Certification Authorities and other Trust Service Providers
1. Introduction
This web page collects together sources of information on Certification Authorities (CAs) and other Trust Service Providers (TSPs) in Europe. It includes sources of information on:
- CAs issuing Qualified Certificates meeting requirements of REGULATION (EU) No 910/2014
- CAs issuing Web Site certificates meeting requirements of the CA/Browser Forum documents (http://www.cabforum.org/documents.html)
- Other Trust services including time-stamping and CAs issuing certificates other than qualified certificates
Whilst ETSI endeavours to keep this information up to date, ETSI does not guarantee the appropriateness or usefulness of the information provided in the original source and/or website included herewith nor whether this information is up to date.
2. Current ETSI Standards
The current standards for Certification and Other Trust Service Providers are as follows. When clicking on a reference, the latest version of the standard is at the bottom of the list.
List of ETSI standards
| EN 319 403 (being revised in EN 310 403-1)
|
Trust Service Provider Conformity Assessment - Requirements for conformity assessment bodies assessing Trust Service Providers
|
TS 119 403 v2.1.1 and v1.1.1
|
| TS 119 403-2
|
Trust Service Provider Conformity Assessment; Part 2: Additional requirements for Conformity Assessment Bodies auditing Trust Service Providers that issue Publicly-Trusted Certificates
|
|
| TS 119 403-3
|
Trust Service Provider Conformity Assessment; Part 3: Additional requirements for conformity assessment bodies assessing EU qualified trust service providers
|
|
|
EN 319 401
|
General Policy Requirements for Trust Service Providers
|
EN 319 401
|
|
EN 319 411-1
|
Policy and security requirements for Trust Service Providers issuing certificates;
Part 1: General Requirements
Note: Checklist now in TR 119 411-4 below
|
TS 102 042 EV & Baseline policies
EN 319 411-3,
then 319 411-1 v1.1.1
|
|
EN 319 411-2
|
Policy and security requirements for Trust Service Providers issuing certificates;
Part 2: Requirements for trust service providers issuing EU qualified certificates
Note 1: Extends requirements in part 1 with specific requirements for EU qualified certificates
Note 2: checklist now in TR 119 411-4 below
|
EN 319 411-2 v2.1.1 & TS 101 456
|
| TR 119 411-4
|
Electronic Signatures and Infrastructures (ESI); Policy and security requirements for Trust Service Providers issuing certificates;
Part 4: Checklist supporting audit of TSP against ETSI EN 319 411-1 or ETSI EN 319 411-2
|
annexes of 319 411-1 parts 1 and 2
|
|
EN 319 421
|
Policy and Security Requirements for Trust Service Providers issuing ElectronicTime-Stamps
|
TS 102 023
|
|
EN 319 412-1
& TS 119 412-1 (interim TS versions to support PSD2 features and TS 119 495 and other features)
|
Certificate Profiles; Part 1: Overview and common data structures
|
-
|
|
EN 319 412-2
|
Certificate Profiles; Part 2: Certificate profile for certificates issued to natural persons
|
TS 119 412-2 &
TS 102 280
|
|
EN 319 412-3
|
Certificate Profiles; Part 3: Certificate profile for certificates issued to legal persons
|
-
|
|
EN 319 412-4
|
Certificate Profiles; Part 4: Certificate profile for web site certificates issued to organisations
|
-
|
|
EN 319 412-5
|
Certificate Profiles; Part 5: QCStatements
|
EN 319 412-5 v1.1.1 & TS 101 862
|
|
EN 319 422
|
Time stamping protocol and electronic time-tamp profiles
|
TS 101 861
|
| TS 119 495
|
Sector Specific Requirements; Qualified Certificate Profiles and TSP Policy Requirements under the payment services Directive (EU) 2015/2366
|
|
| TS 119 612
|
Trusted Lists (see section 3 below)
|
|
3. Trusted Lists and Other Nationally Maintained Information
EU Member States and other European nations generally maintain lists of CAs and other TSPs in one or more nationally maintained registers.
EU Member States trusted list as defined in Regulation (EU) No 910/2014 include information related to the qualified trust service providers which are supervised by the competent Member State, together with information related to the qualified trust services provided by them, in accordance with the relevant provisions laid down in the Regulation.
Trusted lists are essential elements in building trust among electronic market operators by allowing users to determine the qualified status and the status history of trust service providers and their services. Under eIDAS Regulation, national trusted lists have a constitutive effect. In other words, a provider/service will be qualified only if it appears in the trusted lists. Consequently, the users (citizens, businesses or public administrations) will benefit from the legal effect associated with a given qualified trust service only if the latter is listed (as qualified) in the trusted lists.
The trusted lists of Member States include, as a minimum, information specified in Articles 1 and 2 of Commission Implementing Decision (EU) 2015/1505 profiling technical specifications defined in ETSI TS 119 612 v2.1.1.
Member States may include in the trusted lists information on non-qualified trust service providers and on other nationally defined trust services.
To allow access to the trusted lists of all Member States in an easy and trustworthy manner, the European Commission publishes a central list with links to the locations where the trusted lists are published as notified by Member States to the EC. This central list, called the List Of Trusted Lists (LOTL), is available as a signed or sealed XML machine-processable form (hereafter the LOTL) at the following URL: https://ec.europa.eu/information_society/policy/esignature/trusted-list/tl-mp.xml
Also some Trusted Lists viewers are available as follows:
4. Qualified Certificates
For EU countries the information on CAs issuing qualified certificates are held in Trusted Lists (see 3 above).
5. Conformity Assessment Bodies
Conformity assessment bodies are accredited by national accreditation bodies. The relevant national accreditation body can be contacted to determine the status of a conformity assessment body (i.e. whether the conformity assessment body is accredited to perform ETSI audits by the national accreditation body). National accreditation bodies can be found on the European Co-operation for Accreditation web site and/or the International Accreditation Forum web site.
Informative list of conformity assessment bodies (CABs) accredited against the requirements of the eIDAS Regulation: The information included in the list comes from the National Accreditation Bodies (NAB) who have notified the European Commission.
For any comments and/or suggestions on this web page, please drop us a line to ESIsupport@etsi.org
Related Technical Bodies: Electronic Signatures and Infrastructures (ESI).