Company certificates

Company certificates

Entities operating as Certification Authorities issue different types of electronic certificates for companies. The Authority’s “Certification Policy” describes the characteristics of each type of certificate and the uses for which they are intended.

Without pretending to be exhaustive, below are some of the types of certificates recognised by EU eIDAS Regulation 910/2014:

  • Certificate of signature: Oriented to the signature of natural persons. The signature implies the guarantee of origin and integrity of the signed data, as well as the conformity/consent with said data and legal obligation regarding the content. It is equivalent to the certificate of signature of the natural person of Law 59/2003.
  • Certificate of Seal: Oriented to the seal of legal persons. It is partially similar to the certificate of legal person of Law 59/2003, with the differences:
    • They do not bear a person in charge of the certificate.
    • It is addressed to the seal (guarantee of origin and data integrity).
    • In addition to authenticating the document issued by the legal person, electronic stamps may be used to authenticate any digital assets of the legal person, e.g. software or servers (Recital 65 of the eIDAS Regulation).
    • Where a transaction requires a qualified electronic seal of a legal person, a qualified electronic signature of the authorised representative of the legal person should also be acceptable. (Recital 58 of the eIDAS Regulation). Not the other way around.
  • Web authentication certificate: Aimed at linking the website to the natural or legal person holding the certificate.
  • Unqualified certificate: May be aimed at both natural and legal persons, components, SSL. For the natural person it is not intended to be used as it is not included in the current legislation (Law 39/2015), by not providing the same guarantees as qualified certificates, such as being subject to lighter supervision, the requirements for verifying the identity of the person to whom the certificate is issued, or providing the status of validity or revocation in an automated, reliable, free and efficient manner. etc.

As defined in the regulation, other types can be defined according to the scope they cover and knowing that they will always be one of the above, such as:

  • The certificate of belonging to a company is a certificate of legal person which, in addition to the identity of the holder, attests its connection with the entity for which it works, by virtue of the position it holds in it. Personal certificates offer the advantage of containing additional information about the company to which the person belongs. This can be requested by the natural person holding the certificate itself, provided that it is authorised by a representative of the entity or by the company itself in favour of its employees. Uses:
    • To sign all kinds of documents, guaranteeing the identity of the issuer, the non-repudiation of origin, the integrity and confidentiality of the content.
    • Ensure the authentication of your holder in an access control.
  • The certificate of representative, in addition to belonging to a company, also certifies the powers of representation which the holder has over it. In other words, the holder of the certificate is identified not only as a natural person belonging to a company, but also as its manager. With this certificate you can carry out procedures for bonuses for training actions, State Tax Agency, etc.
  • The Electronic Invoice certificate is a recognised certificate of natural person with representative powers of an organization only to sign Electronic Invoices.
  • There are many other types depending on the scope they cover.