English 
French 
Dutch 
Docbyte is a Qualified Trust Service Provider (QTSP) under eIDAS. Through our certified digital archiving software, Docbyte Vault, we enable organisations to store and preserve electronic records, electronic signatures and seals in line with legal and regulatory requirements.
Docbyte Vault is designed to protect the integrity, authenticity, and legal evidentiary value of these records throughout their lifecycle. This includes highly regulated contexts such as employment law, financial supervision, public sector accountability, and judicial proceedings.
Because Docbyte operates in this space, security and resilience are not optional features. They are structural requirements.
Qualified Trust Services at the Core of Docbyte
Docbyte is a Qualified Trust Service Provider (QTSP), listed on the EU Trusted List / eIDAS Dashboard, and provides the following qualified trust services:
- Qualified electronic archiving (QeA)
- Preservation of qualified electronic signatures (QPres for QESig)
- Preservation of qualified electronic seals (QPres for QESeal)
Qualified trust services are legally regulated services. They require continuous compliance, formal supervision, and demonstrable controls over security, governance, and operational resilience.
This regulatory status directly shapes how we approach cybersecurity, risk management, and operational continuity.
“Security and trust are not features you add later. At Docbyte, they are the foundation of how we operate as a Qualified Trust Service Provider,” says Frederik Rosseel, CEO of Docbyte. “ISO 27001 and our obligations as a NIS2 essential entity are not checkboxes for us. They reflect how we design, govern, and run Docbyte Vault for organisations that depend on long-term legal certainty and operational resilience.”
Why Docbyte Is Subject to Stricter Cybersecurity Obligations under NIS2
Under Belgian law, QTSPs fall within the scope of the NIS2 Directive as essential entities. As an essential entity, we have legal obligations related to cybersecurity risk management, incident handling, and supervisory oversight. These obligations apply across our organisation as a whole, not to a single system or department.
For our customers, this means we operate under a higher regulatory bar than companies who are not recognised as QTSPs and who do not fall under NIS2.
What NIS2 Means in Docbyte’s Day-to-Day Operations
NIS2 focuses on operational resilience and accountability. For Docbyte, this includes:
- Structured cybersecurity risk management across people, processes, and systems
- Formal incident detection, response, and reporting procedures
- Clear governance responsibilities and management oversight
- Defined cooperation with national supervisory authorities for incident handling and oversight
Significant incidents must be assessed, reported, and followed up within defined timelines. Post-incident analysis and corrective measures form part of this process.
These obligations reinforce reliability for organisations that depend on Docbyte Vault to preserve legally relevant records over long periods of time.
How ISO 27001 Structures Security at Docbyte
ISO 27001 provides the operational framework that supports the NIS2 obligations described above. It defines the requirements for an Information Security Management System (ISMS) based on risk assessment, control implementation, monitoring, and continuous improvement.
We hold ISO 27001 certification covering:
- Designing, developing, implementing and running software to automate customer communication and regulatory client interaction processes that scans, processes and archives data. Customer service for this software.
Certificate no BQA_ISMS_C_20231273, issued 2023-10-16.
Some organisations certify isolated processes or limited environments. At Docbyte, information security management supports the delivery of regulated trust services and Docbyte Vault as a whole, in line with the approved certification scope.
How NIS2 Legal Obligations and ISO 27001 Security Controls Align at Docbyte
ISO 27001 and NIS2 serve different roles, but they reinforce each other.
ISO 27001 provides a structured information security management system through: risk assessment and risk treatment, access control and identity management, secure operations, monitoring and logging, incident response preparation and testing, supplier and third-party security management, and business continuity and recovery planning. NIS2 adds legal accountability, supervisory oversight, and mandatory incident reporting.
Together, they ensure Docbyte’s security governance remains active, auditable, and aligned with regulatory expectations.
What This Means for Organisations Using Docbyte Vault
For organisations using Docbyte Vault, this combination delivers practical benefits:
• Reduced supplier risk for regulated and sensitive records
• Clear security governance supported by independent audits
• Predictable responses to incidents and operational disruptions
• Stronger assurance during audits, inspections, and legal proceedings
Security controls support long-term preservation, evidentiary value, and trust across the full lifecycle of digital records.
How Our Customers Can Verify This Themselves
We publish compliance information, policies, and supporting materials through the Docbyte Trust Center.
Customers and partners can review relevant standards, certifications, and governance information at: https://trustcenter.docbyte.com/
This transparency supports due diligence, procurement reviews, and our ongoing trust relationships.
