Qualified Trust Service Providers: A key pillar in eIDAS 2.0

The rollout of eIDAS 2.0 is already underway, and Trust Service Providers play a crucial role. European businesses in sectors such as education, finance, and healthcare must prepare to meet the new regulatory requirements and ensure the interoperability of their digital identity systems across the EU.  

T

he eIDAS 2.0 regulation expands on the original eIDAS framework (2014) to cover a broader range of digital and authentication services, reach more sectors, and address current needs. As a Qualified Trust Service Provider (QTSP), TrustCloud is responsible for ensuring that the trust services it provides meet the highest standards of security, authenticity, and legal validity, safeguarding the integrity of eIDAS. 

September 2026 is the deadline set by Europe for Trust Service Providers to align with the updated eIDAS 2 requirements and for EU Member States to introduce the EUDI Wallet, marking a turning point in the expansion of digital identity standards. 

Let’s take a closer look at the specific role of QTSPs in eIDAS 2.0. 

What services does a Trust Service Provider offer? 

The services provided by QTSPs must comply with the strict requirements established by eIDAS to ensure legal validity across the EU. These services include: 

Issuance and management of qualified electronic certificates 

• Qualified electronic signature certificates 

• Qualified electronic seal certificates 

• Qualified website authentication certificates
   

Qualified electronic signing and sealing 

• Generation of qualified electronic signatures (equivalent to a handwritten signature in legal terms) 

• Application of qualified electronic seals to ensure document integrity
   

Qualified timestamping 

• Issuance of timestamps to prove that a document existed at a specific time and has not been altered
   

Qualified electronic delivery services 

• Ensure the integrity, authenticity, and delivery of electronic messages with proof of sending and receipt
   

Website authentication services 

• Provision of qualified certificates to ensure a website’s identity and protect against fraud such as phishing 

Ensuring Security and Reliability 

Additionally, QTSPs must comply with the high-level security standards defined by the regulation, including: 

• Robust Encryption: The use of advanced encryption technologies to protect sensitive information and ensure data confidentiality both in transit and at rest. 

• Compliance with International Security Standards: Alignment with other recognised standards such as ISO 27001 or the NIS2 Directive (which is being incorporated into Spanish law through the Draft Law on Cybersecurity Coordination and Governance), ensuring a consistent security framework across the EU. 

• Multi-Factor Authentication (MFA) and Advanced Methods: Implementation of enhanced authentication measures, including biometric identification, hardware tokens, and qualified electronic signatures, to prevent fraud and ensure user identity. 

• Continuous Monitoring and Auditing: Regular assessments by supervisory bodies to ensure regulatory compliance and the continuous updating of security measures against emerging threats. 

• Interoperability and Cross-Border Trust: Ensuring that trust services can be seamlessly used across the EU, facilitating identity verification and electronic signatures across different countries and sectors. The interoperability between QTSPs and the EUDI Wallet is a key aspect of eIDAS 2.0, ensuring that verifiable credentials— as we will explain in the next section— and electronic signatures are recognised across all EU countries. 

Credential verification 

QTSPs will play a crucial role in credential verification, ensuring that digital identities are authentic and legitimate. This is particularly relevant for verifiable credentials, which allow users to prove attributes such as personal data, professional certifications, or access rights without disclosing more information than necessary. 

TrustCloud Wallet, built on Self-Sovereign Identity (SSI), enables the secure storage and management of these verifiable credentials, allowing individuals and businesses to share information reliably and in compliance with eIDAS 2.0. By integrating with QTSP services, TrustCloud Wallet ensures that credentials are verified and accepted across banking, public services, and other key sectors, driving the adoption of the European Digital Identity. 

Regulatory compliance and audits 

Trust Services Providers must undergo regular audits to ensure their services continue to meet the legal requirements of eIDAS 2.0. They are also required to maintain detailed and transparent records of their activities to provide traceability and demonstrate compliance with the regulation. 

Development of new digital services 

Under eIDAS 2.0, QTSPs must also facilitate access to new digital services based on Self-Sovereign Identity (SSI). This will involve designing solutions that enable greater integration of trust services within the EU’s digital infrastructure. 

QTSPs in eIDAS 2.0 are essential to ensuring that digital services within the EU remain secure, reliable, interoperable, and compliant with data protection and privacy standards. They play a key role in validating and certifying digital identities and electronic documents, facilitating the successful implementation of the new regulation while upholding security and trust principles. 

With these capabilities, TrustCloud enables businesses and public administrations to comply with eIDAS 2.0 seamlessly, ensuring security, privacy, and ease of use. 

Ensure eIDAS 2.0 compliance today with TrustCloud