Utimaco CryptoServer CP5 QSCD
The eIDAS-compliant and Common Criteria certified QSCD according to EN 419221-5 of the eIDAS Regulation (EU) 910/2014
Qualified Electronic Seal
Thanks to the eIDAS regulation, electronic documents signed with a qualified electronic seal have an equivalent legal effect of a widely used organisation seal.
eIDAS & CEN/TS 419221-6
The technical specification, published on 1 March 2019 (CEN/TS 419221-6), defines the requirements for local applications of EN 419221-5 for qualified electronic signatures or signature creation devices, i.e. in case the signatory or signature creator has direct local control over the cryptographic module. The purpose is to approve the qualified seal creation devices and/or signature creation devices (QSealCD / QSignatureCD) according to the Regulation (EU) 910/2014. An appropriate certification of the HSM/QSCD and its location in a secure server room or computer centre (e.g. with access control) is required for an organisation’s internal mass sealing.
In such case, operating Hardware Security Modules (HSMs) as QSCD for internal qualified digital sealing of documents is no longer legally or technically reserved for Qualified Trust Service Providers only.
The HSM model Utimaco CryptoServer CP5 was certified by TÜV-Rheinland Nederland B.V. at the end of May 2020 and on 4 June 2020, it was entered by the European Commission in the List of Secure Signature Creation Devices, covered by the set of transitional measures under Article 51(1) of the Regulation (EC) 910/2014 (eIDAS). Utimaco CP5 is an approved QSCD in which the data for creating electronic signatures or electronic seals “are stored in an environment that is fully, but not necessarily exclusively administered by the user”.