CEN/TS 419221-6:2019
(Main)Conditions for use of EN 419221-5 as a qualified electronic signature or seal creation device
Conditions for use of EN 419221-5 as a qualified electronic signature or seal creation device
This document specifies conditions for use of an EN 419221-5 certified device in the case the signatory or seal creator has direct local control of the cryptographic module with the aim of being recognised as a qualified seal and/or signature creation device as defined in Regulation EU 910/2014 [1].
This document is aimed at use by entities other than trust service providers. Trust service providers can use EN 419221-5 directly without the need to take into account specific conditions as specified in the present document.
Bedingungen zu lokalen Verwendung von EN 419221-5 als qualifizierte elektronische Signatur- oder Siegelerstellungseinheit
Conditions d'utilisation de l'EN 419221-5 en tant dispositif de création de signature ou cachet électronique qualifié
Le présent document spécifie les conditions d'utilisation d'un dispositif certifié selon l'EN 419221 5 dans le cas où le créateur du cachet ou de la signature exerce un contrôle local direct du module cryptographique pour qu’il soit reconnu en tant que dispositif de création de cachet et/ou de signature qualifié comme défini dans le Règlement UE N°910/2014 [1].
Le présent document est destiné à être utilisé par d'autres entités que les prestataires de services de confiance. Les prestataires de services de confiance peuvent utiliser l'EN 419221 5 directement sans être dans l'obligation de tenir compte des conditions spécifiques spécifiées dans le présent document.
Pogoji za uporabo EN 419221-5 kot sredstva za ustvarjanje kvalificiranega elektronskega podpisa ali pečata
Ta dokument določa pogoje za uporabo naprave, potrjene v skladu s standardom EN 419221-5, v primeru da ima podpisnik ali ustvarjalec pečata neposreden lokalni nadzor nad kriptografskim modulom, s ciljem, da bi bila prepoznana kot potrjena naprava za ustvarjanje pečata in/ali podpisa, kot je opredeljeno v Uredbi EU 910/2014 [1].
Ta dokument je namenjen za uporabo v subjektih, ki niso ponudniki storitev zaupanja. Ponudniki storitev zaupanja lahko neposredno uporabljajo standard EN 419221-5, ne da bi morali upoštevati posebne pogoje, kot so opredeljeni v tem dokumentu.
General Information
- Status
- Published
- Publication Date
- 26-Mar-2019
- Drafting Committee
- CEN/TC 224/WG 17 - Protection Profiles in the context of SSCD
- Current Stage
- 9093 - Decision to confirm - Review Enquiry
- Start Date
- 23-Nov-2022
- Completion Date
- 23-Sep-2025
Overview
CEN/TS 419221-6:2019 specifies the conditions for using an EN 419221-5 certified cryptographic module as a qualified electronic signature creation device (QSigCD) or qualified seal creation device (QSealCD) under EU Regulation 910/2014 (eIDAS). It clarifies how entities other than Qualified Trust Service Providers (QTSPs) can operate EN 419221-5 devices locally while meeting the requirements for recognition as a qualified signature or seal creation device.
Key topics and technical requirements
- Scope and purpose: Applies when the signatory or seal creator has direct local control of the cryptographic module; trust service providers may use EN 419221-5 directly.
- Operational controls (EN 419221-5:2018, Clause 7.3): Users must implement controls to meet the security objectives of the operational environment (OE).
- Evaluated configuration: The device must be operated in its evaluated configuration as described in the operational user guidance (AGD_OPE) of EN 419221-5, or an equivalent configuration demonstrated to achieve the same security objectives.
- Administration and hosting:
- For QSealCD: the seal creator must document practices, ensure staff administer the device, and host the module in line with those practices.
- For QSigCD: the signatory must administer and host the module and have sole control of the signing key.
- Annex A guidance (informative): Practical guidance to meet OE objectives including:
- OE.ExternalData - protection of data outside TOE control (backups, client apps)
- OE.Env - protected operating environment (physical protection, tamper inspections, side-channel and emanation considerations)
- OE.DataContext, OE.Uauth, OE.AuditSupport, OE.AppSupport - application security, user authentication, audit logging and review, and secure client application procedures
- Audit and continuity: Audit trails must be collected, reviewed, and monitored; backups should be limited and restore operations placed under dual-person control.
Practical applications and users
- Who uses it: Implementers, system integrators, signatories (individuals), legal entities creating seals, regulators, and non‑TSP organizations seeking qualified signatures/seals under eIDAS.
- Use cases:
- Deploying locally controlled hardware security modules or cryptographic devices to produce legally recognized qualified electronic signatures or seals.
- Demonstrating compliance to auditors or national authorities when a QTSP is not operating the device.
- Integrating EN 419221-5 certified modules into enterprise signing workflows while preserving eIDAS recognition.
- Benefits: Provides a clear compliance path for local deployments, reduces ambiguity for non‑TSPs, and links device evaluation to eIDAS requirements.
Related standards and references
- EN 419221-5:2018 - Protection Profiles for TSP Cryptographic Modules (cryptographic module requirements)
- EU Regulation No 910/2014 (eIDAS) - legal framework for qualified electronic signatures and seals
- ISO/IEC 27002:2013 - guidance referenced for backup, access control, physical and operational security
- Directive 1999/93/EC - historical background on electronic signatures
Keywords: CEN/TS 419221-6:2019, EN 419221-5, eIDAS, qualified electronic signature, qualified seal creation device, QSigCD, QSealCD, cryptographic module, operational environment.
Frequently Asked Questions
CEN/TS 419221-6:2019 is a technical specification published by the European Committee for Standardization (CEN). Its full title is "Conditions for use of EN 419221-5 as a qualified electronic signature or seal creation device". This standard covers: This document specifies conditions for use of an EN 419221-5 certified device in the case the signatory or seal creator has direct local control of the cryptographic module with the aim of being recognised as a qualified seal and/or signature creation device as defined in Regulation EU 910/2014 [1]. This document is aimed at use by entities other than trust service providers. Trust service providers can use EN 419221-5 directly without the need to take into account specific conditions as specified in the present document.
This document specifies conditions for use of an EN 419221-5 certified device in the case the signatory or seal creator has direct local control of the cryptographic module with the aim of being recognised as a qualified seal and/or signature creation device as defined in Regulation EU 910/2014 [1]. This document is aimed at use by entities other than trust service providers. Trust service providers can use EN 419221-5 directly without the need to take into account specific conditions as specified in the present document.
CEN/TS 419221-6:2019 is classified under the following ICS (International Classification for Standards) categories: 35.040.01 - Information coding in general; 35.240.30 - IT applications in information, documentation and publishing. The ICS classification helps identify the subject area and facilitates finding related standards.
CEN/TS 419221-6:2019 is associated with the following European legislation: Standardization Mandates: M/460. When a standard is cited in the Official Journal of the European Union, products manufactured in conformity with it benefit from a presumption of conformity with the essential requirements of the corresponding EU directive or regulation.
You can purchase CEN/TS 419221-6:2019 directly from iTeh Standards. The document is available in PDF format and is delivered instantly after payment. Add the standard to your cart and complete the secure checkout process. iTeh Standards is an authorized distributor of CEN standards.
Standards Content (Sample)
SLOVENSKI STANDARD
01-junij-2019
Pogoji za uporabo EN 419221-5 kot sredstva za ustvarjanje kvalificiranega
elektronskega podpisa ali pečata
Conditions for use of EN 419221-5 as a qualified electronic signature or seal creation
device
Bedingungen zu lokalen Verwendung von EN 419221-5 als qualifizierte elektronische
Signatur- oder Siegelerstellungseinheit
Conditions d'utilisation de l'EN 419221-5 en tant dispositif de création de signature ou
cachet électronique qualifié
Ta slovenski standard je istoveten z: CEN/TS 419221-6:2019
ICS:
35.040.01 Kodiranje informacij na Information coding in general
splošno
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
CEN/TS 419221-6
TECHNICAL SPECIFICATION
SPÉCIFICATION TECHNIQUE
March 2019
TECHNISCHE SPEZIFIKATION
ICS 35.040.01; 35.240.30
English Version
Conditions for use of EN 419221-5 as a qualified electronic
signature or seal creation device
Conditions d'utilisation de l'EN 419221-5 en tant Bedingungen zu lokalen Verwendung von EN 419221-
dispositif de création de signature ou cachet 5 als qualifizierte elektronische Signatur- oder
électronique qualifié Siegelerstellungseinheit
This Technical Specification (CEN/TS) was approved by CEN on 11 February 2019 for provisional application.
The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to
submit their comments, particularly on the question whether the CEN/TS can be converted into a European Standard.
CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS
available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in
parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2019 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 419221-6:2019 E
worldwide for CEN national Members.
Contents Page
European foreword . 3
Introduction . 4
1 Scope . 5
2 Normative references . 5
3 Terms and definitions . 5
3.1 Terminology . 5
3.2 Abbreviations . 5
4 Conditions for use of EN 419221-5 Certified device as QSealCD. 6
5 Conditions for use of EN 419221-5 Certified device as QSigCD . 6
Annex A (informative) Guidance on meeting Objectives of the Operation Environment . 7
A.1 Introduction . 7
A.2 OE.ExternalData — Protection of data outside TOE control . 7
A.3 OE.Env — Protected operating environment . 7
A.4 OE.DataContext — Appropriate use of TOE functions . 8
A.5 OE.Uauth — Authentication of application users . 8
A.6 OE.AuditSupport — Audit data review . 8
A.7 OE.AppSupport — Application security support . 8
Bibliography . 9
European foreword
This document (CEN/TS 419221-6:2019) has been prepared by Technical Committee CEN/TC 224
“Personal identification, electronic signature and cards and their related systems and operations”, the
secretariat of which is held by AFNOR.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
This document has been prepared under a mandate given to CEN by the European Commission and the
European Free Trade Association.
According to the CEN/CENELEC Internal Regulations, the national standards organisations of the
following countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia,
France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta,
Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.
FprCEN/TS 419221-6:2018 (E)
Introduction
EU Regulation N° 910/2014 (eIDAS) on electronic identification and trust services for electronic
transactions in the internal market [1] builds on the concept and requirements defined in the earlier EU
Directive 1999/93 on Electronic Signatures [i.3]. eIDAS defines an electronic signature which has legal
equivalence to handwritten signature. eIDAS defines a variant of the electronic signature called electronic
seal. An electronic seal authenticates the origin of data but created under control, as opposed to “sole
control” for electronic signatures, of a legal person (e.g. organization), as opposed to natural person (i.e.
individual). eIDAS recognizes a special level of qualified electronic signature and seal which is created
using a qualified signature creation device (QSigCD) or qualified seal creation device (QSealCD) and
supported by a qualified certificate. The requirements for a qualified seal creation device are described
to be “mutatis mutandis” as for a qualified signature creation device.
The EN 419221-5 standard states that a conformant cryptographic module is intended to be used as a
qualified electronic signatures and seal creation device under Regulation 910/2014 (see Clause 1.2.1)
but the scope of the document is aimed at trust service providers. This document aims to give users,
implementers and regulators a clear basis for acceptance of EN 419221-5 certified devices for use as a
qualified signature creation device or a qualified electronic seal creation device under Regulation
910/2014 even if not operated by a qualified TSP.
Annex A of EN 419221-5:2018 describes how the requirements for a Qualified Signature Creation Device
(as defined in Annex II of (EU) No 910/2014) are covered by the standard. The equivalent may also be
applied “Mutatis Mutandis” to Qualified Seal Creation Device where the requirements for control are
considered to be less stringent (“control” instead of “sole control”).
1 Scope
This document specifies conditions for use of an EN 419221-5 certified device in the case the signatory
or seal creator has direct local control of the cryptographic module with the aim of being recognized as a
qualified seal and/or signature
...
CEN/TS 419221-6:2019の標準は、EN 419221-5認定デバイスの利用条件を明確に定義しており、特に署名者またはシール作成者が暗号モジュールを直接的に制御できる場合に焦点を当てています。この文書は、EU規則910/2014に基づく認定シール及び署名作成デバイスとして認識されることを目指しており、非常に重要な役割を果たしています。 この文書の強みは、特定の条件に従って、認定されたデバイスを利用するための具体的なガイダンスを提供している点にあります。また、信頼サービスプロバイダーを除く組織にとって非常に実用的であり、直接的な利用が可能であるため、他の業界でも広く採用される可能性があります。EN 419221-5に基づくデバイスの利用は、標準化された手順を踏むことで、電子署名及びシールの信頼性を確保し、法的効力を持たせることに寄与しています。 この標準は、電子署名やシールの利用が進む現代において、特にデジタル証明書やセキュリティ要件を備えた技術的な環境での適用が期待されています。また、EN 419221-5との関連性を強調することで、標準の重要性を再認識させる点も優れています。従って、CEN/TS 419221-6:2019は、情報セキュリティやデジタル取引の分野で非常に重要な文書であると言えるでしょう。
Die Norm CEN/TS 419221-6:2019 legt die Bedingungen für die Verwendung eines zertifizierten Geräts nach EN 419221-5 fest, wenn der Unterzeichner oder Siegelersteller die direkte lokale Kontrolle über das kryptografische Modul hat. Dies ist besonders relevant für die Qualifizierung als ein qualifiziertes Erstellungsgerät für Siegel und Signaturen im Sinne der Verordnung EU 910/2014. Eine der Stärken dieser Norm ist ihre klare Definition der Voraussetzungen, unter denen eine qualifizierte elektronische Signatur oder ein qualifiziertes Siegel geschaffen werden kann. Durch die Festlegung spezifischer Bedingungen für die Nutzung von EN 419221-5 durch nicht vertrauenswürdige Dienstanbieter wird eine breite Anwendung ermöglicht, ohne dass diese spezifischen Auflagen befolgen müssen, die für vertrauenswürdige Dienstanbieter gelten. Dies fördert Innovation und Flexibilität im Sektor der elektronischen Signaturen und Siegel. Die Norm bietet auch eine wertvolle Orientierung für Unternehmen und Institutionen, die in der digitalen Welt tätig sind und auf sichere, qualifizierte elektronische Signaturen und Siegel angewiesen sind. Die Relevanz dieser Norm wird zudem durch die aktuellen regulatorischen Anforderungen unterstrichen, da sie sicherstellt, dass die Geräte, die zur Erstellung elektronischer Signaturen oder Siegel verwendet werden, den strengen Vorgaben der EU entsprechen. Zusammenfassend ist CEN/TS 419221-6:2019 eine wesentliche Norm, die nicht nur die rechtlichen Rahmenbedingungen für die Erstellung qualifizierter elektronischer Signaturen und Siegel festlegt, sondern auch eine praktische Anleitung für die Implementierung bietet. Sie trägt maßgeblich zur Sicherstellung der Integrität und Authentizität von elektronischen Dokumenten in einer zunehmend digitalisierten Welt bei.
Le document CEN/TS 419221-6:2019 définit des conditions précises pour l'utilisation d'un dispositif certifié EN 419221-5 en tant que dispositif de création de signature ou de sceau électronique qualifié. Ce standard est d'une grande importance car il détaille les exigences nécessaires pour que les entités, en dehors des fournisseurs de services de confiance, puissent faire usage de cette technologie tout en garantissant leur conformité aux réglementations en vigueur, notamment le Règlement (UE) 910/2014. L'un des principaux points forts de CE document est la clarté avec laquelle il établit les conditions dans lesquelles un signataire ou un créateur de sceau pouvant exercer un contrôle local direct sur le module cryptographique peut être reconnu comme un dispositif de création de sceau et/ou de signature qualifié. Cette précision permet aux organisations de s'assurer qu'elles respectent les normes nécessaires pour garantir l'intégrité et la sécurité des transactions électroniques. De plus, la portée de la norme est pertinente car elle facilite l'adoption des dispositifs de création de signatures électroniques au sein d'un cadre réglementaire. En fournissant un cadre pour l'utilisation des dispositifs certifiés, le CEN/TS 419221-6:2019 promeut également la confiance dans les signatures électroniques, ce qui est essentiel dans un monde où le commerce électronique et les communications numériques sont en constante expansion. Enfin, l'exclusion des fournisseurs de services de confiance de certaines conditions spécifiques énoncées dans le document simplifie l'interopérabilité et renforce la flexibilité pour les acteurs du marché. Cela permet aux entités de se concentrer sur l'implémentation efficace des dispositifs tout en maintenant un niveau élevé de conformité et de sécurité. En résumé, le CEN/TS 419221-6:2019 représente une avancée significative dans le domaine de la normalisation des dispositifs de création de signatures électroniques et de sceaux, apportant des précisions et renforçant la confiance nécessaire dans l'utilisation de ces technologies pour les acteurs en dehors des fournisseurs de services de confiance.
CEN/TS 419221-6:2019 표준은 인증된 전자 서명 및 인감 생성 장치의 사용 조건을 명확하게 규정하고 있습니다. 이 문서는 서명자 또는 인감 생성자가 암호화 모듈을 직접적으로 지역적으로 제어할 수 있는 경우에 적용되며, EU 규정 910/2014에서 정의하는 자격 있는 인감 및 서명 생성 장치로 인정받기 위한 조건을 제시합니다. 이 표준의 주요 강점 중 하나는 비신뢰 서비스 제공자를 위한 명확한 지침을 제공한다는 점입니다. 이는 기존의 신뢰 서비스 제공자와는 다른 조건에 따라 운영될 수 있는 장치를 사용할 수 있는 법적 프레임워크를 마련합니다. 이러한 점은 특히 다양한 기업체와 기관들이 EN 419221-5 인증 장치를 통해 전자 서명 및 인감 생성을 구현할 수 있도록 돕습니다. 또한, CEN/TS 419221-6:2019는 클라이언트가 책임지고 자신의 보안 체계를 구축할 수 있도록 요구사항을 상세히 명시하고 있어, 사용자가 더 높은 수준의 신뢰성과 보안을 확보할 수 있도록 지원합니다. 이렇듯 표준은 유럽 전역에서 전자 신원 검증 및 서명 생성을 보다 안전하고 효율적으로 할 수 있는 기반을 제공합니다. 결국, CEN/TS 419221-6:2019은 현대 디지털 환경에서 전자 서명 및 인감의 유효성을 보장하기 위한 중요한 기준으로 자리매김하며, 관련 업계에 실질적인 도움을 줄 수 있는 잠재력을 지니고 있습니다.
The CEN/TS 419221-6:2019 standard presents a comprehensive framework for the conditions under which EN 419221-5 certified devices can be utilized as qualified electronic signature or seal creation devices. This standard is particularly relevant for entities that operate outside the scope of trust service providers, delineating clear guidelines aimed at ensuring compliance with the specifications laid out in Regulation EU 910/2014. One of the key strengths of this standard is its focus on local control of the cryptographic module by the signatory or seal creator. This aspect is crucial, as it enhances security and integrity in the creation of electronic signatures and seals, ensuring that the user has direct oversight over the device that generates the credentials. Moreover, by specifying the conditions under which these devices can be recognized as qualified, the standard promotes a higher level of trust and reliability in electronic transactions. Furthermore, the standard's clarity and precise guidelines help mitigate potential risks involved in electronic signature and seal creation. By educating users on the requirements for compliance, this document not only supports enhanced operational best practices but also fosters broader adoption of secure digital processes across various sectors. In summary, CEN/TS 419221-6:2019 is a vital resource that provides essential directives for using EN 419221-5 certified devices as qualified electronic signature or seal creation instruments, thereby contributing significantly to the evolution of secure electronic identification and trusted services in line with EU regulations.
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.
Loading comments...