What are eIDAS certificates?

eIDAS (electronic IDentification, Authentication and trust Services) is an EU regulation that creates legal standards concerning security and validation protocols that safeguard the electronic transfer of information within the European Single Market.

eIDAS defines the following:

  1. advanced electronic signatures (AdES)
  2. qualified electronic signatures (QES)
  3. electronic seals
AdES and QES prove the identity of the signer (they are legally the equivalent of an ink signature), the difference being AdES can be accepted by other EU member states, whereas QES must be accepted.

Electronic seals are essentially electronic signatures but only apply to legal persons and corporate entities. This enables organisations to sign documents instead of having to have individuals as authorised signers.

If an entity is planning on legally selling accounting, invoicing, expense management or other application services that need to read information and/or make payments from EU bank accounts, they fall under the umbrella of the eIDAS regulation.

How does eIDAS apply to Open Banking?

PSD2 requires ASPSPs to have an interface that enables third-party providers to:

  1. Be able to identify themselves
  2. Securely request and receive information, or initiate payments.

This is achieved under eIDAS regulations through qualified certificates issued by qualified trust service providers. These enable mutual identification and authentication during the process of establishing a secure channel between parties in the open banking ecosystem. For example, enabling a bank to distinguish those third-party providers who have a legal right to access their customers’ account information.

PSD2 specifies the use of two types of qualified certificates:

  1. Qualified Certificate for Website Authentication (QWAC)establishes a secure communication channel between TPP and the bank.
  2. Qualified Certificates for Electronic Seals (QCSEAL) protects data during/after communication (but does not provide confidentiality, i.e. there is no encryption)

Was this article helpful?

Friendly Score UK Ltd.

42 Brook Street, Mayfair

London W1K 5DB

Call us on +44 20 3709 6726

Company registered in England

Company number 09168668, ICO ZA111687

VAT registration number 206 9758 80

Authorised and Regulated by the Financial Conduct Authority. (FRN: 821100, 781963)