Kommisjonens gjennomføringsforordning (EU) 2025/1567 av 29. juli 2025 om fastsettelse av regler for anvendelse av europaparlaments- og rådsforordning (EU) nr. 910/2014 med hensyn til håndtering av eksterne kvalifiserte elektronisk signaturslagingsenheter og av eksterne kvalifiserte elektroniske segllagingsenheter som kvalifiserte tillitstjenester
eIDAS-forordningen: administrering av eksterne kvalifiserte signaturlagingsenheter som en kvalifisert tillitstjeneste
Commission Implementing Regulation (EU) 2025/1567 of 29 July 2025 laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards the management of remote qualified electronic signature creation devices and of remote qualified electronic seal creation devices as qualified trust services
Kommisjonsforordning publisert i EU-tidende 30.7.2025
Tidligere
- Utkast til forordning lagt fram av Kommisjonen 15.4.2025 med tilbakemeldingsfrist 13.5.2025
Bakgrunn
(fra kommisjonsforordningen)
(1) Qualified trust services for the management of remote qualified electronic signature creation devices and for the management of remote qualified electronic seal creation devices play a crucial role in the digital business environment by promoting the transition from traditional paper-based processes to electronic equivalents. Those qualified trust services contribute to a secure and trustworthy management of those remote devices on behalf of the signatories and creators of the seals, in a manner that guarantees that the conditions for qualified electronic signatures and qualified electronic seals are met.
(2) To enhance the legal certainty and trustworthiness of qualified trust services for the management of remote qualified electronic signature creation devices and qualified trust services for the management of remote qualified electronic seal creation devices, qualified trust service providers providing those qualified services should comply with the standards set out in this Regulation.
(3) These standards should reflect established practices and be widely recognised within the relevant sectors. They should be adapted to include controls ensuring the security and trustworthiness of the qualified trust services, as well as ensuring that the signatories have sole control, with a high level of confidence, over the use of their electronic signature creation data, and that the creators of the seal have control over the use of their electronic seal creation data, respectively.
(4) With a view to ensuring an adequate timeframe for the audit of trust service providers as regards compliance with the new requirements, this Regulation should apply from 24 months after its entry into force.
(5) The Commission regularly assesses new technologies, practices, standards or technical specifications. In accordance with Recital 75 of Regulation (EU) 2024/1183 of the European Parliament and of the Council (2), the Commission should review and update this Regulation, if necessary, to keep it in line with global developments, new technologies, standards or technical specifications and to follow the best practices on the internal market.
(6) Regulation (EU) 2016/679 of the European Parliament and of the Council (3) and, where relevant, Directive 2002/58/EC of the European Parliament and of the Council (4) should apply to all personal data processing activities under this Regulation.
(7) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council (5) and delivered its opinion on 06 June 2025.
(8) The measures provided for in this Regulation are in accordance with the opinion of the committee established by Article 48 of Regulation (EU) No 910/2014,