© TÜV, TUEV and TUV are registered trademarks. Any use or application requires prior approval. Certificate Standard Certificate number Certificate holder and developer Product and assurance level Project number Evaluation facility AT (un ® ‘Common Criteria Recognition Arrangement for components up to EAL2 SOGIS Mutual Recognition ‘Agreement for components up to EAL? Validity € IN PRODUCTS RyA LOIS Accredited by the Dutch Council for Accreditation www.tuv.com/nl Common Criteria for Information Technology Security Evaluation (CC), Version 3.1 Revision 4 (ISO/IEC 15408) CC-19-222073 TUV Rheinland Nederland B.V certifies: Utimaco IS GmbH Germanusstr. 4, 52080 Aachen, Germany CryptoServer CP5 Se12 5.1.0.0, CryptoServer CP5 Se52 5.1.0.0, CryptoServer CP5 Se500 5.1.0.0, CryptoServer CP5 $e1500 5.1.0.0 Assurance Package: = EAL4 augmented with AVA_VAN.5 Protection Profile Conformance: = prEN 419 221-5 Protection Profiles for TSP Cryptographic Modules — Part 5: Cryptographic Module for Trust Services, v0.15, 2016-11-29, registered under the reference ANSSI-CC-PP-2016/05 222073 Brightsight BV located in Delft, the Netherlands Applying the Common Methodology for Information Technology Security Evaluation (CEM), Version 3.1 Revision 4 (ISO/IEC 18045) ‘The Designated Body from The Netherlands under Article 30(2) and 39(2) of Regulation 910/2014 declares that: - The IT product identified in this certificate is a Qualified Signature/Seal Creation Device (QSCD) where the electronic signature/seal creation data is held in an entirely but not necessarily exclusively user-managed environment. The IT product meets the requirements laid down in Annex | of REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 July 2014. ‘Conformity of the IT product with the requirements of Annex Il of REGULATION has been certified with an evaluation process that fulfils the requirements of Article 30(3.(b)) of REGULATION and the Dutch Conformity Assessment Process (DCAP)." The IT product identified in this certificate is not a Qualified Signature/Seal Creation Device (QSCD) where a Qualified Trust Service Provider (QTSP) manages the electronic signature/seal creation data on behalf of a ‘signatory/creator of a seal, but might be used as a component of such a QSCD in conformity with the applicable certification of that QSCD against REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 July 2014, The IT product identified in this certificate has been evaluated at an accredited and licensed/approved evaluation facility using the Common Methodology for IT Security Evaluation version 3.1 Revision 4 for conformance to the Common Criteria for IT Security Evaluation version 3.1 Revision 4. This certificate applies only to the specific version and release of the product in its evaluated configuration and in conjunction with the complete certification report. The evaluation has been conducted in accordance with the provisions of the Netherlands scheme for certification in the area of IT security [NSCIB] and the conclusions of the evaluation facility in the evaluation technical report are consistent with the evidence adduced. This certificate is not an endorsement of the IT product by TÜV Rheinland Nederland B.V. or by other organisation that recognises or gives effect to this certificate, and no warranty of the IT product by TÜV Rheinland Nederland B.V. or by any other organisation that recognises or ‚gives effect to this certificate, is either expressed or implied. Date of 1% issue : 19-12-2018 Date of 2" issue : 14-03-2019 Date of 3¢issue : 14-05-2020 Certificate expiry : 19-12-2023 R. Kruit, LSM Systems TUV Rheinland Nederland B.V. Westervoortsedijk 73, 6827 AV Arnhem P.O. Box 2220, NL-6802 CE Arnhem The Netherlands A TÜVRheintand® Precisely Right.