Trusted List EditorAll in one tool for cross-border electronic signature

All in one tool for cross-border electronic signature

Organizations throughout the world invest enormous amounts of money every year in automatization of their operations and business processes. As a result, electronic documentation appear on daily basis in every aspect of the business practice in different industries ranging from engineering and healthcare to government and life sciences. In spite of this fact, it is still quite common, that a hard copy is printed when a signature authorization is necessary on a document, requiring physical routing for signatures. The reintroduction of paper into the workflow increases operational costs, demands additional time, and prohibits an organization from realizing the true benefits of a fully electronic workflow.

Digital signature solutions ensure the same level of legal security as handwritten signing. So the whole process could be carried out electronically, without using any hard copies. Slow and expensive paper-based approval procedures could be replaced with more rapid and cost-efficient electronic solutions.

On 16 October 2009 the European Commission adopted a Decision setting out measures facilitating the use of procedures by electronic means through the ‘points of single contact’ under the Services Directive (2009/767/EC). One of the measures adopted by the Decision consists in the obligation for Member States to establish and publish by 2009.12.28 their Trusted List of supervised/accredited certification service providers issuing qualified certificates to the public. The objective of this obligation is to enhance cross-border use of electronic signatures by increasing trust in electronic signatures originating from other Member States.
Member States have to establish and publish their Trusted List in a “human readable” form but are free to produce also a "machine processable" form which would allow automated information retrieval. This means, that a Trusted Lists will be created by the end-user himself, and it is divided into two specified files, which is able to be recognized by the human vision and the computer itself as well.

During 2009 and 2010 a number of practical tests have been organized to ensure functioning and interoperable trusted lists. These tests confirmed the need for Member States to make publicly available not only the human readable versions of their trusted lists but also the machine processable forms of these. The publication of the machine processable forms of trusted lists will facilitate their use by allowing for their automated processing and thereby enhance their use in public electronic services.

On 28 July 2010 the European Commission amended the Decision 2009/767/EC. The amendment applies as of 1 December 2010 and obligates the establishment and publication of the machine processable form. The machine processable form of the trusted list SHALL be signed and the human readable form of the trusted list SHOULD be signed by the scheme operator of the Member state to ensure its authenticity and integrity.

The Trusted Lists will above all benefit to the verification of advanced e-signatures supported by qualified certificates in the meaning of the e-signature directive (1999/93/EC) as far as they have to include at least certification service providers issuing qualified certificates. However, Member States can include in their Trusted Lists also other certification service providers.

In order to validate advanced e-signatures supported by qualified certificates, a receiving party would first need to inspect their trustworthiness. This means that the receiving party has to be able to verify whether the signature is an advanced electronic signature supported by a qualified certificate issued by a supervised certification service provider as required by Article 3.3 of the e-signatures directive. The receiving party may also need to verify whether the signature is supported by a secure signature creation device.

Although the information necessary to verify these signatures should in principle be retrievable from the signature itself and from the content of the qualified certificate supporting it, this process can be rather difficult due to the differences in the use of existing standards and practices. The publicly available Trusted Lists will make it much easier for signature recipients to verify the e-signatures by complementing the data that can be retrieved from the e-signature and the qualified certificate and by providing also information on the supervised/ accredited status of Member States' certification service providers and their services.

However, Trusted List can also be used in Business to Business (B2B) and Business to Consumers (B2C) transactions.