Certifications, qualifications and accreditations
Namirial’s trust services comply with eIDAS, ETSI EN 319 standards, ISO 9001, ISO 27001, ISO 27017, and ISO 27018, ensuring quality, security, and operational continuity. These certifications confirm the Group’s commitment to transparency and data protection worldwide.
ISO and International Certifications
QUALITY MANAGEMENT SYSTEM
INFORMATION SECURITY MANAGEMENT SYSTEM
GREENHOUSE GASES – CARBON FOOTPRINT OF PRODUCTS
Namirial SpA
ISO 14067:2018 – Verification Opinion – attachment IT335963-2 of 03/10/2025 regarding the total Product Carbon Footprint (CFP) of the Namirial signature, for an average document signature sent by a single user to a single signer, issued by Bureau Veritas for calendar year 2024.
Namirial SpA
ISO 14067:2018 – Verification Opinion – attachment IT345580-1 of 09/09/2025 regarding the total Product Carbon Footprint (CFP) of the Namirial PEC, for an average envelope sent from a sender to a recipient, issued by Bureau Veritas for calendar year 2024.
Namirial SpA
ISO 14067:2018 – Verification Opinion – attachment IT345580-1 of 09/09/2025 regarding the total Product Carbon Footprint (CFP) of the Namirial onboarding, for a standard identification of a customer carried out by an operator, issued by Bureau Veritas for calendar year 2024.
SYSTEM AND ORGANITAZION CONTROL (SOC)
Namirial SpA
Namirial has obtained SOC 2 Type II certification, confirming that it has implemented effective controls for security, availability and data protection.
EU Certifications
Namirial
Namirial is Qualified Trust Service Provider (QTSP), as defined by eIDAS, for the services:
- issuance of the qualified certificate for electronic signature (QCert for ESig)
- issuance of the qualified certificate for the electronic seal (QCert for ESeal)
- issuance of the qualified time stamp (QTimestamp)
- preservation of Qualified Electronic signatures and Qualified Electronic seals
- qualified electronic registered delivery service (QERDS)
- management of remote qualified electronic signature and seal creation devices (rQSCD)
Namirial is certified ETSI TS 119 461 v2.1.1 with Namirial Onboarding Platform
Uanataca
Uanataca is a Qualified Trust Service Provider (QTSP), as defined by eIDAS, for the following services:
- issuance of the qualified certificate for electronic signature (QCert for ESig)
- issuance of the qualified certificate for the electronic seal (QCert for ESeal)
- issuance of the qualified time stamp (QTimestamp)
Evicertia
Evicertia is a Qualified Trust Service Provider (QTSP), as defined by eIDAS, for the following services:
- certified communication
- issuance of the qualified time stamp (QTimestamp)
Compliant with the EU eIDAS Regulation
Certificate issued by CERTICAR
Netheos
Netheos is certified by LSTI for the following services:
- issuance of the qualified certificate for electronic signature (QCert for ESig)
- issuance of the qualified certificate for the electronic seal (QCert for ESeal)
Universign
Universign is Qualified Trust Service Provider (QTSP), as defined by eIDAS, for the services:
- issuance of the qualified certificate for electronic signature (QCert for ESig)
- issuance of the qualified certificate for the electronic seal (QCert for ESeal)
- qualified validation service for qualified electronic signature (QVal for QESig)
- qualified preservation service for qualified electronic signature (QPres for QESig)
- qualified validation service for qualified electronic seal (QVal for QESeal)
- qualified preservation service for qualified electronic seal (QPres for QESeal)
- qualified time stamping (QTimestamp)
Universign is certified by LSTI for the following services:
Vialink
Vialink is Qualified Trust Service Provider (QTSP), as defined by eIDAS, for the services:
- issuance of the qualified certificate for electronic signature (QCert for ESig)
- issuance of the qualified certificate for the electronic seal (QCert for ESeal)
Vialink is certified by LSTI for the following services:
Validated ID
Validated ID is Qualified Trust Service Provider (QTSP), as defined by eIDAS, for the services:
- issuance of the qualified certificate for electronic signature (QCert for ESig)
- issuance of the qualified certificate for the electronic seal (QCert for ESeal)
- issuance of the qualified time stamp (QTimestamp)
Compliant with the EU eIDAS Regulation
QCert for ESig
QCert for ESeal
QTimestamp
Certificate issued by DEKRA Testing and Certification S.A.U.
Compliant with the EU eIDAS Regulation
REMOTE QUALIFIED ESig and ESeal for:
QCert for ESeal (Centralized)
QCert for ESig (Centralized)
Certificate issued by DEKRA Testing and Certification S.A.U.
Ivnosys
Ivnosys is Qualified Trust Service Provider (QTSP), as defined by eIDAS, for the services:
- issuance of the qualified certificate for electronic signature (QCert for ESig)
- issuance of the qualified certificate for the electronic seal (QCert for ESeal)
- qualified time stamping (QTimestamp)
- qualified electronic registered delivery service (QeRDS)
Ivnosys is certified by Certeidas for the Trustworthy server signing service:
Ivnosys is certified by A-SIT for Qualified Signature and Seal Creation Device (QSCD):
National Certifications
Italy
Electronic Identification
Namirial provides electronic identification trust services, according to:
- Art. 24 of Regulation (EU) 910/2014 eIDAS
- Decree of the President of the Council of Ministers of October 24, 2014
- Technical requirements defined by the Commission in EU Implementing Regulation 2015/1502
SPID Digital Identification Trust Services
Certificate issued by BUREAU VERITAS
Digital Identity
Accredited by the Italian government according to European eIDAS standards
Long Term Archiving
Long-term archiving services are regulated by the qualification and supervision of the Agency for Digital Italy (AgID). Namirial has been providing Long Term Archiving service since 2010.
Long Term Archiving Provider
Qualified by the Italian government
Namirial’s archiving service is also SaaS level QC2 qualified at ACN and listed in the Catalog of Digital Infrastructure and Cloud Services.
Qualified by Agency of National Cybersecurity
Electronic Registered Delivery
Electronic Registered Delivery services by registered mail are regulated by the accreditation and supervision of the Agency for Digital Italy (AgID). Namirial is one of the service providers accredited by AgID for PEC accounts and has been providing the Postal Security service since 2007.
Registered email Provider
Accreditated by the Italian Government
Romania
Long Term Archiving
Namirial’s Long Term Archiving solution has been accredited by the Digitization Authority of Romania for the management of electronic archives.
Digitization Authority of Romania: Data Center. Electronic Archiving
Remote video identification
Namirial has been accredited as a service provider for remote video identification according to the guidelines established by the Digitization Authority of Romania. With this accreditation Namirial is able to remotely identify people via video in Romania.
Digitization Authority of Romania: remote identification by video tools
France
Remote identity verification
Namirial has been recognized as a substantially certified remote identity verification (PVID) service provider by the French National Agency for Information Systems Security (ANSSI) for its Netheos solution. This certification enables companies subject to AML/CFT requirements to ensure their compliance: choosing a PVID-certified solution is necessary to meet regulatory requirements for KYC processes.
Remote Identity Verification Policy
Long Term Archiving
Namirial has obtained NF 461 certification, issued by AFNOR, which certifies that the electronic archiving system (SAE) complies with the fundamental principles for the management, storage and use of electronic documents, ensuring their integrity, security and legal validity throughout their life cycle.
Namirial has received authorisation from the Prefect of Paris to provide storage services for current and intermediate archives to French public administrations.
Certification of the electronic archiving system
Service providers authorised to store current and intermediate public archives on digital media
Health Data Hosting Provision
The HDS certification is required for cloud service providers hosting personal health data, regulated by French law and collected for the provision of preventive, diagnostic and other healthcare services. The HDS regulation was issued by ANS (Agence du Numérique en Santé) which, under the French Ministry of Health, is responsible for promoting e-health solutions in France. In order to become HDS certified, service providers must implement security and privacy measures that safeguard patients’ personal health information. As part of these measures, we employ strong authentication and authorization procedures, robust backup systems, and strong encryption.
Health Data Hosting Provision
Namirial is HDS certified (Hébergeur de Données de Santé – Health Data Hosting).
HDS is a French certification that attests compliance of service providers with the highest standards of security, protection, and management of health data, required for hosting health data in France.
Namirial guarantees that no personal health data will be transferred outside the European Economic Area.
Certificate NAMIRAL SPA – 28254784 – HDS
Namirial Spa – Chapter 8 HDS – Representation of Guarantees Document
Liste des hébergeurs certifiés | Agence du Numérique en Santé
Germany
GoBD & Assurance for digital preservation
Germany’s GoBD set principles for managing, retaining and auditing tax‑relevant electronic records, ensuring integrity, traceability, immutability and audit‑readiness (see Sections 146–147 AO). GoBD is not a state “certification” but an expected compliance framework. Namirial designs its digital record management and preservation processes in line with these principles. Where required, independent audits can be performed according to recognized assurance standards such as IDW PS 880 (accounting‑related software) and ISAE 3000 (non‑financial information).
Our services are GoBD‑compliant.
Spain
ENS HIGH CATEGORY Certification (Validated ID SLU)
The National Security Scheme (ENS) developed by Royal Decree 311/2022 of May 3 defines the requirements for establishing a security policy in the use of electronic media and thus achieve adequate protection of information and its related systems.
These principles and requirements guarantee the correct level of security that is applicable to both the systems of Public Administrations and their suppliers in the private sector. There are three levels of certification of the ENS: basic, medium and high. The high level gives the maximum security guarantees with respect to the certified systems.
Scope
Information systems that support multichannel electronic signature services (digital certificates, electronic handwritten signatures, agency seals, and remote signatures).
Owned by Validated ID SLU
ENS HIGH CATEGORY Certification (Uanataca SAU)
The National Security Scheme (ENS) developed by Royal Decree 311/2022 of May 3 defines the requirements for establishing a security policy in the use of electronic media and thus achieve adequate protection of information and its related systems.
These principles and requirements guarantee the correct level of security that is applicable to both the systems of Public Administrations and their suppliers in the private sector. There are three levels of certification of the ENS: basic, medium and high. The high level gives the maximum security guarantees with respect to the certified systems.
Scope
Information systems necessary to support the provision of the following trust services: electronic signatures, electronic identification, certificates and company seals, electronic time stamps, certified electronic delivery services, long-term preservation of electronic documents, records, or any electronic content, digital intermediation systems, as well as the creation, verification, preservation, and validation of certificates related to these services provided using proprietary infrastructure hosted in specialized third-party data centers.
Owned by Uanataca SAU
ENS Certificate
ENS MEDIUM CATEGORY Certification (Ivnosys Soluciones SLU)
Legal requirement that generates the necessary conditions for trust in the use of electronic media. To this end, a series of measures are established that guarantee the security of the systems, data, communications, and electronic services, making it possible to exercise rights and comply with duties.
Signaturit VideoID by IVNOSYS
Video-identification tool certified according to the ENS HIGH CATEGORY according to the ICT Security Guide CCN-STIC 140 Annex F.11. API solution that performs unassisted processes of video identification of individuals, for remote onboarding and for identification of e-certificate applicants and for identification of qualified electronic certificate applicants (according to Order ETD/465/2021 of 6 May).
Peru
Digital Trust service provider in Peru (FINISHED ON 31/12/2024)
Ivnosys Soluciones Perú is a Digital Certification Service Provider in Peru accredited by the official body Indecopi. Ivnosys has the IvCert digital signature software in the list of trusted services of Indecopi.
Gender Equality Management System Certification
Gender Equality
Namirial complies with the requirements of the UNI PdR 125:2022 management system standard, which refers to the adoption of measures to ensure gender equality in the work environment in relation to:
- Design, processing and after-sales support of software, management platforms and websites.
- Provision of hosting and collocation services.
- Provision of certified e-mail service.
- Certification authority, timestamping, automatic signature, remote signature, simple and advanced electronic signature and smart card personalization, SPID (in Italy).
- Design and delivery of managed services in Saas, Paas and on premise mode in Enterprise Content Management and paperless business (Business Process Management, document acquisition and transmission, electronic invoicing, document formation, management of archiving and preservation of computerized documents).
Issued by BUREAU VERITAS
Partner Certifications
ADOBE APPROVED TRUST LIST
Namirial is part of the Adobe Approved Trust List (AATL), a program that allows documents to be signed in Adobe Document Cloud solutions using the world’s most trusted digital signature certificates.
AMAZON WEB SERVICES
Namirial has been awarded the AWS Amazon Web Services certification as a company with a proven track record and high technical expertise in cloud infrastructure management.
DATA4 GROUP
Namirial is a partner of Data4 Group, one of Europe’s leading players in the data center market, which operates some of the most powerful campuses in Europe with a proactive approach to sustainable development.
CLOUD SIGNATURE CONSORTIUM
Universign Namirial provides a SaaS platform offering trust services: electronic signatures, electronic seals, timestamps and identity management. Our trust services guarantee security to digital transaction and offers the best user experience with two driving principles: simplicity and compliance.
SOC 2 Type II – Overview
In 2026, Namirial has obtained SOC 2 Type II certification, confirming that it has implemented effective controls for security, availability and data protection.
SOC (System and Organization Controls) are assurance reports developed by the American Institute of Certified Public Accountants (AICPA), which attest to the reliability of the internal controls adopted by an organisation in the management of services and information.
SOC 2 is specific to organisations that manage data on behalf of clients and is based on the Trust Services Criteria: security, availability, processing integrity, confidentiality and privacy.
The SOC 2 Type II report assesses both the design of the controls and their operational effectiveness over time, through independent audits.
The assessment contained and set out in the Namirial S.p.A. report does not cover the entire organisation or all its products or services. The assessment relates to specific services and their associated systems, in this case the eSAW/NSE signature platform.
Frequently Asked Questions (FAQ)
What is meant by the SOC 2 Type II Report of Namirial S.p.A.?
The SOC 2 Type II Report of Namirial S.p.A. contains an independent assessment conducted by a qualified third party that attests to the adequacy and operational effectiveness of the organizational and technological controls implemented to protect information and the services provided.
Which Trust Services Criteria are covered?
The SOC 2 Type II assessment of Namirial was conducted within the framework of the Trust Services Criteria (TSC) of the AICPA, with a focus on controls relevant to security, availability, and protection of information within the assessed scope. The covered areas are specifically defined in the official report.
What type of audit was performed?
A SOC 2 Type II audit was conducted, which evaluates both the design of controls and their operational effectiveness over a defined observation period. The activity was carried out by an independent auditor, in accordance with the ISAE 3402 assurance standard.
What is the observation period covered by the audit?
The observation period covered by the SOC 2 Type II audit of Namirial S.p.A. runs from November 1, 2024 to November 30, 2025.
What was the outcome of the audit?
The audit concluded with a positive result and no findings (unqualified opinion). The auditor confirmed the adequacy of the control design and their operational effectiveness for the entire observation period.
Is the SOC 2 Type II Report of Namirial S.p.A. published on the website?
No. The SOC 2 Type II Report of Namirial S.p.A. is not published on the website and is not freely available to the public; in fact, the report:
- is a confidential document;
- is not disclosed online;
- is not accessible without authorization.
How can the SOC 2 Type II Report be accessed?
Access to the SOC 2 Type II Report of Namirial S.p.A. is granted exclusively to parties who have signed a Non-Disclosure Agreement (NDA) that explicitly includes the exchange of security-related information.
The availability of the report and the related sharing methods are evaluated case by case, based on business and compliance needs, in accordance with Namirial S.p.A.’s security and confidentiality policies.
To request further information, it is necessary to contact the relevant Namirial representatives, who will handle the request according to internal procedures.
Can website information be used as proof of SOC 2 compliance?
No. Public information:
- does not constitute an independent guarantee;
- must not be used as the sole basis for contractual, legal, or regulatory decisions;
- must be supplemented with official documentation provided in later qualification stages.
Does SOC 2 automatically apply to other Namirial services?
No.
SOC 2 is limited to the scope of the service under assessment.
Other Namirial products or services may be subject to different control frameworks, certifications, or assessments.
Are there responsibilities on the customer side?
Yes. In accordance with the Framework SOC 2, the overall effectiveness of controls is based on a shared responsibility model. Therefore, some controls and safeguards fall under the responsibility of the customer, depending on the components under their direct control.