[1] eIDAS defines several tiers of electronic signatures that can be used in conducting public sector and private transactions within and across the borders of EU member states.
According to eIDAS, to be considered a qualified digital certificate, the certificate must meet the requirements provided in Annex I of Regulation (EU) No 910/2014, including, but not limited to:[1][2] The need for non-repudiation and authentication of electronic signatures was originally addressed in the Electronic Signatures Directive 1999/93/EC to help facilitate secure transactions, specifically those that occur across the borders of EU Member states.
The eIDAS Regulation later replaced the Directive and defined the standards to be used in the creation of qualified digital certificates by trust service providers.
The trust service provider is required to abide by the guidelines established under eIDAS for creating qualified digital certificate, which include:[3][2] In court, a qualified electronic signature provided the highest level of probative value, which makes it difficult to refute its authorship.
[citation needed] An amendment to NIST DSS is currently being discussed that would be more in-line with how eIDAS and ZertES handle trusted services.