View the paper here: EUDI Wallet – How to implement Free QES by the Cloud Signature Consortium (CSC).pdf

This short paper outlines two possible implementation models for providing free QES in the EUDI Wallet, a fully public infrastructure or a public-private partnership.

While the paper is not for public distribution, we encourage you to share it with the relevant government experts you are in contact with, including those involved in the eIDAS European Working Group.

The aim is to help kick-start discussions ahead of the November 2027 deadline, by which all Member States must offer at least one EUDI Wallet with free qualified e-signatures for non-professional use.expectations.

BRUSSELS, Belgium – 3 June 2025 – The Cloud Signature Consortium (CSC), a global nonprofit dedicated to developing open standards for cloud-based digital trust services and promoting worldwide interoperability, announced the release of its “CSC Industry Market Report 2025 – The Cloud Signature Market: An EU & Global Perspective.” This comprehensive report, compiled by Obserwatorium.biz and NIMBUS on behalf of the CSC, provides an in-depth overview of electronic signature solutions and the evolving digital trust ecosystem worldwide, highlighting the impact of diverse legal frameworks and technologies on secure, cross-border digital interactions.

As e-signatures become increasingly essential in both public and private sectors, the report emphasizes the growing need for adaptable, standards-based solutions to meet regulatory demands and user expectations. The report analyzes the technical spectrum of e-signatures, ranging from traditional certificates on physical devices to cloud-based signatures that enable remote onboarding. It explores the pivotal role of cloud signatures in assuring cybersecurity, ensuring non-repudiation, and providing robust legal validation for modern digital interactions.

The report draws on original market research, including surveys and in-depth interviews with key market players from regions worldwide. These findings offer unique insights from practitioners who face the challenges, opportunities, and implications of implementing trust services every day. This approach highlights broad industry trends as well as the specific nuances of local markets and operational practices.

“This report underscores the critical importance of global interoperability in the digital trust ecosystem,” said Viky Manaila, President of the Cloud Signature Consortium. “As the world becomes increasingly interconnected, the ability to seamlessly and securely exchange digital signatures across borders is essential for fostering international commerce and collaboration. CSC’s mission to promote worldwide interoperability has never been more critical as businesses and governments accelerate their digital transformation.”

“The CSC Industry Market Report 2025 provides a comprehensive overview of the global cloud-based electronic signature market, with insights from both Europe and beyond. It examines the latest technologies, legal standards, and the rising role of cloud signatures in cybersecurity and regulatory compliance. What truly sets this report apart is the market research—surveys and interviews with industry leaders worldwide. Their input helped us capture global trends, local challenges, and opportunities. The result is a fact-based, practical view of the market’s current state and future directions.” said Miłosz Brakoniecki, co-founder and board member of Obserwatorium.biz.

Download the full report for free at: https://cloudsignatureconsortium.org/csc-industry-market-report-2025-the-cloud-signature-market-an-eu-global-perspective/

Join our Online Live Launch on June 10th from 2-2:30 PM CET:
https://zoom.us/meeting/register/AbkIA4RXRhmXbBexncAikg  

About the Cloud Signature Consortium (CSC)

The Cloud Signature Consortium (CSC) is a global nonprofit association dedicated to developing open standards for cloud-based digital trust services and promoting worldwide interoperability. The CSC envisions a future where digital signatures are universally trusted and easily accessible, enabling secure and seamless digital interactions across borders and industries.Contact: Benita Lipps | info@cloudsignatureconsortium.org

This report has been compiled by Obserwatorium.biz and NIMBUS on behalf of the Cloud Signature Consortium (CSC), a global nonprofit dedicated to developing open standards for cloud-based digital trust services and promoting worldwide interoperability. It provides a comprehensive overview of electronic signature solutions and the evolving digital trust ecosystem worldwide, highlighting how diverse legal frameworks and technologies—from smartcards to cloud-based signatures—are shaping secure, cross-border digital interactions.

As e-signatures become essential in both public and private services, the report emphasizes the growing need for adaptable, standards-based solutions to meet regulatory demands and user expectations.

Download the full report to explore how countries and organizations can leverage cloud-based trust services to drive secure digital transformation.

Cape Town, South Africa – April 2025 – The Cloud Signature Consortium (CSC) is pleased to announce the election of Johannes Leser to its Executive Board, following the Annual General Meeting held during the CSC Cape Town Summit.

Johannes joins the Board as the representative of IDnow, bringing valuable expertise in digital identity, remote signing, and trust services. His appointment reflects a continued commitment to strengthening the Consortium’s leadership and advancing secure, interoperable solutions across Europe and beyond.

With this addition, the CSC Executive Board continues to represent a diverse and dynamic group of leaders working together to shape the future of digital trust.

Click here for more information about our Executive Board and their contributions.

By Margus Pala, Co-founder, eID Easy

Validating the identity of the party signing a document is an essential part of every secure digital signature. At the same time, it is also one of the highest costs and one of the areas with the most friction. However, it does not have to be a ‘high friction’ task because a growing number of users now have some kind of reusable digital identity app (eID) on their phones.

After initial onboarding the eID based identity proofing is significantly easier and faster than biometric passport scanning and selfies. For example, the Estonian government has a “once-only principle”, which means that if you have given your data to the government once then the same data should not be asked again. Similarly, we should not do biometric passport scanning over and over again if we have done it once already. Standards like ETSI 119 461 and WebTrust for Registration Authorities allow using eID-s for identity proofing to issue certificates and it is already used actively for example in Nordics in use cases where risk tolerance is lower. Yet we are still seeing a huge percentage of electronic signatures made in non-interoperable ways where providers are using their own ways of writing the signer information to the PDF that is not automatically processable nor independently verifiable.eID-s can also help with international recognition. If you have your eID from your home country bank, then why not use the same eID to issue certificates from another country and regulation certificate authority. 

There are 200 countries in the world with each having their own regulations. There are regions like the EU, Mercosur (Mercosur is composed of six sovereign member states: Argentina, Bolivia, Brazil, Paraguay, Uruguay and Venezuela (suspended since December 2016); six associated states: Suriname, Guyana, Colombia, Ecuador, Peru and Chile; plus two observer states: Mexico and New Zealand and some others that are already mutually recognizing local Certificate Authorities from member states and many such proposals are in the works. If worldwide mutual recognition is achieved, then it is even more important to make sure that the single eID app that you have would be enough for signing any document no matter where in the world it originates.

If you would like to discuss this further, get in touch with Margus Pala, margus.pala@eideasy.com.

By Mads Henrikveen, Trust Service Manager, Buypass AS

Buypass has recently added support for both Advanced (AdES) and Qualified Electronic Signature (QES) in Buypass Cloud Signature Services (BCSS). BCSS is a set of signing services based on the Cloud Signature Consortium (CSC) framework.

Buypass has supported Advanced Electronic Signature (AdES) in Norway for many years. Utilizing the CSC framework, a new way of providing electronic signatures has emerged that is well suited for remote signatures according to the eIDAS Regulation and the upcoming European Digital Identity Wallet (EUDIW) framework.

The new BCSS Person Signing service is a flexible remote signing service using one-time signing keys and short-term certificates. The Signer authenticates and authorizes the use of the private signing keys by using already existing eID means.

The service is designed according to relevant ETSI/CEN-standards to be compliant with QES as defined in the eIDAS Regulation, resulting in electronic signatures legally equivalent to handwritten signatures all over Europe.

The illustration below shows the main actors (service providers) participating in the service:

The Trust Service Provider (TSP) issuing certificates (CA) and the SSASP are always Buypass. The SCASP may be any signing Customer/Partner of Buypass who provides signing services supporting either QES or AdES. The Identity Proofing Service Provider (IPSP) is a service provider implementing identity proofing using eID means according to ETSI TS 119 461 as a service.

The main benefit of using this service is:

• No need for User/Signer onboarding/enrolment (utilizing existing eID means)
• The signed contents are anonymous – Buypass has no knowledge of the contents
• Any data can be signed, only the hash (DTBS/R) is sent to Buypass
• The signature requestor (the SCASP) can request either Qualified or Advanced Electronic Signatures

Buypass accepts any eID means satisfying eIDAS LoA High or Substantial if they are notified at such assurance levels in EU or in a national scheme. This gives flexibility and makes the signing service interesting for Partners supporting signing of documents across Europe. No long-term relationship between Buypass and the Signer is necessary.

The BCSS Person Signing services has been designed such that Buypass never have access to the document to be signed (only the DTBS/R). The management of documents, user experience and the signature formats are for the signing Partner (the SCASP) to handle.

The illustration below shows the main flows between the actors in the in service:

The Signer contacts a service provider to sign a document (1). BCSS Person Signing service receives a representation of the data to be signed (2), and a request for user authentication (3). When the user has performed an authentication (4), Buypass will validate the authentication (5) and create a signing key (6), issue the signing certificate (7), and generate the signature (8 & 9).  All this will happen “under the bonnet”.  The signature and some metadata are returned to the signature requestor (10).  

The signature requestor will then package the signature as needed, typically PAdES, JAdES or similar. The signing certificate is issued by Buypass using a CA registered on the EU Trusted List and accepted by Adobe, thus resulting in full validation in Adobe Acrobat applications. 

The service is well positioned to be used in the eIDAS 2.0 ecosystem around the EUDIW. The service will be explored for this purpose in EUDIW Large Scale Pilots together with our Partners.

The BCSS Person Signing service has been assessed and approved by accredited auditors and the service has been granted qualified status from the national supervisory body.

We’d be delighted to discuss this new service, and opportunities for collaboration with our CSC colleagues. Reach out to Mads Henrikveen, mads.henriksveen@buypass.no, if you would like to know more.