying parties of qualified trust services.