The Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation) created Qualified Web Authentication Certificates (QWACs) (art. 38).
QWACs authenticate websites by providing trusted information about the identity of persons or legal entities behind a website. This information can include the website owner and their main business activities, but also proof that the website complies with the GDPR regulation, a guarantee that transactions conducted through the site are insured, and even a ranking. QWACs thus contribute to creating trust online and to ensuring safety and security of the internet for consumers.
Since December 2018, the European Commission has been discussing with web browsers how to stimulate the uptake of QWACs. In this context, web browsers suggested a technical implementation that decouples QWACs into an attribute certificate and a base certificate, which are cryptographically linked.
To test its feasibility, the Commission runs a pilot project aligned with the requirements of the eIDAS Regulation. This ntQWACs project demonstrates the technical viability of the tested solution, regardless of the web browser used, and the many opportunities and added value that QWACs may bring to end users.
Moving forwards, the Commission will take stock of the implementation of QWACs in the context of revision of the eIDAS Regulation, envisaged for Q4 2020.