Qualified Certificates

Qualified Certificates

Qualified Website Authentication Certificates (QWAC) and Qualified Certificates for Electronic Seals (QSeals) comply with EU data security standards and regulations, including eIDAS and PSD2

eIDAS and PSD2 standards are aimed at enhancing trust in electronic transactions across the EU. eIDAS applies to any business, whereas PSD2 rules are specific to EU banking/financial services institutions.

Qualified Certificates can only be issued by a Qualified Trust Service Provider (QTSP) recognized under eIDAS. Entrust Europe is recognized as a QTSP and has undergone the appropriate eIDAS conformity assessments in order to be able to provide Qualified Certificates for Website Authentication. View Entrust Europe on the EU Trust List.

European organizations can secure their communications with an eIDAS-compliant QWAC to demonstrate their compliance with European eIDAS guidelines. Qualified Certificates are available across all EU countries

Qualified Certificates


PSD2-compliant Qualified Website Authentication Certificates (QWACs) provide secure, encrypted communications as required by the EU RTS standards.

PSD2 QWACs enable organizations – specifically financial services institutions
and PSPs – to get the highest level of trust and identity assurance in accordance with PSD2 regulations.

  • Highest level of authentication is required to secure the open banking APIs used for transferring private data when making payments or transferring money.
  • PSD2 QWACs are required for website authentication so Account Servicing Payment Services Providers (ASPSPs) and Third Party Providers (TPPs) can be certain of each other’s identity.

Verification requirements

PSD2 QWAC certificates follow the EV verification guidelines and require the
following additional information:

  1. Authorization number of the TPP, found in the public registers of the NCA (National Competent Authority)
  2. The role(s) of the TPP, which may be one or more of the following:
    • ASPSP (Account-Servicing Payment Service Provider)
    • PSIP (Payment Initiation Service Provider)
    • AISP (Account Information Service Provider)
    • Issuing of card-based payment instruments
  3. Name of the competent authorities where the TPP is registered
  4. Name of the issuing CA/QTSP is listed on the certificate
  5. Traditional EV certificate requirements:
    • Name of certificate owner
    • Domain verification
    • Organization identity
    • Legal identity of organization controlling the website
    • Validity period



  • Enable all organizations to provide high assurance certificates for online
    transactions in accordance with eIDAS standards.
  • Encrypt sensitive data and identify European organizations to users.

Verification requirements:

eIDAS QWACs follow the same EV verification guidelines as PSD2 QWACs,
plus they require a face-to-face validation with a company’s legal representative.

Qualified Seal Certificates (QSealC)

Entrust PSD2 QSeal Certificates seal the data that is sent between organizations – specifically financial institutions – ensuring the origin of the data and that it has not been modified while in transit. The act of sealing data in communication with third parties is highly recommended for its benefits of proof and identity in PSD2 transactions.
Entrust PSD2 QSeal Certificates are delivered as PEM-encoded files. They can be used to generate Advanced Seals as defined by eIDAS.

PSD2 QSeal Certificates comply with:

  • Article 34 of RTS
  • ETSI TS 119 495

The PSD2 QSeal Certificate can be combined with our PSD2 Qualified Website Authentication Certificate (QWAC) to encrypt data in transit and ensure full compliance with PSD2.

Read more about PDS2 from Entrust web site

QWAC (PSD2 ja eIDAS) features and benefits

  • PSD2 and eIDAS compliant
  • End-to-end data encryption between the server and client
  • Strongest security, meeting latest guidelines:
    • SHA-2/2048-bit keys
    • 128-256-bit encryption
    • Supports RSA encryption
  • Authentication and integrity
  • Unlimited reissues
  • Unlimited server licenses
  • Up to 250 SANs supported
  • 13-month term
  • Centrally managed in Entrust Certificate Services (ECS) portal

PSD2 QSealC features and benefits

  • PSD2 and eIDAS compliant
  • Timestamping
  • Scalable signing to your organization’s needs
  • Tamperproof communicationand storage
  • Authentication and integrity
  • Automatic certificate expiration notifications
  • 12-month term
  • Supported key delivery method: PEM-encoded certificate file
  • Centrally managed in Entrust Certificate Services (ECS) portal