Brussels, 14 March 2017
The EU Regulation 910/2014 (eIDAS) constitutes a key element in the foundation of a digital single and trustworthy market for citizens and corporations in the EU.
While the overall eIDAS roll out reasonably meets market expectations, there are areas where further cooperation among Member States is required to ensure a harmonized application of eIDAS. One of these areas, that is addressed by this letter, relates to the creation of qualified electronic seals. Several members of the Digital Trust and Compliance Europe (DTCE) association are particularly concerned about the disruptive effects in the market that the existing conflict in the application of the transitional measures foreseen in article 51(1) of the Regulation for secure signature creation devices (SSCD) is already creating.
Many supervisory authorities are of the opinion that SSCDs that have been accredited under the rules of the Directive 1999/93/EC are equally suitable to be used for qualified seal and signature creation after 1 July 2016. This pragmatic understanding is fully aligned with the material requirements of the Regulation, and is generally endorsed by all market stakeholders. A few supervisory authorities, on the contrary, rely on a literal interpretation of article 51(1) of the Regulation to argue that certified devices can only be used for the purposes of creating qualified signatures, and that qualified seals must reside in qualified seal creation devices certified against the new legal framework set out in the Regulation.
To the best of our knowledge, the EU Commission has not expressed yet its view on this matter, and it is the opinion of DTCE members that this could help supervision authorities to agree on a common interpretation of article 51(1).
The DTCE members would like to encourage the Commission to emphasize that such different approach of the national supervision authorities are undermining a swift application of the eIDAS Regulation, generating uncertainties among supervisory bodies, service providers and other stakeholders that put at risk the successful accomplishment of the Regulation goals and objectives.
Against this background, DTCE would like to convey to the Commission the views of its members, hoping that these considerations from a grouping of major businesses active in the market for trust services will contribute to a sound and pragmatic approach to a topic that is of great importance to making eIDAS a workable legislative foundation for the EU:
- Following article 39 of the eIDAS Regulation, the rules on certification and technical requirements for qualified signature creation devices apply mutatis mutandi to qualified seal creation devices. Accordingly, any interpretation of the Regulation that would lead to considering signature creation devices as not suitable for seal creation is entirely artificial, is not consistent with the material requirements of the Regulation, and, most importantly, will not result in a higher security level for trustworthy products.
- It is well known that certification of QSCDs is a costly and time-consuming process; manufacturers will not likely be able to offer eIDAS certified QSCDs until a few years from now. As a consequence, market access for qualified seals requires relying on SSCDs certified under the Directive 1999/93/EC to enable full applicability of the eIDAS Regulation.
- Considering the standardization work currently ongoing in the area of QSCD certification and security requirements, QSCDs used for signatures will likely be required to present enhanced user control features compared to QSCD used for sealing. This further confirms that a device declared to be suitable for the creation of qualified signatures should be certainly sufficient to support seal creation.
- In the course of the first eight months of eIDAS applicability, the vast majority of Member States´ supervisory bodies are allowing Certification Authorities subject to their supervision to issue qualified seals in devices certified under the Directive 1999/93/EC.
A restrictive interpretation of article 51(1) of the eIDAS Regulation is already today creating a competitive disadvantage for those Certification Authorities acting under the supervision of those Member States that maintain a restrictive interpretation of the transitional measures. The cross-border recognition of qualified certificates is likely to create a forum-shopping situation where organizations and legal persons in these countries turn to foreign Certification Authorities for services that their local providers are not in a position to offer. This distorted market situation is an unintended result of the above-mentioned disparity in the interpretation of the transitional measures.
A purportedly legal discussion ‒materially misled, as argued above‒, has led to a situation that DTCE members find disconcerting; what should be a nourishing opportunity for market actors to compete under a cross-border harmonized legal framework has resulted in a fragmented market. Where consumers and subscribers were expected to find trust and transparency, they find uncertainties and lack of a level playing field among vendors.
DTCE respectfully requests the Commission to take the necessary measures to strengthen the cooperation between supervisory bodies and to facilitate the adoption of a pragmatic and technically sound solution to this problem.
DTCE position paper on the impact on the European trust service market caused by the differences in interpretation of the eIDAS transitional measures foreseen in article 51