Archivo de la categoría: English

Trust Services Forum 2017

ENISA and the European Commission are organising a consultation workshop with industry and experts from Member States on ICT security certification.

  • Time: April 27, 2017 from 09:30 to 17:00
  • Place: Hotel Thon EU, Rue de la Loi 75, B-1040 Brussels, Belgium

The workshop is organised as a follow-up on the European Commission’s commitment to develop a proposal for a European ICT security certification framework.

Trust Services Forum 2017 – Agenda

09:45 – 10:15

Registration & Welcome Coffee

10:15 – 11:30

Welcome Statement

State of play: eIDAS Regulation, CEF, ENISA activities

Gábor Bartha – European Commission

João Rodrigues Frade – European Commission

Sławomir Górniak – ENISA

11:30 – 11:45

Coffee Break

11:45 – 12:45

Panel Discussion 1

One year after eIDAS provisions entered into force

Where do we stand?


Prokopios Drogkaris, ENISA


John Jolliffe, Adobe

Olivier Delos, SEALED

Romain Santini, ANSSI

Michał Tabor,

12:45 – 13:45

Lunch Break

13:45 – 14:00

Article 19 – State of play

Ilias Bakatsis, ENISA

14:00 – 15:00

Panel Discussion 2

Working on the eIDAS through guidelines and recommendations


Sławomir Górniak, ENISA


Camille Gerbert – LSTI

Björn Hesthamar – PTS SE

Leslie Romeo – 1&1

Jérôme Bordier – ClubPSCo

15:00 – 15:30

Coffee Break

15:30 – 16:30

Panel Discussion 3

Strengthening the adoption of qualified certificates for website authentication


Eugenia Nikolouzou – ENISA


Reinhard Posch – TU Graz

Arno Fiedler – Nimbus

Kim Nguyen – D-Trust

Erik Van Zuuren – TrustCore

16:30 – 17:00

Next Steps – Open Discussion – Closing Remarks


Certified digitization of invoices

certified-digitizationIn Spain, Certified Digitization of Invoices is a computer process that allows to get digital  true copies of invoices with the same legal value as the paper based original, so the existing legislation allows to eliminate paper invoices from which the digitized invoices are obtained. The computer environment must include a Secure Data Base, which allows users and auditors to access and retrieve instantly any invoice for tax inspection or auditing purposes.

Electronic invoicing is regulated by the  Royal Decree 1619/2012 of 30 November 2012 approving the regulation of billing obligations with some provisiones defined in OrdinanceOrder EHA/962/2007 Order of 10 April 2007 implementing certain provisionsregarding electronic invoicing and storage of invoices contained in RoyalDecree 1496/2003 of 28 November 2003 approving the regulation  governing invoicing obligations.

Royal Decree 1496/2003 of 28 November was repealed by Royal Decree 1619/2012 of 30 November but the rules developed while it was of application, are still valid nowadays.

According to aforementioned RD 1619/2012 electronic invoices and digitized invoices ought to be electronically signed. “It will be valid a qualified electronic signature, as defined under Article 3.3 of Law 59/2003 of 19 December on electronic signature”. A qualified signature is an advanced electronic signature based on a qualified certificate and generated by a secure signature creation device.

The Tax Agency Resolution of 24 October 2007, published in the Official State gazette (BOE) of 1 November 2007, on the procedure for approving the software for the certified digitisation of invoices set out in Article 7 of Order EHA/ 962/2007 of 10 April 2007, requires that for the digitisation software to be approved, an application must be presented to the Director of the Tax Information Department in any registry office, in which the applicant must provide a statement of compliance declaring that the software complies with the regulations, including several documents: (1) technical documentation describing the software, (2) the auditor’s report on the assessment of the software and (3) the quality management plan,plus a CD-ROM with information in digital format and a CD-ROM with a copy of the software, as per Article 8 of the aforementioned Resolution. If the documentation and software comply with regulations, a resolution will be issued with the approval, including the reference code that is to be included in every digitized invoice as metadata.

Once AEAT approves the Certified Digitization software, the electronic signed image that is obtained through digitization via such a software keeps the same validity as any paper invoice when it comes to tax purposes.

Certified digitization process involves the use of photo-electric techniques as those implemented in scanners or photo cameras, to convert the image on a paper document into a digital image encoded according to standard formats widely used and with a resolution level higher than 200 ppp acording to information published in the web page of the spanish tax Agency AEAT.

As a consequence, the destruction of large amounts of paper in the form of original documents could be authorized, leading to savings in document and file handling as well as a reduction of indirect tax related costs.

The legal and technical environment of electronic invoicing and certified digitizing (including electronic signature) in Spain is described in the book Electronic invoicing.

Although the book is from 2010, it is still valid in general terms (with minor details after new legislation have been published since 2010).

If you need advice or assessment regarding Software Approval Process, technical implementation details or legal procedures don´t hesitate to contact EAD Trust (European Agency of Digital Trust) that can help to comply with any requirements. You can do it by calling the phone number:+34 91 7160555

Certified Digitization

In Spain, Certified Digitization of Invoices is a computer process though which one can get digital  true copies of invoices with the same legal value as the paper based original, so the existing legislation allows to destroy paper invoices from which the digitised images have been captured. The computer environment must include a Secure Data Base, which allows users and auditors to access and retrieve instantly all invoices even for tax inspection or audit.

This process is only possible if the company that performs the digitisation uses a certified software approved by the spanish tax Agency and adheres to the provisions of the Quality Plan managed as a contract by the software supplier.

Software Publishers willing to certify their software should apply to the  Tax Office attaching technical information describing the software and an assessment report from a specialist auditor in accordance to the Ordinance EHA 962/2007 and Resolution of 24 October on the procedure for the approval of invoices digitization software.

If you need advice or guidelines regarding these legal procedures don´t hesitate to contact EAD Trust (European Agency of Digital Trust) that can guide your company to fulfill all certified digitization  requirements and to get Tax Agency approval.

Call now to:+34 91 7160555


Reached Member States’ endorsement of a final draft regulation on electronic identification and trust services for electronic transactions in the internal market

Vice-President Neelie Kroes and Commissioner Michel Barnier welcomed last friday (February, the 28th) Member States’ endorsement of a “Draft regulation on electronic identification and trust services for electronic transactions” in the internal market.

The Regulation will enable, for example, students to enrol at a foreign university online; citizens to fill on-line tax returns in another EU country; and businesses to participate electronically in public calls for tenders across the EU, to mention just a few of multiple new digital trust related services.

Neelie Kroes said: “The adoption of this Regulation on e-ID is a fundamental step towards the completion of the Digital Single Market. This agreement boost trust and convenience in cross-border and cross-sector electronic transactions. I would like to thank the European Parliament, especially ITRE’s rapporteur, Marita Ulvskog and IMCO’s rapporteur, Marielle Gallo, the shadow rapporteurs, as well as the Greek, Lithuanian, Irish and Cypriot Presidencies for all their work on this file.”

Last friday (February, the 28th), EU ambassadors endorsed the political agreement reached between representatives of the European Parliament, Commission and Council on Tuesday 25 February on the final elements of this significant single market proposal.

A predictable regulatory environment for eID and electronic trust services is key to promote innovation and stimulate competition. On the one hand, it will ensure that people and businesses can use and leverage across borders their national eIDs to access at least public services in other EU countries fully respecting privacy and data protection rules. On the other hand, it will remove the barriers to seamless electronic trust services across borders by ensuring that they enjoy the same legal value as in paper-based processes.

Michel Barnier, Commissioner for Internal Market and Services added:

“I welcome this agreement which is key to completing our work on the Single Market Act. It is an important step for the development of e-commerce, e-invoicing and e-procurement. The new rules will allow all actors in the single market – citizens, consumers, businesses and administrative authorities – to develop their “on-line” activities.”

Background regarding draft Regulation on electronic identification and trust services for electronic transactions

On 4 June 2012, the European Commission proposed a draft Regulation on electronic identification and trust services for electronic transactions in the internal market (see IP/12/558 and MEMO/12/403)

The Regulation is due to be formally endorsed by the European Parliament in the April 2014 plenary session and by the Council of Ministers in June. It will come into force on 1st July 2014 and will be directly applicable cross the EU from that date. The economic effect will be immediate, overcoming problems of fragmented national legal regimes and cutting red tape and unnecessary costs.

Foster the interoperability of eID usage and trust services. The existing EU legislation on eSignatures has been strengthened and extended to cover the full set of electronic identification and trust services and make it more fit for the digital single market. This will have a huge impact on the legal validity and interoperability of national and cross-border electronic transactions.

The so named eIDAS Regulation provides for principles, like:

  • Transparency and accountability: well-defined minimal obligations for Trust Services Providers (TSPs) and liability;
  • Trustworthiness of the services together with security requirements for TSPs
  • Technological neutrality: avoiding requirements which could only be met by a specific technology;
  • Market rules and building on standardisation

And defines digital trust related services such as:

  • Electronic identification,
  • Electronic signatures,
  • Electronic seals,
  • Time stamping,
  • Electronic delivery service,
  • Electronic documents admissibility,
  • Website authentication

After eIDAS entering into force,  a EU Member State:

  • May ‘notify’ the ‘national’ electronic identification scheme(s) used at home for access to its public services
  • Must recognise ‘notified’ eIDs of other Member States for cross-border access to its online services when its national laws mandate e-identification
  • Must provide a free online authentication facility for its ‘notified’ eID(s)
  • Is liable for unambiguous identification of persons and for authentication;

Exploratory seminar on e-signatures for e-business transactions in the Southern Mediterranean region

Los días 22 y 23 de enero de 2014 se ha celebrado en el Palacio de Pedralbes de Barcelona el encuentro de especialistas  en firma electrónica de Europa y de los países del mediterráneo para analizar conjuntamente la posibiidad de crear modelos de confianza electrónica para permitir el despliegue de sistemas de certificación interoperables. Este encuentro, el segundo tras la reunión de Amán, fue auspiciado por el organismo europeo  Union for the Mediterranean (UfM) que tiene su sede en Barcelona y cedió sus instalaciones. Pude participar en el encuentro y pienso que fue un intercambio de pareceres muy enriquecedor.


In order to promote e-signature solutions for e-business development in the Euro Mediterranean region, the European Commission organised two seminars.

The first explanatory seminar took place in Amman, Jordan on November 11/12, 2013 and was co-hosted by the Telecommunications Regulatory Commission (TRC). The principle aim was to identify some of the common business needs for intra-regional and EU-Southern Mediterranean transactions, compare the existing legislation in place and discuss the common and local challenges of implementing an e-signature framework. The seminar was attended by around 100 government and private stakeholders from over 23 different European, Southern Mediterranean and Gulf countries, as well as from UNCITRAL (United Nations Commission on International Trade Law). It confirmed that the potential and the interest to cooperate is indeed great.

The final explanatory seminar took place in Barcelona, Spain on January 22/23, 2014 and was co-hosted by the Union for the Mediterranean (UfM). The principle aim was to build on the findings of the previous seminar, include any additional information, and reach a set of concrete common conclusions and recommendations through the organisation of panels. The seminar was attended by around 60 government and private stakeholders from over 19 different European and Southern Mediterranean countries. The seminar reached 9 main conclusions.

eIDAS: The missing standard – Mandate 460

Under the Mandate 460 a lot of new electronic signature european standards are being published, in some cases changing the identification code of previous stablished standards.

One of the aspects I think is missing is the standard definition of form signing in browsers.

Or what I would call form signing in “High penetration World Wide Avalilable Applications” (which would include Adobe Acrobat or similar applications).

Something browsers developers could include in the basic browser functionality without the need oj java extensions (which are hard to maintain among java virtual machine versions, browser types and versions and underlying  operating systems).

It is curious thar old Netscape Navigator versions included that option, but later browser droped the funtionality, and finally was even abandoned in Netscape an Mozilla.

Having a standard way to sign forms that works in the same way in all browser without additional software would be a nice addition. And this could help foster the adoption of the eIDAS Regulation.

ETSI CAdES Plugtest 2013

ETSI Centre for Testing and Interoperability (CTI) is organizing a remote Plugtests Interoperability event on CMS Advanced Electronic Signature (CAdES) scheduled to run from 2-13 December 2013.

This event aims at conducting interoperability test cases on CAdES signatures (ETSI TS 101 733) V2.2.1 as well as the CAdES Baseline Profile TS 103 173 V2.2.1. It will take into account the introduction of the new Archive Time Stamp attribute V3.

This event will provide full test coverage of the specifications including testing signatures evolution simulating real life situations. It will be based on the future test specification ETSI TS 119 124 “CAdES Testing Conformance & Interoperability”.

This Plugtests event will enable participants to conduct 4 types of tests (Interoperability and Conformance):

  • Generation and cross-verification (Positive) tests.
  • Only-verification (Negative) tests.
  • Upgrade and Arbitration tests.
  • Conformance testing (including new archive time stamp attribute V3).

The purpose of this event is:

  • To enable participants to assess the level of interoperability of CAdES.
  • To identify additional issues that should be taken into account in future CAdES standardization activities.
  • To improve the quality of CAdES specifications.
  • To ease the introduction of CAdES signatures, by providing the means to solve interoperability problems before widespread deployment.

ETSI plays a key role in the development of electronic signature related standards, including XAdES (TS 101 903), CAdES (TS 101 733), PAdES (ETSI TS 102 778) and TSL (TS 102 231).

This plugtest will include a set of specific test cases which will be defined in the future test suite ETSI TS 119 124 “CAdES Testing Conformance & Interoperability”. It provides full test coverage of the CAdES specification (ETSI TS 101 733) and to the related Baseline profile (ETSI TS 103 173).

As this is a REMOTE event, there will be no need for the participants to travel to the ETSI premises and all signature exchanges and verifications will be performed via the dedicated portal