GENNAIO 2025
Actalis on the Future of Cybersecurity: Certificates, Identity, and Digital Trust
Cyberattacks are rising. Compliance rules are tightening. And yet most public institutions and businesses still rely on SSL certificates that validate only domain ownership.
According to Francesco Basso, Head of SSL and Security Business Line, Actalis S.p.A. (Aruba Group), “when a certificate proves only that someone owns a web address—but not who they are or whether they’re legitimate—we create a false sense of trust.”
In a recent interview with Website Planet, Basso outlined why relying on free or domain-only SSL certificates is creating a false sense of security—particularly in sectors where compliance and accountability are not optional.
eIDAS was designed to standardize digital identity and trust services across the EU. Before its introduction, countries followed their own national frameworks for electronic signatures and online authentication. Now, a document signed digitally in Italy must be legally valid in Germany, France, or any other EU country.
But that vision depends on organizations using certificates that go beyond domain ownership. “Generic solutions often fall short in meeting stringent regulatory requirements like eIDAS or in providing the level of assurance needed for critical infrastructures” Basso says.
While awareness around cybersecurity and compliance is growing, many institutions remain tied to outdated models—particularly in complex environments like finance, healthcare, and public services.
“They all often remain stuck with outdated or fragmented solutions due to the complexity of integrating trust services into legacy systems, limited internal expertise on regulatory compliance, or reliance on providers that lack flexibility or certification under standards like eIDAS.”
Even digital agencies and hosting providers face challenges managing certificate lifecycles across multiple clients. The result is inconsistent security controls, unclear accountability, and growing exposure to reputational and regulatory risk.
While free DV certificates dominate the market, they verify only the control of a domain name—not the identity or legitimacy of the organization operating behind it.
“That’s why Organization Validation (OV) or Extended Validation (EV) certificates are far more appropriate for businesses aiming to build real digital trust” Basso notes.
OV and EV certificates offer authenticated, higher-assurance alternatives, providing transparency and accountability for users and systems alike.
In response to this increasing complexity and risk, Basso suggests companies to model their approach around customizable, sovereign trust services. That’s exactly what they did with Actalis to be recognized as Europe’s leading Certification Authority.
“We’re not just issuing certificates. We control the full chain—from certificate issuance to hosting—all within a sovereign European infrastructure backed by Aruba’s Tier IV data centers,” Basso says. “No third-party dependencies. No shortcuts.”
Support, too, is part of that equation. Maintain a local support team based in your country to deliver free-of-charge assistance throughout a trust service lifecycle.
Basso sees a shift underway—one that will force organizations to treat digital certificates not as technical accessories but as strategic security assets.
Actalis’ growth in the certification space—recently ranked among the top three fastest-growing Certificate Authorities globally—reflects rising demand for localized, compliant, high-assurance services.
“This trust is demonstrated by the growing number of strategic partnerships we’ve established with leading European cloud providers, hosting companies, and through seamless technological integrations.”
Read the interview on Website Planet Blog
More information on Safety Detectives BLog