Under the terms of the eIDAS regulation, trust service providers must use certified QSCD products to offer remote Qualified Electronic Signatures across the EU. Until now, common standards to certify such remote signing products have been unavailable, so alternative certification processes have been used instead, according to the company’s press release. The actual security requirements have been defined in a new Protection Profile (419 241-2), which is expected to become the standard template used in all Common Criteria certifications for remote signing QSCDs.

Cryptomathic has actively participated in the European Committee for Standardization (CEN), and contributed to help the body define the certification process for remote QSCDs, in accordance with the requirements of the eIDAS regulation.

This document is the first of its kind for a remote signing product as it is the first time that a standardization body (CEN) has defined, in partnership with the industry and European regulators, rigorous security evaluation criteria for these products in accordance with the demanding Common Criteria methodology.