What is a Conformity Assessment Body?

A Conformity Assessment Body (CAB) is the legal entity that performs a conformity assessment of the TSP against eIDAS regulations and relevant standards and submits a conformity assessment report to the Supervisory Body (SB).

The SB reserves the rights of additional audit or conformity assessment at any time to confirm that requirements are fulfilled. European Accreditation (EA) defines common rules for all national accreditation bodies to implement. The common rules are based on ETSI and ISO standards.

eIDAS certified CABs perform two audits to verify compliance against the eIDAS regulation:

1) Pre-assessment: This includes documentation assessment (i.e. technical, functional, and organizational security measures) and their appropriateness for fulfillment of eIDAS requirements. This also includes identification of applicants (qualified, experienced and reliable staff, sufficient financial resources, liability insurance, communication with supervisory body).

2) On-site audit: This includes verification of implementation of security measures, processes, network, systems. The technical testing includes penetration testing.

A Conformity Assessment report detailing the findings of the audit is then submitted to the Supervisory Body, which ultimately decides if the TSP is entitled to receive the qualified level of certification and be referenced in the EU Trust List.


⇐ Back to all FAQs

Latest Articles by Cryptomathic

Remote signing solution

A new signing experience, secure and versatile

Learn how an organisation can deliver its digitalisation strategy and give customers the freedom to digitally sign legally binding transactions, documents or data online, anytime, anywhere.


Try out our on-line interactive demo

This demo shows how Cryptomathic Signer leverages strong authentication to deliver user-friendly and legally binding digitally signed transactions over the web.