Certificate Number: ETS 043
Scope: On the request Digidentity B.V. (hereafter referred to as: Digidentity), the annual certification audit on all areas and processes was performed by BSI Group The Netherlands B.V. (John M. Keynesplein 9, 1066 EP Amsterdam, The Netherlands).
The full audit covered all applicable requirements from the audit criteria listed below (see “Audit Information”) and are defined Digidentity’s Statement of Applicability, dated 19 November 2024, and the Overview of applicability.
The scope of the assessment comprised the following Trust Service Provider component services:
-,,Registration Service
-,,Certificate Generation Service
-,,Dissemination Service
-,,Revocation Management Service
-,,Revocation Status Service
-,,Subject Device Provision Service
The TSP component services are performed, partly or completely by subcontractors under the final responsibility of Digidentity.
These TSP component services are being provided for the following trust services:
-,,Issuance of public key certificates (non-qualified trust service) in accordance with the policies: NCP, NCP+, OVCP
The certificates are issued through the issuing Certification Authorities, as specified below:
Root CA: Staat der Nederlanden Private Root CA - G1 (not in scope)
Domain CA: Staat der Nederlanden Private Services CA - G1 (not in scope)
-,,Issuing CA: Digidentity PKIoverheid Private Services CA – G1
Sha256 Fingerprint:
BFE8F634772B0EC2CD2A41A17FC7612577D7E24F934073DEC89A991B6169687E
+,,Private Server (OID 2.16.528.1.1003.1.2.8.6), in accordance with policy NCP
Root CA: Staat der Nederlanden Root CA - G3 (not in scope)
Domain CA: Staat der Nederlanden Organisatie Persoon CA - G3 (not in scope)
-,,Issuing CA: Digidentity BV PKIoverheid Organisatie Persoon CA - G3 (OID 2.16.528.1.1003.1.3.5.8.2)
Sha256 Fingerprint:
533FE97EB45FCED24049E41EFE9DB254A5DD9D90DFD53C9512C6207EDB21D82C
+,,Authentication (OID 2.16.528.1.1003.1.2.5.1), in accordance with policy: NCP+
Domain CA: Staat der Nederlanden Burger CA - G3 (not in scope)
-,,Issuing CA: Digidentity BV PKIoverheid Burger CA – 2021 (OID 2.16.528.1.1003.1.3.3.2.1)
Sha256 Fingerprint:
9C64E24D2CAAA8DD45EF99BA62277CEEE6005C663624514B8C770E2D075BB611
+,,Authentication (OID 2.16.528.1.1003.1.2.5.1), in accordance with policy: NCP+
Domain CA: Staat der Nederlanden Organisatie Services CA - G3 (not in scope)
-,,Issuing CA: Digidentity BV PKIoverheid Organisatie Services CA - 2021 (OID 2.16.528.1.1003.1.3.5.8.3)
Sha256 Fingerprint:
827A6B205D2E73FF379286DD0B2DED5AEC7239EFE6BC8CACB03ABCCD84B95750
+,,Authentication (OID 2.16.528.1.1003.1.2.5.4) in accordance with policy: NCP+
Root CA: Staat der Nederlanden - G4 Root Priv G-Other - 2024
Intermediate CA: Staat der Nederlanden - G4 Intm Priv G-Other NP - 2024 (not in scope)
-,,Issuing CA: Digidentity - G4 PKIo Priv G-Other LP - 2024
Sha256 Fingerprint:
766C5B1A8865574C41887CBE356B82E2FE05039E2C7B851DB8AD2D311F0D2CCF
+,,Authentication (NCP+) - OID 2.16.528.1.1003.1.2.44.16.11.8
+,,Professional authentication (NCP+) - OID 2.16.528.1.1003.1.2.44.16.12.8
Intermediate CA: Staat der Nederlanden - G4 Intm Priv G-Other LP - 2024 (not in scope)
-,,Issuing CA: Digidentity - G4 PKIo Priv G-Other LP - 2024
Sha256 Fingerprint:
766C5B1A8865574C41887CBE356B82E2FE05039E2C7B851DB8AD2D311F0D2CCF
+,,Authentication (NCP/NCP+) - OID 2.16.528.1.1003.1.2.44.16.25.8
Root CA: Digidentity SSCD Root CA
Sha256 Fingerprint:
C20451BD93D8FD6D0C43CD5CE832877FD5614055875126D170910E1209C9B77D
-,,Issuing CA: Digidentity Personal Qualified CA
Sha256 Fingerprint:
03E1AAEF72329B4DA1FCF0BA75FCB7B2F2F34B25AADE701AAAEACC0F65A3B4C4
+,,Authentication (OID 1.3.6.1.4.1.34471.3.1.1), in accordance with policy NCP+
-,,Issuing CA: Digidentity Business Qualified CA
Sha256 Fingerprint:
21E5D8CFBC2430AA45AD86D38394AE97B359C0E88835E4DE5E0AD1CE92A8201D
+,,Authentication (OID 1.3.6.1.4.1.34471.3.2.1), in accordance with policy NCP+
-,,Issuing CA: Digidentity Personal Advanced CA
Sha256 Fingerprint:
E152892576F4B40B1496F60F6711AA14C2AD54BAFE355331EE6E47397301E962
+,,Authentication (OID 1.3.6.1.4.1.34471.3.3.1), in accordance with policy NCP+
+,,Non-Repudiation (OID 1.3.6.1.4.1.34471.3.3.3), in accordance with policy NCP+
The Certification Authority processes and services are documented in the following documents:
-,,Certificate Practice Statement - PKIoverheid certificates, 2024v3, 21 November 2024, valid from: 28 November 2024
-,,PKI Disclosure Statement –PKIoverheid certificates, 2024v3, 21 November 2024, valid from: 28 November 2024
-,,Certificate Policy & Certificate Practice Statement Digidentity Certificates, 2024v3, 21 November 2024, valid from: 28 November 2024
-,,PKI Disclosure Statement - Digidentity Certificates, 2024v3, 21 November 2024, valid from: 28 November 2024
Our annual certification audit was performed in October and November 2024.
The result of the full audit is that based on the objective evidence collected during the certification audit for the period from 1 November 2023 through 31 October 2024, the areas assessed for:
-,,Issuance of public key certificates (non-qualified trust service), in accordance with the policies: NCP, NCP+.
were generally found to be effective, based on the applicable requirements defined in Digidentity’s Statement of Applicability, dated 19 November 2024, and the Overview of applicability.
We confirm that the following identification method(s) provide equivalent assurance in terms of reliability to physical presence, pursuant to Regulation (EU) 910/2014 (eIDAS) article 24, paragraph 1a, sub d, for the trust services (and Identity Proofing Context) covered by this Certificate of Conformity:
+,,Digidentity Remote Identity Proofing Level of Assurance 3 – EU Advanced or eIDAS Substantial”, supporting the ETSI TS 119461 Use Cases for Unattended remote identity proofing (9.2.3): "Hybrid manual and automated operation" (9.2.3.3)" and Automated Operation (9.2.3.4), and (where applicable) “Identity proofing of Legal Person” (9.3); and “Identity proofing of Natural Person representing Legal Person” (9.4).
Statement on the issuance of S/MIME certificates:
Issuing CAs in scope of certification are technically capable of issuing S/MIME certificates. On the request of Digidentity, we performed audit procedures to confirm that ETSI TS 119 411-6 V1.1.1 (2023-08) is not applicable. This is because from the CAs in scope of certification:
-,,We have not observed that S/MIME certificates have been issued in the audit period
-,,Controls are in place to prevent the issuance of S/MIME certificates.
Audit information:
Audit criteria:
-,,Regulation (EU) N 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC, Chapter III – Trust Services
-,,ETSI EN 319 401 v3.1.1 (2024-06) General Policy Requirements for Trust Service Providers
-,,ETSI EN 319 411-1 v1.4.1 (2023-10) Electronic Signatures and Infrastructures (ESI) - Policy and security requirements for Trust Service Providers issuing certificates - Part 1: General requirements, for the policies: NCP, NCP+
Subordinate to ETSI EN 319411-1:
-,,ETSI TR 119 461 v1.1.1 (2021-07): Electronic Signatures and Infrastructures (ESI); Policy and security requirements for trust service components providing identity proofing of trust service subjects
-,,CA/Browser Forum – Network and Certificate System Security Requirements v2.0 (5 June 2024)
-,,PKIoverheid Programme of Requirements, version 5.0, 1 June 2024, parts: G3 Legacy Organization Person certificates (previously 3a), G3 Legacy Organization Services certificates (previously 3b), G3 Legacy Citizen certificates (previously 3c), Private Server certificates (previously 3h)
Audit Period of Time:
1 November 2023 through 31 October 2024
Audit performed:
October and November 2024
Information and Contact:
BSI Group the Netherlands B.V., John M. Keynesplein 9, 1066 EP Amsterdam, NL
