Legal compliance
The eID API architecture and services have been designed to deliver the maximum quality standards according to systems information security, personal data and privacy, electronic signature, e-commerce and information society. We comply with the following standards:
Scope | Regulation | Documents |
---|---|---|
Certification | eIDAS, implementing regulation 2015/1502 Commission Implementing Regulation (EU) 2015/1502 of 8 September 2015 on setting out minimum technical specifications and procedures for assurance levels for electronic identification means pursuant to Article 8(3) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market | 3rd party evaluation VideoID with high level of security regarding electronic identification means |
Certification | Regulation 910/2014 regarding Electronic identification and eTrust services to electronic transactions in internal markets. Directive 1999/93/CE of European Parliament |
European Regulation 910/2014 Directive 1999/93/CE of European Parliament |
eTrust 3rd Parties | Electronic Signature e-Commerce and Information Society |
Law 59/2003, of 19 of December of Electronic signature Law 34/2002, of 11 of July of Society Information Services and electronic commerce |
Privacy | Organic Law 15/1999 of Personal Data Protectiona | Privacy Policy |
Privacy | Personal Data Protection | European AWS Customer Agreement AWS Amendment to Customer Agreement about privacy Spanish laws |
Physical and Logic Security | SOC, PCI DSS, CSA, ISO 27001 | AWS Compliance |
Code Security | Open Web Application Security Project Methodology OWASP | Penetration Testing Audit |