OpenLobby.EU
Explore

Asociación de Prestadores Cualificados de Servicios de Confianza de España

APCSCE

Sus fines son fomentar el adecuado desarrollo de nuestro sector, contribuyendo así a los intereses generales de la sociedad a la que pertenecemos.

Lobbying Activity

Response to Sequential recording of data into qualified electronic ledgers

3 Oct 2025

ASEPEC is the Association of Spanish Trust Service Providers. ASEPEC is a non-profit organization. The Association has 37 QTSPs. ASEPEC also include the Spanish CABs and other interesrted parties as well. ASEPEC welcomes the release of the draft proposal for the Implementing Acts and appreciates the opportunity to provide feedback about them.
Read full response

Response to Conformity Assessment Bodies accreditation

18 Jul 2025

ASEPEC is the Spanish Trust Service Provider Association. >>> Recital 7 >>> We propose to include. Non-critical non-conformities, if properly documented and addressed through a corrective action plan agreed between the conformity assessment body and the applicant, shall not preclude a positive certification decision. >>> Article 4, par. 5 >>> We propose to delete prior. >>> Article 5, par. 4 >>> Delete the paragraph or revise Article 5.4 to apply only to changes that affect the certification of the qualified trust service. >>> Annex II >>> Add ETSI TS 119 411-5 to The issuance of qualified certificates for website authentication. >>> Annex II >>> The implementing acts should explicitly refer to standards for centralized electronic ledgers or at least clearly state that non-distributed electronic ledgers may be qualified even in the current absence of specific standards
Read full response

Response to Conformity standards for non-qualified trust service providers

18 Jul 2025

ASEPEC is the Spanish association of trust service providers. Article 4, par. 3, letter a) Include: verify the identity of the users of the trust service directly or by means of a third party and describe in detail within their Trust Service Practice Statement the identification methods used. Article 2 Add point 6) Non-qualified trust service providers shall inform end users about the risks, limits, of using their respective non-qualified services (e.g.: Warning: Using non-qualified services does not offer the same legal protections as qualified services). Recital 1 We propose to delete Recital 1. The reference to the crucial role in the digital environment conflicts with the notion of lower criticality" Recital 2 makes Recital 1 redundant. Article 4, par. 3, lett. b) Clarification is needed. no indications on how to ensure the security and availability of this data in the long term could generate arbitrary interpretations. Article 5 Recommend setting the applicability of the implementing act to start 12 months after its adoption. ANNEX We propose to replace points 7.3, 7.4, and 7.6 with: 7. TSP Management and Operation. EN 319 401, establishes that the document addresses the general requirements for the security management and cybersecurity of trust services both qualified and non-qualified.
Read full response

Response to Trusted Lists

18 Jul 2025

ASEPEC the Spanish Trust Service Association, Regarding the Article 2. we recommend 12 months (instead of 6) for applicability. A transitional period is necessary to allow for the adaptation of both TSPs and SBs. This time is essential to ensure alignment with the revised framework without disrupting existing infrastructures or undermining trust in the services currently used by public authorities and private actors alike.
Read full response

Response to Management of remote qualified signature creation devices as a qualified trust service

13 May 2025

ASEPEC is the Spanish association of certification service providers representing 31 Spanish trust service providers. Article 3 Entry into force of the IA shall be postponed not before 24 months from the publication, leaving time to CABs and laboratories to be prepared, and to QTSPs to adapt their processes and undergo the audit. OVR-A.3-02 [EUSPv2]: Delete the requirement referencing the certification status of the employed QSCDs, without mandating the explicit listing of models or versions in the practice statement. Alternatively, allow flexibility to refer to categories or families of certified QSCDs Newly added. Annex A, section A.6 Signature activation data management sole control SIG-A.6-07A [EUSPv2] [CONDITIONAL]: If the signer is a legal person or a device or system operated by or on behalf of a natural or legal person, clause SRA_SAP.2.7 of EN 419241-1 [3], specifying signature activation data submission shall apply where "sole control" is replaced by "control".
Read full response

Response to Notification of qualified electronic signature & seal creation devices that have been certified by certification bodies

13 May 2025

ASEPEC is the Spanish association of certification service providers representing 31 Spanish trust service providers. NQSCD1 Implementing Regulation Article 2 Entry into force shall be postponed at least 24 months
Read full response

Response to Notification and verification of the initiation of a qualified trust service

13 May 2025

ASEPEC is the Spanish association of certification service providers representing 31 Spanish trust service providers. QTSInitiation1 Implementing Regulation Article 1.2 Add to point (f) where needed after performing on-site verifications.
Read full response