Electronic seals were incorporated by the eIDAS Regulation in 2014 and are equivalent to electronic signatures.
The eIDAS Regulation specifies that only a legal person can create a seal. In contrast, an electronic signature can be associated with both a natural and a legal person or entity through its legal representative. Therefore, an electronic seal IS NOT an electronic signature of a legal person, even if it is technically equivalent.
When a legal person uses electronic seals, it is recommended to implement an internal control mechanism that ensures that only natural persons with the right to act on behalf of the legal entity can use them or their use is implemented in automated processes.
TCAB assesses the following areas:
- Registration services, in which the TSP verifies the identity and, if applicable, any specific attributes of a subject.
- Certificate generation service is related to creating and signing certificates based on the identity and other attributes verified by the registration service.
- Dissemination services deliver the certificates to subjects and, if the subject consents, make them available to relying parties.
- Revocation management services, processing requests and reports relating to revocation to determine necessary actions.
- Revocation status services, which provide certificate revocation status information to relying parties.
- Subject device provision service (optional) is focused on preparing and providing, or making available, secure cryptographic devices, or other secure devices, to subjects.
- When the certificates are “managed on behalf” of the subscriber, TCAB assesses the certificate management using complementary standards (ETSI TS 119 431 and ETSI TS 119 432).