Microsoft and Marvell have quietly moved a major piece of cloud security infrastructure into European production: Azure’s cloud Hardware Security Module (HSM) and key-management services are now expanded to support use cases that require the highest levels of certification under European Union regulations. This strategic deployment enables Azure customers in Europe to leverage HSMs that meet both the eIDAS Qualified Signature Creation Device (QSCD) requirements and Common Criteria Evaluation Assurance Level 4+ (CC EAL4+), addressing critical compliance needs for financial services, government agencies, and regulated industries operating within the EU's digital framework.

The Strategic Partnership: Microsoft Azure and Marvell LiquidSecurity

At the core of this advancement is the integration of Marvell's LiquidSecurity HSM adapters into Microsoft's Azure cloud infrastructure. Marvell's LiquidSecurity HSMs are hardware-based security devices specifically designed for cloud environments, providing secure cryptographic key generation, storage, and management. Unlike traditional HSMs that are physical appliances deployed on-premises, LiquidSecurity adapters are integrated directly into Azure's hyper-scale data centers, offering cloud-native HSM services with the same level of security assurance as their on-premises counterparts.

According to Microsoft's official documentation, Azure Dedicated HSM provides single-tenant access to a FIPS 140-2 Level 3 validated HSM device for cryptographic key storage and operations. The service is built on Thales (now part of Entrust) nShield hardware, but the Marvell LiquidSecurity integration represents a significant expansion of capabilities, particularly for European compliance scenarios. The LiquidSecurity adapters enable Azure to offer HSM services that meet the stringent requirements of eIDAS QSCD certification, which is essential for creating qualified electronic signatures, seals, and timestamps under EU law.

Understanding eIDAS QSCD Requirements

eIDAS (electronic IDentification, Authentication and trust Services) is the EU regulation governing electronic identification and trust services for electronic transactions in the European Single Market. The regulation establishes a framework for electronic signatures, seals, timestamps, and other trust services, with qualified trust services enjoying the highest level of legal recognition across all EU member states.

A Qualified Signature Creation Device (QSCD) is a secure device that creates qualified electronic signatures. According to eIDAS Article 3(23), a QSCD must meet specific requirements including:

  • Ensuring the confidentiality of signature creation data
  • Preventing forgery of electronic signatures
  • Protecting signature creation data against unauthorized use
  • Not altering the data to be signed or preventing it from being presented to the signatory before signing
For cloud service providers like Microsoft, offering QSCD-compliant services in Europe has been challenging due to requirements for physical security, geographical restrictions on data processing, and the need for specific certifications. The Azure HSM deployment with Marvell LiquidSecurity addresses these challenges by providing HSM services that can be certified as QSCDs, enabling Azure customers to create qualified electronic signatures directly within the Azure cloud environment.

Common Criteria EAL4+ Certification Significance

In addition to eIDAS QSCD compliance, the Azure HSM services with Marvell LiquidSecurity have achieved Common Criteria Evaluation Assurance Level 4+ (CC EAL4+) certification. Common Criteria is an international standard (ISO/IEC 15408) for computer security certification that provides assurance that the specification, implementation, and evaluation of a security product have been conducted in a rigorous and standardized manner.

EAL4+ represents a methodically designed, tested, and reviewed level of assurance that is appropriate for commercial security products requiring moderate to high levels of independently assured security. The \