Over the past months John Broxis, MD of PRETA, has been working with the European Telecommunications Standards Institute (ETSI) through their Electronic Signatures and Infrastructures working group (ESI) to help them understand the requirements for PSD2 eIDAS certificates. This work has taken place in liaison with the ERPB PIS WG’s “Identity expert group” of which John is co-chair along with Chris Boogmans, of Isabel. They were supported by Chris Kong, lead consultant on PRETA’s Open Banking Europe initiative.
At the ETSI plenary in Nice this week, two items were approved and have now been made publicly available:
a) A discussion document that describes the purpose of qualified certificates, and the processes around issuing them. Read the document here.
b) A new work item to standardise the elements of the Qualified Certificates required for PSD2. Read the document here
The requirement to use Qualified certificates comes from the draft Regulatory Technical Standards for strong customer authentication and common and secure open standards of communication, and governs the security between an ASPSP and TPPs in a PSD2 open banking context.
This is new ground, as the regulatory agency of the banking industry has created requirements that impact the work of the digital and security context of the Electronic Identity and Signature (eIDAS) regulation, which applies from June 2016.