Electronic seals were incorporated by the eIDAS Regulation in 2014 and are equivalent to electronic signatures.
The eIDAS Regulation specifies that only a legal person can create a seal, whereas an electronic signature can be associated to both a natural or a legal person or entity through its legal representative. Therefore, an electronic seal IS NOT an electronic signature of legal person, even if it is technically equivalent.
When a legal person uses electronic seals, it is recommended to implement an internal control mechanism that ensures that only natural persons who have the right to act on behalf of the legal entity can use them, or use them in automatic processes.
TCAB assesses the following areas:
- Registration services, in which the TSP verifies the identity and if applicable, any specific attributes of a subject.
- Certificate generation service, which creates and signs certificates based on the identity and other attributes verified by the registration service.
- Dissemination services, which delivers the certificates to subjects, and if the subject consents, makes them available to relying parties.
- Revocation management services, processing requests and reports relating to revocation to determine the necessary action to be taken.
- Revocation status services, which provides certificate revocation status information to relying parties.
- Subject device provision service (optional), area which prepares, and provides or makes available secure cryptographic devices, or other secure devices, to subjects.
- When the certificates are “managed on behalf” of the subscriber, TCAB assesses the certificates management using complementary standards (ETSI TS 119 431 and ETSI TS 119 432).