Aller au contenu
Vérifié indépendamment · Ré-audit trimestriel
EU VETTED

Signicat

VéRIFIé
Signature électronique · Norway
Fondé en 2006 · signicat.com ↗

Trondheim-based pan-European eIDAS QTSP for digital identity, e-ID and qualified e-signatures; Nordic Capital-owned, EEA-hosted on US hyperscalers.

En bref

Signicat, dans la catégorie Signature électronique, propose un hébergement dans l’UE avec Norway comme lieu d’hébergement, mais une maison mère ou un sous-traitant américain laisse une exposition matérielle au CLOUD Act.

Notes d’évaluation

Signicat AS (Trondheim, Norway; eIDAS Qualified Trust Service Provider; ISO/IEC 27001:2022 + 27018:2019 (DNV) + SOC 2 Type II) is a genuine European identity/trust group with an all-EU/EEA group entity chain and a public DPA + public sub-processors list — but its core platform runs multi-cloud on three US-owned hyperscalers (Google Cloud EMEA/IE, AWS/LU, Microsoft Azure/IE), all with EEA data residency, and Mailchimp (US, USA-stored) is used for some notifications, so despite EEA hosting it carries meaningful CLOUD Act exposure and three US-owned sub-processors, which caps the score at 3/5.

CLOUD ACT
OWNERSHIP
SUB-PROCS
non divulgué
Signaux vérifiés
Juridiction
  • Hébergement UE / adéquation
  • Opérateur UE / adéquation
  • Aucune exposition au CLOUD Act
Transparence
  • DPA public
  • Sous-traitants divulgués
  • Clients open source
  • Certification tierce
JUMP TO
OVERVIEW

À propos de Signicat

Signicat is a Trondheim (Norway) headquartered pan-European digital-identity and electronic-trust platform, describing itself as "the leading provider of digital identity solutions in Europe" with 21,000+ companies served and 500+ staff across Norway, Sweden, Finland, Denmark, the Netherlands, Germany, UK, Spain, Portugal, Romania, Lithuania, Estonia and Latvia. It is a registered eIDAS Qualified Trust Service Provider (QTSP) and one of the first certified under eIDAS 2.0, with qualified services spread across jurisdictions: qualified time-stamps (Norway, via Buypass/SK ID), qualified certificates and remote signature-creation device management (Spain, via UANATACA/ACCV) and qualified signature/seal validation (Lithuania, via the 2021-acquired Dokobit). Beyond e-signing it covers bank-grade e-ID authentication (BankID, MitID, iDIN, itsme), onboarding/KYC, and fraud/identity verification (bolstered by the Sphonic and Inverid acquisitions). Ownership is the key nuance: since April 2019 Signicat has been majority-owned by Nordic Capital (a European private-equity investor, via Fund IX), acquired from Secure Identity Holding and Viking Venture III; Viking Venture III re-invested and remains a Norwegian minority shareholder alongside employee shareholders. There is no US-VC control and no US parent — but Nordic Capital is a PE firm whose funds use Jersey/Luxembourg structures, so this is "other" rather than a clean local-hero "eu_owned" tag. Compliance posture is strong on paper: ISO/IEC 27001:2022, ISO/IEC 27018:2019 (DNV-verified), SOC 2 Type II, OpenID Certified, plus ENS High and Cyber Essentials Plus, with a GDPR-aligned DPA and a public sub-processors appendix, and eIDAS QTSP status. The caveat for sovereignty-focused buyers is infrastructure: the platform is multi-cloud across Google Cloud, AWS and Microsoft Azure (all EEA regions) plus T-Systems and Orange Business — three US-owned hyperscalers at rest, which drives CLOUD Act exposure to "material" despite EEA data residency. Best fit: regulated EU enterprises (banking, insurance, public sector) needing broad national e-ID coverage and qualified signing under one contract; buyers who weight US-infrastructure exclusion above feature breadth should prefer Yousign, Universign or Signaturit.

SUB-PROCESSORS

Carte des sous-traitants · non divulgué

L'éditeur ne publie pas de liste de sous-traitants. La conformité Schrems II et l'exposition au CLOUD Act ne peuvent pas être vérifiées indépendamment sans elle.
CERTIFICATIONS

Référentiels & certifications

ISO/IEC 27001
ACTIVE
ISO/IEC 27018
ACTIVE
SOC 2
ACTIVE
Information · cadre US
FEATURES

Matrice de fonctionnalités

Signature qualifiée (QES) Oui
Signature avancée (AES) Oui
Piste d’audit Oui
Vérification d’identité Oui
API / webhooks Oui
INTéGRATION & ACCèS
REST API Yes
SSO (SAML / OIDC) Yes
CONFORMITé & GOUVERNANCE
Audit log Yes
Self-host / on-prem option No
PRICING

Tarifs & paliers

PAYANT
Tarifs sur mesure

Contactez l’éditeur pour les tarifs par palier ou volume.

Voir la page tarifs ↗
PUBLIC DOCUMENTS

Documents publics

  • Contrat de sous-traitance (DPA)
    developer.signicat.com/terms…
    Ouvrir ↗
  • Liste des sous-traitants
    developer.signicat.com/terms…
    Ouvrir ↗
  • Conditions d'utilisation
    developer.signicat.com/terms…
    Ouvrir ↗
ALTERNATIVES

Alternatives dans cette catégorie

Eversign (Xodo Sign)
Austria · Fondé en 2017
LIé AUX US

Vienna-launched e-signature platform (eversign GmbH, 2017) — acquired by Apryse (US/PDFTron) in 2022, rebranded as Xodo Sign.

DPA public Sous-traitants Open source
FROM
CLOUD ACT
DIRECT
Voir le profil →
Signaturit (Namirial)
Spain · Fondé en 2013
SOUVERAIN UE

Barcelona-based Spanish digital-trust group (Signaturit, now a Namirial Italian company), 4 QTSPs with highest eIDAS qualifications, regulator-audited.

DPA public Sous-traitants Open source
FROM
CLOUD ACT
NONE
Voir le profil →
Skribble
Switzerland · Fondé en 2018
SOUVERAIN UE

Zurich-based Swiss e-signature platform with dual ZertES + eIDAS QES via Swisscom partnership; ISO 27001, 4,000+ DACH customers.

DPA public Sous-traitants Open source
FROM
CLOUD ACT
NONE
Voir le profil →
Voir toutes les alternatives signature électronique →