About us Compliance Careers Contact us

New Ministerial Order authorizing video-identification for the issuance of qualified electronic certificates

Content index

Legal & Compliance Director

Introduction

The Official State Gazette (BOE) publishes today, May 14, 2021, the Order ETD/465/2021, of May 6, which regulates the methods of remote video identification for the issuance of qualified electronic certificates.

Veridas, reinforcing its commitment to the correct regulation of digital identity verification systems, has been an active and collaborating party in the process of drafting the Order. Its publication within the Spanish legal system represents a competitive advantage in the activity of trustworthy electronic service providers.

How can a qualified electronic certificate be issued?

Article 24.1.d) of the eIDAS Regulation establishes that the identification of qualified certificate applicants may be carried out using identification methods that provide security equivalent in terms of reliability to physical presence. Veridas fully complies with this regulation and is certified by an external entity.

Remote video identification consists of a process in which the user scans their identity document through their mobile device or computer, followed by a photo of their face for biometric comparison and proof of life to avoid possible fraud attempts. This process is carried out in just one minute and allows all the process evidence to be collected for subsequent review by an agent. 

The authorized remote video identification process includes, among other measures, the requirement to verify the authenticity and validity of the identity document, as well as its correspondence with the certificate applicant, through technologies such as facial recognition, and to verify that an applicant is a living person who is not being impersonated. This process requires the subsequent review of the captured evidence (identity document, facial image, and video) by an agent.

 

What are qualified electronic certificates?

Regulation (EU) 910/2014 of the European Parliament and of the Council of 23 July 2014 (known as the eIDAS Regulation) defines an electronic signature certificate as an electronic declaration that links the validation data of a signature to a natural person. This certificate is considered qualified when issued by a qualified trust service provider that complies with the requirements established in the regulation itself.

How does Veridas comply with the requirements of the Ministerial Order?

The Veridas solution allows these issues to be analyzed with all the guarantees of security and accuracy and provides providers with a back-office tool where operators can view and validate all the evidence collected in the identification process, thus recording their approval or denial decision.

In addition, as part of the training requirements for operators of qualified trust service providers, Veridas will offer its customers an annual training plan for the personnel in charge of identity verifications of applicants.

Among the requirements for implementing a remote video identification process, it is required to use a product that meets the minimum security requirements indicated in Annex F11 of the National Cryptologic Center (CCN-STIC-140) high category ICT Security Guide. Veridas’ product complies with all the requirements established in the aforementioned standard.

When will this service be available?

In the coming weeks, Veridas will have available and accessible to all its customers a certificate issued by Dekra Testing and Certification as a laboratory and conformity assessment body, which allows accrediting compliance with all the requirements of Annex F11 of the CCN-STIC-140 guide.

Thus, under the Single Transitional Provision, trusted service providers would be able to start implementing the non-presential identification procedures, guaranteeing that Veridas complies with all the requirements.

This Order and Annex F11 of the CCN-STIC-140 ICT Security Guide are now the most detailed regulation within the national legal system of non-presential identification processes. Still, they are not the first rules in this area.

Veridas reaffirms its commitment to regulation

In 2016, the Executive Service of the Commission for the Prevention of Money Laundering and Monetary Offenses (SEPBLAC) issued its first authorization for the non-face-to-face identification of customers required by Law 10/2010, of April 28, on the prevention of money laundering and terrorist financing, renewing this commitment to the use of new technologies for digital identity verification in 2017. Veridas technology has been helping companies in the financial and telecommunications sector for years to comply with this requirement, in Spain and other countries such as Mexico or Austria, performing millions of validations worldwide.

The Order now published is based on the same approach taken at the time by SEPBLAC, adding new details and requirements, which can be used in turn to inspire the new upcoming regulation for the digitization of the Spanish public and private sector.
Share
Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp
Share on email

Subscribe to our newsletter