EURUSD
Your shopping cart is empty.
CEN

CEN/TS 18170:2025

(Main)

Functional requirements for the electronic archiving services

Functional requirements for the electronic archiving services

This NWI Will be a TS and will specify additional requirements for qualified or not qualified trust services implementing electronic archiving service with specific regard to :
•   Functional requirements to use for receipt, storage, retrieval and deletion to ensure that the electronic data and electronic documents (electronically-born documents  and paper documents that have been scanned and digitized) are preserved in such a way that they are accessible and durably safeguarded against loss and unauthorized alteration or disposal, except for authorized changes concerning their electronic format.
•   Procedures and technologies ensuring the accuracy of the origin, the durability and legibility, integrity of the electronic data and electronic documents beyond the technological validity period and at least throughout the legal or contractual preservation period, while maintaining their integrity and their origin.
•   Procedures and technologies to use to allow authorised relying parties to receive a report in an automated manner that confirms that an electronic data  and electronic documents retrieved from a qualified electronic archive enjoys the presumption of integrity of the data and electronic documents from the beginning of the preservation period to the moment of retrieval.
•   Procedures and technologies to prevent unauthorized access and improper use of the confidential and restricted data and electronic documents.
•   Interactions between electronic archiving trust services and other trust services.
•   Procedures and technologies to reach and obtain a green sustainability approach when possible.

Richtlinien und funktionale Anforderungen an den elektronischen Archivierungsdienst

Dieses Dokument spezifiziert Anforderungen für die Implementierung von Vertrauensdiensten für die elektronische Archivierung unter besonderer Berücksichtigung von:
   Funktionale Anforderungen an die elektronische Archivierung zur Sicherstellung des Empfangs, der Speicherung, des Abrufs und der Löschung elektronischer Daten und elektronischer Dokumente, um ihre Dauerhaftigkeit und Lesbarkeit sicherzustellen sowie ihre Integrität, Vertraulichkeit und ihren Herkunftsnachweis während der gesamten Aufbewahrungsfrist zu erhalten.
   Anforderungen an qualifizierte Vertrauensdienste für die elektronische Archivierung, die die Bestimmungen von Artikel 45j der eIDAS-Verordnung erfüllen sollen.
   Verfahren und Technologien, die geeignet sind, die Dauerhaftigkeit und Lesbarkeit elektronischer Daten und elektronischer Dokumente über die technologische Gültigkeitsdauer hinaus und mindestens während der gesetzlichen oder vertraglichen Aufbewahrungsfrist sicherzustellen, wobei ihre Integrität und die Genauigkeit ihrer Herkunft erhalten bleiben.
   Verfahren und Technologien, die sicherstellen, dass diese elektronischen Daten und elektronischen Dokumente so aufbewahrt werden, dass sie gegen Verlust und Veränderung geschützt sind, mit Ausnahme von Änderungen, die das Medium oder das elektronische Format betreffen.
   Verfahren und Technologien, die es autorisierten Akzeptanzstellen ermöglichen, auf automatisierte Weise einen Bericht zu erhalten, der bestätigt, dass für elektronische Daten und elektronische Dokumente, die von einem QEATS-qualifizierten Vertrauensdienst für die elektronische Archivierung abgerufen wurden, vom Beginn der Aufbewahrungsfrist bis zum Zeitpunkt des Abrufs die Vermutung der Datenintegrität gilt.

Exigences fonctionnelles pour les services d'archivage électronique

La CEI 60601-2-25:2011 s'applique à la sécurité de base et aux performances essentielles des électrocardiographes, destinés de par leur nature ou comme partie intégrante d'un système électro-médical, à la production de rapports d'électrocardiographie à des fins de diagnostic. Les appareils destinés à être utilisés dans des conditions environnementales extrêmes ou non maîtrisées à l'extérieur d'un hôpital ou du cabinet d'un médecin, telles que dans des ambulances et dans un aéronef, doivent satisfaire à la présente norme particulière. Des normes supplémentaires peuvent s'appliquer pour ces environnements d'utilisation. Ne relèvent pas du domaine d'application de la présente norme particulière:
a) la partie des appareils électro-médicaux qui fournit des boucles vecto-cardiographiques;
b) les appareils électro-médicaux de surveillance électrocardiographique ambulatoire couverts par la CEI 60601-2-47, lorsqu'ils ne sont pas destinés à obtenir des rapports d'électrocardiographie à des fins de diagnostic;
c) les moniteurs cardiaques couverts par la CEI 60601-2-27 lorsqu'ils ne sont pas destinés à obtenir des rapports d'électrocardiographie à des fins de diagnostic.
Cette deuxième édition annule et remplace la première édition de la CEI 60601-2-25, parue en 1993, et la première édition de la CEI 60601-2-51, parue en 2003. La mise à jour des normes particulières afin de faire référence à la troisième édition de la norme générale a permis de fusionner les premières éditions de la CEI 60601-2-25 et de la CEI 60601-2-51 en une seule norme. Une remise en forme et des modifications techniques ont été effectuées. Cette deuxième édition de la CEI 60601-2-25 constitue une révision technique de ces deux normes.

Funkcionalne zahteve za storitve elektronskega arhiviranja

Ta dokument določa zahteve za izvajanje storitev zaupanja vrednega elektronskega arhiviranja, zlasti glede:
– funkcionalnih zahtev za elektronsko arhiviranje za zagotovitev prejema, shranjevanja, pridobivanja in brisanja elektronskih podatkov in elektronskih dokumentov, s čimer se zagotovita njihova trajnost in berljivost ter ohranijo njihova celovitost, zaupnost in dokazilo o izvoru v celotnem obdobju hrambe;
– zahtev za kvalificirane storitve zaupanja vrednega elektronskega arhiviranja za namene izpolnjevanja določb iz člena 45j uredbe eIDAS;
– postopkov in tehnologij, ki lahko zagotovijo trajnost in berljivost elektronskih podatkov in elektronskih dokumentov po preteku tehnološke veljavnosti ter najmanj v celotnem zakonskem ali pogodbenem obdobju hrambe, obenem pa ohranjajo njihovo celovitost in pravilnost njihovega izvora;
– postopkov in tehnologij za zagotovitev hrambe teh elektronskih podatkov in elektronskih dokumentov na način, da so zaščiteni pred izgubo in spremembo, razen sprememb njihovega medija ali elektronske oblike;
– postopkov in tehnologij, ki pooblaščenim odvisnim strankam omogočajo, da prejmejo avtomatizirano poročilo, ki potrjuje, da se v zvezi z elektronskimi podatki in elektronskimi dokumenti, pridobljenimi iz kvalificirane storitve zaupanja vrednega elektronskega arhiviranja (QEATS), domneva celovitost podatkov od začetka obdobja hrambe do trenutka pridobitve.

General Information

Status
Published
Publication Date
13-May-2025
ICS
01.140.20 - Information sciences
35.240.30 - IT applications in information, documentation and publishing
37.080 - Document imaging applications
Technical Committee
CEN/TC 468 - Management and preservation of digital content
Drafting Committee
CEN/TC 468/WG 1 - General concepts for preservation of digital information
Current Stage
6060 - Definitive text made available (DAV) - Publishing
Start Date
14-May-2025
Due Date
18-Nov-2025
Completion Date
14-May-2025
Directive
910/2014 - Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing directive 1999/93/EC
Ref Project
SIST-TS CEN/TS 18170:2025 - Functional requirements for the electronic archiving services
TS CEN/TS 18170:2025TS CEN/TS 18170:2025
PreviousNext
Technical specification
TS CEN/TS 18170:2025
English language
36 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-julij-2025
Funkcionalne zahteve za storitve elektronskega arhiviranja
Functional requirements for the electronic archiving services
Richtlinien und funktionale Anforderungen an den elektronischen Archivierungsdienst
Exigences fonctionnelles pour les services d'archivage électronique
Ta slovenski standard je istoveten z: CEN/TS 18170:2025
ICS:
01.140.20 Informacijske vede Information sciences
35.240.30 Uporabniške rešitve IT v IT applications in information,
informatiki, dokumentiranju in documentation and
založništvu publishing
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

CEN/TS 18170
TECHNICAL SPECIFICATION
SPÉCIFICATION TECHNIQUE
May 2025
TECHNISCHE SPEZIFIKATION
ICS 01.140.20; 35.240.30; 37.080
English Version
Functional requirements for the electronic archiving
services
Exigences fonctionnelles pour les services d'archivage Richtlinien und funktionale Anforderungen an den
électronique elektronischen Archivierungsdienst
This Technical Specification (CEN/TS) was approved by CEN on 13 May 2025 for provisional application.

The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to
submit their comments, particularly on the question whether the CEN/TS can be converted into a European Standard.

CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS
available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in
parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and
United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2025 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 18170:2025 E
worldwide for CEN national Members.

Contents Page
European foreword . 4
Introduction . 5
1 Scope . 6
2 Normative references . 6
3 Terms and definitions . 6
3.1 Terms related to electronic trust service. 6
3.2 Terms related to digital objects . 8
3.3 3.3 Terms related to electronic archiving . 9
4 Symbols and abbreviated terms . 10
5 Position statement . 10
6 Policies and practices . 11
6.1 Policy and practice statement . 11
6.2 Terms and conditions . 12
6.3 Information security policy . 12
6.4 Agreements . 12
6.4.1 General. 12
6.4.2 Service agreement . 12
6.4.3 Submission agreement . 14
7 Trust Service Provider management and operation . 15
7.1 General. 15
7.2 Internal organization . 15
7.3 Human resources. . 15
7.4 Asset management . 15
7.5 Access control. 15
7.6 Cryptographic controls and monitoring . 16
7.7 Physical and environmental . 16
7.8 Operation . 16
7.9 Network . 16
7.10 Vulnerabilities and incident management . 16
7.11 Collection of evidence . 16
7.12 Business continuity management . 16
7.13 EATSP termination and termination plans . 16
7.14 Compliance . 16
7.15 Supply Chain . 17
8 Information packages — Information Package Format . 17
9 Submission Information Package . 17
9.1 General. 17
9.2 Submission Information Package Format . 17
9.3 Components of the SIP . 17
9.4 Other metadata in the SIP . 17
9.5 Content Data Object Formats . 18
9.6 Transfer submission . 18
9.7 Receive submission . 18
9.8 Audit submission . 18
9.8.1 General. 18
9.8.2 Scope of verification defined in the “submission agreement” . 18
10 Archival Information Package . 19
10.1 General . 19
10.2 AIP Generation . 20
10.2.1 General . 20
10.2.2 Archival Information Package Format . 20
10.2.3 Components of the AIP . 20
10.2.4 Transformation of SIPs into AIPs . 20
10.2.5 Transformation of Content Data Objects into other formats . 20
10.2.6 Map and list of archiving formats for Content Data Objects . 21
10.3 Storage infrastructure and localization . 21
10.4 Storage security - AIP Integrity . 21
10.5 Media migration and format conversion during preservation period. 21
10.5.1 Storage media migration . 21
10.5.2 Format conversion . 21
10.6 Deletion . 22
11 Dissemination Information Package . 22
12 Transfer process . 23
12.1 General . 23
12.2 Transfer Requirements . 23
12.2.1 General . 23
12.2.2 Identification of transfer Requirements . 23
12.2.3 Design of the transfer Interface . 23
12.2.4 Documentation of transfer process . 24
12.3 Responsibilities . 24
13 Traceability of operations . 25
13.1 Traceability of operations . 25
13.2 Criticality of events . 25
13.3 Common features of critical and non critical events . 25
13.3.1 Reliable time of events . 25
13.3.2 Traceability of initiator . 25
13.3.3 separation of traced events . 25
13.4 Non-critical events . 25
13.5 Critical events . 26
13.6 Integrity protection of critical events and digital objects . 27
13.6.1 General . 27
13.6.2 Protection using digital signature techniques . 27
13.6.3 Protection using integrity chains . 28
14 Reporting . 28
14.1 General . 28
14.2 Format and content of reports . 30
Annex A (informative) Green sustainability . 31
Annex B (informative) Concepts . 32
B.1 General concepts . 32
B.2 Electronic archiving trust service concepts . 32
B.3 Digital objects concepts . 33
B.4 Electronic archiving concepts . 33
Bibliography . 34

European foreword
This document (CEN/TS 18170:2025) has been prepared by Technical Committee CEN/TC 468
“Preservation of digital information”, the secretariat of which is held by AFNOR.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
Any feedback and questions on this document should be directed to the users’ national standards body.
A complete listing of these bodies can be found on the CEN website.
According to the CEN/CENELEC Internal Regulations, the national standards organisations of the
following countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,
Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of
North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and the
United Kingdom.
Introduction
This document specifies provisions (requirements, recommendations, permissions, possibilities and
capabilities) for an Electronic Archiving Trust Service (EATS).
The structure of this document follows “CEN-CENELEC Internal Regulations Part 3:2022 (E), Principles
and rules for the structure and drafting of CEN and CENELEC documents”.
The Regulation (EU) 2024/1183 of the European Parliament and of the Council of 11 April 2024
(eIDAS 2) amending Regulation (EU) No 910/2014 (eIDAS) as regards establishing the European Digital
Identity Framework establishes a legal framework of requirements for electronic signatures and trust
services. This regulation introduces the (qualified) electronic archiving service. It requires standards for
services, processes, systems and products related to trust services as well as guidance for conformity
assessment of such services, processes, systems and products.
The main objective of this document is to define requirements and recommendations for an electronic
archiving trust service which may use procedures and technologies capable of ensuring the durability
and legibility of electronic data and electronic documents beyond the technological validity period and at
least throughout the legal or contractual preservation period, while maintaining their integrity and the
accuracy of their origin.
It is assumed that the Electronic Archiving Trust Service Provider (EATSP) which provides electronic
archiving trust services operates the trustworthy system in an environment with a security policy which
incorporates general physical, procedural and documentation security requirements for TSP providing
electronic archiving trust services.
As explained further, this document follows ETSI EN 319 401 for General Policy Requirements for Trust
Service Providers to ensure that the general Trust Service Providers requirements above are met.
NOTE The European Directive (EU) 2022/2555 (NIS2) is also a reference text for technical and methodological
requirements of cybersecurity risk-management measures and further specification of the cases in which an
incident is considered to be significant for trust service providers.
1 Scope
This document specifies requirements for implementing electronic archiving trust services with specific
regard to:
— Functional requirements for electronic archiving to ensure the receipt, storage, retrieval and deletion
of electronic data and electronic documents in order to ensure their durability and legibility as well
as to preserve their integrity, confidentiality and proof of origin throughout the preservation period.
— Requirements for qualified electronic archiving trust services, aiming to fulfil the provisions outlined
in Article 45j of the eIDAS Regulation
— Procedures and technologies capable of ensuring the durability and legibility of electronic data and
electronic documents beyond the technological validity period and at least throughout the legal or
contractual preservation period, while maintaining their integrity and the accuracy of their origin.
— Procedures and technologies to ensure that those electronic data and those electronic documents are
preserved in such a way that they are safeguarded against loss and alteration, except for changes
concerning their medium or electronic format.
— Procedures and technologies that allow authorized relying parties to receive a report in an
automated manner that confirms that electronic data and electronic documents retrieved from a
QEATS qualified electronic archive trust service enjoy the presumption of integrity of the data from
the beginning of the preservation period to the moment of retrieval.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ETSI EN 319 401, Electronic Signatures and Trust Infrastructures (ESI); General Policy Requirements for
Trust Service Providers
ETSI EN 319-421, Electronic Signatures and Infrastructures (ESI); Policy and Security Requirements for
Trust Service Providers issuing Time-Stamps
ETSI TS 119 312, Electronic Signatures and Infrastructures (ESI); Cryptographic Suites
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https://www.iso.org/obp/
— IEC Electropedia: available at https://www.electropedia.org/
3.1 Terms related to electronic trust service
3.1.1
electronic archiving trust service
service ensuring the receipt, storage, retrieval and deletion of electronic data and electronic documents
in order to ensure their durability and legibility as well as to preserve their integrity, confidentiality, and
proof of origin throughout the preservation period
3.1.2
qualified electronic archiving trust service
electronic archiving trust service provided by a qualified electronic archiving trust service provider to
fulfil additional requirements and subject to periodical independent third-party conformity assessment
by accredited conformity assessment bodies
3.1.3
electronic archiving trust service provider
natural or legal person providing electronic archiving trust service
3.1.4
electronic archiving trust service policy
document or set of documents describing the set of rules, applicability and level of the services provided
by an electronic archiving trust service provider
Note 1 to entry: Electronic archiving trust service policy includes information security policy in a separate set of
documents or in one document.
[SOURCE: ETSI EN 319 401 modified to include policy is a document or set of documents, and including
plural on services]
3.1.5
information security policy
intentions and direction of an electronic archiving trust service provider as formally expressed by its top
management regarding the protection of confidentiality, integrity and availability of information
[SOURCE: ISO 27000 merging definitions of policy and information security and modified to adapt to trust
service environments]
3.1.6
electronic archiving trust service practice statement
document or set of documents describing practices and procedures that an electronic archiving trust
service provider employs in providing the electronic archiving trust services
[SOURCE: ETSI EN 319 401 modified to include practice statement is a document or set of documents,
and the plural of services]
3.1.7
service agreement
agreement between an electronic archiving trust service provider and a subscriber that details rights and
obligations of both parts
3.1.8
subscriber
legal or natural person bound by any obligation to an electronic archiving trust service
[SOURCE: ETSI EN 319 401 modified for not circular definitions]
3.1.9
submission agreement
agreement reached between an electronic archiving trust service provider and a subscriber that specifies
the submission information package specification and any other arrangement needed for a specific type
of digital object in the data submission session
[SOURCE: ISO 14721 modified for adapting to a trust service environment]
3.1.10
termination plan
description of actions and timeline for the conclusion of the electronic archiving trust service
3.1.11
exit plan
description of actions and timeline for the end of a specific contract with a specific subscriber
3.2 Terms related to digital objects
3.2.1
digital object
object composed of a set of bit sequences
Note 1 to entry: Electronic data and electronic documents are digital objects.
[SOURCE ISO 14721]
3.2.2
information package
container of digital objects and additional information to make both the objects and the package
understandable and usable
Note 1 to entry: Additional information includes packaging information, representation information and
preservation description information
Note 2 to entry: Information package is machine-readable.
3.2.3
packaging information
information that describes how the components of an information package are logically or physically
bound together and how to identify and extract the components
[SOURCE ISO 14721 modified for less wording]
3.2.4
preservation description information
information necessary for adequate preservation of the digital object
Note 1 to entry: Preservation description information is categorized into Provenance Information, Context
Information, Reference Information, Fixity Information, and Access Rights Information.
[SOURCE ISO 14721 modified for less wording]
3.2.5
submission information package
information package that is delivered by the subscriber to the electronic archiving trust service for the
creation or update of one or more archival information packages
[SOURCE ISO 14721 modified to adapt to electronic archiving services environment]
3.2.6
archival information package
information package which is archived within an electronic archiving trust service
[SOURCE ISO 14721 modified to adapt to electronic archiving services environment]
3.2.7
dissemination information package
information package, derived from one or more archival information packages, and sent in response to a
request
[SOURCE ISO 14721 modified to adapt to electronic archiving services environment]
3.3 3.3 Terms related to electronic archiving
3.3.1
electronic archiving
processes carried out for keeping digital objects available, readable, interpretable and reliable for as long
as needed
Note 1 to entry: Digital objects are usually stored in information packages.
Note 2 to entry: The range of processes applies from the initial acquisition of digital objects to the end of their
preservation period.
3.3.2
preservation
act of maintaining overtime information, independently understandable by a designated community, and
with evidence supporting its authenticity
[SOURCE: ISO 14721:2024 OAIS, 1.6.2 – Definitions- Terminology]
Note 1 to entry: In the context of preservation of electronic signatures seals, timestamps, or certificates ETSI TS
119 511 defines preservation service as service capable of extending the validity status of a digital signature over
long periods of time and/or of providing proofs of existence of data over long periods of time.
3.3.3
preservation period
defined period during which an electronic archiving trust service ensures the archiving of digital objects
3.3.4
transfer
technical and organizational process for giving back the archived digital objects to the subscriber or to
another EATSP authorised by the subscriber
3.3.5
format conversion
process of changing the files included in a digital object from one format to another
3.3.6
media migration
transferring information from one media to another without changing the bits sequence
4 Symbols and abbreviated terms
Table 1 — Abbreviations
Abbreviated terms terms
IP Information Package
SIP Submission Information Package
AIP Archival Information Package
DIP Dissemination Information Package
PDI Preservation Description Information
OAIS Open Archival Information System
EATS Electronic Archiving Trust Service
EATSP Electronic Archiving Trust Service Provider
EAQTSP Archiving Qualified Trust Service Provider
electronic IDentification, Authentication and
eIDAS
trust Services
TSP Trust Service Provider
5 Position statement
The present document is based on ETSI EN 319 401 and aligned with the framework for standardization
of digital signatures and trust services described in ETSI TR 119 000.
This document specifies the requirements for a (qualified) electronic archiving trust service introduced
with the revision of the eIDAS Regulation by the Regulation (EU) 2024/1183.
The term preservation has multiple meanings in the context of maintaining digital objects. The eIDAS
Regulation addresses this with two types of Trust Services:
— preservation of electronic signatures, seals or certificates for electronic signatures or seals is defined
as trust service under article 3(16)(e). This trust service type was present already in the original text
of the eIDAS Regulation and is also published unchanged in the revised text of the Regulation ;
— electronic archiving, as defined in article 3(48), ensures the durability, legibility, integrity,
confidentiality and proof of origin of electronic documents and data for their preservation period.
This trust service is introduced with the revision of the eIDAS Regulation. The term “preservation
period” is present in this new legal context specifically for the electronic archiving trust service.
The requirements for trust services related to the preservation of electronic signatures, seals,
timestamps, or certificates are out of scope for this document. These requirements are within the scope
of ETSI TS 119 511 and TS 119 512 which should be considered by using a preservation component or
preservation Service.
NOTE trust service component is one part of the overall service of a TSP.
The requirements for the trust service for electronic archiving are in scope of this document.
It is the responsibility of the subscribers to select the correct trust service provider implementing the
preservation trust service or electronic archiving trust service as explained and identified in the previous
two bullets, or both types of trust services in relation to their requirements.
To avoid confusion, this document does not use the term “preservation service” and any other use of the
term preservation is contextualised.
6 Policies and practices
6.1 Policy and practice statement
The requirements found in ETSI EN 319 401, subclause 6.1 “Trust Service Practice statement”, shall
apply.
The electronic archiving policy shall describe at least:
a) The challenges related to document archiving, regardless of the media, and throughout it life cycle;
b) the objectives of the EATS and its characteristics;
c) the normative and regulatory framework applied to the design, operation and management of the
EATS;
d) the level of physical and IT security standards to be achieved.
The policies or practice statement shall define the scope and level of service.
The EATSP shall develop, implement, enforce, and update its electronic archiving practice statements
describing the practices employed in the electronic archiving trust services.
The EATSP shall manage and keep each version of policy and practice statements documentation.
The EATSP shall ensure and be able to verify and document the adequate level of competence of its
employees.
The EATSP policy shall include rules and procedures to guarantee a sufficient and long term control on
the archived digital objects.
In particular, the control should include:
e) general provisions for capturing and archiving information packages or/and digital objects,
f) copyright implications, intellectual property, and other legal restrictions on use,
g) the legal capacity to modify on a legitimate basis the archived digital objects with respect to the
medium and electronic format obsolescence,
h) the understandability of the archival information packages without other special resources such as
the assistance of relying parties’ experts,
i) the specific responsibility of all relying parties including the service subscribers.
An EATS shall state in Trust Service practice statement which data type of electronically-born documents
can be archived by the subscriber.
An EATS shall state in Trust Service practice statement how the electronically-born documents can be
archived by the subscriber.
An EATS shall be able to fulfil industry specific standards and requirements that are stated and described
in Trust Service practice statement.
The EATSP policy shall include the procedures adopted for restoring the IP and the digital objects in the
event of loss or corruption (subclause 10.4).
The EATSP policy shall address and the practice statement shall describe deletion use cases and at least:
j) deletion of any information package /information or digital objects at the end of retention period,
k) deletion after a transfer process,
l) deletion when requested by a subscriber.
The EATSP policy shall address and the practice statement shall describe conversion that updates any
information package/content or digital data objects.
The EATSP policy or the practice statement shall describe how the essential operations shall be logged
and traced (Clause 13).
The EATSP policy shall include rules for planning a long-term technology use with the aim of ensuring
the sustainability of system maintenance, emergency system replacement and information
package/content data object transformations.
6.2 Terms and conditions
The requirements found in ETSI EN 319 401, subclause 6.2 “Terms and conditions” of shall apply.
The EATSP shall include in its terms and conditions a transferability clause based on the requirements
defined in Clause 12.
6.3 Information security policy
The requirements found in ETSI EN 319 401, subclause 6.3 “Information security policy” shall apply.
6.4 Agreements
6.4.1 General
Service agreement may refer to terms and conditions or it may include terms and conditions.
A service agreement can be related to one or more “submission agreements”.
6.4.2 Service agreement
The service agreement shall define:
a) how the disposition and the authorized physical destruction of the information packages/ content
data objects are managed after the preservation period and how procedures and decisions taken are
approved by the subscriber and are documented,
b) the responsibilities for each party,
c) the type of anomalies to communicate to the relying parties,
d) how the EATSP manages licenses, permissions, and other restrictions,
e) how the EATSP manages the secrecy and the data protection according to the GDPR,
f) redundancy procedure for AIPs deposit in the EATS storage components (subclause 10.1),
g) list of archiving formats for Content Data Objects (subclause 10.2.5),
h) country of location of each storage facility (subclause 10.3),
i) the timescale for restoring the IP and the digital objects in the event of loss or corruption (subclause
10.4),
j) in case of conversion operation, the service agreement shall specify if previous digital objects are
archived for verification and new conversion (subclause 10.5),
k) the functions provided for searching the archived IP (subclause 11.1),
l) the DIP format, syntax and semantics or the standards they comply (subclause 11.1),
m) that the report of data integrity shall be made available at least in the moment of retrieval and at any
time during the preservation period (subclause 14.1),
n) which other reports are provided to the subscriber (subclause 14.1).
For traceability of operations the service agreement shall document:
o) the date format (subclause 13.3.1),
p) the scope of audit trails, the number and types of structures, their format, their retention period and
the strategy used for audit trail integrity (subclause 13.5).
The service agreement shall indicate the terms and the conditions for its renewal.
For the case of returning digital objects to the subscriber, the service agreement shall define in detail:
q) the processes and the formats for the restitution returned to the subscriber,
r) the documentation required for evidential purposes,
s) the responsibilities of the relying parties, specifically the obligations of the EATSP,
t) the return deadline,
u) the support provided by the EATSP and the minimum level of assistance during the transition phase,
v) the workflow of disposal after the return process.
Tests of transfer may be decided with the subscriber including scenarios to new environments or
technologies and using production data or not, depending on the agreement.
Transfer procedures may be evaluated periodically, in line with the risk assessment, to ensure that they
are working as intended and that data and functionality are preserved during the transition.
The EATS shall include terms and conditions of an exit plan with reference to:
w) clear identification of digital objects and information packages to be returned to the subscriber,
x) formats and methods adopted for transferring the digital objects and information packages returned
to the subscriber,
y) report on the evidential value of the archived information package/ content data object (proof of
origin, integrity, legibility, durability, confidentiality, accuracy) and the documentation of the related
validation processes,
z) timetable including at least:
1) date of the end of submission process,
2) date of the end of access for consulting the archived information packages,
3) return deadline by which any AIP will be transferred back from EASP to subscriber or to another
EATSP indicated and authorized by the subscriber,
4) deadline by which any information packages and digital objects of the subscriber will be deleted
from the archive of EATSP.
aa) the support provided by the EATSP and the minimum level of assistance during the transition phase,
bb) the criteria to check that the archived digital objects and information packages returned to the
subscriber are those identified.
6.4.3 Submission agreement
The EATSP shall enter into a “submission agreement” with the Subscriber.
The EATSP and the Subscriber shall agree into the “submission agreement”.
The EATSP should provide a template for the “submission agreement”.
For the relation between Subscriber and EATSP, the template can be based on a standard or on common
specification.
EXAMPLE ISO 20652.
The EATSP shall define in the “submission agreement” the type of digital object it accepts.
The EATSP shall specify in the “submission agreement” the Information Packages format, syntax and
semantics that it is capable of processing according to the subclause 8.1.
The “submission agreement” shall define the specifications for receiving electronic data and electronic
documents as a Submission Information Package (SIP) on the basis of requirements included in Clause 9.
The SIP format defined in the “submission agreement” shall include the specifications of the digital
objects according to the subclause 9.5.
In the “submission agreement” the EATSP shall specify:
a) components of the SIP (subclause 9.3),
b) types of metadata used (subclauses 9.3 and 9.4), if they are mandatory, modifiable and/or deletable,
indexed by the EATS,
c) type of SIP transfer and its expected duration (subclause 9.6),
d) SIP receipt acknowledgement and failures (subclause 9.7),
e) types of verification, controls performed (subclause 9.8),
f) actions based on the verification results,
g) methods applied for the SIP transformation and their completion (subclause 10.1, 10.2),
h) time and types of communication of updates to the subscriber.
The “submission agreement” should have reference to AIP and DIP transformations.
The “submission agreement” shall include:
i) the access privileges (access authorization),
j) in relation to the type of digital objects submitted (e.g. the document type such as invoice, payslip,
contract) the retention period chosen according to the applicable legal and regulatory requirements,
k) the calculation methods of the retention period,
l) the default final disposition at end of the retention period (delete /return / extend),
m) the return package format (DIP),
n) the agreed exchange protocols,
o) the guaranteed service level if different from the global policy.
p) in case of conversion of digital objects format:
1) the formats which will be converted and targeted format,
2) whether to keep the original electronic data/documents or not.
7 Trust Service Provider management and operation
7.1 General
This clause defines general requirements relating to Trust service Providers for qualified and non-
qualified electronic archiving trust services.
The EATSP shall implement and maintain documented procedures for managing information and records
related to electronic archiving trust service processes and agreements.
7.2 Internal organization
The requirements specified in ETSI EN 319 401, subclause 7.1 “Internal organization” shall apply.
7.3 Human resources.
The requirements specified in ETSI EN 319 401, subclause 7.2 “Human resources” shall apply.
The EATSP team in charge to manage the technical and organizational activities of the EATS shall include
people with advanced archival competency and people with advanced electronic archiving competency.
NOTE the term competency is here used according to the European qualification framework and ESCO: “the
proven ability to use knowledge, skills and personal, social and/or methodological abilities, in work or study
situations and in professional and personal development”
7.4 Asset management
The requirements specified in ETSI EN 319 401, subclause 7.3 “Asset management” shall apply.
The assets protected by an EATS shall be in Information Packages such as SIP, AIP and DIP.
The media management procedures shall be in accordance with subclause “Storage security – AIP
Integrity”.
7.5 Access control
The requirements specified in ETSI EN 319 401, subclause 7.4 “Access control” shall apply.
7.6 Cryptographic controls and monitoring
The requirements specified in ETSI EN 319 401, subclause 7.5 “Cryptographic controls” shall apply.
For the Evaluation of cryptographic algorithm ETSI TS 119 312 or where applicable
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

CEN
EN ISO 18674-7:2025(Main)
Geotechnical investigation and testing - Geotechnical monitoring by field instrumentation - Part 7: Measurement of strains: Strain gauges (ISO 18674-7:2025)
kSIST FprEN ISO 18674-7:2025

This document specifies the measurement of strain by means of strain gauges and strainmeters carried out for geotechnical monitoring. General rules of performance monitoring of the ground, of structures interacting with the ground, of geotechnical fills and of geotechnical works are presented in ISO 18674-1.
This document is applicable to:
—     performance monitoring of
—    1-D structural members such as piles, struts, props and anchor tendons;
—    2-D structural members such as foundation plates, sheet piles, diaphragm walls, retaining walls and shotcrete/concrete tunnel linings;
—    3-D structural members such as gravity dams, earth- and rock-fill dams, embankments and reinforced soil structures;
—     checking geotechnical designs and adjustment of construction in connection with the observational design procedure;
—     evaluating stability during or after construction.
With the aid of a stress-strain relationship of the material, strain data can be converted into stress and/or forces (for 1-D members; see ISO 18674-8) or stresses (for 2-D and 3-D members, see ISO 18674-5).
NOTE            This document fulfils the requirements for the performance monitoring of the ground, of structures interacting with the ground and of geotechnical works by the means of strain measuring instruments as part of the geotechnical investigation and testing in accordance with References [1] and [2].

  • Draft
    52 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 22568-2:2019/A1:2025(Amendment)
Foot and leg protectors - Requirements and test methods for footwear components - Part 2: Non-metallic toecaps - Amendment 1 (ISO 22568-2:2019/Amd 1:2025)
SIST EN ISO 22568-2:2019/oprA1:2025
  • Draft
    3 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 17117-1:2025(Main)
Health informatics - Terminological resources - Part 1: Characteristics (ISO 17117-1:2025)
kSIST FprEN ISO 17117-1:2025

This document defines universal and specialized characteristics of health terminological resources that make them fit for the purposes required of various applications. It covers only terminological resources that are primarily designed to be used for clinical concept representation or to those parts of other terminological resources designed to be used for clinical concept representation.
This document helps users to assess whether a terminology has the characteristics or provides the functions that will support their specified requirements. In order to do that, this document focuses on defining characteristics and functions of terminological resources in healthcare that can be used to identify different types of terminological resources for categorization purposes.
NOTE 1        Categorization of healthcare terminological systems according to the name of the system might not be helpful and has caused confusion in the past.
The following aspects are not covered in this document:
—     evaluations of terminological resources;
—     health service requirements for terminological resources and evaluation criteria based on the characteristics and functions;
—     the nature and quality of mappings between different terminologies;
NOTE 2        It is unlikely that a single terminology will meet all the terminology requirements of a healthcare organization: some terminology providers produce mappings to administrative or classification systems such as the International Classification of Diseases (ICD). The presence of such maps would be a consideration in the evaluation of the terminology.
—     the nature and quality of mappings between different versions of the same terminology;
NOTE 3        To support data migration and historical retrieval, terminology providers can provide maps between versions of their terminology. The presence of such maps would be a consideration in the evaluation of the terminology.
—     terminology server requirements and techniques and tools for terminology developers;
—     characteristics for computational biology terminology.

  • Draft
    29 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 18184:2025(Main)
Financial services - Specification of QR codes for mobile initiated (instant) credit transfers
oSIST prEN 18184:2025

This document provides a specification for QR codes for mobile (instant) credit transfers (MCTs) whereby the payer uses a mobile device to initiate the payment transaction. The QR code is used to exchange data between the payer and the payee to enable the initiation of the (instant) credit transfer by the payer.
This document is applicable to both cases where the QR code is presented by the payee or by the payer.
This document excludes the following from its scope:
—   The details of technical requirements and the supporting infrastructure to achieve interoperability amongst mobile (instant) credit transfer (MCT) service providers;
—   The detailed implementation specification of the payload included in the QR code.

  • Draft
    36 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 80601-2-70:2025(Main)
Medical electrical equipment - Part 2-70: Particular requirements for basic safety and essential performance of sleep apnoea breathing therapy equipment (ISO 80601-2-70:2025)
kSIST FprEN ISO 80601-2-70:2025

This document is applicable to the basic safety and essential performance of sleep apnoea breathing therapy equipment, hereafter referred to as ME equipment, intended to alleviate the symptoms of patients who suffer from obstructive sleep apnoea by delivering a therapeutic breathing pressure to the respiratory tract of the patient. Sleep apnoea breathing therapy equipment is intended for use in the home healthcare environment by lay operators as well as in professional healthcare institutions.
Sleep apnoea breathing therapy equipment is not considered to utilize a physiologic closed-loop-control system unless it uses a physiological patient variable to adjust the therapy settings.
This document excludes sleep apnoea breathing therapy equipment intended for use with neonates.
This document is applicable to ME equipment or an ME system intended for those patients who are not dependent on artificial ventilation. This document is not applicable to ME equipment or an ME system intended for those patients who are dependent on artificial ventilation such as patients with central sleep apnoea.
This document is also applicable to those accessories intended by their manufacturer to be connected to sleep apnoea breathing therapy equipment, where the characteristics of those accessories can affect the basic safety or essential performance of the sleep apnoea breathing therapy equipment.
Masks and application accessories intended for use during sleep apnoea breathing therapy are additionally addressed by ISO 17510. Refer to Figure AA.1 for items covered further under this document.
If a clause or subclause is specifically intended to be applicable to ME equipment only, or to ME systems only, the title and content of that clause or subclause will say so. If that is not the case, the clause or subclause applies both to ME equipment and to ME systems, as relevant.
Hazards inherent in the intended physiological function of ME equipment or ME systems within the scope of this document are not covered by specific requirements in this document except in 7.2.13 and 8.4.1 of the general standard.
NOTE 2        See also 4.2 of the general standard.
This document does not specify the requirements for:
–    ventilators or accessories intended for critical care ventilators for ventilator-dependent patients, which are given in ISO 80601‑2‑12.
–    ventilators or accessories intended for anaesthetic applications, which are given in ISO 80601-2-13.
–    ventilators or accessories intended for home care ventilators for ventilator-dependent patients, which are given in ISO 80601-2-72.
–    ventilators or accessories intended for emergency and transport, which are given in ISO 80601-2-84.
–    ventilators or accessories intended for home-care ventilatory support, which are given in ISO 80601‑2-79 and ISO 80601‑2‑80.
–    high-frequency ventilators[23], which are given in ISO 80601-2-87.
–    respiratory high flow equipment, which are given in ISO 80601‑2‑90;
NOTE 3      ISO 80601-2-80 ventilatory support equipment can incorporate high-flow therapy operational mode, but such a mode is only for spontaneously breathing patients.
–    user-powered resuscitators, which are given in ISO 10651-4;
–    gas-powered emergency resuscitators, which are given in ISO 10651-5;
–    oxygen therapy constant flow ME equipment; and
–    cuirass or “iron-lung” ventilation equipment.

  • Draft
    80 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 12814-1:2025(Main)
Testing of welded joints of thermoplastics semi-finished products - Part 1: Bend test
SIST EN 12814-1:2026

This document specifies the dimensions and the method for sampling and preparing test specimens, together with the conditions for carrying out the bend test.
The result of the test is also influenced by the deformation behaviour of the tested material, the kind of welding process and the geometry of the sample.
The test is applicable to plate and tube butt jointed assemblies made from thermoplastic materials filled or unfilled, but not reinforced, irrespective of the welding process used. It is not applicable to assemblies with a wall thickness < 3 mm.

  • Draft
    13 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 17131-1:2025(Main)
Textiles and textile products - Determination of certain residual solvents - Part 1: Determination of aprotic solvents, method using gas chromatography
SIST EN 17131-1:2026

This document specifies a method using gas chromatography with mass selective detector (GC-MS) for detection and quantification of extractable N,N-dimethylformamide (DMF), N,N-dimethylacetamide (DMAC), N-methyl-2-pyrrolidone (NMP) and N-ethyl-2-pyrrolidone (NEP) in filaments and coatings of textile products.

  • Draft
    12 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 3677:2025(Main)
Aerospace series - Steel X5CrNiCu17-4 (1.4542) - Air melted - Solution treated and precipitation treated - Forgings - a or D ≤ 200 mm - Rm ≥ 1 310 MPa
SIST EN 3677:2026

This document specifies the requirements relating to:
Steel X5CrNiCu17-4 (1.4542)
Air melted
Solution treated and precipitation treated
Forgings
a or D ≤ 200 mm
Rm ≥ 1 310 MPa
for aerospace applications.
W.nr: 1.4542.
ASD-STAN: FE-PM3801.

  • Draft
    9 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 2719:2025(Main)
Determination of flash point - Pensky-Martens closed cup method (ISO 2719:2025)
kSIST FprEN ISO 2719:2025

This document specifies three procedures, A, B and C, using the Pensky-Martens closed cup tester, for determining the flash point of combustible liquids, liquids with suspended solids, liquids that tend to form a surface film under the test conditions, biodiesel and other liquids in the temperature range of 40 °C to 370 °C.
NOTE 1        Although, technically, kerosene with a flash point above 40 °C can be tested using this document, it is standard practice to test kerosene according to ISO 13736.[5] Similarly, lubricating oils are normally tested according to ISO 2592.[2]
Procedure A is applicable to distillate fuels (diesel, biodiesel blends, heating oil and turbine fuels), new and in-use lubricating oils, paints and varnishes, and other homogeneous liquids not included in the scope of procedures B or C.
Procedure B is applicable to residual fuel oils, cutback residuals, used lubricating oils, mixtures of liquids with solids, and liquids that tend to form a surface film under test conditions or are of such kinematic viscosity that they are not uniformly heated under the stirring and heating conditions of procedure A.
Procedure C is applicable to fatty acid methyl esters (FAME) as specified in specifications such as EN 14214[11] or ASTM D6751.[13]
This document is not applicable to water-borne paints and varnishes.
NOTE 2        Water-borne paints and varnishes can be tested using ISO 3679.[3] Liquids containing traces of highly volatile materials can be tested using ISO 1523[1] or ISO 3679.

  • Draft
    32 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TR 18240:2025(Main)
Safety of toys - Mechanical and physical properties - Guidance on the requirements for food-imitating toys in EN 71-1
kSIST-TP FprCEN/TR 18240:2025

This proposed TR gives guidance on the requirement for toys which may be a realistic food imitation under the meaning of the prEN 71-1 clause 4.28, in order to assist users of the EN 71-1 standard.
This document is only to assist users in distinguishing whether a toy product that imitates food in some way should be considered a realistic food imitation. It does not address products that are not toys.

  • Draft
    39 pages
    English language
    sale 10% off
    e-Library read for
    1 day