Insights European Union Agency for Cybersecurity (ENISA) publishes guidance and recommendations on Electronic Identification and Trust Services to help Member States implement the eIDAS Regulation

ENISA has published a series of reports to boost implementation of the Electronic Identification and Trust Services Regulation (910/2014/EU) (the eIDAS Regulation) and promote the uptake of Electronic Identification and Trust Services. The reports on trust services are an update to ENISA’s guidelines for Qualified Trust Service Providers (QTSPs). The guidelines comprise a voluntary toolset designed to help Trust Service Providers comply with eIDAS. Specifically, they include:

  • technical guidance on a security framework for QTSPs and for Non-Qualified Trust Service Providers (NQTSPs);
  • security recommendations for QTSPs based on standards; and
  • guidelines on assessing the conformity of Trust Service Providers.

A further report comprises an analysis of the methods used to carry out identity proofing remotely and explores security considerations. Remote identification allows customers to have their identification information collected and validated without the need for their physical presence.

ENISA published the reports in order to update existing recommendations and guidelines issued in 2017 for qualified trust services. The purpose of these reports is to focus on the requirements set by the eIDAS Regulation and the emergence of new standards and new Trust Service Providers’ services. To read ENISA’s press release in full and for links to the documents, click here.