ESI * Trust Service Providers

Certification Authorities and other Trust Service Providers

1. Introduction

This web page collects together sources of information on Certification Authorities (CAs) and other Trust Service Providers (TSPs) in Europe. It includes sources of information on:

  • CAs issuing Qualified Certificates meeting requirements of REGULATION (EU) No 910/2014
  • CAs issuing Web Site certificates meeting requirements of the CA/Browser Forum documents (http://www.cabforum.org/documents.html)
  • Other Trust services including time-stamping and CAs issuing certificates other than qualified certificates
  • Whilst ETSI endeavours to keep this information up to date, ETSI does not guarantee the appropriateness or usefulness of the information provided in the original source and/or website included herewith nor whether this information is up to date.

    2. Current ETSI Standards

    The current standards for Certification and Other Trust Service Providers are as follows: 

    List of  ETSI standards
    Reference Short Title Replaces
     EN 319 403 v2.2.2  Trust Service Provider Conformity Assessment - Requirements for conformity assessment bodies assessing Trust Service Providers  TS 119 403 v2.1.1 and v1.1.1

    EN 319 401 v2.2.1 

    (as of April 2018)

    General Policy Requirements for Trust Service Providers EN 319 401

    EN 319 411-1 v1.2.2

    (as of April 2018)

    Policy and security requirements for Trust Service Providers issuing certificates; 

    Part 1: General Requirements

    Note: Checklist now in TR 119 411-4 below

    TS 102 042 EV & Baseline policies

    EN 319 411-3,

    then 319 411-1 v1.1.1

    EN 319 411-2 v2.2.2 

    (as of April 2018)

    Policy and security requirements for Trust Service Providers issuing certificates; 

    Part 2: Requirements for trust service providers issuing EU qualified certificates

    Note 1: Extends requirements in part 1 with specific requirements for EU qualified certificates

    Note 2: checklist now in TR 119 411-4 below

    EN 319 411-2 v2.1.1 & TS 101 456
    TR 119 411-4 v1.1.1

    (new in May 2018) 
    Electronic Signatures and Infrastructures (ESI); Policy and security requirements for Trust Service Providers issuing certificates;

    Part 4: Checklist supporting audit of TSP against ETSI EN 319 411-1 or ETSI EN 319 411-2
    annexes of 319 411-1 parts 1 and 2

    EN 319 421 v1.1.1

    Policy and Security Requirements for Trust Service Providers issuing ElectronicTime-Stamps TS 102 023

    EN 319 412-1 v1.1.1

    & TS 119 412 v1.2.1 (May 2018 - interim TS version to support PSD2 features and TS 119 495)

    Certificate Profiles; Part 1: Overview and common data structures

    -

    EN 319 412-2 v2.1.1

    Certificate Profiles; Part 2: Certificate profile for certificates issuedto natural persons

    TS 119 412-2 &

    TS 102 280

    EN 319 412-3 v1.1.1

    Certificate Profiles;  Part 3: Certificate profile for certificates issued to legal persons

    -

    EN 319 412-4 v1.1.1

    Certificate Profiles; Part 4: Certificate profile for web site certificates issued to organisations

    -

            



    EN 319 412-5 v2.2.1

    (as of Nov. 2017)

    Certificate Profiles; Part 5: QCStatements EN 319 412-5 v1.1.1 & TS 101 862

    EN 319 422 v1.1.1

    Time stamping protocol and electronic time-tamp profiles TS 101 861
     TS 119 612  Trusted Lists (see section 3 below)  

     

    3. Trusted Lists and Other Nationally Maintained Information

    EU Member States and other European nations generally maintain lists of CAs and other TSPs in one or more nationally maintained registers.    

    EU Member States trusted list as defined in Regulation (EU) No 910/2014 include information related to the qualified trust service providers which are supervised by the competent Member State, together with information related to the qualified trust services provided by them, in accordance with the relevant provisions laid down in the Regulation.

    Trusted lists are essential elements in building trust among electronic market operators by allowing users to determine the qualified status and the status history of trust service providers and their services. Under eIDAS Regulation, national trusted lists have a constitutive effect. In other words, a provider/service will be qualified only if it appears in the trusted lists. Consequently, the users (citizens, businesses or public administrations) will benefit from the legal effect associated with a given qualified trust service only if the latter is listed (as qualified) in the trusted lists.

    The trusted lists of Member States include, as a minimum, information specified in Articles 1 and 2 of Commission Implementing Decision (EU) 2015/1505 profiling technical specifications defined in ETSI TS 119 612 v2.1.1.

    Member States may include in the trusted lists information on non-qualified trust service providers and on other nationally defined trust services.

    To allow access to the trusted lists of all Member States in an easy and trustworthy manner, the European Commission publishes a central list with links to the locations where the trusted lists are published as notified by Member States to the EC. This central list, called the List Of Trusted Lists (LOTL), is available as a signed or sealed XML machine-processable form (hereafter the LOTL) at the following URL: https://ec.europa.eu/information_society/policy/esignature/trusted-list/tl-mp.xml

    Also some Trusted Lists viewers are available as follows:

    4. Qualified Certificates

    For EU countries the information on CAs issuing qualified certificates are held in Trusted Lists (see 3 above).

     

    5. Conformity Assessment Bodies

    Conformity assessment bodies are accredited by national accreditation bodies. The relevant national accreditation body can  be contacted to determine the status of a conformity assessment body (i.e. whether the conformity assessment body is accredited to perform ETSI audits by the national accreditation body). National accreditation bodies can be found on the European Co-operation for Accreditation web site and/or the International Accreditation Forum web site.

    Informative list of conformity assessment bodies (CABs) accredited against the requirements of the eIDAS Regulation: The information included in the list comes from the National Accreditation Bodies (NAB) who have notified the European Commission.

     

    For any comments and/or suggestions on this web page, please drop us a line to  ESIsupport@etsi.org 

    Related Technical Bodies: Electronic Signatures and Infrastructures (ESI).