CertEurope accredited as eIDAS qualified Trust Service Provider

Press release 10.27.2020 3min Last update : 11.01.2020

A subsidiary of Oodrive, the trusted partner for sensitive data management, CertEurope strengthens the group’s leading position for digital trust solutions

Accredited a few months ago as eIDAS Qualified Trust Service Provider (TSPs) for its electronic signature certificates, timestamps and website authentication, Oodrive become one of the first to be listed on the ANSSI Europe trusted list¹. The “eIDAS” Regulation of the European Parliament and Council of 23 July 2014 on electronic identification and trust services for electronic transactions is intended to build trust in electronic interactions within the European Union. Thanks to the recognition of Oodrive on the TSPs list, the certificates sold by its subsidiary CertEurope are now valid not only in France, as before, but in all EU countries, opening up new possibilities for European public-sector bodies and companies.

We are pleased that CertEurope is one of the first to be added by the ANSSI to the eIDAS European trust list², said Frédéric Fouyet, Oodrive Group Director of Innovation, Products and Security The ANSSI, which acts as a supervisory body for “trust services”, awarded us that accreditation after a strict audit by the certification entity LSTI. The list kept by the ANSSI was most recently updated when the eIDAS Regulation entered into force in July 2016”, he added. This is the result of a long project, which now means our clients (lawyers, court clerks and businesses) can better manage their digital identity within the European Union.

Since its creation in 2001, CertEurope, an Oodrive Group subsidiary, is the leading French issuer of qualified certificates for identifying and authenticating both individuals and legal entities. Lawyers, court clerks and judicial experts are using trusted digital certificates in France and now use them throughout the European Union. The certificates allow them to manage and control their digital identity, while benefiting at European scale from the same guarantees and level of confidence as in their own country.

In practice, thanks to the EU-wide validity of CertEurope certificates, a German company can now use its certificates to prove its digital identity to take part in invitations to tender in France or any other EU country.

CertEurope’s certificates have the highest possible level of security³.

Two major aspects of the eIDAS Regulation

The objective of the eIDAS Regulation is to create a European framework of mutual recognition and interoperability for electronic identification and trust services. The eIDAS Regulation primarily applies to public-sector bodies and trust service providers based in the European Union. It establishes a European framework for electronic identification and trust services to facilitate the emergence of the digital single market. It covers electronic signatures, in particular, and supersedes the Directive 1999/93/EC. The ANSSI is the body in charge of implementing the eIDAS Regulation in France. Most of its provisions, including those regulating “trust services”, have been applicable since 1 July 2016.

Mutual recognition of means of electronic identification will be mandatory starting in September 2018.

New trust services provided by CertEurope

CertEurope has added new trust services to its existing product range. To manage this transition more effectively and ensure the forward-compatibility of its services, CertEurope has set up new certification authorities that meet the latest technical and organizational standards to ensure their validity over the next twenty years.

CertEurope is working on establishing the new European standard for trust services, taking various requirements into account:

  1. The EU Regulation on trust services (eIDAS) to ensure European-wide validity.
  2. The French general security guideline (RGS) to ensure national recognition and facilitate the transition for French platforms.
  3. The requirements of the CAB Forum (https://cabforum.org/) to meet the conditions for acceptance in browsers for a new range of SSL certificates.

This new chain of trust therefore complies with both the RGS and eIDAS. Oodrive is currently in the process of getting its new range of SSL certificates referenced by browser vendors (Mozilla, Google, Microsoft and Apple).

Chain of trust and type of certificates generated

Chaine de confiance et type de certificats générés

1 French Network and Information Security Agency (ANSSI): https://www.ssi.gouv.fr/

2 European trust list: https://webgate.ec.europa.eu/tl-browser/#/tl/FR/3

3 Three levels of guarantees: http://secteur-public.sia-partners.com/20170426/eidas-la-nouvelle-reglementation-europeenne-sur-lidentite-numerique