Technical Committee (TC) Electronic Signatures and Infrastructures (ESI) Activity Report 2022

Chair: Riccardo Genghini, eWitness SA

Developing standards for electronic signatures and trust services to protect electronic transactions and ensure trust with business partners.

The activities of ETSI’s committee on Electronic Signatures and Infrastructures (TC ESI) address the requirements of digital signatures, including formats and procedures and policies for creation and validation, as well as trust service supporting the authenticity of transactions.

The committee’s scope covers policy, security, and technical requirements for trust service providers (TSPs) such as certification authorities, time-stamping authorities, TSPs providing remote signature creation or validation functions, registered e-delivery providers, and long-term data preservation providers. The committee’s work supports the eIDAS (electronic ID, authentication, and signature) regulation, as well as general requirements of the international community to provide confidence in electronic transactions.

TC ESI activities in 2022 included the publication of revisions to four of the committee’s existing deliverables:

  • European Standard EN 319 532-4 ‘Registered Electronic Mail (REM) Services; Part 4: Interoperability profiles’ – this updates the interoperability profiles according to Part 3, with review/clarification of use of timestamps associated to events related to the REM message; specification of support of secure routing in the Common Service Interface.
  • European Standard EN 319 132-1 ‘XAdES digital signatures; Part 1: Building blocks and XAdES baseline signatures’ – including various updates.
  • Technical Specification TS 119 495 ‘Sector Specific Requirements; Certificate Profiles and TSP Policy Requirements for Open Banking’ – updated with the addition of a new annexe for global NCA Identifiers.
  • Technical Specification TS 119 312 ‘Cryptographic Suites’ – revised with updated data.

Other activities during the year notably included:

  • Development of Technical Report on guidelines for the coexistence of web browser and EU trust controls, developed with web browser vendors.
  • Publication of Technical Specification TS 119 322 on schema for machine-readable cryptographic algorithms, and cipher suites catalogues.
  • Plugtests™ event – running from 16 May-15 July 2022 – on signature validation standards (based on ETSI standards EN 319 102-1, TS 119 102-2 and TS 119 172-4) with participation from 111 different organizations from 37 countries. The issues identified from this event are to be followed up with updates to the relevant standards.

Maintenance work was also carried out on a number of the committee’s standards and specifications, including:

  • EN 319 411-1 Policy and security requirements for Trust Service Providers issuing certificates.
  • EN 319 412-2 Certificate profile for certificates issued to natural persons.
  • EN 319 421 Policy and Security Requirements for Trust Service Providers issuing Electronic Time-Stamps.
  • TS 119 615 Procedures for using and interpreting European Union Member States national trusted lists.

During the year TC ESI identified possible standardization requirements in support of proposed revision to the Regulation 910/2014 on electronic identification and trust services. Work accordingly commenced on three most urgent activities: Attribute Attestation Profiles; Policy and Security Requirements for issuing Attribute Attestations; and EU Digital ID Wallet interfaces with trust service providers.

The committee also liaised on PKI related trusted services with other sector or regional bodies including:

  • CA/Browser Forum
  • Asia PKI
  • PKI Consortium
  • Arab ICT Organisation
  • SafeBiopharma
  • Japan Network Security Association

Ongoing activities in 2023 are scheduled to include:

  • Standards in support of revised eIDAS regulation including profiles and policies for electronic attestations
  • Revised general requirements for trust services to support the NIS 2 Directive
  • Standards for policy and security requirements of ledgers for smart contracts
  • Standards for electronic identities and electronic signatures for smart contracts
  • Next generation registered electronic delivery and electronic mail

See the full list of TC ESI Work Items currently in development here.

A further overview of the committee’s activities – including all published standards and reports is available here.