Company Onboarding process guide for Cloud Service Providers (CSP)

• Onboarding Guidelines
• 1. Introduction
• 2. Prerequisites for Onboarding
• 3. Launching the Onboarding process
• 4. Submission and verification of Documentation
• 5. Signing the Marketplace Terms and Conditions
• 6. Generation of LEAR Verifiable Credentials
• 7. Contact and Support
• LEAR appointment form - practical considerations
• Practical Considerations for Entities on the Appointment of “Legal Entity Appointed Representative Form”
• LEAR appointment revocation
• LEAR appointment revocation process

Onboarding Guidelines

1. Introduction

Purpose of the Guide

This guide is designed to facilitate the onboarding process for new Cloud Service Providers (CSPs) in the  Marketplace, ensuring a clear understanding of the necessary steps to complete registration and start publishing offers.

Scope of the Marketplace

The  Marketplace is a digital platform that enables CSPs to offer cloud and edge computing services to enterprise customers across Europe.

The main goal of the onboarding process is the creation of an operating account for the CSPs from which they can operate within the Marketplace and start publishing their offerings.

The process is structured in three main steps:

1. Launching of the process and provision of company information and documentation

2. Verification of the company documentation and contract signature

3. Generation of the verifiable credential for the Legal Entity Appointed Representative (LEAR)

Upon the generation of the LEAR verifiable credential, the CSP is fully operational. The LEAR is the person that the CSP appoints formally, vested with all the necessary powers of representation, to interact within the DOME Marketplace with other companies.

You can find more information about the LEAR here.

Remark about the legal checks

Ensuring a high level of trust in the operation of the Marketplace is a priority for the Marketplace. To achieve that, we have opted for using verifiable credentials as the means of authenticating the operators of the CSP accounts. The generation of verifiable credentials requires the verification of the claims concerning the company and the claims of its representatives (e.g., whether the company exists, the capacity of representing the company of an individual, etc.). That is why the onboarding process requires the verification of a set of legal documentation to be submitted by the CSPs.

If a Qualified Digital Certificate of the legal entity in the sense of the eIDAS Regulation is used, most of these verifications have been made by the qualified trust services providers authorised to generate those certificates, and the DOME Marketplace relies on those verifications. That is why the set of documents to be sent is much lighter for the companies having the eIDAS Qualified Digital Certificate.

We strongly encourage the CSPs willing to onboard on the Marketplace to use eIDAS Digital Certificates in the onboarding process. This will ease the process and the subsequent operation of the lifecycle of the LEAR authorization including the revocation of a LEAR appointment.

2. Prerequisites for Onboarding

Eligibility Verification

Before launching the onboarding process, make sure that you meet the following criteria:

• You are a legal entity duly registered in an EU country.
• You have the capability to offer cloud or edge services.
• The target users of the offerings you publish are other companies or legal entities or professionals, not consumers.
  

3. Launching the Onboarding process

When you enter into the DOME Marketplace landing page, click on the 'Register' button, at the upper right corner.

This button leads you to the online forms where you must enter the information requested. The information you are providing will be used to generate the Declaration of Honor and the Legal Entity Appointed Representative Form that the CSP is required to submit in the onboarding process.

There are three forms:

1.  The first one is used for collecting information about the legal representative of you company

2.   The second one gathers information about your company

3.   The third one requires information for identifying the Legal Entity Appointed Representative 

All the fields are mandatory unless otherwise stated in the forms.

If you want to review the forms before completing the forms, you can either click on the links provided above, or otherwise press the 'Fill with test data (only for testing)' button, at the bottom of the online forms.

Please, bear in mind that we use the term "legal representative" to refer to somebody vested with legal power to represented the company. This representeation power can emerge from, among other options: (a)  the law attributed legal representation of the company because of the position held by the individual (e.g., in some jurisdictions, the president or the CEO of a company);or (b) being appointed as legal representative by virtue of an official Power of Attorney. 

If you have any doubt about the appointment of the LEAR, please, kindly refer to the  Practical comments to Appointment Of Legal Entity Appointed Representative Form. This document offers practical advice and detailed instructions on how to properly fill out the LEAR form.

Once you have filled in the information requested, when you click the 'Submit and create documents', you will get to another screen where the declarations have been automatically generated with your data.

Please, carefully check all the data you submit before creating the documents to make sure that all the information is correct.

Once you have generated the documents, you must print the Declaration of Honor and the LEAR appointment form.

When you have the documents in pdf you will move to the next stage of the onboarding process: the submission of the required documentation and its legal review by the onboarding team of DOME.

4. Submission and verification of Documentation

Required Documentation

Depending on whethter you sign them digitally or manually you will be required to send more documentation.

If the CSP company has a valid qualified Digital Certificate in the sense of the eIDAS Regulation you will need to submit only:

• Declaration of Honor Form: Completed and signed using the qualified Digital Certificate of the company.
• Appointment of the Legal Entity Appointed Representative (LEAR) Form: Completed and signed using the qualified Digital Certificate of the company.

Please note that, as used in this guidelines, the term "company valid qualified Digital Certificate" is referring to a digital certificate that validly identifies a natural person as a representative of a legal person. The digital certificate itself must provide the information of such represntative status.

The validity of the qualified digital certificated used may be checked using third party tools, such as, but not necessarily limited to, the European Commission Digital Signature Services demonstration WebApp. You expressly consent to the use of such verification means to verify the validity of the digital certificates used to sign the documents you submit to the DOME Marketplace.

Important note: the CSP legal representative can appoint her/himself as a LEAR of the CSP, and there can be more than one active LEARs for a single CSP.

Important note: in the Appointment of the Legal Entity Appointed Representative (LEAR) Form, the appointed LEAR must sign the document accepting the appointment along with the CSP legal representative. The appointed LEAR should sign with a natural person qualified digital certificate, however, signing with a company qualified Digital Certificate designating she/he as legal representative is also acceptable.  When the person acting as Legal Representative of the CSP is appointing her/himself as LEAR, the company qualified Digital Certificate can be used for both appointing the LEAR and for the LEAR accepting the appointment.

If the validity of the Company Digital Certificate verification is not successful, then you will have to submit the whole set of documents described in the following section.

If the CSP company doesn’t have a valid qualified Digital Certificate (eIDAS Regulation) you will need to submit: 

• Certificate of Incorporation: This document must display the complete name of the company, its date of incorporation, and the address of the registered office. It should not be older than three (3) months from the date the potential CSP is submitting its application to onboard.
• VAT Certificate: Issued by the competent authority in the country of registration. This certificate must not be older than three (3) months from the date of application.
• Power of Attorney: A certified copy of the power of attorney or another document evidencing the source of the power of representation of the legal representative acting on behalf of the potential CSP.
• Appointment of the Legal Entity Appointed Representative (LEAR) Form: Completed and signed.
• Declaration of Honor Form: Completed and signed.
• Sworn Translations: A sworn translation into English of any document not origially drafted in English must be provided.

Once you have full set of documents you must send them to onboarding@dome-marketplace.org.

Documentation Review and Notification Process

After the required documentation has been submitted, the review process begins. It may take more than five business days. Once achieved, you will receive a notification about the status of their documentation:

• Documentation Correct and Complete: If all documents are correct and fully compliant, a notification confirming the correctness and completeness will be sent.
• Error, Mistake, or Information Missing: If there are any errors, mistakes, or missing information, you will be notified and given a fourteen (14) days term to complete or correct the documentation. Here's what happens next:
  •     The new information will be reviewed once submitted.
  •     If the corrections or additional documents are not provided in a satisfactory manner within the specified fourteen (14) days, then we will deem that you relinquish from your onboarding request.

It's crucial that all information provided during the application process is accurate and complete to prevent any delays or rejection during the review phase.

5. Signing the Marketplace Terms and Conditions

Contract Signing

After your documentation is verified and you are notified of approval, either your Legal Representative or the appointed LEAR must sign the Marketplace Terms and Conditions for Cloud Service Providers. A copy of the contract will be generated with your company data and sent to you. 

This document outlines all legal requirements and operational standards expected from the CSPs within the Marketplace.

If you want to review the Contract before completing the oboarding process, you can download the DOME Marketplace Contract for Cloud Service Providers and the DOME Marketplace Procedures, which is a document incorporated into the Contract by reference.

Remember: If you have onboarded through the process for CSPs having a valid eIDAS company digital certificate, you must use this certificate to sign the Marketplace Contract for Cloud Service Providers.

Submitting the Signed Contract

Once signed, the contract must be sent via email to onboarding@dome-marketplace.org. Only after this contract is received and processed by the DOME onboarding team the process of generating the verifiable credential will continue.

6. Generation of LEAR Verifiable Credentials

The verifiable credentials are used in the Marketplace to as the unique login mechanism, for they are a reliable digital ID that allow to trace back the activity of any person operating within the platform to the original company to which she represents and to minimise the risk of tampering through its own multi-factor authentication mechanism.

The Verifiable Credentials are used to login into the Marketplace, for publishing the company offerings in the Marketplace and, if and when the functionality is available, to manage commercial transactions operated through the Marketplace.

The information you provided about the company, the LEAR designation, etc. is needed for the generation of such verificable credentials in a consistent and reliable way that will bring trust and thus, value, to the users of the Marketplace (be them CSP or Cloud Customers).

Once you receive the confirmation of receipt of the signed copy of the Marketplace Terms and Conditions for Cloud Service Providers, the process for the generation of the verifiable credential for your LEAR starts.

By generating verifiable credentials (LEARCredentials), the Marketplace ensures that only people entrusted by the CSP can operate the CSP’s Marketplace account. This brings value to the operation of the Marketplace as it dramatically lessens the possibility of having illegitimate Offerings listed in the Marketplace, thus uplifting trust sentiment in the Cloud Customers, and also in the CSPs, that have a robust means to control that only the people authorized by the company can implement actions in the Marketplace on their behalf.

Generation of LEAR Credential

Credential Issuance

The first credential of a company is that of its LEAR. Once you complete the registration on Marketplace Digital Wallet and have received the confirmation, the LEAR will receive an email within a few days with a so-called credential offer. For more information about the credential acquisition process, please refer to the section "Receiving and Accepting the Credential Offer" further down on this page.

Once the LEAR has obtained their credential, they can log in to the DOME Issuer to create credentials for other employees of their company. To log in to the Issuer,  scroll down to the button "Login as Legal Representative", and click it.

Open the Wallet (see the comprehensive Wallet Guide), scan the QR code, and select the credential.

You will be redirected to the list of issued credentials. If none have been issued yet, the list will be empty. You can sort the credentials in ascending or descending order by clicking once or twice on the header of each column, respectively.

To create a new credential, click "New credential".

Fill in the form. To be able to create the credential , all mandatory fields (marked with a *) have to be filled. All filled fields have to have a valid format. If an invalid format is used, an error message will be displayed. Once you correct it, the error message will disappear.

Example of email incorrect format:

Example of email correct format:

When completing the form, make sure to select the appropriate "powers" for the credential you want to issue. These "powers" determine which actions the credential holder can perform. For security reasons, it is always recommended to be as restrictive as possible.

Once all the fields in the form are valid, you will be able to click the "Create Credential" button.

Doing so will generate the credential, and if the process is successfully completed, you will be redirected to the Dashboard with a success popup message. There, you will see the newly created credential. If it does not appear immediately, you can easily find it by clicking twice on the "Updated" column, which will then display the most recently modified/created credentials first. If it still doesn't appear, you may have to refresh the page.

The new credential will have a "DRAFT" status. This means that the user has not yet completed the credential acquisition process described in the "Receiving and Accepting the Credential Offer". Once downloaded, the status will change to "VALID".

The table does not update automatically when a credential changes, so to see the most recently updated statuses, you will need to refresh the page.

After creating the credential, the Mandatee email address introduced in the form should receive an email to start the process of downloading the credential. See the "Receiving and Accepting the Credential Offer" section below.

Registering on the Marketplace Digital Wallet

Access the Digital Wallet:

For detailed instructions on how to register and set up your Marketplace Digital Wallet, please refer to the registration section in our comprehensive Wallet Guide. This guide provides step-by-step instructions on creating your wallet account.

Receiving and Accepting the Credential Offer

0. Receiving the Credential Offer:

If you are the LEAR of the company, once your company completes the registration on Marketplace Digital Wallet, and has received the confirmation, you will receive within a few days an email with a so-called credential offer.

If you are an operator employee (not LEAR), you will receive a credential offer when you LEAR creates one. See the "Credential Issuance" section above.

(NOTE: even if the name is Credential Offer accepting the verifiable credential is mandatory for having an operational CSP account in the Marketplace: if you do not complete the process of generating the verifiable credential - i.e., accepting the credential offer- you will not be able to operate your account and thus, even if you have signed the Marketplace Contract for Cloud Service Providers, you will not be technically enabled to receive the Marketplace Services).

When you click the "Start Activation" email button, a page will open to guide you through the two basic steps to obtain the credential: 1. Log in to the Wallet and 2. download the credential.

There are two ways to complete this steps:

1. Using two devices (one to open the QR code and the other to scan it with the Wallet)
   
2. Using a single device (open the Wallet and get the credential in the same device)
   

1.1 Obtaining the credential with two devices

Step 1: Log in to the Wallet using the device you intend to use to scan the QR code. You can open the link to log in by scanning the displayed QR. Once logged in, proceed to Step 2 on the offer page by clicking the "Next" button at the bottom of the screen.

Please be aware that, once you click on the Next button, you have 10 minutes to use the QR before the credential offer expires. For more details, see the section "Expiration of the credential offer" below.

Step 2: A QR code will appear. Scan the QR code with the Wallet. The Wallet will display a screen to enter a PIN code.

Important: Do not close the credential retrieval tab until you have completed the process, since you might have to refresh the offer in case you have problems in the following steps of the download process. For more details, see the section "Expiration of the credential offer" below.

1.2 Obtaining the credential with a single device

Step 1: Click the ‘Wallet’ link. A new tab will open with the Wallet login screen. Enter your username and password to log in. Once logged in, proceed to Step 2 on the offer page by clicking the Next button at the bottom of the screen.

Please be aware that, once you click on the Next button, you have 10 minutes to use the QR before the credential offer expires. For more details, see the section "Expiration of the credential offer" below.

Step 2: Click the ‘Verifiable Credential’ link. The Wallet will open in a new tab, displaying a field to prompt the PIN code. 

If you were not previously logged in or if your Wallet session has expired, you will need to log in again to access the PIN screen.

2. Scanning the QR

Look for the QR scan button in your wallet app to initiate the scanning process.

Note: If you experience issues with the camera not activating or if the QR code is expired or already used, please consult the troubleshooting section of our Wallet Guide. For expired or used QR codes, email domesupport@in2.es to request a new QR code.

3. Completing the download: PIN Code Entry

Whether you followed the process with two devices or a single device, you will be prompted to enter a PIN code that you received by email. This PIN is crucial for verifying your identity and securing your credential. In case you have problems with this part, you will need to refresh the credential offer. For more details, see the section "Expiration of the Credential Offer " below.

Finalizing the Credential

Credential Ready for Use:

You now have your LEAR Credential ready for use in the Marketplace. That means that your CSP account is operational now, and you will be able to start listing your offerings in the Marketplace.

Expiration of the credential offer

Once you receive the email with the credential offer, you have 72 hours before the offer fully expires, requiring you to request a new one.

Once you have obtained a credential, the offer also expires and can no longer be reused.

Within this 72-hour period, you can obtain a credential QR code / link by accessing Step 2 as explained in the section "Receiving and Accepting the Credential Offer". This QR code is valid for 10 minutes. You can "refresh" (reset) this time by clicking the "Get a new credential offer" button. It also resets each time you access Step 2 again.

When 1 minute remains before the credential offer expires, a popup notification will appear, warning you of the remaining time. You can refresh the credential offer by clicking "Refresh". If you click "Leave", you will be redirected to the Issuer's homepage, the offer will expire, and you will need to request a new one.

If an error occurs during the credential retrieval process described in section"Completing the Download: PIN Code Entry" (e.g., entering an incorrect PIN or failing to enter it in time) and you retry the process, you will get an error message. In this case, you must refresh the offer as explained above.

7. Contact and Support

For further help, contact our technical support here.

LEAR appointment form - practical considerations

Practical Considerations for Entities on the Appointment of “Legal Entity Appointed Representative Form”

Disclaimer

This document does not constitute legal advice. It is aiming to provide context to potential cloud service providers willing to onboard on the Marketplace. You are strongly encouraged to seek legal advice from qualified professionals in the jurisdiction where you are located. The Marketplace and the Consortium disclaim any and all liability arising out of or in connection with the use of the information provided herein.

Introduction

The Legal Entity Appointed Representative (LEAR) Form aim is twofold: first, to provide legal certainty for the marketplace operator that the actions taken the people operating the account of a Cloud Services Provider (CSP) are legally binding to the CSP, either vis-à-vis the Marketplace and the cloud services customers as well; and second, as a consequence of the first, to generate a plus of trust in the cloud services customers that will find in the Marketplace a safe site where purchasing services.

Further, the LEAR having full power to bind the entity she/he represents is coherent with the verifiable credentials scheme that the Marketplace has put in place to allow a swift, fully digital and trustworthy system to structure communications and transactions within the Marketplace. 

The verifiable credentials system implemented in the Marketplace is based on the claim that the people operating the account of a CSP have the authority to represent that CSP and to legally bind it.

The Marketplace, that is the issuer of the verified credentials, needs to verify that the operators of the CSP account do have the powers needed to fully operate the account. This verification is made through the LEAR appointment form and the rest of the documentation requested in the onboarding phase.

How to deal internally with the LEAR appointment form?

For many entities, subscribing the LEAR appointment form can be an issue, due to the broad extent of the powers granted by the company to the LEAR and the difficulty those powers with their internal policies on the delegation of the entity’s powers of representation.

To overcome the difficulties that this appointment letter may pose, in many cases, the entities opt for subscribing a side letter between the entity and the person who is appointed as the LEAR of the entity.

This side letter is an internal document to the entity that expresses the conditions under which the appointed LEAR can exert the powers granted in the LEAR appointment letter (i.e., using the verified credential issued by the Marketplace) and may also express which are the consequences in the event the conditions for using the verified credential are not met. For instance, an entity may require the appointed LEAR to seek the internal approval of certain acts from a senior manager of the entity before executing them by means of the verified credential.

This scheme brings comfort to both sides: on the entity’s side, controls and limits can be set that enable compliance with internal delegation of powers policies; on the individual appointed as LEAR side, the fact of having a framework of rules under which to operate the verified credential, allows her/him to operate with a kind of safety net, for its actions would be confirmed/controlled beforehand by senior managers of the entity she/he represents.

The fact that the side letter is an internal document means that it cannot be opposed to third parties that deal with the entity relying on the powers that the LEAR is invested with, as claimed in the verified credential. The side letter only binds the entity and the individual appointed as the entity’s LEAR. The side letter it is not meant to be disclosed to the public nor to any other party dealing with the entity.

Although signing a side letter is a widespread practice in similar cases to the appointment of a LEAR, you should seek appropriate advice in relation to whether this solution is feasible or not in your jurisdiction and what should the contents of the side letter be.

Who can be designated as a LEAR

Any person of legal age can be designated as the LEAR of an entity. There is not any further limitation on this aspect.

That means that an entity can appoint as its LEAR either an employee (regardless of its position in the company) or even someone who is not linked to the entity at all.

However, the entity appointing a LEAR should carefully consider who is the right person to fill the role.

This person should be someone who is trusted by the entity’s management and with the right qualifications and skills to hold this position, for his/her actions may yield legal liabilities on the entity.

Also, the same individual can be appointed as the LEAR by more than one entity. Each appointment will generate its own and separate verifiable credential, so the individual can only represent one single entity at a time when operating in the Marketplace.

 

LEAR appointment revocation

LEAR appointment revocation process

Why to revoke the appointment of a LEAR?

Within the DOME Marketplace, the Legal Entity Appointed Representative (LEAR) of a Company is a central role: it is granted full powers of representation of the Company within the DOME Marketplace, and she/he can delegate those powers to other individuals. That means that the LEAR has the power to legally bind with her/his deeds the Company.

A company may want to revoke the designation of an individual as its LEAR for several reasons (e.g., loss of confidence, resignation or dismissal of the individual, change of the individual's responsibilities iwhtin the corporation, etc.).

Therefore, when a company does not want to be represented by a given LEAR within the DOME Marketplace anymore, it should promptly proceed to the revocation of the appointment.

However, since the LEAR has been formally appointed by the Company, the revocation must also be done in a formal manner.

How to proceed with the revocation of a LEAR?

To revoke the appointment of  a LEAR the Company must fill in the LEAR appointment revocation form, and send it to legal.helpdesk@dome-marketplace.org clearly indicating in the subject line of the email "LEAR appointment revocation request".

The revocation form must be signed by a Legal Representative of the Company.

If the Company has a valid qualified Digital Certificate in the sense of the eIDAS Regulation (Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014) you will need to submit only this revocation form signed with the digital certificate.

However, if the Company does not have a valid qualified company digital certificate in the sense of the eIDAS Regulation, the revocation form must be accompanied by official documentation showing that the person signing the form is actually a Legal Represtative of the Company, such as a certified copy of the power of attorney or another document evidencing the source of the power of representation of the legal representative acting on behalf of the Company.

If the official documentation provided is not written in English, you will have to submit a sworn translation into English of the documentation as well.

After checking the documentation submitted, you will receive an email either confirming that the revocation request is going to be processed or that further information is required or that the documentation submitted must be amended.

Once every document is correctly sent to legal.helpdesk@dome-marketplace.org, you will be notified that the revocation request is being processed.

Important Note: please, be advised that if the revocation form is altered (safe for the fields to be completed by the company) the revocation request may not be processed.

Important Note: even though we struggle to process any revocation request as fast and diligently as possible, the actual processing time of the request may take several days. Until the revocation is implemented, the to-be-revoked LEAR can still validly act on behalf of the company she/he represents. In the meantime, companies may wish to take internal controls and measures to avoid that the to-be-revoked LEAR can act on behalf of the company while the request is under processing.

You will be notified when the revocation process has been completed.

What to do after the revocation of the LEAR

As mentinoed above, the LEAR is a central role in the DOME Marketplace. Every Company must have at least one active appointed LEAR at every time. Therefore, if you have only one appointed LEAR in the DOME Marketplace, before or at the same time  you are revoking such LEAR you should be appointing a new one.