Under Regulation (EU) No 910/2014 (eIDAS), a Trust Service Provider (TSP) is defined as “a natural or a legal person who provides one or more trust services either as a qualified or as a non-qualified trust service provider."
TSPs are responsible for assuring the electronic identification of signatories and services by using strong mechanisms for authentication, digital certificates and electronic signatures. eIDAS defines how Trust Service Providers perform authentication and non-repudiation services and how they are to be regulated and recognized throughout EU member states.
A trust service is an electronic service that involves one of the following:
For a trust service to be considered a qualified trust service, the trust service must meet the requirements that have been put forth in the eIDAS Regulation. The use of trust services provides a trust framework for ongoing relations for electronic transactions conducted between countries and organizations.
Under eIDAS, an advanced electronic signature is considered legally binding, whereas a qualified electronic signature, such as those produced through qualified trust service providers, carres higher probative value (if used as evidence in a court of law) and cannot be challenged easily because the authorship is considered non-repudiable. Where a qualified electronic signature has been created with a qualified certificate from a EU member state, all other EU members are required to recognize the signature as valid. A qualified signature is considered the equivalent of a handwritten signature in the eyes of the courts according to eIDAS Regulation, Article 24 (2).
There is a whole set of current and upcoming standards prepared by the European Telecommunication Standarisation Institute (ETSI) aimed at optimising the process with respect to polices and security. The full list of current and future standards can be found on the ETSI Portal for trust service providers.
A qualified Trust Service Provider plays a crucial role in regards to the qualified electronic signing process. The Trust Service Provider must have been granted qualified status from a supervisory government body that gives permission to that entity for providing qualified trust services used in creating qualified electronic signatures. Under eIDAS, the EU maintains an EU Trust List, which contains the providers and services that are given qualified status. If an entity is not on that list, they are not permitted to provide qualified trust services. Those providers that are listed on the EU Trust List must abide by the strict guidelines created under eIDAS, including: