The reference standards and specifications for the management of remote qualified electronic signature creation devices and of remote qualified electronic seal creation devices as qualified trust services referred to in Article 29a(2) and Article 39a of Regulation (EU) No 910/2014 are set out in the Annex to this Regulation.
資料由法律人 LawPlayer整理提供·EU law / curated by LawPlayer from EUR-Lex
Commission Implementing Regulation (EU) 2025/1567 of 29 July 2025 laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards the management of remote qualified electronic signature creation devices and of remote qualified electronic seal creation devices as qualified trust services
This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union .
This Regulation shall apply from 19 August 2027.
Schedules & Appendices
ANNEX
List of reference standards and specifications for the management of remote qualified electronic signature creation devices and of remote qualified electronic seal creation devices
The standard ETSI TS 119 431-1 V1.3.1 (2024-12) (‘ETSI TS 119 431-1’) applies for the purpose of assessing conformance with the EU Server Signing Application Service v2 Policy in compliance with Annex A of that standard, with the following adaptations:
(1)
2.1 Normative references
—
[1] ETSI EN 319 401 V3.1.1 (2024-06): ‘Electronic Signatures and Trust Infrastructures (ESI); General Policy Requirements for Trust Service Providers’;
—
[7] European Cybersecurity Certification Group, Sub-group on Cryptography: ‘Agreed Cryptographic Mechanisms’ published by the European Union Agency for Cybersecurity (‘ENISA’) ( 1 ) .
(2)
6.1 Publication and repository responsibilities
—
OVR-6.1-04: The information identified in OVR-6.1-01 above shall be publicly and internationally available.
(3)
6.4.4 Personnel controls
—
OVR-6.4.4-02: SSASP’s shall employ personnel in trusted roles and, if applicable, subcontractors in trusted roles, who possess the necessary expert knowledge, experience and qualifications through formal training and credentials, or experience, or a combination of the two.
—
OVR-6.4.4-03: Compliance with OVR-6.4.4-02 shall include regular (at least every 12 months) updates on new threats and current security practices.
(4)
6.4.9 SSASP service termination
—
OVR-6.4.9-02: The SSASP’s termination plan shall comply with the implementing acts adopted pursuant to Article 24(5) of Regulation (EU) No 910/2014 [i.1].
(5)
6.5.5 Network security controls
—
OVR-6.5.5-02: The vulnerability scan requested by REQ-7.8-13 of ETSI EN 319 401 [1] shall be performed at least once per quarter.
—
OVR-6.5.5-03: Firewalls shall be configured to prevent all protocols and accesses not required for the operation of the TSP.
(6)
6.8.5 Cryptographic controls
—
OVR-6.8.5-01: Appropriate security controls shall be in place for the management of any cryptographic techniques of the SSASP throughout their lifecycle.
—
OVR-6.8.5-02: As regards OVR-6.8.5-01, the SSASP shall select and use suitable cryptographic techniques compliant with the Agreed Cryptographic Mechanisms endorsed by the European Cybersecurity Certification Group and published by ENISA [7].
(7)
Annex A, section A.3 General requirements
—
OVR-A.3-02 [EUSPv2]: The TSP’s practice statement shall include the reference to the certification of the employed QSCD in accordance with the requirements of Regulation (EU) No 910/2014 [i.1], Annex II.
( 1 )
https://certification.enisa.europa.eu/publications/eucc-guidelines-cryptography_en .
Cite this act
Commission Implementing Regulation (EU) 2025/1567 of 29 July 2025 laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards the management of remote qualified electronic signature creation devices and of remote qualified electronic seal creation devices as qualified trust services (EUR-Lex). Retrieved via LawPlayer, https://lawplayer.com/eu/act/32025R1567
© European Union, https://eur-lex.europa.eu, 1998-2026. Reuse authorised under Commission Decision 2011/833/EU, provided the source is acknowledged.
本頁資料來源:EUR-Lex·整理提供:法律人 LawPlayer· lawplayer.com