Trust Service Provider

A Trust Service Provider (TSP) is a natural or legal person who provides one or more trust services. A trust service is an electronic service related, among others, to the creation, validation and preservation of electronic signatures, timestamps, and certificates.

Given that a TSP can provide a combination of trust services, a TSP can take one or more of the following roles

• a certificate issuer (CA);

• a time-stamp issuer (TSA);

• a signature verifier (VA);

• …

A TSP can be either a qualified or non-qualified trust service provider. All TSPs no matter if qualified or not have the following obligations and requirements

• Processing of personal data;

• Notification of security and personal data breaches;

• Keeping an up-to-date termination plan;

• Meeting requirements on employed staff and subcontractors (e.g. trainings);

• Keeping sufficient financial resources and/or liability insurance;

• Recording and keeping activities related to data accessible;

• …

This ensures the validity and security of the trust services that TSPs provide, such as the integrity of the data that was used for certificate and signature creation as well as the security of the signing keys.

A qualified trust service provider (QTSP) is a TSP that provides one or more qualified trust services and is included in a Trusted List (cf. Trusted Lists).

Some aspects are specific to QTSPs and follow from the requirements of eIDAS

• Undergoing a pre-authorization scheme;

• Being actively supervised;

• Undergoing regular audits;

• Presumption of intention or negligence in case of damage due to failure to comply to the law;

• Providing a high level of security;

• Providing legal certainty;

• Presumption of the integrity of the data;

• …