Compliance | Evrotrust

Compliance & Security

Evrotrust is а Qualified Trust Service Provider. Our technology and qualified trust services are regulated by a supranational law in the EU – Regulation (EC) 910/2014 for the Electronic Identification and Trust Services (eIDAS). This Regulation has a direct effect and is obligatory and applicable in all EU member states without the necessity of being nationally transposed. Because Evrotrust Technologies JSCo is registered in an EU Member State, the qualified trust services we provide are valid throughout the EU. We are audited for compliance with all applicable EU standards by independent conformity assessment bodies that are registered and supervised by national supervisory authorities. Thus our solutions benefit legal recognition by law.

Contact Sales

Compliance with Industry standards

Evrotrust's technology, services, and infrastructure meet numerous technological standards and undergo a full conformity assessment audit every two years. Our certificates are available for review below:

ISO 9001:2015

ISO/IEC 20000-1:2018

ISO/IEC 27001:2013

ISO 22301:2019

Certificate QPSES

Certificate Remote eID

Certificate QESign

certificate QESeal

Certificate SSL

Certificate TSA

Certificate QSVS

Certificate RESS

Certificate QREMS

Certificate QERDS

Certificate Remote Video ID System

Full range of qualified trust services

We answer to the highest standards so you can be confident about our partnership

Our remote electronic identification is certified in accordance to eIDAS. It's based on the attestation of the user's identity from a smart device to any interested third party by issuing one-time attributive qualified certificates, as regulated in Art. 28 (3) of the eIDAS. The issuance and maintenance of qualified certificates for e-signatures and e-seals issued by Evrotrust is certified under eIDAS Art. 24(1)(d) and listed on the EU Trust List. Additionally, our remote signing with qualified e-signatures is audited for compliance with the applicable EU standards by an independent conformity assessment body.

KYC & AML

The Evrotrust solution allows for legal attestation of a substantial part of the user's data for KYC purposes, by collecting and validating personal data, copies of ID documents, and self-signed declarations (PEP, source of funds, etc). We comply with Article 24 of eIDAS which states that when issuing a qualified certificate for a trust service, a QTSP must verify the identity of the natural person to whom the qualified certificate is issued. This method is legally valid for KYC/AML purposes by Directive (EU) 2018/843 of the European Parliament and Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU (the 5th AML Directive, in force as of 9th July 2018).

GDPR

We are certified for compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR) by an accredited conformity assessment body. The measures for personal data processing we have in place, go far beyond the security requirements set forth by GDPR.

PSD2

The Evrotrust solution is fully compliant with Directive 2015/2366 (PSD2), and more specifically, it meets the requirements for Strong Customer Authentication (SCA). Our 2-factor authentication method, which embeds OTP and other dynamic methods for credentials exchange, involve multi-factor knowledge-biometrics access, and is based on a regulated qualified services with asymmetric cryptology.

Fully compliant EU QTSP

Evrotrust Technologies JSCo., is a qualified trust service provider certified for eIDAS compliance by the French conformity assessment body – LSTI, accredited by the French agency COFRAG and supervised by the Bulgarian Communications Regulation Commission (CRC).

TSP Details