CEN/TS 18170:2025

SLOVENSKI STANDARD
01-julij-2025
Funkcionalne zahteve za storitve elektronskega arhiviranja
Functional requirements for the electronic archiving services
Richtlinien und funktionale Anforderungen an den elektronischen Archivierungsdienst
Exigences fonctionnelles pour les services d'archivage électronique
Ta slovenski standard je istoveten z: CEN/TS 18170:2025
ICS:
01.140.20 Informacijske vede Information sciences
35.240.30 Uporabniške rešitve IT v IT applications in information,
informatiki, dokumentiranju in documentation and
založništvu publishing
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

CEN/TS 18170
TECHNICAL SPECIFICATION
SPÉCIFICATION TECHNIQUE
May 2025
TECHNISCHE SPEZIFIKATION
ICS 01.140.20; 35.240.30; 37.080
English Version
Functional requirements for the electronic archiving
services
Exigences fonctionnelles pour les services d'archivage Richtlinien und funktionale Anforderungen an den
électronique elektronischen Archivierungsdienst
This Technical Specification (CEN/TS) was approved by CEN on 13 May 2025 for provisional application.

The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to
submit their comments, particularly on the question whether the CEN/TS can be converted into a European Standard.

CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS
available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in
parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and
United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2025 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 18170:2025 E
worldwide for CEN national Members.

Contents Page
European foreword . 4
Introduction . 5
1 Scope . 6
2 Normative references . 6
3 Terms and definitions . 6
3.1 Terms related to electronic trust service. 6
3.2 Terms related to digital objects . 8
3.3 3.3 Terms related to electronic archiving . 9
4 Symbols and abbreviated terms . 10
5 Position statement . 10
6 Policies and practices . 11
6.1 Policy and practice statement . 11
6.2 Terms and conditions . 12
6.3 Information security policy . 12
6.4 Agreements . 12
6.4.1 General. 12
6.4.2 Service agreement . 12
6.4.3 Submission agreement . 14
7 Trust Service Provider management and operation . 15
7.1 General. 15
7.2 Internal organization . 15
7.3 Human resources. . 15
7.4 Asset management . 15
7.5 Access control. 15
7.6 Cryptographic controls and monitoring . 16
7.7 Physical and environmental . 16
7.8 Operation . 16
7.9 Network . 16
7.10 Vulnerabilities and incident management . 16
7.11 Collection of evidence . 16
7.12 Business continuity management . 16
7.13 EATSP termination and termination plans . 16
7.14 Compliance . 16
7.15 Supply Chain . 17
8 Information packages — Information Package Format . 17
9 Submission Information Package . 17
9.1 General. 17
9.2 Submission Information Package Format . 17
9.3 Components of the SIP . 17
9.4 Other metadata in the SIP . 17
9.5 Content Data Object Formats . 18
9.6 Transfer submission . 18
9.7 Receive submission . 18
9.8 Audit submission . 18
9.8.1 General. 18
9.8.2 Scope of verification defined in the “submission agreement” . 18
10 Archival Information Package . 19
10.1 General . 19
10.2 AIP Generation . 20
10.2.1 General . 20
10.2.2 Archival Information Package Format . 20
10.2.3 Components of the AIP . 20
10.2.4 Transformation of SIPs into AIPs . 20
10.2.5 Transformation of Content Data Objects into other formats . 20
10.2.6 Map and list of archiving formats for Content Data Objects . 21
10.3 Storage infrastructure and localization . 21
10.4 Storage security - AIP Integrity . 21
10.5 Media migration and format conversion during preservation period. 21
10.5.1 Storage media migration . 21
10.5.2 Format conversion . 21
10.6 Deletion . 22
11 Dissemination Information Package . 22
12 Transfer process . 23
12.1 General . 23
12.2 Transfer Requirements . 23
12.2.1 General . 23
12.2.2 Identification of transfer Requirements . 23
12.2.3 Design of the transfer Interface . 23
12.2.4 Documentation of transfer process . 24
12.3 Responsibilities . 24
13 Traceability of operations . 25
13.1 Traceability of operations . 25
13.2 Criticality of events . 25
13.3 Common features of critical and non critical events . 25
13.3.1 Reliable time of events . 25
13.3.2 Traceability of initiator . 25
13.3.3 separation of traced events . 25
13.4 Non-critical events . 25
13.5 Critical events . 26
13.6 Integrity protection of critical events and digital objects . 27
13.6.1 General . 27
13.6.2 Protection using digital signature techniques . 27
13.6.3 Protection using integrity chains . 28
14 Reporting . 28
14.1 General . 28
14.2 Format and content of reports . 30
Annex A (informative) Green sustainability . 31
Annex B (informative) Concepts . 32
B.1 General concepts . 32
B.2 Electronic archiving trust service concepts . 32
B.3 Digital objects concepts . 33
B.4 Electronic archiving concepts . 33
Bibliography . 34

European foreword
This document (CEN/TS 18170:2025) has been prepared by Technical Committee CEN/TC 468
“Preservation of digital information”, the secretariat of which is held by AFNOR.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
Any feedback and questions on this document should be directed to the users’ national standards body.
A complete listing of these bodies can be found on the CEN website.
According to the CEN/CENELEC Internal Regulations, the national standards organisations of the
following countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,
Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of
North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and the
United Kingdom.
Introduction
This document specifies provisions (requirements, recommendations, permissions, possibilities and
capabilities) for an Electronic Archiving Trust Service (EATS).
The structure of this document follows “CEN-CENELEC Internal Regulations Part 3:2022 (E), Principles
and rules for the structure and drafting of CEN and CENELEC documents”.
The Regulation (EU) 2024/1183 of the European Parliament and of the Council of 11 April 2024
(eIDAS 2) amending Regulation (EU) No 910/2014 (eIDAS) as regards establishing the European Digital
Identity Framework establishes a legal framework of requirements for electronic signatures and trust
services. This regulation introduces the (qualified) electronic archiving service. It requires standards for
services, processes, systems and products related to trust services as well as guidance for conformity
assessment of such services, processes, systems and products.
The main objective of this document is to define requirements and recommendations for an electronic
archiving trust service which may use procedures and technologies capable of ensuring the durability
and legibility of electronic data and electronic documents beyond the technological validity period and at
least throughout the legal or contractual preservation period, while maintaining their integrity and the
accuracy of their origin.
It is assumed that the Electronic Archiving Trust Service Provider (EATSP) which provides electronic
archiving trust services operates the trustworthy system in an environment with a security policy which
incorporates general physical, procedural and documentation security requirements for TSP providing
electronic archiving trust services.
As explained further, this document follows ETSI EN 319 401 for General Policy Requirements for Trust
Service Providers to ensure that the general Trust Service Providers requirements above are met.
NOTE The European Directive (EU) 2022/2555 (NIS2) is also a reference text for technical and methodological
requirements of cybersecurity risk-management measures and further specification of the cases in which an
incident is considered to be significant for trust service providers.
1 Scope
This document specifies requirements for implementing electronic archiving trust services with specific
regard to:
— Functional requirements for electronic archiving to ensure the receipt, storage, retrieval and deletion
of electronic data and electronic documents in order to ensure their durability and legibility as well
as to preserve their integrity, confidentiality and proof of origin throughout the preservation period.
— Requirements for qualified electronic archiving trust services, aiming to fulfil the provisions outlined
in Article 45j of the eIDAS Regulation
— Procedures and technologies capable of ensuring the durability and legibility of electronic data and
electronic documents beyond the technological validity period and at least throughout the legal or
contractual preservation period, while maintaining their integrity and the accuracy of their origin.
— Procedures and technologies to ensure that those electronic data and those electronic documents are
preserved in such a way that they are safeguarded against loss and alteration, except for changes
concerning their medium or electronic format.
— Procedures and technologies that allow authorized relying parties to receive a report in an
automated manner that confirms that electronic data and electronic documents retrieved from a
QEATS qualified electronic archive trust service enjoy the presumption of integrity of the data from
the beginning of the preservation period to the moment of retrieval.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ETSI EN 319 401, Electronic Signatures and Trust Infrastructures (ESI); General Policy Requirements for
Trust Service Providers
ETSI EN 319-421, Electronic Signatures and Infrastructures (ESI); Policy and Security Requirements for
Trust Service Providers issuing Time-Stamps
ETSI TS 119 312, Electronic Signatures and Infrastructures (ESI); Cryptographic Suites
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https://www.iso.org/obp/
— IEC Electropedia: available at https://www.electropedia.org/
3.1 Terms related to electronic trust service
3.1.1
electronic archiving trust service
service ensuring the receipt, storage, retrieval and deletion of electronic data and electronic documents
in order to ensure their durability and legibility as well as to preserve their integrity, confidentiality, and
proof of origin throughout the preservation period
3.1.2
qualified electronic archiving trust service
electronic archiving trust service provided by a qualified electronic archiving trust service provider to
fulfil additional requirements and subject to periodical independent third-party conformity assessment
by accredited conformity assessment bodies
3.1.3
electronic archiving trust service provider
natural or legal person providing electronic archiving trust service
3.1.4
electronic archiving trust service policy
document or set of documents describing the set of rules, applicability and level of the services provided
by an electronic archiving trust service provider
Note 1 to entry: Electronic archiving trust service policy includes information security policy in a separate set of
documents or in one document.
[SOURCE: ETSI EN 319 401 modified to include policy is a document or set of documents, and including
plural on services]
3.1.5
information security policy
intentions and direction of an electronic archiving trust service provider as formally expressed by its top
management regarding the protection of confidentiality, integrity and availability of information
[SOURCE: ISO 27000 merging definitions of policy and information security and modified to adapt to trust
service environments]
3.1.6
electronic archiving trust service practice statement
document or set of documents describing practices and procedures that an electronic archiving trust
service provider employs in providing the electronic archiving trust services
[SOURCE: ETSI EN 319 401 modified to include practice statement is a document or set of documents,
and the plural of services]
3.1.7
service agreement
agreement between an electronic archiving trust service provider and a subscriber that details rights and
obligations of both parts
3.1.8
subscriber
legal or natural person bound by any obligation to an electronic archiving trust service
[SOURCE: ETSI EN 319 401 modified for not circular definitions]
3.1.9
submission agreement
agreement reached between an electronic archiving trust service provider and a subscriber that specifies
the submission information package specification and any other arrangement needed for a specific type
of digital object in the data submission session
[SOURCE: ISO 14721 modified for adapting to a trust service environment]
3.1.10
termination plan
description of actions and timeline for the conclusion of the electronic archiving trust service
3.1.11
exit plan
description of actions and timeline for the end of a specific contract with a specific subscriber
3.2 Terms related to digital objects
3.2.1
digital object
object composed of a set of bit sequences
Note 1 to entry: Electronic data and electronic documents are digital objects.
[SOURCE ISO 14721]
3.2.2
information package
container of digital objects and additional information to make both the objects and the package
understandable and usable
Note 1 to entry: Additional information includes packaging information, representation information and
preservation description information
Note 2 to entry: Information package is machine-readable.
3.2.3
packaging information
information that describes how the components of an information package are logically or physically
bound together and how to identify and extract the components
[SOURCE ISO 14721 modified for less wording]
3.2.4
preservation description information
information necessary for adequate preservation of the digital object
Note 1 to entry: Preservation description information is categorized into Provenance Information, Context
Information, Reference Information, Fixity Information, and Access Rights Information.
[SOURCE ISO 14721 modified for less wording]
3.2.5
submission information package
information package that is delivered by the subscriber to the electronic archiving trust service for the
creation or update of one or more archival information packages
[SOURCE ISO 14721 modified to adapt to electronic archiving services environment]
3.2.6
archival information package
information package which is archived within an electronic archiving trust service
[SOURCE ISO 14721 modified to adapt to electronic archiving services environment]
3.2.7
dissemination information package
information package, derived from one or more archival information packages, and sent in response to a
request
[SOURCE ISO 14721 modified to adapt to electronic archiving services environment]
3.3 3.3 Terms related to electronic archiving
3.3.1
electronic archiving
processes carried out for keeping digital objects available, readable, interpretable and reliable for as long
as needed
Note 1 to entry: Digital objects are usually stored in information packages.
Note 2 to entry: The range of processes applies from the initial acquisition of digital objects to the end of their
preservation period.
3.3.2
preservation
act of maintaining overtime information, independently understandable by a designated community, and
with evidence supporting its authenticity
[SOURCE: ISO 14721:2024 OAIS, 1.6.2 – Definitions- Terminology]
Note 1 to entry: In the context of preservation of electronic signatures seals, timestamps, or certificates ETSI TS
119 511 defines preservation service as service capable of extending the validity status of a digital signature over
long periods of time and/or of providing proofs of existence of data over long periods of time.
3.3.3
preservation period
defined period during which an electronic archiving trust service ensures the archiving of digital objects
3.3.4
transfer
technical and organizational process for giving back the archived digital objects to the subscriber or to
another EATSP authorised by the subscriber
3.3.5
format conversion
process of changing the files included in a digital object from one format to another
3.3.6
media migration
transferring information from one media to another without changing the bits sequence
4 Symbols and abbreviated terms
Table 1 — Abbreviations
Abbreviated terms terms
IP Information Package
SIP Submission Information Package
AIP Archival Information Package
DIP Dissemination Information Package
PDI Preservation Description Information
OAIS Open Archival Information System
EATS Electronic Archiving Trust Service
EATSP Electronic Archiving Trust Service Provider
EAQTSP Archiving Qualified Trust Service Provider
electronic IDentification, Authentication and
eIDAS
trust Services
TSP Trust Service Provider
5 Position statement
The present document is based on ETSI EN 319 401 and aligned with the framework for standardization
of digital signatures and trust services described in ETSI TR 119 000.
This document specifies the requirements for a (qualified) electronic archiving trust service introduced
with the revision of the eIDAS Regulation by the Regulation (EU) 2024/1183.
The term preservation has multiple meanings in the context of maintaining digital objects. The eIDAS
Regulation addresses this with two types of Trust Services:
— preservation of electronic signatures, seals or certificates for electronic signatures or seals is defined
as trust service under article 3(16)(e). This trust service type was present already in the original text
of the eIDAS Regulation and is also published unchanged in the revised text of the Regulation ;
— electronic archiving, as defined in article 3(48), ensures the durability, legibility, integrity,
confidentiality and proof of origin of electronic documents and data for their preservation period.
This trust service is introduced with the revision of the eIDAS Regulation. The term “preservation
period” is present in this new legal context specifically for the electronic archiving trust service.
The requirements for trust services related to the preservation of electronic signatures, seals,
timestamps, or certificates are out of scope for this document. These requirements are within the scope
of ETSI TS 119 511 and TS 119 512 which should be considered by using a preservation component or
preservation Service.
NOTE trust service component is one part of the overall service of a TSP.
The requirements for the trust service for electronic archiving are in scope of this document.
It is the responsibility of the subscribers to select the correct trust service provider implementing the
preservation trust service or electronic archiving trust service as explained and identified in the previous
two bullets, or both types of trust services in relation to their requirements.
To avoid confusion, this document does not use the term “preservation service” and any other use of the
term preservation is contextualised.
6 Policies and practices
6.1 Policy and practice statement
The requirements found in ETSI EN 319 401, subclause 6.1 “Trust Service Practice statement”, shall
apply.
The electronic archiving policy shall describe at least:
a) The challenges related to document archiving, regardless of the media, and throughout it life cycle;
b) the objectives of the EATS and its characteristics;
c) the normative and regulatory framework applied to the design, operation and management of the
EATS;
d) the level of physical and IT security standards to be achieved.
The policies or practice statement shall define the scope and level of service.
The EATSP shall develop, implement, enforce, and update its electronic archiving practice statements
describing the practices employed in the electronic archiving trust services.
The EATSP shall manage and keep each version of policy and practice statements documentation.
The EATSP shall ensure and be able to verify and document the adequate level of competence of its
employees.
The EATSP policy shall include rules and procedures to guarantee a sufficient and long term control on
the archived digital objects.
In particular, the control should include:
e) general provisions for capturing and archiving information packages or/and digital objects,
f) copyright implications, intellectual property, and other legal restrictions on use,
g) the legal capacity to modify on a legitimate basis the archived digital objects with respect to the
medium and electronic format obsolescence,
h) the understandability of the archival information packages without other special resources such as
the assistance of relying parties’ experts,
i) the specific responsibility of all relying parties including the service subscribers.
An EATS shall state in Trust Service practice statement which data type of electronically-born documents
can be archived by the subscriber.
An EATS shall state in Trust Service practice statement how the electronically-born documents can be
archived by the subscriber.
An EATS shall be able to fulfil industry specific standards and requirements that are stated and described
in Trust Service practice statement.
The EATSP policy shall include the procedures adopted for restoring the IP and the digital objects in the
event of loss or corruption (subclause 10.4).
The EATSP policy shall address and the practice statement shall describe deletion use cases and at least:
j) deletion of any information package /information or digital objects at the end of retention period,
k) deletion after a transfer process,
l) deletion when requested by a subscriber.
The EATSP policy shall address and the practice statement shall describe conversion that updates any
information package/content or digital data objects.
The EATSP policy or the practice statement shall describe how the essential operations shall be logged
and traced (Clause 13).
The EATSP policy shall include rules for planning a long-term technology use with the aim of ensuring
the sustainability of system maintenance, emergency system replacement and information
package/content data object transformations.
6.2 Terms and conditions
The requirements found in ETSI EN 319 401, subclause 6.2 “Terms and conditions” of shall apply.
The EATSP shall include in its terms and conditions a transferability clause based on the requirements
defined in Clause 12.
6.3 Information security policy
The requirements found in ETSI EN 319 401, subclause 6.3 “Information security policy” shall apply.
6.4 Agreements
6.4.1 General
Service agreement may refer to terms and conditions or it may include terms and conditions.
A service agreement can be related to one or more “submission agreements”.
6.4.2 Service agreement
The service agreement shall define:
a) how the disposition and the authorized physical destruction of the information packages/ content
data objects are managed after the preservation period and how procedures and decisions taken are
approved by the subscriber and are documented,
b) the responsibilities for each party,
c) the type of anomalies to communicate to the relying parties,
d) how the EATSP manages licenses, permissions, and other restrictions,
e) how the EATSP manages the secrecy and the data protection according to the GDPR,
f) redundancy procedure for AIPs deposit in the EATS storage components (subclause 10.1),
g) list of archiving formats for Content Data Objects (subclause 10.2.5),
h) country of location of each storage facility (subclause 10.3),
i) the timescale for restoring the IP and the digital objects in the event of loss or corruption (subclause
10.4),
j) in case of conversion operation, the service agreement shall specify if previous digital objects are
archived for verification and new conversion (subclause 10.5),
k) the functions provided for searching the archived IP (subclause 11.1),
l) the DIP format, syntax and semantics or the standards they comply (subclause 11.1),
m) that the report of data integrity shall be made available at least in the moment of retrieval and at any
time during the preservation period (subclause 14.1),
n) which other reports are provided to the subscriber (subclause 14.1).
For traceability of operations the service agreement shall document:
o) the date format (subclause 13.3.1),
p) the scope of audit trails, the number and types of structures, their format, their retention period and
the strategy used for audit trail integrity (subclause 13.5).
The service agreement shall indicate the terms and the conditions for its renewal.
For the case of returning digital objects to the subscriber, the service agreement shall define in detail:
q) the processes and the formats for the restitution returned to the subscriber,
r) the documentation required for evidential purposes,
s) the responsibilities of the relying parties, specifically the obligations of the EATSP,
t) the return deadline,
u) the support provided by the EATSP and the minimum level of assistance during the transition phase,
v) the workflow of disposal after the return process.
Tests of transfer may be decided with the subscriber including scenarios to new environments or
technologies and using production data or not, depending on the agreement.
Transfer procedures may be evaluated periodically, in line with the risk assessment, to ensure that they
are working as intended and that data and functionality are preserved during the transition.
The EATS shall include terms and conditions of an exit plan with reference to:
w) clear identification of digital objects and information packages to be returned to the subscriber,
x) formats and methods adopted for transferring the digital objects and information packages returned
to the subscriber,
y) report on the evidential value of the archived information package/ content data object (proof of
origin, integrity, legibility, durability, confidentiality, accuracy) and the documentation of the related
validation processes,
z) timetable including at least:
1) date of the end of submission process,
2) date of the end of access for consulting the archived information packages,
3) return deadline by which any AIP will be transferred back from EASP to subscriber or to another
EATSP indicated and authorized by the subscriber,
4) deadline by which any information packages and digital objects of the subscriber will be deleted
from the archive of EATSP.
aa) the support provided by the EATSP and the minimum level of assistance during the transition phase,
bb) the criteria to check that the archived digital objects and information packages returned to the
subscriber are those identified.
6.4.3 Submission agreement
The EATSP shall enter into a “submission agreement” with the Subscriber.
The EATSP and the Subscriber shall agree into the “submission agreement”.
The EATSP should provide a template for the “submission agreement”.
For the relation between Subscriber and EATSP, the template can be based on a standard or on common
specification.
EXAMPLE ISO 20652.
The EATSP shall define in the “submission agreement” the type of digital object it accepts.
The EATSP shall specify in the “submission agreement” the Information Packages format, syntax and
semantics that it is capable of processing according to the subclause 8.1.
The “submission agreement” shall define the specifications for receiving electronic data and electronic
documents as a Submission Information Package (SIP) on the basis of requirements included in Clause 9.
The SIP format defined in the “submission agreement” shall include the specifications of the digital
objects according to the subclause 9.5.
In the “submission agreement” the EATSP shall specify:
a) components of the SIP (subclause 9.3),
b) types of metadata used (subclauses 9.3 and 9.4), if they are mandatory, modifiable and/or deletable,
indexed by the EATS,
c) type of SIP transfer and its expected duration (subclause 9.6),
d) SIP receipt acknowledgement and failures (subclause 9.7),
e) types of verification, controls performed (subclause 9.8),
f) actions based on the verification results,
g) methods applied for the SIP transformation and their completion (subclause 10.1, 10.2),
h) time and types of communication of updates to the subscriber.
The “submission agreement” should have reference to AIP and DIP transformations.
The “submission agreement” shall include:
i) the access privileges (access authorization),
j) in relation to the type of digital objects submitted (e.g. the document type such as invoice, payslip,
contract) the retention period chosen according to the applicable legal and regulatory requirements,
k) the calculation methods of the retention period,
l) the default final disposition at end of the retention period (delete /return / extend),
m) the return package format (DIP),
n) the agreed exchange protocols,
o) the guaranteed service level if different from the global policy.
p) in case of conversion of digital objects format:
1) the formats which will be converted and targeted format,
2) whether to keep the original electronic data/documents or not.
7 Trust Service Provider management and operation
7.1 General
This clause defines general requirements relating to Trust service Providers for qualified and non-
qualified electronic archiving trust services.
The EATSP shall implement and maintain documented procedures for managing information and records
related to electronic archiving trust service processes and agreements.
7.2 Internal organization
The requirements specified in ETSI EN 319 401, subclause 7.1 “Internal organization” shall apply.
7.3 Human resources.
The requirements specified in ETSI EN 319 401, subclause 7.2 “Human resources” shall apply.
The EATSP team in charge to manage the technical and organizational activities of the EATS shall include
people with advanced archival competency and people with advanced electronic archiving competency.
NOTE the term competency is here used according to the European qualification framework and ESCO: “the
proven ability to use knowledge, skills and personal, social and/or methodological abilities, in work or study
situations and in professional and personal development”
7.4 Asset management
The requirements specified in ETSI EN 319 401, subclause 7.3 “Asset management” shall apply.
The assets protected by an EATS shall be in Information Packages such as SIP, AIP and DIP.
The media management procedures shall be in accordance with subclause “Storage security – AIP
Integrity”.
7.5 Access control
The requirements specified in ETSI EN 319 401, subclause 7.4 “Access control” shall apply.
7.6 Cryptographic controls and monitoring
The requirements specified in ETSI EN 319 401, subclause 7.5 “Cryptographic controls” shall apply.
For the Evaluation of cryptographic algorithm ETSI TS 119 312 or where applicable
...