OUR COMMITMENT TO
Compliance with standards and regulations
Our commitment to delivering certified solutions that meet the higher standards of quality and security is proven by the successful audits we undergo regularly and by the various certifications and status we have acquired. LuxTrust services comply with the industry standards and regulatory requirements listed below.
LuxTrust has been a Certificate Authority since 2005. This means it is authorised to issue public key certificates, more commonly known as electronic or digital certificates, which can be used for authentication, e-signature or encipherment.
As a Certification Authority, LuxTrust is accountable for the accuracy of the information related or embedded into the certificate and subject to external audits.
LuxTrust is a leading European Qualified Trust Service Provider (QTSP). This means that is authorised to deliver eIDAS qualified trust services. eIDAS Trust Services include: electronic signatures and seals, electronic signature validation, Timestamping. LuxTrust is also on the EU Trusted List available for consultation here.
LuxTrust is a recognised Trusted Timestamp Authority (TSA), certified to provide eIDAS qualified timestamps.
LuxTrust is actually listed as “under supervision” by ILNAS, the Luxembourg public standardisation service, as a trust service provider (TSP) under number 2016/8/001.
This attests LuxTrust’s expertise and strict compliance with the most stringent European security norms and standards. The registry of TSP’s supervised by ILNAS is available here.
LuxTrust is licensed as a Professional of the Financial Sector ("PSF") in accordance with article 13 of the Luxembourg’s law of 5 April 1993 on the financial sector. The PSF status is a mark that LuxTrust meets the strict legal obligations and other requirements specific to the financial industry in Luxembourg. LuxTrust is also under the supervision of CSSF (“Commission de Surveillance du Secteur Financier”), a public institution in charge of supervising the actors of the Luxembourg financial sector.
LuxTrust provides solutions to help companies meet the requirements of the Revised Payment Service Directive (PSD2). LuxTrust offers Qualified Certificates PSD2:
- Qualified Website Authentication Certificate (QWAC) provided by InfoCert
- Qualified electronic Seal Certificate (QSealC).
In addition, LuxTrust provides PSD2 compliant Strong Customer Authentication (SCA) solutions, recognised and validated by the CSSF (Commission de Surveillance du Secteur Financier in Luxembourg).
LuxTrust holds a certificate of compliance with the eIDAS regulation issued by an accredited CAB (Conformity Assessment Body).
ETSI is a European Standards Organization (ESO) that elaborates standards for ICT systems and services applicable cross industries. Given the nature of services provided, LuxTrust complies with:
- ETSI TS 319 411 – part 1 and 2, Policy and security requirements for Trust Service Providers issuing certificates
- ETSI TS 319 412 – part 1 to 5, Certificate Profiles
- ETSI TS 319 401, General Policy Requirements for Trust Service Providers
- ETSI TS 319 421, Policy and Security Requirements for Trust Service Providers issuing Time-Stamps
- ETSI TS 319 422, Electronic Signatures and Infrastructures (ESI); Time-stamping protocol and time-stamp token profiles
LuxTrust’s services rely on an underlying Public Key Infrastructure, therefore LuxTrust complies with the related standards as follows:
- IETF RFC 5280, Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
- IETF RFC 6960, X.509 Internet Public Key Infrastructure Online Certificate Status Protocol – OCSP
- CA/Browser Forum – Baseline Requirements
- CA/Browser Forum – EV SSL Certificate Guidelines