- Means for strong electronic identification and identification broker services (referred to in the Act on Strong Electronic Identification and Electronic Trust Services (617/2009))
Regulation on electronic identification and trust services (M72 B/2022)
Information security requirements of an identification service:
Information security management system, requirements of an identification scheme and identification means, encryption requirements, authenticating parties to the communications, integrity and confidentiality of authentication messages, requirements at the national node interface, incident notifications.
Identification service interoperability:
Minimum set of data to be relayed in the national trust network, information required in cross-border use, data transfer protocol and other requirements.
Assessment criteria related to the identification service and Competences of the identification service assessment body:
Conformity assessment criteria, Report on the reliability of the identification service provider and the published data, Requirements for an external or an internal assessment body of the
identification service Assessment criteria for a qualified trust service provider, for a qualified trust service and the competence of conformity assessment bodies.
Designation criteria for electronic signature or seal creation device certification body