Compliance & security
Evrotrust is а Qualified Trust Service Provider. Our technology and qualified trust services are regulated by a supranational law in the EU – Regulation (EC) 910/2014 for the Electronic Identification and Trust Services (eIDAS). This Regulation has a direct effect and is obligatory and applicable in all EU member states without the necessity of being nationally transposed. Because Evrotrust Technologies JSCo is registered in an EU Member State, the qualified trust services we provide are valid throughout the EU. We are audited for compliance with all applicable EU standards by independent conformity assessment bodies that are registered and supervised by national supervisory authorities. Thus, our solutions benefit legal recognition by law.
Compliance with industry standards
Evrotrust’s technology, services, and infrastructure meet numerous technological standards and undergo a full conformity assessment audit every two years. Our certificates are available for review below:
Full range of qualified trust services
We answer to the highest standards so you can be confident about our partnership.
Our remote electronic identification is certified in accordance with eIDAS. It’s based on the attestation of the user’s identity from a smart device to any interested third party by issuing one-time attributive qualified certificates, as regulated in Art. 28 (3) of the eIDAS. The issuance and maintenance of qualified certificates for e-signatures and e-seals issued by Evrotrust is certified under eIDAS Art. 24(1)(d) and listed on the EU Trust List. Additionally, our remote signing with qualified e-signatures is audited for compliance with the applicable EU standards by an independent conformity assessment body.
KYC & AML
Evrotrust’s solution enables the legal verification of a significant portion of user data for KYC purposes through the collection and validation of personal information, a copy of an identity document, and self-signed declarations (e.g., PEP, source of funds, etc.). We comply with the requirements of Article 24 of eIDAS for verifying the identity of the individual to whom a qualified certificate is issued.
This method is legally valid for KYC/AML purposes, in accordance with Directive (EU) 2018/843 of the European Parliament and Council of May 30, 2018, amending Directive (EU) 2015/849 on the prevention of the use of the financial system for money laundering or terrorist financing, and amending Directives 2009/138/EC and 2013/36/EU (5th Anti-Money Laundering Directive, effective from July 9, 2018).
1
GDPR
Evrotrust, as a personal data controller responsible for processing its clients’ personal data, continuously improves its Privacy Information Management System (PIMS). The company is certified under the international standard ISO/IEC 27701, which extends ISO/IEC 27001 and ISO/IEC 27002 with guidelines and requirements for managing Personally Identifiable Information (PII).
Evrotrust applies the requirements of this standard to the management and protection of personal data while strictly adhering to the GDPR and national data protection legislation. The organization has developed a Privacy Information Management System (PIMS) framework that includes policies, procedures, and technologies to ensure the protection of personal data throughout its entire lifecycle—from collection to deletion. In doing so, Evrotrust identifies and manages risks associated with personal data processing and ensures that the data is handled securely and lawfully.
ISO/IEC 27701 helps Evrotrust comply with data protection regulations, including GDPR and other national and international laws.
By implementing ISO/IEC 27701, Evrotrust users can feel confident and secure when using trust services and electronic identification.
Evrotrust’s clients can be assured that the company:
- Applies the best practices for personal data protection, reducing the risk of breaches and misuse.
- Complies with regulatory requirements, including GDPR, ensuring lawful and ethical data processing.
- Performs its data processing transparently and takes responsibility for safeguarding personal information.
2
PSD2
Evrotrust’s solution is fully compliant with Directive 2015/2366 (PSD2) and specifically meets the requirements for Strong Customer Authentication (SCA). Our two-factor authentication method, which utilizes OTP and other dynamic credential exchange methods, incorporates multi-factor protection for access to knowledge and biometric data, and is based on regulated qualified services with asymmetric cryptography.
3
Fully compliant EU QTSP
We give you the confidence to verify clients from any country or compliance environment. Waiting for regulators to point out your non-compliance is not a good strategy. Easily onboard users while adhering to all legal regulations with Evrotrust. This way, you can keep both the regulators and the users happy.
