Certification and compliance

Our solutions are compliant with all relevant national and international regulations. Learn more about our certifications and accreditations below.

Find out more

introducing the aruba pec and actalis certification authorities

Our certification authorities, Aruba PEC and Actalis, are AgID accredited as PEC (certified email) and CA managers. Together, they’ve been offering products and services to public and private organisations for over a decade. Their portfolio includes digital signature services, certified email, compliant digital storage, and authentication and certification solutions.

Find out more about our certifications

eu eidas regulation

The EU’s electronic Identification Authentication and Signature (eIDAS) regulation sets out common rules and conditions for electronic signatures, web authentication, and related trust services for electronic transactions. The regulation creates a legal and technical framework based on the principle of technological neutrality, ensuring EU interoperability for trust services, identification, and authentication.

Our eIDAS accreditations

910/2014 Accreditation

Our timestamp and certification products and services are fully compliant with EU eIDAS Regulation 910/2014, in which we’re listed as a qualified trust service provider. in accordance with the following norms:

ETSI EN 319 401, ETSI EN 319 411-1, ETSI EN 319 411-2, ETSI EN 319 412-1, ETSI EN 319 412-2, ETSI EN 319 412-3, ETSI EN 319 412-5, ETSI EN 319 421, ETSI EN 319 422

Compliance with Art. 24 of EU eIDAS regulation

As defined in ACCREDIA's accreditation circular no. 5/2017 and assessed according to the checklist (V.1 of 14 April 2017) compiled by AgID for the provision of trust services by custodians in accordance with the law.

ETSI EN 319 401 accreditation

We’re compliant with ETSI EN 319 401 for the provision of SPID digital identification trust services, which are provided in accordance with the Prime Ministerial Decree of 24 October 2014, and the technical requirements defined by Implementing Regulation (EU) 2015/1502 of the Commission, Art. 24 of eIDAS Regulation (EU) 910/2014.

PSD2 Compliance

We are a qualified trust service provider in the OBE Directory for QWAC and QSEALs services.

ICANN accreditation

Aruba S.p.A. is accredited with the Internet Corporation for Assigned Names and Numbers (ICANN), the international body responsible for safeguarding the operational stability of the Internet, promoting market competition in the domain name business, and representing the interests of the Internet community.

our quality, energy, security, and product certifications

ISO 9001

Quality management

ISO 14001

Certified environmental management

ISO 22237

Data center facilities and infrastructures

ISO 27001

Information security

ISO 37001

Management system for the prevention of corruption

ISO/IEC 27017

Cloud security controls

ISO/IEC 27018

Managing personal data in the cloud

ISO/IEC 27035

Managing security incidents and events

ISO 45001

Occupational Health and Safety Management System

ISO 50001

Energy management system

ISAE 3402

Control system for business processes

ANSI/TIA 942 Rating 4

Infrastructure quality and resilience

Renewable Energy Guarantee of Origin Certificate

CISPE-declared services

We’ve declared our services as compliant with the CISPE code of conduct for data protection

Cloud for PA

Cloud service provider type C

for IaaS and SaaS services

Climate Neutral Data Center Pact (CNDCP) Membership Certificate

Compliance certificate for Code of Conduct on Data Center Energy Efficiency

CISPE Compliance

Aruba is the first Italian provider to be awarded the declaration of conformity to the CISPE Code of Conduct for cloud data protection. You can find our services in the CISPE Public Register.

CISPE is the voice of cloud infrastructure as-a-service providers in Europe. The group has designed a code of conduct to certify its members’ solutions and guarantee that customers receive a high-quality service.