What is a Qualified Trust Service Provider (QTSP)?
Qualified Trust Service Providers (QTSPs) are recognised entities that provide electronic trust services in compliance with the eIDAS Regulation (Regulation (EU) No 910/2014). These services aim to ensure the security, authenticity and non-repudiation of all electronic transactions and communications in the EU.
Role of QTSPs in the digital economy
Because they provide trust services, such as electronic signatures, QTSPs are also responsible for verifying the integrity of this electronic data. These services authenticate digital signatures, electronic seals and websites to establish trust in these electronic transactions and ensure their legal validity.
As a result, QTSPs play a crucial role in e-commerce, online banking, electronic contracts and digital document management, facilitating secure and reliable communication and collaboration in the digital economy.
Obligations of a QTSP
The eIDAS regulation outlines the following obligations of a QTSP:
- Verifying the identity and specific attributes of qualified certificate recipients
- Notifying the supervisory body of any changes or plans to discontinue qualified trust services
- Maintaining financial requirements as per national law
- Informing users of qualified trust services about terms, conditions and limitations before entering into contracts
- Using secure systems for data storage, retrieval and modification
- Maintaining records of issued and received data for legal evidence and service continuity, even after cessation
- Keeping an up-to-date termination plan to ensure continuity of service
- Ensuring legal handling of personal data
- Maintaining an updated certificate database
Services offered by QTSPs
The services offered by QTSPs extend beyond compliance. Under eIDAS, these agencies are responsible for offering creation, verification, validation and preservation services for the following:
Qualified Electronic Signatures (QES)
QTSPs are responsible for issuing a QES — the digital equivalent of a handwritten signature with the same legal validity in the EU. These signatures are based on qualified certificates and created using qualified electronic signature creation devices.
Qualified Electronic Seals (QESeal)
QESeals are the digital counterparts of stamped seals used to ensure the integrity of electronic data. These are created using qualified electronic seal creation devices and are based on qualified certificates.
Qualified Time Stamping (QTS)
QTSPs offer QTS services, providing an irrefutable record of the precise time an electronic document was created, accessed or altered.
Qualified Electronic Registered Delivery Services (QERDS)
QTSPs help form a traceable chain of custody for electronic data via QERDS. These services ensure the secure transfer of registered data via time-stamped confirmation receipts.
Qualified Website Authentication Certificate (QWAC)
QTSPs offer certificates to authenticate websites and verify the identities of their operators, ensuring secure online communication.
Regulatory framework for QTSP
QTSPs operate within the eIDAS Regulation, guaranteeing adherence to strict legal and security standards. The regulation highlights the supervision, requirements and services of QTSPs to ensure the reliability and interoperability of electronic transactions within the EU.
To achieve QTSP status, a trust service provider must undergo a rigorous certification process conducted by a supervisory body, which includes regular audits and adherence to high security and operational standards. The eIDAS Regulation mandates that QTSPs use robust security measures, such as hardware security modules (HSMs), to protect digital certificates and private keys used in electronic signatures.
What is the difference between a QTSP and a TSP?
A Qualified Trust Service Provider (QTSP) and a Trust Service Provider (TSP) both offer trust services, such as digital certificates for electronic signatures, but they differ in their level of certification, legal recognition and compliance requirements.
| Aspect | Trust Service Provider (TSP) | Qualified Trust Service Provider (QTSP) |
| Definition | Provides services to create, verify, and validate electronic signatures, seals or timestamps. | A TSP that has been accredited and certified according to the eIDAS Regulation. |
| Regulation Compliance | Operates under various regulations, not necessarily compliant with eIDAS. | Must meet strict eIDAS Regulation requirements for security, reliability and legal compliance. |
| Certification | Not required to undergo eIDAS certification. | Undergoes rigorous certification and regular audits to ensure compliance with eIDAS. |
| Legal Recognition | Services may not be universally recognized or legally binding across all jurisdictions. | Services are legally equivalent to handwritten signatures across the EU, universally recognised and binding. |
| Use Cases | Suitable for general electronic transactions without the need for the highest level of legal assurance. | Essential for high-stakes electronic transactions requiring the highest legal assurance, such as banking, healthcare and government. |
| Security and Assurance | Security standards vary and may not be as stringent. | Must meet high security standards, including the use of hardware security modules (HSMs). |
*Disclaimer: This content does not constitute legal advice. The suitability, enforceability or admissibility of electronic documents will likely depend on many factors such as the country or state where you operate, the country or state where the electronic document will be distributed as well as the type of electronic document involved. Appropriate legal counsel should be consulted to analyze any potential legal implications and questions related to the use of electronic documents.