Conformity assessment for eIDAS | ZealiD AB | ZealiD QeID Service

Certificate SRC.00038.TSP.06.2020 Certificate SRC.00038.TSP.06.2020 // Amendment 1 Certificate SRC.00038.TSP.06.2020 // Amendment 2 Certificate SRC.00038.TSP.06.2020 // Amendment 3 Certificate SRC.00038.TSP.06.2020 // Amendment 4

Type of certificationConformity Assessment (eIDAS)
SRC certificate registration numberSRC.00038.TSP.06.2020
Valid fromJune 1, 2020
Valid untilJune 1, 2022
Certificate holderZealiD AB
Certified productZealiD QeID service
The audit includes

The conformity assessment of the trust service Zealid QeID service for the issuance of qualified certificates for qualified electronic remote signatures according to Regulation (EU) No. 910 / 2014 by the ISO 17065 accredited conformity assessment body of SRC and four amendments for extension of the service:

  • Amendment 1: Audit of the data centres, remediation of non-conformities, usage of self-developed SDK in the ZealiD App.
  • Amendment 2: Remediation of non-conformities identified in the initial conformity assessment.
  • Amendment 3: Changes to the applicable liability insurance.
  • Amendment 4: Provision of batch signatures
DescriptionZealiD AB offers the trust service ZealiD QeID service for the issuance of qualified certificates for qualified electronic remote signatures according to Regulation (EU) No. 910 / 2014.

The service can be used exclusively by natural persons, who have installed the ZealiD App on their smartphone and have registered with the service. As part of the registration process, the subject need to identify itself by using the video-based ZeailD TRA service or by reusing identification data provided by its online banking portal.

After completing the registration process, private authentication and signature keys for the subject are generated and hold within a qualified electronic signature creation device (QSCD). For legally signing a document, the signer has to activate this key.

In order to initiate a signature process, the subject has to scan a QR code assigned to a pending signature request at the portal of a cooperation partner of ZealiD and need to authenticate itself by using its authentication key. Afterwards, the subscriber can use its signature key in order to digitally and legally sign the corresponding contracts.

The corresponding public keys, which can be used to verifiy the validity of a given signature, are certified by a Certification Authority (CA) operated by the ZealiD AB. Thereby, RSA keys with a length of 4096 bit are used.

Status and revocation information for the qualified certificates can be retrieved from the OCSP responder of ZealiD AB.

SRC confirms that the “ZealiD QeID service” trust service for issuing qualified certificates for qualified electronic remote signatures is operated in accordance with the requirements of Regulation (EU) No. 910 / 2014 by ZealiD AB.