QUALIFIED ELECTRONIC SIGNATURE SOLUTION

Many European qualified trust service providers (TSPs) have a qualified signature solution as the backbone of their business. But operating as a TSP brings the heavy burden of managing the audits and assessments required to maintain signatures and meet the qualified level. 

If you don’t have the expertise or compliance competencies to fulfill such requirements, you’re in a tough situation. There is not currently an operational model that fits you in terms of finance or time required. What’s more, unless you’re a TSP, signatures are likely to be a way to simplify digital user journeys, rather than a revenue stream in itself.

So, what if you want to sign with high legal certainty, but signatures are a risk and compliance necessity? What if they are part of the user experience but not a revenue driver? 

This is the case for so many organizations: banks, financial institutions, insurance companies, real estate agencies, health care services and similar high value transaction actors do not want to risk business opportunities with uncertain signatures.

Our Managed Signing Services are hosted in a data center, instead of having it on premise. So, if you want to do things differently, you can just call the APIs and consume it from there, ready to benefit from the same optimization normally reserved for on premise solutions.

Cryptomathic’s managed signing services offer the benefits of signing with high legal certainty, but with a minimal IT footprint and vastly reduced audit requirements. 

How do we do this? Signing is simply offered as endpoints. 

This means you build your user flows, hit the APIs, and serve your customers and employees with a high level of user confidence and privacy for both you and your countersigner, while reducing the risk of signing documents.

On a technical level, the trust services are offered through the API. The qualified trust service provider carries the auditory burden of serving your solution with qualified signatures, as well as meeting the requirements of passing a new assessment at least every 24 months (required to stay at this level).

Our managed signing services work in several models that are simple to implement, so you can be up and running in no time. 

Even if you have specific requirements, we can offer models where you become the qualified trust service provider yourself. In this case, you would use our endpoints and hosting to gain a lighter solution that comes with all the fine tuning you could need.

Standards are a powerful driver in the regulated space of electronic signatures. We embrace it at Cryptomathic, because it offers our customers a high level of interoperability and allows us to make our offer modular and extendable to cover different use cases.

We focus our solutions on the areas where our expertise makes a real difference: Public key infrastructure management (PKI), complying with ETSI standards and the relevant certifications for the jurisdictions our customers operate in, namely eIDAS in the EU and ZertES in Switzerland. 

For other areas, we rely on industry standards such as RESTful APIs, OAuth, Financial Grade APIs, OpenID Connect, and Cloud Signature Consortium (v2), among others.