The eIDAS regulation has defined requirements that unified the most aspects of trust services in the European Union. Although the regulation is directly applicable in all member states, there are matters in which it does not pose any requirements; one of these is the lifetime of qualified certificates, where member states’ national provisions are applicable. This is the reason why there are discrepancies between certificate validity periods even inside Europe.

In Hungary, the topic is covered by the Ministry of Interior’s regulation 24/2016. (VI. 30.) about detailed requirements concerning trust services and trust service providers; until recently, this had allowed a maximum of two years regarding certificate validity, but the respective paragraph has changed, and currently the following wording is applicable:

§ 39 (1) * Unless regulated otherwise by law or an implementation regulation, the validity period of a qualified certificate issued by a qualified trust service provider may not exceed the time until which the cryptographic algorithms may be safely used in accordance with the supervisory body’s decision referenced by Section 92 (1) (b) of the e-Administration Act, but at most for a maximum of three years from the date of their issuance.

This means that qualified certificates can be issued for three years instead of the previously applicable two years. This eases the to-do tasks of certificate users and the work of trust service providers (however, regarding algorithm recommendations, even more attention is needed); this change does not even affect security considerations, since strong algorithmic requirements still apply, so the longer validity periods pose no problems whatsoever.