
Article 1 

1. The standards for the security assessment of information technology products that apply to the certification of qualified electronic signature creation devices or qualified electronic seal creation devices according to point (a) of Article 30(3) or 39(2) of Regulation (EU) No 910/2014, where the electronic signature creation data or electronic seal creation data is held in an entirely but not necessarily exclusively user-managed environment are listed in the Annex to this Decision.
2. ... Where a qualified trust service provider manages the electronic signature creation data or electronic seal creation data on behalf of a signatory or of a creator of a seal, the certification of such products shall be based on a process that, pursuant to Article 30(3)(b), uses security levels comparable to those required by Article 30(3)(a) ....
Article 2 
Decision 2003/511/EC is hereby repealed.
Article 3 
This Decision shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.
Done at Brussels, 25 April 2016.
For the Commission
The President
Jean-Claude JUNCKER
ANNEX


— ISO/IEC 15408 — Information technology — Security techniques — Evaluation criteria for IT security, Parts 1 to 3 as listed below:

— ISO/IEC 15408-1:2009 — Information technology — Security techniques — Evaluation criteria for IT security — Part 1. ISO, 2009.
— ISO/IEC 15408-2:2008 — Information technology — Security techniques — Evaluation criteria for IT security — Part 2. ISO, 2008.
— ISO/IEC 15408-3:2008 — Information technology — Security techniques — Evaluation criteria for IT security — Part 3. ISO, 2008,and
— ISO/IEC 18045:2008: Information technology — Security techniques — Methodology for IT security evaluation,
and
— EN 419 211 — Protection profiles for secure signature creation device, Parts 1 to 6 — as appropriate — as listed below:
— EN 419211-1:2014 — Protection profiles for secure signature creation device — Part 1: Overview
— EN 419211-2:2013 — Protection profiles for secure signature creation device — Part 2: Device with key generation
— EN 419211-3:2013 — Protection profiles for secure signature creation device — Part 3: Device with key import
— EN 419211-4:2013 — Protection profiles for secure signature creation device — Part 4: Extension for device with key generation and trusted channel to certificate generation application
— EN 419211-5:2013 — Protection profiles for secure signature creation device — Part 5: Extension for device with key generation and trusted channel to signature creation application
— EN 419211-6:2014 — Protection profiles for secure signature creation device — Part 6: Extension for device with key import and trusted channel to signature creation application
