[1][2] Trust service providers are qualified certificate authorities required in the European Union and in Switzerland in the context of regulated electronic signing procedures.
[1][2] One of the major intents of eIDAS was to facilitate both public and business services, especially those that are conducted between parties across EU Member state borders.
EU member states are required through eIDAS to establish “points of single contact” (PSCs) for trust services that ensure that electronic ID schemes can be used for cross-board public sector transactions, including the exchange and access of healthcare information across borders.
[11] The Swiss digital signing standard ZertES has defined a comparable concept of certificate service providers.
Certificate service providers need to be audited by conformity assessment bodies that have been appointed by the Schweizerische Akkreditierungsstelle [de].
However authors of the forthcoming review and commentators are publicly discussing an amendment similar to the eIDAS and ZertES approach of trusted service provision.
Several research institutes and associations expressed their concern with respect to the establishment of a small group of centralized trust service providers per country which authenticate digital transactions.
With regard to their requirement to preserve data and resulting expected efforts to keep evidence for potential liability requests on inaccurate ID, CEPIS sees the risk that trust service providers could create and store log entries of all authentication processes.
[15] Another publication claims that to truly take advantage of the secure and seamless cross-border electronic transactions, assurance levels, definitions and technical deployment need to be specified more precisely.
This would apparently involve the incorporation of government-specified TSPs in parallel with the existing multi-stakeholder processes used by browsers to establish trust in Certificate authorities.