Scope
On the request of Signicat AS (hereafter referred to as: Signicat), the certification audit on all areas and processes was performed by BSI Group The Netherlands B.V. (John M. Keynesplein 9, 1066 EP Amsterdam, The Netherlands).
The audit covered all applicable requirements from the audit criteria listed below (see “Audit Information”) and are defined in Signicat’s Statement of Applicability, dated 12 June 2025 and the Overview of Applicability.
The scope of the assessment comprised the following Trust Service Provider component services:
-,,Time-stamping provision: This service component generates time-stamps.
-,,Time-stamping management: This service component monitors and controls the operation of the time-stamping services to ensure that the service provided is as specified by the TSA.
These TSP component services are being provided for the following qualified trust service as defined in Regulation (EU) 910/2014 (eIDAS):
-,,Issuance of qualified electronic time-stamps (qualified trust service)
Qualified Time-Stamps are issued by Time-Stamping Unit (TSU) specified below:
Issuing CA (Not in scope of this audit): CN=Buypass Class 3 CA G2 HT Business,O=Buypass AS,ORG_ID=NTRNO-983163327,C=NO
-,,Issuing TSU: ORG_ID=NTRNO-989584022,CN=Signicat QTSA CC 2024 v1,O=SIGNICAT AS,C=NO
Sha256 Fingerprint:
3C930BBB5105B224D09FA5AE4D08C927A20534859E9A725FB7BEB755CCEF3F8E
The TSP component services are documented in the following Signicat Trust Service Practice Statement(s):
-,,Signicat-TSP001 Disclosure statement & Terms and conditions, version 2.2, 28-05-2025
-,,Signicat-TSP002 Time-stamp policy and Practice statement ETSI 319 421, v2.3, 2025-06-04
Our certification audit was performed in June 2025. The result of the audit is that we conclude, based on the objective evidence collected during the certification audit from 1 June 2024 through 31 May 2025, the areas assessed during the audit for the issuance of qualified electronic time stamps (qualified trust service), were generally found to be effective, based on the applicable requirements defined in Signicat’s Statement of Applicability, dated 12 June 2025 and the Overview of Applicability.
Audit information:
Audit criteria
-,,ETSI EN 319 401 v3.1.1 (2024-06) General Policy Requirements for Trust Service Providers;
-,,ETSI EN 319 421 v1.2.1 (2023-05) Electronic Signatures and Infrastructures (ESI); Policy and Security Requirements for Trust Service Providers issuing Time-Stamps;
-,,Regulation (EU) N 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC, Chapter III – Trust Services
Audit Period of Time
1 June 2024 through 31 May 2025
Audit performed:
June 2025
Information and Contact:
BSI Group the Netherlands B.V., John M. Keynesplein 9, 1066 EP Amsterdam, NL