The Information Commissioner’s Office has approved GlobalSign as the UK’s first qualified trust service provider [QTSP] under the UK eIDAS Regulations.
Trust services are important to businesses as they help ensure electronic transactions can happen securely and legally using mechanisms such as electronic signatures.
To become a QTSP organisations must undergo a conformity assessment to demonstrate they meet the requirements of the UK eIDAS Regulations. This is then checked by the ICO.
GMO GlobalSign Ltd is the first company globally to have gone through this process in the UK under the UK eIDAS Regulations and is now a qualified trust service provider for the following services:
- Qualified certificates for electronic signatures.
- Qualified certificates for electronic seals.
Anulka Clarke, Acting Director of Regulatory Assurance said:
“Trust is often described as the currency of business and that’s especially true in the digital economy. Clients, consumers and companies need confidence when they’re transferring information electronically. That’s why QTSPs are so important. They give businesses assurance and present an opportunity for growth, development and innovation.”
Arvid Vermote, Chief Information Security Officer for GlobalSign said:
“We are particularly proud to be the first Certificate Authority in the world to accomplish this. As always, the level of assurance QTSP recognition offers is critical, especially for companies in regulated industries such as banking, insurance and energy marketplaces. Being recognized as a QTSP within the UK and the EU will continue to offer many important opportunities for GlobalSign.”
GlobalSign have now been added to the UK’s Trusted List of Trust Service Providers, which is managed by tScheme.
Organisations interested in becoming a qualified trust service provider, should read our guidance or get in contact at eidas@ico.org.uk.
Notes to editors
- The UK eIDAS Regulations set out rules for UK trust services and establishes a legal framework for the provision and effect of electronic signatures, electronic seals, electronic time stamps, electronic documents, electronic registered delivery services and certificate services for website authentication.
- Following the UK withdrawal from the EU the eIDAS Regulation was adopted into UK law and amended by The Electronic Identification and Trust Services for Electronic Transactions (Amendment etc.) (EU Exit) Regulations 2019). In addition, the existing UK trust services legislation, The Electronic Identification and Trust Services for Electronic Transactions Regulation 2016 (2016 No.696)) was also amended. Taken together, these regulations are referred to as the UK eIDAS Regulations.
- The ICO has responsibility for supervision of the trust service provisions of the UK eIDAS Regulations. The ICO can grant and revoke qualified status for trust service providers established in the UK, approve or reject qualified trust services, report on security breaches, carry out audits and take enforcement action.