Secure data communications with EU certificates

Bundesdruckerei subsidiary the first provider to be accredited in the EU for qualified website certificates according to the eIDAS Regulation; Official handover at CeBIT with BSI President Schönbohm; Application areas: online retail, public invitations to tender, online banking, etc.

Hanover/Berlin – Bundesdruckerei subsidiary D-TRUST is the first supplier in Europe to be authorised to issue qualified website certificates according to the requirements of the 'EU Regulation on electronic identification and trust services for electronic transactions in the internal market' (eIDAS). "The new certificates will enable reliable authentication of a website. They assure the user that a real and trusted person or institution is behind an Internet presence," says Kim Nguyen, Managing Director of D-TRUST. "Bundesdruckerei sees itself as a pioneer in secure and trusted electronic communications." This accreditation was handed over today at the CeBIT booth of the Federal Office for Information Security (BSI). In Germany, BSI is the authority that supervises issuance of these certificates. "We would like to congratulate D-TRUST on its new status as an issuer of qualified website certificates, which now qualifies the company as a pioneer in the implementation of the eIDAS Regulation," says BSI President Arne Schönbohm.

One important field of application for qualified website certificates is PSD2, i.e. the new EU Payment Services Directive. According to the rules for implementation, new services (such as fintechs) and the company managing the account (usually a bank) are now required to secure their digital communications with qualified website certificates and an electronic seal. Customers of online retailers with qualified website certificates will benefit in two ways: First of all, they can rest assured that the retailer is in fact who they claim to be. Secondly, it is certain that data communications will be encrypted. When it comes to public invitations to tender, the websites of public authorities and participating companies are authenticated with a certificate in order to confirm the identity of the other party.

In technical terms, the eIDAS certificates are based on the requirements that apply to so-called 'extended validation certificates' which were agreed to by the so-called CA/B Forum, a voluntary group of certification authorities for TLS certificates and browser software vendors. What's more, qualified website certificates also involve regular checks and strict control of the issuing authority by the supervisory body.

Qualified website certificates may only be issued by so-called qualified trust service providers based in the EU. These providers must meet the particularly strict requirements of the EU regulation on security and liability. D-TRUST has been a qualified trust service provider since July 2016.

In addition to the new website certificates, at this year's CeBIT, Bundesdruckerei also presented a solution for the electronic seal according to eIDAS.

Secure data communications with EU certificates

File size: 136.82 KB

Format: PDF

Download file