declaration of conformity - evrotrust · declaration of conformity conformity assessment of a trust...
TRANSCRIPT
DeclarationofconformityConformityassessmentofatrustserviceinaccordancewiththeeIDASEU
Regulation1
Nextfullauditbefore31stofMay2019
HerebydeterminesinaccordancewithArticle20para.1oftheeIDASEURegulation1theconformityofthe
trustserviceprovider
EVROTRUSTTECHNOLOGIESJSCThe conformity has been assessed for the following services provided by the trustserviceproviderinaccordancewitheIDASEURegulation1:
• CreationofQualifiedCertificatesforElectronicSignatures• CreationofQualifiedCertificatesforElectronicSeals• CreationofQualifiedElectronicTimeStamps
ThisconformityassessmenthasbeenregisteredunderLSTISASN°1622_37_V1SAINT-MALO,15.06.2017
ArmelleTROTIN
HeadoftheCertificationBody
LSTI SAS has been accredited pursuant to the accreditation certificate of French Accreditation Body COFRACwith registration
number 5-0546 in accordance with EN ISO/IEC 17065:2013 as a certification body for products, processes, and services in
accordancewiththeAnnexoftheaccreditationcertificateandinaccordancewiththeeIDASEURegulationandtheETSIEuropean
Norms.
1Regulation(EU)No.910/2014oftheEuropeanParliamentandoftheCouncilof23July2014onelectronicidentification
andtrustservicesforelectronictransactionsintheinternalmarketandrepealingDirective1999/93/EC
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017
Page2of56Pages
Descriptionofthetrustservices:
1 TrustserviceproviderandTrustServicesEVROTRUSTTECHNOLOGIESJSC2NikolaiHaitovstr.,entr..D,fl.2
1113,Sofia-Bulgaria
EVROTRUSTTECHNOLOGIES JSC isa trustserviceprovider2according to theeIDAS
EU Regulation Art. 3 No.19. In order to achieve or to maintain the status of a
"QualifiedTrustServiceProvider"inaccordancewiththeeIDASEURegulationArt.3
No.20,theTSPhastoensurethataconformityassessmentiscarriedout.
EVROTRUST TECHNOLOGIES JSC provides the following services, which have been
defined in theeIDASEURegulationArt.3No.16, theconformityofwhichhasbeen
assessedwiththepresentreport:
• CreationofQualifiedCertificatesforElectronicSignatures• CreationofQualifiedCertificatesforElectronicSeals• CreationofQualifiedElectronicTimeStamps
inaccordancewiththeeIDASEURegulationArt.3No.16.
2 AuditorganizationStage1audit
AuditofthedocumentsofEvrotrustTechnologiesJsc.Theaudithasbeencarriedout
from 19/04/2017 to 21/04/2017 on the TSP site by Lead Auditor Prof. George
StefanovandAuditorMr.NikolayBaychev.
Stage2audit
Audit of the correct implementation of the TSP operations during the onsite
inspection at the Evrotrust’s locations. This audit has been carried out from
26/05/2017to30/05/2017bytheAuditteam(LeadAuditorProf.GeorgeStefanov,
Ph.D.; Auditors: Dipl. Eng. Nikolay Baychev, M.Sc. and Vihra-Alexandra Dancheva,
LL.M.,Auditorsintraining:VeselaTrakiyska,M.Sc.andDipl.Eng.PeterStefanov,M.Sc,
LL.M.)accompaniedonthepartoftheTSP-Evrotrustby:
KonstantinBezuhanov–CEO(ChiefExecutiveOfficer)
GeorgeDimitrov–CEO(ChiefExecutiveOfficer)
Stefan Hadjistoytchev – CTO (Chief Technical Officer) and ISMS Management
Representative
MartinPetkov–AISNAdministratorandAISNSecurityOfficer
IvanBlagoev–Securityandcryptographicadministrator
2Hereinafterreferredtoas:TSP
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017
Page3of56Pages
IliyanIliev–SystemАdministratorandSystemOperator
GerganaPetrova–RegistratorRequests–CustomerServiceOperator
GalinaAndonova–RegistratorClerk-CustomerServiceOperator
AneliaAntonova–ChiefAccountant
MihaelenaDamianova–AdministrativeManagerandBusinessDevelopmentManager
ThefollowingpublicdocumentsoftheTSPhavebeenthesubject-matteroftheaudit:
[CPS] Certification Practice Statement for Qualified Certification Services -
Version2.1-13/04/2017
[CP] Certificate Policy for Qualified Certification Services for Advanced
ElectronicSignature/Seal-Version2.1-13/04/2017
[CP] Certificate Policy for Qualified Certification Services for Qualified
ElectronicSignature/Seal-Version2.1-13/04/2017
[CP] Certificate Policy for Qualified Certification Services for Website
Authentication-Version1.0-13/04/2017
[CP] QualifiedValidationPolicy-Version1.0-13/04/2017
[TSACPS/CP]TimestampCertificationAuthorityPolicy-Version2.0-13/04/2017
[PKIDS] PKIDisclosureStatement-Version2.1-13/04/2017
[GTC] General Terms and Conditions for Certification, Information,
CryptographicandConsultancyServices-Version1.0-13/04/2017
[SA] Contract for Use of Services Accessible Through the Application of
EvrotrustTechnologiesJsc-Version2.1-13/04/2017
[SA] SignatoryAgreement-Version2.0-13/04/2017
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017
Page4of56Pages
3 FulfilmentoftherequirementsoftheeIDASEURegulation
This conformity assessment report only reflects the fulfilment of the requirements
laiddownintheeIDASEURegulation.Itmustbeconsideredasanadditionalpartto
thedetailedauditreportswhichindicatethefulfilmentoftherequirementslaiddown
intheETSIEuropeanNorms.
ThefulfilmentoftherequirementslaiddownintheeIDASEURegulationandintheETSIEuropeanNormshasbeenverifiedbyauditingthecorrespondingdocumentsoftheTSPandbyauditing the correct implementationduring theonsite inspectionat
theTSPlocation.
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017
Page5of56Pages
3.1 CertificationschemeQO55:CertificationrulesforTrustServiceProvidersV5.1
Relevantstandardsusedare:
EN319403:ElectronicSignaturesandinfrastructures(ESI)-TrustServiceProvidersconformity assessment - Requirements for conformity assessment bodies assessingTrustServiceProviders
EN319401:ElectronicSignaturesandInfrastructures(ESI)-Policyrequirementsfortrustserviceproviders
EN319411-1:Electronic signaturesand infrastructures (ESI) -Policyand securityrequirementsapplicabletotrustserviceprovidersissuingcertificates-Part1:Generalrequirements
EN 319 411-2 V2.1.1: Electronic Signatures and Infrastructures (ESI); Policy andsecurity requirements for Trust Service Providers issuing certificates; Part 2:RequirementsfortrustserviceprovidersissuingEUqualifiedcertificates
EN 319 421:Electronic Signatures and Infrastructures (ESI) - Security and policyrequirementsfortrustserviceprovidersissuingstamps
Article eIDAS EN319411-1&411-2EN319421 NationalCompliance
Compliant Notcompliant Compliant MinorNC MajorNC Not
assessedNot
applicable deviations
GeneralrequirementsforqualifiedTSPArt5.1 X X Nonationalrequirements
Art.13.1 X X Nonationalrequirements
Art.13.2 X X Nonationalrequirements
Art.13.3 X X Nonationalrequirements
Art.15 X X Nonationalrequirements
Art.19.1 X X Nonationalrequirements
Art.19.2 X X Nonationalrequirements
Art.20 X X Nonationalrequirements
Art.24.2a X X Nonationalrequirements
Art.24.2b X X Nonationalrequirements
Art.24.2c X X Nonationalrequirements
Art.24.2d X X Nonationalrequirements
Art.24.2e X X Nonationalrequirements
Art.24.2f X X Nonationalrequirements
Art.24.2g X X Nonationalrequirements
Art.24.2h X X Nonationalrequirements
Art.24.2h X X Nonationalrequirements
Art.24.2i X X Nonationalrequirements
Art.24.2j X X Nonationalrequirements
Art.24.1a X X Nonationalrequirements
Art.24.1b X X Nonationalrequirements
Art.24.1c X X Nonationalrequirements
Art.24.1d X X Nonationalrequirements
Art.24.2k X X Nonationalrequirements
Art.24.3 X X Nonationalrequirements
Art.24.4 X X Nonationalrequirements
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page7of56Pages
Article eIDAS EN319411-1&411-2EN319421 NationalCompliance
Compliant Notcompliant Compliant MinorNC MajorNC Not
assessedNot
applicable deviations
Qualifiedcertificateforelectronicsignature(+)Art.28.1annexI X X Nonationalrequirements
Art.28.3 X X Nonationalrequirements
Art.28.4 X X Nonationalrequirements
Art.28.5 X X Nonationalrequirements
Qualifiedcertificateforelectronicseals(+)Art.38.1-AnnexIII
X X Nonationalrequirements
Art.38.2 X X Nonationalrequirements
Art.38.3 X X Nonationalrequirements
Art.38.4 X X Nonationalrequirements
Art.38.5 X X Nonationalrequirements
QualifiedelectronictimestampsArt42.1a X X Nonationalrequirements
Art42.1b X X Nonationalrequirements
Art42.1c X X Nonationalrequirements
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page8of56Pages
3.2 GeneralrequirementsforthetrustserviceproviderTheTSPhasprovidedevidenceofconformitywithregardtothefollowingrequirementsfortrustserviceslaiddownintheeIDASEURegulation.
3.2.1 DataprocessingandprotectionArticle5.1
Processing of personal data shall be carried out in accordance with Directive95/46/EC.Conformity Compliant NotcompliantRequirements ETSIEN
NationalrequirementsOthers
ETSIENstandardClauses EN_319_401Clause7.13c)andNote
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirements
xxxStatement compliant
NotcompliantNotapplicableNotassessed
3.2.2 Provisionsonliabilities3.2.2.1 Art.13.1TSP liable for damage caused intentionally or negligently to any natural or legalpersonduetoafailuretocomplywiththeobligationsunderthisRegulation(a)Burdenofprovingintention/negligenceofnon-qualifiedTSPisonclaimingparty.(b)IntentionornegligenceofaQTSPshallbepresumed,unlessprovenotherwisebyQTSP.
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page9of56Pages
Article13.2WhenTSPinformedcustomerinadvanceonlimitationsontheuseoftheirservices,&when such limitations are recognisable to third parties, TSP not liable whenlimitationshavebeenexceeded.Conformity Compliant NotcompliantRequirements ETSIEN
NationalrequirementsOthers
ETSIENstandardClauses EN_319_401Clause6.2
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
NationalrequirementsxxxStatement compliant
NotcompliantNotapplicableNotassessed
3.2.2.2 Art.13.3Articles1and2shallbeappliedinaccordancewithnationalrulesonliability.
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page10of56Pages
3.2.3 AccessibilityforpersonwithdisabilitiesArticle15
Wherefeasible,trustservicesprovidedandend-userproductsusedintheprovisionofthoseservicesshallbemadeaccessibleforpersonswithdisabilities.
Conformity Compliant NotcompliantRequirements ETSIEN
NationalrequirementsOthers
ETSIENstandard
Clauses EN_319_401Clause7.13b)EN319_549
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirements
xxxStatement compliant
NotcompliantNotapplicableNotassessed
3.2.4 DuediligenceArticle19.1
Qualifiedandnon-qualifiedtrustserviceprovidersshall takeappropriatetechnicalandorganisationalmeasurestomanagetherisksposedtothesecurityofthetrustservicestheyprovide.Havingregardtothelatesttechnologicaldevelopments,thosemeasures shall ensure that the level of security is commensurate to thedegreeofrisk. Inparticular,measures shallbe taken topreventandminimise the impactofsecurity incidents and inform stakeholders of the adverse effects of any suchincidents.Conformity Compliant Notcompliant
Requirements ETSIENNationalrequirementsOthers
ETSIENstandard
Clauses EN_319_401Clause5,6.3,7.1to7.12EN319_411-1Clause6.4,6.5EN319_421(time-stamp)
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page11of56Pages
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirements
xxxStatement compliant
NotcompliantNotapplicableNotassessed
3.2.5 Security&personaldatabreachnotificationArticle19.2
Qualifiedandnon-qualifiedtrustserviceprovidersshall,withoutunduedelaybutinany event within 24 hours after having become aware of it, notify the S.B. and,where applicable, other relevant bodies, such as the competent national body forinformation securityor thedataprotectionauthority,of anybreachof securityorlossofintegritythathasasignificantimpactonthetrustserviceprovidedoronthepersonaldatamaintainedtherein.
Wherethebreachofsecurityorlossofintegrityislikelytoadverselyaffectanaturalor legal person towhom the trusted service has been provided, the trust serviceprovidershallalsonotifythenaturalorlegalpersonofthebreachofsecurityorlossofintegritywithoutunduedelay.
Whereappropriate,inparticularifabreachofsecurityorlossofintegrityconcernstwoormoreMemberStates,thenotifiedS.B.shallinformthesupervisorybodiesinotherMemberStatesconcernedandENISA.
ThenotifiedS.B.shall informthepublicorrequirethetrustserviceprovidertodoso,whereitdeterminesthatdisclosureofthebreachofsecurityorlossofintegrityisinthepublicinterest.
Conformity Compliant NotcompliantRequirements ETSIEN
NationalrequirementsOthers
ETSIENstandardClauses EN_319_401Clause7.9e)f)
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page12of56Pages
Nationalrequirements
xxxStatement compliant
NotcompliantNotapplicableNotassessed
3.2.6 SupervisionofqualifiedtrustserviceprovidersArticle20.1
Qualifiedtrustserviceprovidersshallbeauditedattheirownexpenseatleastevery24monthsbyaconformityassessmentbody.Thepurposeof theauditshallbe toconfirm that the qualified trust service providers and the qualified trust servicesprovidedbythemfulfiltherequirementslaiddowninthisRegulation.Thequalifiedtrustserviceprovidersshallsubmit theresultingconformityassessmentreport totheS.B.withintheperiodofthreeworkingdaysafterreceivingit.Conformity Compliant NotcompliantRequirements ETSIEN
NationalrequirementsOthers
ETSIENstandardClauses EN_319_403
Statement
eIDASarticle51.3applies.
CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirementsxxx
Statement compliantNotcompliantNotapplicableNotassessed
3.2.7 InitiationofaqualifiedtrustserviceArticle21.1
Where trust service providers, without qualified status, intend to start providingqualifiedtrustservices, theyshallsubmit tothesupervisorybodyanotificationoftheirintentiontogetherwithaconformityassessmentreportissuedbyaconformityassessmentbody.Conformity Compliant NotcompliantRequirements ETSIEN
Nationalrequirements
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page13of56Pages
Others
ETSIENstandardClauses None
Statement
eIDASarticle51.3applies.
CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirements
xxxStatement compliant
NotcompliantNotapplicableNotassessed
Article21.3Qualified trust service providersmay begin to provide the qualified trust serviceafterthequalifiedstatushasbeenindicatedinthetrustedlistsreferredtoinArticle22(1).Conformity Compliant NotcompliantRequirements ETSIEN
NationalrequirementsOthers
ETSIENstandardClauses None
Statement
eIDASarticle51.3applies
CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirementsxxx
Statement compliantNotcompliantNotapplicableNotassessed
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page14of56Pages
3.3 RequirementsforqualifiedTrustServiceproviders
3.3.1 Art.24.2Article24.2(a)
informtheS.B.ofanychangeintheprovisionofitsqualifiedtrustservicesandanintentiontoceasethoseactivities;
Conformity Compliant NotcompliantRequirements ETSIEN
NationalrequirementsOthers
ETSIENstandardClauses EN_319_401Clause6.1,7.12
ETSIEN319411-1/2Clause5.2ETSIEN319421Clause6.2
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirements
xxxStatement compliant
NotcompliantNotapplicableNotassessed
Article24.2bemploystaffand,ifapplicable,subcontractorswhopossessthenecessaryexpertise,reliability, experience, and qualifications and who have received appropriatetraining regarding security and personal data protection rules and shall applyadministrative and management procedures which correspond to European orinternationalstandards;
Conformity Compliant NoncompliantRequirements ETSIEN
NationalrequirementsOthers
NormeETSIClauses EN_319_401Clause7.2
EN_319_411-1/2Clause6.4.4
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page15of56Pages
Statement CompliantMinornonconformityMajornonconformityNonapplicableNonassessed
Nationalrequirements
xxxStatement compliant
NoncompliantNonapplicableNonassessed
Article24.2cwith regard to the risk of liability for damages in accordance with Article 13,maintainsufficientfinancialresourcesand/orobtainappropriateliabilityinsurance,inaccordancewithnationallaw;Conformity Compliant Notcompliant
Requirements ETSIENNationalrequirementsOthers
ETSIENstandard
Clauses EN_319_401Clause7.1.1.c)EN_319_411-1/2Clauses6.8.2
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirements
xxxStatement compliant
NotcompliantNotapplicableNotassessed
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page16of56Pages
Article24.2dbeforeenteringintoacontractualrelationship,inform,inaclearandcomprehensivemanner,anypersonseekingtouseaqualifiedtrustserviceoftheprecisetermsandconditionsregardingtheuseofthatservice,includinganylimitationsonitsuse;Conformity Compliant Notcompliant
Requirements ETSIENNationalrequirementsOthers
ETSIENstandard
Clauses EN_319_401Clause6.2EN_319_411-1/2 Clauses 6.1, 6.3.4,6.3.5,6.9.4
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirementsxxx
Statement compliantNotcompliantNotapplicableNotassessed
Article24.2(e)usetrustworthysystemsandproductsthatareprotectedagainstmodificationandensurethetechnicalsecurityandreliabilityoftheprocessessupportedbythem;Conformity Compliant Notcompliant
Requirements ETSIENNationalrequirementsOthers
ETSIENstandardClauses EN319401Clauses7.4,7.5,7.7,7.8
EN319411-1Clause6.5EN_319_411-2Clause6.5
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page17of56Pages
Nationalrequirements
xxxStatement compliant
NotcompliantNotapplicableNotassessed
Article24.2fusetrustworthysystemstostoredataprovidedtoit,inaverifiableformsothat:
(i)theyarepubliclyavailableforretrievalonlywheretheconsentofthepersontowhomthedatarelateshasbeenobtained,
(ii)onlyauthorisedpersonscanmakeentriesandchangestothestoreddata,
(iii)thedatacanbecheckedforauthenticity;Conformity Compliant Notcompliant
Requirements ETSIENNationalrequirementsOthers
ETSIENstandardClauses EN_319_401Clauses7.4,7.5,7.7,7.8
EN_319_411-1Clauses6.4.3,6.4.6,6.5
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirementsxxx
Statement compliantNotcompliantNotapplicableNotassessed
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page18of56Pages
Article24.2g
takeappropriatemeasuresagainstforgeryandtheftofdata;
Conformity Compliant NotcompliantRequirements ETSIEN
NationalrequirementsOthers
ETSIENstandard
Clauses EN_319_401Clauses5,6.3,7.3,7.4,7.6,7.7,7.8,7.9,7.10,7.11,7.12EN_319_411-1/2Clauses6.4,6.5
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirements
xxxStatement compliant
NotcompliantNotapplicableNotassessed
(a) Recordandkeepaccessibleactivitiesrelateddata,issuedandreceived,evenafter
cessation;
Article24.2h
Recordandkeepaccessible activities relateddata, issuedand received, evenaftercessation;
Conformity Compliant NotcompliantRequirements ETSIEN
NationalrequirementsOthers
ETSIENstandard
Clauses EN_319_401Clause7.12EN_319_411-1/2 Clauses 6.2.2, 6.3.4,6.3.8,6.4.5,6.4.6,6.4.9EN_319_421Clause7.12(TS)
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page19of56Pages
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirements
xxxStatement compliant
NotcompliantNotapplicableNotassessed
Article24.2i
haveanup-to-date terminationplan toensurecontinuityof service inaccordancewithprovisionsverifiedbythesupervisorybodyunderpoint(i)ofArticle17(4);
Conformity Compliant NotcompliantRequirements ETSIEN
NationalrequirementsOthers
ETSIENstandardClauses EN_319_401Clause7.12
EN_319_411-1/2Clause6.4.9EN_319_421Clause7.14
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirements
xxxStatement compliant
NotcompliantNotapplicableNotassessed
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page20of56Pages
Article24.2j
ensurelawfulprocessingofpersonaldatainaccordancewithDirective95/46/EC;
Conformity Compliant NotcompliantRequirements ETSIEN
NationalrequirementsOthers
ETSIENstandard
Clauses EN_319_401Clause7.13a)c)EN_319_411-1Clause6.8.4
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirements
xxxStatement compliant
NotcompliantNotapplicableNotassessed
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page21of56Pages
3.4 Additional specific requirements for the applicable type ofqualifiedtrustservice
3.4.1 Qualifiedcertificateforelectronicsignature3.4.1.1 Art.24.1.a)tod)1. When issuing a qualified certificate for a trust service, a qualified trust serviceprovidershallverify,byappropriatemeansandinaccordancewithnationallaw,theidentity and, if applicable, any specific attributes of the natural or legal person towhomthequalifiedcertificateisissued.Theinformationreferredtointhefirstsubparagraphshallbeverifiedbythequalifiedtrustserviceprovidereitherdirectlyorbyrelyingonathirdpartyinaccordancewithnationallaw:
Article24.1a
bythephysicalpresenceofthenaturalpersonorofanauthorisedrepresentativeofthelegalperson;
Conformity Compliant NotcompliantRequirements ETSIEN
NationalrequirementsOthers
ETSIENstandardClauses EN_319_411-1/2Clauses6.2.2,6.2.3,
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirements
xxxStatement compliant
NotcompliantNotapplicableNotassessed
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page22of56Pages
Article24.1b
remotely, using electronic identificationmeans, forwhichprior to the issuanceofthe qualified certificate, a physical presence of the natural person or of anauthorised representative of the legal person was ensured and which meets therequirementssetoutinArticle8withregardtotheassurancelevels‘substantial’or‘high’;
Conformity Compliant NotcompliantRequirements ETSIEN
NationalrequirementsOthers
ETSIENstandard
Clauses EN319401Clause7.1.1EN_319_411-1 Clauses 6.2.2, 6.2.3,6.8.2EN_319_411-2Clauses6.2.2et6.2.3
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirementsxxx
Statement compliantNotcompliantNotapplicableNotassessed
Article24.1c
by means of a certificate of a qualified electronic signature or of a qualifiedelectronicsealissuedincompliancewithpoint(a)or(b);
Conformity Compliant Notcompliant
Requirements ETSIENNationalrequirementsOthers
ETSIENstandardClauses EN319401Clause6.2
EN_319_411-1Clauses6.1,6.2.2,6.2.3,6.3.4,6.9.4EN_319_411-2Clauses6.2.2et6.2.3
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page23of56Pages
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirements
xxxStatement compliant
NotcompliantNotapplicableNotassessed
Article24.1d
by using other identificationmethods recognised at national level which provideequivalent assurance in terms of reliability to physical presence. The equivalentassuranceshallbeconfirmedbyaconformityassessmentbody.
Conformity Compliant Notcompliant
Requirements ETSIENNationalrequirementsOthers
ETSIENstandard
Clauses EN319401Clause6.2EN_319_411-1Clauses6.1,6.2.2,6.2.3,6.3.4,6.5,6.9.4,7.4,7.5,7.7,7.8EN_319_411-2Clauses6.2.2et6.2.3
Statement
Remote Video Identification System usable via mobileapplicationforremoteissuingofQESasdeclaredprovidingequivalent assurance in terms of reliability to physicalpresencebyLSTI(declarationLSTIN°1622N°1V0)
CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirementsxxx
Statement compliantNotcompliantNotapplicableNotassessed
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page24of56Pages
3.4.1.1 Art.24.2k)
Article24.2k
in case of qualified trust service providers issuing qualified certificates, establishandkeepupdatedacertificatedatabase.
Conformity Compliant NotcompliantRequirements ETSIEN
NationalrequirementsOthers
ETSIENstandard
Clauses EN_319_411-1/2Clause6.1
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirementsxxx
Statement compliantNotcompliantNotapplicableNotassessed
3.4.1.1 Art.24.3
Article24.3
Ifaqualifiedtrustserviceproviderissuingqualifiedcertificatesdecidestorevokeacertificate,itshallregistersuchrevocationinitscertificatedatabaseandpublishtherevocationstatusof thecertificate ina timelymanner,and inanyeventwithin24hours after the receipt of the request. The revocation shall become effectiveimmediatelyuponitspublication.
Conformity Compliant Notcompliant
Requirements ETSIENNationalrequirementsOthers
ETSIENstandard
Clauses EN_319_411-2Clause6.2.4
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page25of56Pages
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirements
xxxStatement compliant
NotcompliantNotapplicableNotassessed
3.4.1.2 Art.24.4
Article24.4
With regard to paragraph 24.3, qualified trust service providers issuing qualifiedcertificates shall provide to any relying party information on the validity orrevocationstatusofqualifiedcertificatesissuedbythem.Thisinformationshallbemadeavailableatleastonapercertificatebasisatanytimeandbeyondthevalidityperiodofthecertificateinanautomatedmannerthatisreliable,freeofchargeandefficient.
Conformity Compliant Notcompliant
Requirements ETSIENNationalrequirementsOthers
ETSIENstandard
Clauses EN_319_411-1/2Clause6.3.10
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirementsxxx
Statement compliantNotcompliantNotapplicableNotassessed
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page26of56Pages
3.4.2 Art.28.1–AnnexIEvrotrustRootCA
QualifiedCertificationRootAuthorityObjectIdentifier(OID),
Policyidentifier
EvrotrustRSARootCAserialnumber:6c6ec9bf485172a54bd40f2778625245
1.3.6.1.4.1.47272.1
EvrotrustOperationalCAs
QualifiedCertificationAuthoritiesObjectIdentifier(OID),
Policyidentifier
EvrotrustRSAOperationalCAserialnumber:38000000034e8ecb48092501bc000000000003
1.3.6.1.4.1.47272.2
QualifiedCertificatesforEndusers
(Persons/Servers/Services)
EvrotrustObjectIdentifier
(OID),Policyidentifier
OtherObject
Identifiers(OID),
Policyidentifiers
Evrotrust Qualified Natural Person
CertificateforQES1.3.6.1.4.1.47272.2.2
0.4.0.194112.1.2,
0.4.0.1456.1.1
Evrotrust Qualified Natural Person
AttributeCertificateforQES1.3.6.1.4.1.47272.2.2.1
0.4.0.194112.1.2,
0.4.0.1456.1.1
Evrotrust Qualified Natural Person
CertificateforAES1.3.6.1.4.1.47272.2.7
0.4.0.194112.1.0,
0.4.0.1456.1.2
QualifiedcertificatesforelectronicsignaturesshallmeettherequirementslaiddowninAnnexI:Qualifiedcertificatesforelectronicsignaturesshallcontain:
AnnexI(a)
an indication, at least in a form suitable for automated processing, that thecertificatehasbeenissuedasaqualifiedcertificateforelectronicsignature;
Conformity Compliant NotcompliantRequirements ETSIEN
NationalrequirementsOthers
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page27of56Pages
ETSIENstandard
Clauses Clause6.6.1referringtoEN319411-1 corresponding clause6.6.1 and requiring compliancewith EN 319 412 series infunctionofthetypeofQC.
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
NationalrequirementsxxxStatement compliant
NotcompliantNotapplicableNotassessed
AnnexI(b)
a set of data unambiguously representing the qualified trust service providerissuingthequalifiedcertificates includingat least, theMemberState inwhichthatproviderisestablishedand:—foralegalperson:thenameand,whereapplicable,registrationnumberasstatedintheofficialrecords,foranaturalperson:theperson’sname;
Conformity Compliant NotcompliantRequirements ETSIEN
NationalrequirementsOthers
ETSIENstandard
Clauses Clause6.6.1referringtoEN319411-1 corresponding clause6.6.1 and requiring compliancewith EN 319 412 series infunctionofthetypeofQC.
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page28of56Pages
Nationalrequirements
xxxStatement compliant
NotcompliantNotapplicableNotassessed
AnnexI(c)
atleastthenameofthesignatory,orapseudonym;ifapseudonymisused,itshallbeclearlyindicated;
Conformity Compliant Notcompliant
Requirements ETSIENNationalrequirementsOthers
ETSIENstandard
Clauses xxx
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirements
xxxStatement compliant
NotcompliantNotapplicableNotassessed
AnnexI(d)
electronic signature validation data that corresponds to the electronic signaturecreationdata;
Conformity Compliant NotcompliantRequirements ETSIEN
NationalrequirementsOthers
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page29of56Pages
ETSIENstandard
Clauses Clause6.6.1referringtoEN319411-1 corresponding clause6.6.1 and requiring compliancewith EN 319 412 series infunctionofthetypeofQC.
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
NationalrequirementsxxxStatement compliant
NotcompliantNotapplicableNotassessed
AnnexI(e)
detailsofthebeginningandendofthecertificate’speriodofvalidity;
Conformity Compliant NotcompliantRequirements ETSIEN
NationalrequirementsOthers
ETSIENstandard
Clauses Clause6.6.1referringtoEN319411-1 corresponding clause6.6.1 and requiring compliancewith EN 319 412 series infunctionofthetypeofQC.
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirements
xxxStatement compliant
NotcompliantNotapplicableNotassessed
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page30of56Pages
AnnexI(f)
the certificate identity code,whichmust be unique for the qualified trust serviceprovider;
Conformity Compliant Notcompliant
Requirements ETSIENNationalrequirementsOthers
ETSIENstandard
Clauses xxx
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirements
xxxStatement compliant
NotcompliantNotapplicableNotassessed
AnnexI(g)
the advanced electronic signature or advanced electronic seal of the issuingqualifiedtrustserviceprovider;
Conformity Compliant NotcompliantRequirements ETSIEN
NationalrequirementsOthers
ETSIENstandardClauses Clause6.6.1referringtoEN319
411-1 corresponding clause6.6.1 and requiring compliancewith EN 319 412 series infunctionofthetypeofQC.
Statement CompliantMinornonconformity
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page31of56Pages
MajornonconformityNotapplicableNotassessed
Nationalrequirements
xxxStatement compliant
NotcompliantNotapplicableNotassessed
AnnexI(h)
the locationwhere the certificate supporting theadvancedelectronic signatureoradvancedelectronicsealreferredtoinpoint(g)isavailablefreeofcharge;
Conformity Compliant NotcompliantRequirements ETSIEN
NationalrequirementsOthers
ETSIENstandard
Clauses Clause6.6.1referringtoEN319411-1 corresponding clause6.6.1 and requiring compliancewith EN 319 412 series infunctionofthetypeofQC.
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirements
xxxStatement compliant
NotcompliantNotapplicableNotassessed
AnnexI(i)
thelocationoftheservicesthatcanbeusedtoenquireaboutthevaliditystatusofthequalifiedcertificate;
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page32of56Pages
Conformity Compliant Notcompliant
Requirements ETSIENNationalrequirementsOthers
ETSIENstandard
Clauses EN_319_411-1Clause6.6.1
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirements
xxxStatement compliant
NotcompliantNotapplicableNotassessed
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page33of56Pages
AnnexI(j)
where the electronic signature creation data related to the electronic signaturevalidation data is located in a qualified electronic signature creation device, anappropriateindicationofthis,atleastinaformsuitableforautomatedprocessing.
Conformity Compliant Notcompliant
Requirements ETSIENNationalrequirementsOthers
ETSIENstandard
Clauses EN_319_411-2Clause6.6.1
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirements
xxxStatement compliant
NotcompliantNotapplicableNotassessed
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page34of56Pages
3.4.2.1 Art.28.3
Article28.3
Qualified certificates for electronic signatures may include non-mandatoryadditional specific attributes. Those attributes shall not affect the interoperabilityandrecognitionofqualifiedelectronicsignatures.
Conformity Compliant Notcompliant
Requirements ETSIENNationalrequirementsOthers
ETSIENstandardClauses EN_319_411-1Clause6.6.1
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirementsxxx
Statement compliantNotcompliantNotapplicableNotassessed
3.4.2.2 Art.28.4
Article28.4
If a qualified certificate for electronic signatures has been revoked after initialactivation,itshallloseitsvalidityfromthemomentofitsrevocation,anditsstatusshallnotinanycircumstancesbereverted.
Conformity Compliant Notcompliant
Requirements ETSIENNationalrequirementsOthers
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page35of56Pages
ETSIENstandard
Clauses EN_319_411-2Clause6.3.9
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirements
xxxStatement compliant
NotcompliantNotapplicableNotassessed
3.4.2.3 Art.28.5Subject to the following conditions,Member Statesmay laydownnational rules ontemporarysuspensionofaqualifiedcertificateforelectronicsignature:
Article28.5(a)
if a qualified certificate for electronic signature has been temporarily suspendedthatcertificateshallloseitsvalidityfortheperiodofsuspension;
Conformity Compliant NotcompliantRequirements ETSIEN
NationalrequirementsOthers
ETSIENstandardClauses xxx
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirementsxxx
Statement compliantNotcompliantNotapplicableNotassessed
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page36of56Pages
Article28.5(b)
theperiodofsuspensionshallbeclearlyindicatedinthecertificatedatabaseandthesuspensionstatusshallbevisible,duringtheperiodofsuspension,fromtheserviceprovidinginformationonthestatusofthecertificate.
Conformity Compliant NotcompliantRequirements ETSIEN
NationalrequirementsOthers
ETSIENstandardClauses EN_319_411-2Clause6.3.9
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirementsxxx
Statement compliantNotcompliantNotapplicableNotassessed
3.4.3 Art.38.1–AnnexIII–requirementsforqualifiedcertificateforelectronicsealEvrotrustRootCA
QualifiedCertificationRootAuthoritiesObjectIdentifier(OID),
Policyidentifier
EvrotrustRSARootCAserialnumber:6c6ec9bf485172a54bd40f2778625245
1.3.6.1.4.1.47272.1
EvrotrustOperationalCAs
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page37of56Pages
QualifiedCertificationAuthoritiesObjectIdentifier(OID),
Policyidentifier
EvrotrustRSAOperationalCASerialnumber:38000000034e8ecb48092501bc000000000003
1.3.6.1.4.1.47272.2
QualifiedCertificatesforEndusers
(Persons/Servers/Services)
EvrotrustObjectIdentifier
(OID),Policyidentifier
OtherObject
Identifiers(OID),
Policyidentifiers
Evrotrust Qualified Natural Person
CertificateforQES1.3.6.1.4.1.47272.2.2
0.4.0.19112.1.2,
0.4.0.1456.1.1
Evrotrust Qualified Natural Person
AttributeCertificateforQES1.3.6.1.4.1.47272.2.2.1
0.4.0.19112.1.2,
0.4.0.1456.1.1
Evrotrust Qualified Natural Person
CertificateforAES1.3.6.1.4.1.47272.2.2.7
0.4.0.19112.1.0,
0.4.0.1456.1.2
Evrotrust Qualified Legal Person
CertificateforAESeal1.3.6.1.4.1.47272.2.8
0.4.0.194112.1.1,
0.4.0.1456.1.2
Qualified certificates for electronic seals shall meet the requirements laid down inAnnexIII:
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page38of56Pages
Qualifiedcertificatesforelectronicsealsshallcontain:
AnnexIII(a)
an indication, at least in a form suitable for automated processing, that thecertificatehasbeenissuedasaqualifiedcertificateforelectronicseal;
Conformity Compliant NotcompliantRequirements ETSIEN
NationalrequirementsOthers
ETSIENstandardClauses EN_319_411-2Clause6.3.9
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirementsxxx
Statement compliantNotcompliantNotapplicableNotassessed
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page39of56Pages
AnnexIII(b)
a set of data unambiguously representing the qualified trust service providerissuing thequalifiedcertificates includingat least theMemberState inwhich thatproviderisestablishedand:—foralegalperson:thenameand,whereapplicable,registrationnumberasstatedintheofficialrecords,foranaturalperson:theperson’sname;
Conformity Compliant NotcompliantRequirements ETSIEN
NationalrequirementsOthers
ETSIENstandard
Clauses Clause6.6.1referringtoEN319411-1 corresponding clause6.6.1 and requiring compliancewith EN 319 412 series infunctionofthetypeofQC.
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
NationalrequirementsxxxStatement compliant
NotcompliantNotapplicableNotassessed
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page40of56Pages
AnnexIII(c)
at least the name of the creator of the seal and, where applicable, registrationnumberasstatedintheofficialrecords;
Conformity Compliant NotcompliantRequirements ETSIEN
NationalrequirementsOthers
ETSIENstandard
Clauses Clause6.6.1referringtoEN319411-1 corresponding clause6.6.1 and requiring compliancewith EN 319 412 series infunctionofthetypeofQC.
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirements
xxxStatement compliant
NotcompliantNotapplicableNotassessed
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page41of56Pages
AnnexIII(d)
electronic seal validation data, which corresponds to the electronic seal creationdata;
Conformity Compliant NotcompliantRequirements ETSIEN
NationalrequirementsOthers
ETSIENstandard
Clauses Clause6.6.1referringtoEN319411-1 corresponding clause6.6.1 and requiring compliancewith EN 319 412 series infunctionofthetypeofQC.
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirements
xxxStatement compliant
NotcompliantNotapplicableNotassessed
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page42of56Pages
AnnexIII(e)
detailsofthebeginningandendofthecertificate’speriodofvalidity;
Conformity Compliant Notcompliant
Requirements ETSIENNationalrequirementsOthers
ETSIENstandardClauses Clause6.6.1referringtoEN319
411-1 corresponding clause6.6.1 and requiring compliancewith EN 319 412 series infunctionofthetypeofQC.
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirementsxxx
Statement compliantNotcompliantNotapplicableNotassessed
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page43of56Pages
AnnexIII(f)
the certificate identity code,whichmust be unique for the qualified trust serviceprovider;
Conformity Compliant Notcompliant
Requirements ETSIENNationalrequirementsOthers
ETSIENstandard
Clauses Clause6.6.1referringtoEN319411-1 corresponding clause6.6.1 and requiring compliancewith EN 319 412 series infunctionofthetypeofQC.
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirements
xxxStatement compliant
NotcompliantNotapplicableNotassessed
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page44of56Pages
AnnexIII(g)
the advanced electronic signature or advanced electronic seal of the issuingqualifiedtrustserviceprovider;
Conformity Compliant Notcompliant
Requirements ETSIENNationalrequirementsOthers
ETSIENstandard
Clauses Clause6.6.1referringtoEN319411-1 corresponding clause6.6.1 and requiring compliancewith EN 319 412 series infunctionofthetypeofQC.
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirements
xxxStatement compliant
NotcompliantNotapplicableNotassessed
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page45of56Pages
AnnexIII(h)
the locationwhere the certificate supporting theadvancedelectronic signatureoradvancedelectronicsealreferredtoinpoint(g)isavailablefreeofcharge;
Conformity Compliant NotcompliantRequirements ETSIEN
NationalrequirementsOthers
ETSIENstandard
Clauses Clause6.6.1referringtoEN319411-1 corresponding clause6.6.1 and requiring compliancewith EN 319 412 series infunctionofthetypeofQC.
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirementsxxx
Statement compliantNotcompliantNotapplicableNotassessed
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page46of56Pages
AnnexIII(i)
thelocationoftheservicesthatcanbeusedtoenquireastothevaliditystatusofthequalifiedcertificate;
Conformity Compliant NotcompliantRequirements ETSIEN
NationalrequirementsOthers
ETSIENstandard
Clauses EN_319_411-1Clause6.6.1
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirements
xxxStatement compliant
NotcompliantNotapplicableNotassessed
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page47of56Pages
AnnexIII(j)
wheretheelectronicsealcreationdatarelatedtotheelectronicsealvalidationdataislocatedinaqualifiedelectronicsealcreationdevice,anappropriateindicationofthis,atleastinaformsuitableforautomatedprocessing.
Conformity Compliant NotcompliantRequirements ETSIEN
NationalrequirementsOthers
ETSIENstandard
Clauses EN_319_411-2Clause6.6.1
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirements
xxxStatement compliant
NotcompliantNotapplicableNotassessed
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page48of56Pages
3.4.3.1 Art.38.3
Article38.3
Qualified certificates for electronic seals may include non-mandatory additionalspecific attributes. Those attributes shall not affect the interoperability andrecognitionofqualifiedelectronicseals.
Conformity Compliant NotcompliantRequirements ETSIEN
NationalrequirementsOthers
ETSIENstandardClauses EN_319_411-2Clause6.3.9
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirements
xxxStatement compliant
NotcompliantNotapplicableNotassessed
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page49of56Pages
3.4.3.2 Art.38.4
Article38.4
If a qualified certificate for an electronic seal has been revoked after initialactivation,itshallloseitsvalidityfromthemomentofitsrevocation,anditsstatusshallnotinanycircumstancesbereverted.
Conformity Compliant NotcompliantRequirements ETSIEN
NationalrequirementsOthers
ETSIENstandardClauses EN_319_411-2Clause6.3.9
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirementsxxx
Statement compliantNotcompliantNotapplicableNotassessed
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page50of56Pages
3.4.3.3 Art.38.5Subject to the following conditions,Member Statesmay laydownnational rules ontemporarysuspensionofqualifiedcertificatesforelectronicseals:
Article38.5(a)
if a qualified certificate for electronic seal has been temporarily suspended, thatcertificateshallloseitsvalidityfortheperiodofsuspension;
Conformity Compliant Notcompliant
Requirements ETSIENNationalrequirementsOthers
ETSIENstandardClauses EN_319_411-2Clause6.3.9
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirementsxxx
Statement compliantNotcompliantNotapplicableNotassessed
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page51of56Pages
Article38.5(b)
theperiodofsuspensionshallbeclearlyindicatedinthecertificatedatabaseandthesuspensionstatusshallbevisible,duringtheperiodofsuspension,fromtheserviceprovidinginformationonthestatusofthecertificate.
Conformity Compliant Notcompliant
Requirements ETSIENNationalrequirementsOthers
ETSIENstandard
Clauses EN_319_411-2Clause6.3.9
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirementsxxx
Statement compliantNotcompliantNotapplicableNotassessed
3.4.4 QualifiedelectronictimestampsEvrotrustRootCA
Qualified Certification Root Authorities Object Identifier (OID), Policy identifier
Evrotrust RSA Root CA serialnumber:6c6ec9bf485172a54bd40f2778625245
1.3.6.1.4.1.47272.1
Qualified TSA Object Identifier (OID), Policy identifier
Evrotrust TSA serialnumber:380000000425f81f2fdc883bed000000000004
1.3.6.1.4.1.47272.1.2
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page52of56Pages
3.4.4.1 Art.42.1.(a)to(c)Aqualifiedelectronictimestampshallmeetthefollowingrequirements:
Article42.1(a)
itbindsthedateandtimetodata insuchamanneras toreasonablyprecludethepossibilityofthedatabeingchangedundetectably;
Conformity Compliant NotcompliantRequirements ETSIEN
NationalrequirementsOthers
ETSIENstandardClauses EN_319_421Clause7.6.3–7.7.1
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirementsxxx
Statement compliantNotcompliantNotapplicableNotassessed
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page53of56Pages
Article42.1(b)
itisbasedonanaccuratetimesourcelinkedtoCoordinatedUniversalTime;
Conformity Compliant Notcompliant
Requirements ETSIENNationalrequirementsOthers
ETSIENstandardClauses EN_319_421Clause7.7.1–7.7.2
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirementsxxx
Statement compliantNotcompliantNotapplicableNotassessed
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page54of56Pages
Article42.1(c)
it is signed using an advanced electronic signature or sealed with an advancedelectronicsealofthequalifiedtrustserviceprovider,orbysomeequivalentmethod.
Conformity Compliant NotcompliantRequirements ETSIEN
NationalrequirementsOthers
ETSIENstandardClauses EN_319_421Clause7.7.1
Statement CompliantMinornonconformityMajornonconformityNotapplicableNotassessed
Nationalrequirementsxxx
Statement compliantNotcompliantNotapplicableNotassessed
4 Certificationofqualifiedelectronicsignaturecreationdevices
4.1.1 Art.301.ConformityofqualifiedelectronicsignaturecreationdeviceswiththerequirementslaiddowninAnnexII shall be certified by appropriate public or private bodies designated byMember States.EN28.8.2014OfficialJournaloftheEuropeanUnionL257/101
2.MemberStates shallnotify to theCommission thenamesandaddressesof thepublicorprivatebodyreferredtoinparagraph1.TheCommissionshallmakethatinformationavailabletoMemberStates.
3.Thecertificationreferredtoinparagraph1shallbebasedononeofthefollowing:
(a) a security evaluation process carried out in accordancewith one of the standards for the securityassessment of information technology products included in the list established in accordance with thesecondsubparagraph;or
(b) a process other than theprocess referred to in point (a), provided that it uses comparable securitylevelsandprovidedthatthepublicorprivatebodyreferredtoinparagraph1notifiesthatprocesstotheCommission.Thatprocessmaybeusedonlyintheabsenceofstandardsreferredtoinpoint(a)orwhenasecurityevaluationprocessreferredtoinpoint(a)isongoing.
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page55of56Pages
EvrotrustTechnologiesJSCusesaQSignCDlistedintheEUlisteIDASart.31.
5 RequirementsfulfiledaslaiddownintheETSIEuropeanNormsThefulfilmentoftherequirementsforthetrustservicelaiddowninETSIEN319401and ETSI EN 319 411-2/421 has been verifiedwithin the framework of the auditsstage 2 EVROTRUST TECHNOLOGIES JSC. The results are listed in detail in thefollowingseparatereports
• EvaluationReportN°1622–37InitialCertification–ETSIEN319411-1,dated30.05.2017
• EvaluationReportN°1622-37–InitialCertification–ETSIEN319411-2,dated30.05.2017
• EvaluationReportN°1622-37– InitialCertification–ETSIEN319421,dated30.05.2017
6 OtherthirdpartiesinvolvedN/A
7 NextevaluationFullauditistobecarriedoutbefore31May2019.
8 Finalsummarya)TechnicalapplicationenvironmentAtrustserviceprovidermayentrust thirdpartieswith the fulfilmentofpartsof itsprocesses.Theoverallresponsibilityforthefulfilmentoftherequirementslaiddownin eIDASEURegulation and theETSIEuropeanNormswill remainby theErreur!Nous n’avons pas trouvé la source du renvoi.. A third party contracted by theErreur!Nousn’avonspastrouvélasourcedurenvoi.mayprovideitsserviceasamodulewithaconformityassessmentcarriedoutbyaconformityassessmentbody.Evrotrust Technologies JSC provides a trust service for the creation of qualifiedcertificates for electronic signatures with the functions identification, registration,key generation, certificate issuance, and a certificate status servicewith revocationservice.Thetrustserviceisperformedbyemployees,whoaretrainedandauthorisedfortheirduties,withinaphysical,organisationalandtechnicalsecureenvironment.Evrotrust Technologies JSC provides a trust service for the generation of qualifiedelectronictimestamps.Thetrustserviceisprovidedbyemployees,whoaretrainedandauthorisedfortheirduties,withinaphysical,organisationalandtechnicalsecureenvironment.
DT209_V2.0
DeclarationofconformityLSTISASN°1622_37_V1 15June2017 Page56of56Pages
b)CommissioningThisconformityassessmenthastoberenewedaftersecurity-relatedchangesorduetothevalidityoftheproduct/modulconfirmationsreferredto,upto31May2019atthelatest.The operation procedures of the trust service provider were demonstrated to theconformityassessmentbodywithin the frameworkof theconformityassessment inaccordancewithArticle20para.1.Thecorrect implementationoftherequirementslaiddownintheeIDASEURegulationwasdetermined.PursuanttoArticle21para.2,the trust service providermay only beginwith the provision of the qualified trustserviceafterthequalifiedstatushasbeensetoutbytheS.B.inthetrustedlist.c)OperationofthetrustserviceThefollowingconditionshavetobeobservedduringtheoperation- In case of any security-related changes and in case of any suspicion of
manipulation,whichcannotbeclarifiedorremediedbymechanismsprovidedforsuchcasesorbyanyadditionalmeasuresof the trust serviceproviderprovidedfor such cases, a recognised conformity assessment body has to be involved inaccordingtoETSIEN319403,chapter7.10.
- Any exchange or change of the trust service and in the organisation of theprocessesorthesecurityelementshastobereportedtoarecognisedconformityassessmentbodyinaccordancewithETSIEN319403,chapter7.10andrequiresareviewandanextensionoftheconformityassessment,ifappropriate.
- Anysecurity-relatedchangehastobereportedwithoutdelaytothenationalS.B.,as thecompetentauthority, inaccordancewith theeIDASEURegulationArt.24para.2a).
Endoftheconformityassessmentreport