Certificate Number: ETS 081
Scope: On the request of GlobalSign NV/SA (hereafter referred to as: GlobalSign), the certification audit on all areas and processes was performed by BSI Group The Netherlands B.V. (John M. Keynesplein 9, 1066 EP Amsterdam, The Netherlands).
The audit covered all applicable requirements from the audit criteria listed below (see “Audit Information”) and are defined in GlobalSign’s Statement of Applicability, dated 6 May 2025 and the Overview of Applicability 2025, and the Statement of Applicability 27 October 2025 for the scope extension and modification.
The scope of the assessment comprised the following Trust Service Provider component services:
-,,Registration Service;
-,,Certificate Generation Service;
-,,Dissemination Service;
-,,Revocation Management Service;
-,,Revocation Status Service;
-,,Subject Device Provision Service;
This includes operating a remote QSCD / SCDev, where electronic signature creation data is generated and managed on behalf of the signatory.
These TSP component services are being provided for the following qualified trust service(s) as defined in Regulation (EU) 910/2014 (eIDAS):
-,,Issuance of qualified certificates for electronic signatures (qualified trust service), in accordance with the policies: QCP-n, QCP-n-qscd
-,,Issuance of qualified certificates for electronic seals (qualified trust service), in accordance with the policy: QCP-l, QCP-l-qscd
-,,Issuance of qualified certificates for website authentication (qualified trust service), in accordance with policies QEVCP-w, QCP-w-psd2;
In providing the (qualified) trust services, the TSP shares resources as coordinated by its parent company GMO GlobalSign Holdings K.K. in Japan. This includes providing and maintaining trust service component services, with the relevant operations, procedures, IT-infrastructure and applications.
The PKI component activities take place at different locations and are all performed by GMO GlobalSign group companies, under supervision of the TSP's Policy Authority and Governance & Compliance:
-,,Belgium, Leuven (Policy Authority, Governance & Compliance)
-,,UK, London (Office, software development, IT operations)
-,,UK, London (Datacenter for Certificate Generation Service and Registration/Revocation Management Service production systems)
-,,UK, Maidstone (Office: Registration/Revocation Management Service operations, support processes)
-,,Singapore (Office: Key management and Cryptographic controls)
-,,Singapore (Datacenter for Certificate Generation Service, Certificate Status Service production systems)
-,,Japan, Tokyo (Office: software development, IT operations, Governance & Compliance)
-,,Japan, Tokyo (Datacenter for Registration/Revocation Management Service production systems)
-,,India, New Delhi (Office: Registration/Revocation Management Service operations, support processes)
-,,Philippines, Makati City (Office: Registration/Revocation Management Service operations, support processes)
The certificates are issued through the issuing certification authorities, as specified below:
-,,GlobalSign Atlas E45 Qualified Remote Signing CA 2020
Sha256 Fingerprint:
5CB0FDEF052BD18A0A40ADA2235F46EB42B6D0993ED5A50DE47E3EA12FF191B1
+,,Qualified certificates for electronic signatures, QCP-n
+,,Qualified certificates for electronic seals, QCP-l
-,,GlobalSign Atlas R45 Qualified Remote Signing CA 2020
Sha256 Fingerprint:
323F35F0DFB01D6B478C24026C66852AAD3E96DCB1C5BE17C1DA1EC47D77CC87
+,,Qualified certificates for electronic signatures, QCP-n
+,,Qualified certificates for electronic seals, QCP-l
-,,GlobalSign Atlas R45 Qualified Remote Signing CA 2024
Sha256 Fingerprint:
5F4DE9476933306D850B530E01F543E70B461D48E402188F4E500679C304ED22
+,,Qualified certificates for electronic signatures, QCP-n
+,,Qualified certificates for electronic seals, QCP-l
-,,GlobalSign Atlas R45 Remote QSCD Delegated RA CA 2022
Sha256 Fingerprint:
AD304215A70BF5D06E84973BF49862F10CFF490DA9C97D1D6FA6934F8E3C98AF
+,,Qualified certificates for electronic signatures, QCP-n-qscd
+,,Qualified certificates for electronic seals, QCP-l-qscd
-,,GlobalSign GCC E45 Qualified Signing CA 2020
Sha256 Fingerprint:
35E9429CDE680D8D5311CDD46FAEF0AEE694B0556C3D69C4F670E243D64C87FE
+,,Qualified certificates for electronic signatures, QCP-n
+,,Qualified certificates for electronic seals, QCP-l
-,,GlobalSign GCC R45 Qualified Signing CA 2020
Sha256 Fingerprint:
4E1474CFEB41D048C7E1E2C975D69AD3FD739BD44577A80D0432F233D51C5C77
+,,Qualified certificates for electronic signatures, QCP-n
+,,Qualified certificates for electronic seals, QCP-l
-,,GlobalSign GCC E45 Qualified QSCD Signing CA 2020
Sha256 Fingerprint:
8115E2CB4F04E56EA70EA932D0622831DD53B22BF6A93B3ACD9125FAB0374AF1
+,,Qualified certificates for electronic signatures, QCP-n-qscd
+,,Qualified certificates for electronic seals, QCP-l-qscd
-,,GlobalSign GCC R45 Qualified QSCD Signing CA 2020
Sha256 Fingerprint:
1B728D4A76506634A11007912F1D8C6B9AA39BE1AFCA49096657CF1FFB4513BF
+,,Qualified certificates for electronic signatures, QCP-n-qscd
+,,Qualified certificates for electronic seals, QCP-l-qscd
-,,GlobalSign GCC R3 EV QWAC CA 2020
Sha256 Fingerprint:
D4A5941C7141ED1949A0C6CE9DD45A0AB94DC337902EB0A1209852738EEBE854
+,,Qualified certificates for website authentication, QEVCP-w, QCP-w-psd2
-,,GlobalSign GCC R46 EV QWAC CA 2025
Sha256 Fingerprint:
C12FE52A74D33B88439FEAFBDCE47EAEEB881A3CA42078FDF13C0FF4E39B8161
+,,Qualified certificates for website authentication, QEVCP-w, QCP-w-psd2
GlobalSign NV/SA provides Trust Service Provider Component Services to Belgian Mobile ID NV (BMID / also known as "Itsme").
The scope comprises the following Trust Service Provider Component Services:
-,,Registration Service (*);
-,,Certificate Generation Service;
-,,Dissemination Service (*);
-,,Revocation Management Service (*);
-,,Revocation Status Service;
-,,Subject Device Provision Service (*);
The Trust Service Provider component services marked with (*) are provided by Belgian Mobile ID SA (BMID) who is subject to conformity assessment by an accredited conformity assessment body. The Trust Service is provided under the final responsibility of Globalsign NV, acting as QTSP.
These TSP component services are being provided for the following qualified trust services as defined in Regulation (EU) 910/2014 (eIDAS):
-,,Issuance of qualified certificates for electronic signatures (qualified trust service), in accordance with the policy: QCP-n-qscd
The certificates are issued through the issuing Certification Authorities, as specified below:
-,,itsme Sign Biometric CA 2025
Sha256 Fingerprint:
05B0258EC83AD20E230A45068E2C821C1C48BF793B32C3D7596D87544F0C1B68
-,,Qualified certificates for electronic signatures, QCP-n-qscd
-,,itsme Sign Non-Biometric CA 2025
Sha256 Fingerprint:
84D62224525C18A2ACCC844196572B80ADA245C5E5D1F9F3AD0E186A6FB9619C
-,,Qualified certificates for electronic signatures, QCP-n-qscd
The TSP component services are documented in the following Certification Practice Statements:
-,,GlobalSign Certificate Policy, version 7.5, 7 March 2025 for the certification audit, and version 7.7, 29 October 2025 for the extension and modification of scope audit.
-,,GlobalSign Certification Practice Statement, version 10.5, 7 March 2025 for the certification audit, and version 7.7, 29 October 2025 for the extension and modification of scope audit.
-,,GlobalSign PKI Disclosure Statement, version 2.1, 7 March 2025
-,,GlobalSign Qualified Signing Service Practice Statement, version 1.1, 7 March 2025
Our certification audit was performed in February, March and April 2025. The result of the audit is that we conclude, based on the objective evidence collected during the certification audit from 1 April 2024 through 31 March 2025, the areas assessed during the audit for the:
-,,Issuance of qualified certificates for electronic signatures (qualified trust service), in accordance with the policies: QCP-n, QCP-n-qscd
-,,Issuance of qualified certificates for electronic seals (qualified trust service), in accordance with the policy: QCP-l, QCP-l-qscd
-,,Issuance of qualified certificates for website authentication (qualified trust service), in accordance with policies QEVCP-w, QCP-w-psd2
were generally found to be effective, based on the applicable requirements defined in GlobalSign’s Statement of Applicability, dated 6 May 2025 and the Overview of Applicability 2025.
The extension and modification of scope audit was performed in October 2025, and the conclusion is that, based on the objective evidence collected and the areas assessed during the audit for the:
-,,Issuance of qualified certificates for electronic seals (qualified trust service), in accordance with the policy: QCP-l
-,, Issuance of qualified certificates for electronic signatures (qualified trust service), in accordance with the policy: QCP-n, QCP-n-qscd
were generally found to be effective, based on the applicable requirements defined in GlobalSign’s Statement of Applicability 27 October 2025 for the scope extension and modification.
Audit information:
Audit criteria
-,,Regulation (EU) N 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC, Chapter III – Trust Services (as amended by Regulation .(EU) 2024/1183)
-,,ETSI EN 319 411-2 v2.5.1 (2023-10) Electronic Signatures and Infrastructures (ESI) - Policy and security requirements for Trust Service Providers issuing certificates;- Part 2: Requirements for trust service providers issuing EU qualified certificates, for the policies: QCP-n, QCP-n-qscd, QCP-l, QCP-l-qscd, QEVCP-w
-,,Supplemental to ETSI EN 319411-2:
-,,ETSI EN 319 401 v3.1.1 (2024-06) General Policy Requirements for Trust Service Providers;
-,,ETSI EN 319 411-1 v1.4.1 (2023-10) Electronic Signatures and Infrastructures (ESI) - Policy and security requirements for Trust Service Providers issuing certificates - Part 1: General requirements, for the policies: LCP, NCP, NCP+, PTC, EVCP;
-,,ETSI TS 119 495 v1.7.1 (2024-07) - Electronic Signatures and Infrastructures (ESI); Sector Specific Requirements; Certificate Profiles and TSP Policy Requirements for Open Banking, for the policies: QCP-l-qscd, QEVCP-w, QCP-w-psd2.
Audit criteria for the scope extension and modification (October 2025):
-,,Regulation (EU) N 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC, Chapter III – Trust Services (as amended by Regulation .(EU) 2024/1183)
-,,ETSI EN 319 401 v3.1.1 (2024-06) General Policy Requirements for Trust Service Providers;
-,, ETSI EN 319 411-1 V1.5.1 (2025-04) Electronic Signatures and Trust Infrastructures (ESI); Policy and security requirements for Trust Service Providers issuing certificates; Part 1: General requirements
-,, ETSI EN 319 411-2 V2.6.1 (2025-06) Electronic Signatures and Trust Infrastructures (ESI); Policy and security requirements for Trust Service Providers issuing certificates; Part 2: Requirements for trust service providers issuing EU qualified certificates
Audit Period of Time:
1 April 2024 through 31 March 2025
Audit performed:
February, March and April 2025
October 2025 (scope extension and modification)
