All case studies
Trust services

Development & certification of a digital-tachograph infrastructure

Built and certified a digital-tachograph trust infrastructure against European requirements.

27EU states recognised

At a glance

  • Sector: EU road transport — digital tachograph
  • Our role: We built and certified the certification-authority operations — policies, key ceremonies and signing services — that issue tachograph card certificates
  • Timeframe: 2014–2019, across both tachograph generations

Challenge

Every professional driver in Europe carries a tachograph card, and every card has to be trusted in every member state. That trust runs on a strict public-key infrastructure rooted in the European Root Certification Authority (ERCA): each member state operates its own Certification Authority that issues the card certificates, to ERCA's exacting specification. Standing one up is unforgiving — a formal certificate policy, audited key-generation ceremonies, hardware security modules, and demonstrable conformance to ERCA, with no margin for error. A single misconfiguration means cards that won't be trusted across borders. And it had to be done twice: once for the original digital tachograph, and again for the second-generation smart tachograph with its new elliptic-curve cryptography.

Approach

We built the operational backbone of these Certification Authorities — everything that makes a CA trustworthy. We authored the Certificate Policy and Certification Practice Statement, designed the operational procedures, ran the audited key-generation ceremonies, and stood up the HSM-backed certification services that sign each card's certificates against the EU root.

We first delivered this for a national member-state authority, then again for a card producer issuing cards across multiple EU states — and carried it through both generations: the RSA-based digital tachograph and the ECC-based smart tachograph, each conforming to ERCA's specification and passing external audit.

Outcome

Cards issued under the authorities we built are trusted the moment they cross a border.

  • Member-state Certification Authorities stood up to ERCA specification and passed external audit
  • Both generations delivered — the RSA digital tachograph and the ECC smart tachograph
  • Cards issued under these authorities are recognised across all 27 EU states and the wider tachograph area
Next case study

How Estonia's largest hospital runs its ISMS on Cybsis

Estonia's largest hospital runs its E-ITS as a living system in Cybsis — one place where every measure, owner and deadline stays under control, instead of spreadsheets.

View