TB SiteMapbreadcrumb separatorESIbreadcrumb separatorTrust Service Providers

Certification Authorities and other Trust Service Providers

1. Introduction

This web page collects together sources of information on Certification Authorities (CAs) and other Trust Service Providers (TSPs) in Europe. It includes sources of information on:

  • CAs issuing Qualified Certificates meeting requirements of REGULATION (EU) No 910/2014
  • CAs issuing Web Site certificates meeting requirements of the CA/Browser Forum documents (http://www.cabforum.org/documents.html)
  • Other Trust services including time-stamping and CAs issuing certificates other than qualified certificates

Whilst ETSI endeavours to keep this information up to date, ETSI does not guarantee the appropriateness or usefulness of the information provided in the original source and/or website included herewith nor whether this information is up to date.

2. Current ETSI Standards

The current standards for Certification and Other Trust Service Providers are as follows. When clicking on a reference, the latest version of the standard is at the bottom of the list.

List of ETSI standards
Reference Short Title Replaces
EN 319 403 (being revised in EN 310 403-1)  Trust Service Provider Conformity Assessment - Requirements for conformity assessment bodies assessing Trust Service Providers  TS 119 403 v2.1.1 and v1.1.1
TS 119 403-2 Trust Service Provider Conformity Assessment; Part 2: Additional requirements for Conformity Assessment Bodies auditing Trust Service Providers that issue Publicly-Trusted Certificates  
TS 119 403-3 Trust Service Provider Conformity Assessment; Part 3: Additional requirements for conformity assessment bodies assessing EU qualified trust service providers  

EN 319 401

General Policy Requirements for Trust Service Providers EN 319 401

EN 319 411-1

Policy and security requirements for Trust Service Providers issuing certificates; 

Part 1: General Requirements

Note: Checklist now in TR 119 411-4 below

TS 102 042 EV & Baseline policies

EN 319 411-3,

then 319 411-1 v1.1.1

EN 319 411-2

Policy and security requirements for Trust Service Providers issuing certificates; 

Part 2: Requirements for trust service providers issuing EU qualified certificates

Note 1: Extends requirements in part 1 with specific requirements for EU qualified certificates

Note 2: checklist now in TR 119 411-4 below

EN 319 411-2 v2.1.1 & TS 101 456
TR 119 411-4 Electronic Signatures and Infrastructures (ESI); Policy and security requirements for Trust Service Providers issuing certificates;

Part 4: Checklist supporting audit of TSP against ETSI EN 319 411-1 or ETSI EN 319 411-2
annexes of 319 411-1 parts 1 and 2

EN 319 421

Policy and Security Requirements for Trust Service Providers issuing ElectronicTime-Stamps TS 102 023

EN 319 412-1

& TS 119 412-1 (interim TS versions to support PSD2 features and TS 119 495 and other features)

Certificate Profiles; Part 1: Overview and common data structures

EN 319 412-2

Certificate Profiles; Part 2: Certificate profile for certificates issued to natural persons

TS 119 412-2 &

TS 102 280

EN 319 412-3

Certificate Profiles; Part 3: Certificate profile for certificates issued to legal persons

EN 319 412-4

Certificate Profiles; Part 4: Certificate profile for web site certificates issued to organisations

EN 319 412-5

Certificate Profiles; Part 5: QCStatements EN 319 412-5 v1.1.1 & TS 101 862

EN 319 422

Time stamping protocol and electronic time-tamp profiles TS 101 861
 TS 119 495 Sector Specific Requirements; Qualified Certificate Profiles and TSP Policy Requirements under the payment services Directive (EU) 2015/2366
 
 TS 119 612  Trusted Lists (see section 3 below)  

 

3. Trusted Lists and Other Nationally Maintained Information

EU Member States and other European nations generally maintain lists of CAs and other TSPs in one or more nationally maintained registers.

EU Member States trusted list as defined in Regulation (EU) No 910/2014 include information related to the qualified trust service providers which are supervised by the competent Member State, together with information related to the qualified trust services provided by them, in accordance with the relevant provisions laid down in the Regulation.

Trusted lists are essential elements in building trust among electronic market operators by allowing users to determine the qualified status and the status history of trust service providers and their services. Under eIDAS Regulation, national trusted lists have a constitutive effect. In other words, a provider/service will be qualified only if it appears in the trusted lists. Consequently, the users (citizens, businesses or public administrations) will benefit from the legal effect associated with a given qualified trust service only if the latter is listed (as qualified) in the trusted lists.

The trusted lists of Member States include, as a minimum, information specified in Articles 1 and 2 of Commission Implementing Decision (EU) 2015/1505 profiling technical specifications defined in ETSI TS 119 612 v2.1.1.

Member States may include in the trusted lists information on non-qualified trust service providers and on other nationally defined trust services.

To allow access to the trusted lists of all Member States in an easy and trustworthy manner, the European Commission publishes a central list with links to the locations where the trusted lists are published as notified by Member States to the EC. This central list, called the List Of Trusted Lists (LOTL), is available as a signed or sealed XML machine-processable form (hereafter the LOTL) at the following URL: https://ec.europa.eu/information_society/policy/esignature/trusted-list/tl-mp.xml

Also some Trusted Lists viewers are available as follows:

4. Qualified Certificates

For EU countries the information on CAs issuing qualified certificates are held in Trusted Lists (see 3 above).

5. Conformity Assessment Bodies

Conformity assessment bodies are accredited by national accreditation bodies. The relevant national accreditation body can be contacted to determine the status of a conformity assessment body (i.e. whether the conformity assessment body is accredited to perform ETSI audits by the national accreditation body). National accreditation bodies can be found on the European Co-operation for Accreditation web site and/or the International Accreditation Forum web site.

Informative list of conformity assessment bodies (CABs) accredited against the requirements of the eIDAS Regulation: The information included in the list comes from the National Accreditation Bodies (NAB) who have notified the European Commission.

 

For any comments and/or suggestions on this web page, please drop us a line to ESIsupport@etsi.org 

Related Technical Bodies: Electronic Signatures and Trust Infrastructures (ESI).