法律人 LawPlayer logo

資料由法律人 LawPlayer整理提供·EU law / curated by LawPlayer from EUR-Lex

Regulation

Commission Implementing Regulation (EU) 2025/1567 of 29 July 2025 laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards the management of remote qualified electronic signature creation devices and of remote qualified electronic seal creation devices as qualified trust services

CELEX
Implementing Regulation (EU) 2025/1567
Date of document
Articles
3
Source
EUR-Lex
Article 1Reference standards and specifications

The reference standards and specifications for the management of remote qualified electronic signature creation devices and of remote qualified electronic seal creation devices as qualified trust services referred to in Article 29a(2) and Article 39a of Regulation (EU) No 910/2014 are set out in the Annex to this Regulation.

Article 2Entry into force and applicability

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union .

This Regulation shall apply from 19 August 2027.

Schedules & Appendices

ANNEXList of reference standards and specifications for the management of remote qualified electronic signature creation devices and of remote qualified electronic seal creation devices

ANNEX

List of reference standards and specifications for the management of remote qualified electronic signature creation devices and of remote qualified electronic seal creation devices

The standard ETSI TS 119 431-1 V1.3.1 (2024-12) (‘ETSI TS 119 431-1’) applies for the purpose of assessing conformance with the EU Server Signing Application Service v2 Policy in compliance with Annex A of that standard, with the following adaptations:

(1)

2.1 Normative references

[1] ETSI EN 319 401 V3.1.1 (2024-06): ‘Electronic Signatures and Trust Infrastructures (ESI); General Policy Requirements for Trust Service Providers’;

[7] European Cybersecurity Certification Group, Sub-group on Cryptography: ‘Agreed Cryptographic Mechanisms’ published by the European Union Agency for Cybersecurity (‘ENISA’)  ( 1 ) .

(2)

6.1 Publication and repository responsibilities

OVR-6.1-04: The information identified in OVR-6.1-01 above shall be publicly and internationally available.

(3)

6.4.4 Personnel controls

OVR-6.4.4-02: SSASP’s shall employ personnel in trusted roles and, if applicable, subcontractors in trusted roles, who possess the necessary expert knowledge, experience and qualifications through formal training and credentials, or experience, or a combination of the two.

OVR-6.4.4-03: Compliance with OVR-6.4.4-02 shall include regular (at least every 12 months) updates on new threats and current security practices.

(4)

6.4.9 SSASP service termination

OVR-6.4.9-02: The SSASP’s termination plan shall comply with the implementing acts adopted pursuant to Article 24(5) of Regulation (EU) No 910/2014 [i.1].

(5)

6.5.5 Network security controls

OVR-6.5.5-02: The vulnerability scan requested by REQ-7.8-13 of ETSI EN 319 401 [1] shall be performed at least once per quarter.

OVR-6.5.5-03: Firewalls shall be configured to prevent all protocols and accesses not required for the operation of the TSP.

(6)

6.8.5 Cryptographic controls

OVR-6.8.5-01: Appropriate security controls shall be in place for the management of any cryptographic techniques of the SSASP throughout their lifecycle.

OVR-6.8.5-02: As regards OVR-6.8.5-01, the SSASP shall select and use suitable cryptographic techniques compliant with the Agreed Cryptographic Mechanisms endorsed by the European Cybersecurity Certification Group and published by ENISA [7].

(7)

Annex A, section A.3 General requirements

OVR-A.3-02 [EUSPv2]: The TSP’s practice statement shall include the reference to the certification of the employed QSCD in accordance with the requirements of Regulation (EU) No 910/2014 [i.1], Annex II.

( 1 )

https://certification.enisa.europa.eu/publications/eucc-guidelines-cryptography_en .

3 articles

Cite this act

Commission Implementing Regulation (EU) 2025/1567 of 29 July 2025 laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards the management of remote qualified electronic signature creation devices and of remote qualified electronic seal creation devices as qualified trust services (EUR-Lex). Retrieved via LawPlayer, https://lawplayer.com/eu/act/32025R1567

© European Union, https://eur-lex.europa.eu, 1998-2026. Reuse authorised under Commission Decision 2011/833/EU, provided the source is acknowledged.

EU-EurLex-Reuse-2011-833

本頁資料來源:EUR-Lex·整理提供:法律人 LawPlayer· lawplayer.com