---
title: "What is a qualified trust service provider under eIDAS?"
canonical_url: "https://www.sorena.io/artifacts/eu/electronic-identification-and-trust-services-regulation/faq/qualified-trust-service-provider"
source_url: "https://www.sorena.io/artifacts/eu/electronic-identification-and-trust-services-regulation/faq/qualified-trust-service-provider"
author: "Sorena AI"
description: "How to verify QTSP status under eIDAS using the qualified service, supervisory body decision, trusted list entry, conformity assessment evidence, and service-specific records."
published_at: "2026-05-09"
updated_at: "2026-05-09"
keywords:
  - "EU eIDAS Regulation"
  - "eIDAS"
  - "Qualified Trust Service Provider"
  - "QTSP"
  - "qualified trust services"
  - "trusted lists"
  - "conformity assessment"
  - "qualified certificates"
---
**[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform

[Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io)

---

# What is a qualified trust service provider under eIDAS?

How to verify QTSP status under eIDAS using the qualified service, supervisory body decision, trusted list entry, conformity assessment evidence, and service-specific records.

*eIDAS QTSP FAQ* *EU eIDAS*

## What is a qualified trust service provider?

A QTSP is not just a supplier that sells digital certificates or signing software. Under eIDAS, the provider must offer one or more qualified trust services and have qualified status granted by the responsible supervisory body.

For procurement, product, security, and legal reviews, verify both the provider and the exact qualified service in the relevant trusted list before relying on qualified eIDAS status.

Use this FAQ to check whether a trust-service supplier is actually a qualified trust service provider for the eIDAS service you plan to use. The core evidence is the eIDAS qualified-status decision, the national trusted list entry, the service type and status, the conformity assessment record, and the operational evidence for the specific qualified service.

## When is a provider a QTSP under eIDAS?

A provider is a qualified trust service provider only when it provides one or more qualified trust services and the supervisory body has granted qualified status. The check must cover both levels: the legal entity and the exact service, such as a qualified certificate, qualified timestamp, qualified electronic registered delivery service, qualified validation service, qualified preservation service, qualified electronic attestation of attributes, qualified electronic archiving service, qualified electronic ledger, or qualified remote management of signature or seal creation devices.

Do not treat a marketing claim, ISO certificate, ETSI standard reference, reseller statement, or parent-company brand as proof of QTSP status. Under eIDAS, a provider intending to start a qualified trust service notifies the supervisory body and submits a conformity assessment report; the supervisory body grants qualified status when the provider and service meet the eIDAS requirements.

- Identify the exact qualified trust service used by the workflow, not only the supplier name.
- Confirm the Member State supervisory body that granted qualified status.
- Check that qualified status applies to the current service, certificate policy, and relying-party use case.
- Separate qualified status from adjacent claims such as advanced signatures, non-qualified certificates, hosting, remote signing software, or reseller support.

Sources for this answer:

- [Regulation (EU) No 910/2014 (eIDAS), consolidated text](https://eur-lex.europa.eu/eli/reg/2014/910/oj?ref=sorena.io) - Defines a qualified trust service provider and sets the Article 21 initiation route for qualified trust services.
- [Regulation (EU) No 910/2014 (eIDAS), trusted lists](https://eur-lex.europa.eu/eli/reg/2014/910/oj?ref=sorena.io) - Article 22 requires Member States to publish trusted lists covering QTSPs and the qualified trust services for which they are responsible.

## How should a relying party verify QTSP status?

Start with the relevant trusted list, not with the contract. Each Member State establishes, maintains, and publishes a secured trusted list in a form suitable for automated processing, and the Commission makes trusted-list publication information available through a secure channel. The Commission eSignature building block also points users to the Trusted List Browser for searching qualified trust service providers in Europe.

For technical validation, ETSI TS 119 612 explains how trusted-list information can feed certificate path validation and trust-anchor management. A relying party should validate the trusted-list source, select entries under its trust policy, and check regularly for service status changes or new entries.

- Use the Commission trusted-list access point or the national trusted list for the provider's Member State.
- Record the provider legal name, service name, service type identifier, Member State, service digital identity, current status, and status start date shown in the trusted-list evidence.
- Confirm that the status supports the specific outcome you need, such as a qualified certificate for electronic signature, qualified electronic timestamp, QWAC, or qualified validation service.
- Keep a dated capture or machine-readable validation result because trusted-list service status can change.
- If the workflow depends on long-lived evidence, define how often the trusted-list source and certificate status information are refreshed.

Sources for this answer:

- [European Commission Digital Building Blocks - eSignature](https://ec.europa.eu/digital-building-blocks/sites/spaces/DIGITAL/pages/467109036/eSignature?ref=sorena.io) - Commission eSignature hub references the eIDAS Dashboard and Trusted List Browser used to search qualified trust service providers in Europe.
- [ETSI TS 119 612 - Trusted Lists](https://www.etsi.org/deliver/etsi_ts/119600_119699/119612/02.03.01_60/ts_119612v020301p.pdf?ref=sorena.io) - Explains trusted-list structure and how trusted-list information supports certificate path validation and trust-anchor management.
- [Regulation (EU) No 910/2014 (eIDAS), trusted lists](https://eur-lex.europa.eu/eli/reg/2014/910/oj?ref=sorena.io) - Article 22 establishes Member State trusted-list publication and Commission publication of trusted-list location information.

## What supervision and operating evidence matters?

QTSP status is supervised, not self-declared. eIDAS requires qualified trust service providers to be audited at their own expense at least every 24 months by a conformity assessment body, with the conformity assessment report submitted to the supervisory body within three working days of receipt. Supervisory bodies may also audit or require additional conformity assessment at any time.

The operating evidence should prove that the service still meets the qualified-service requirements after onboarding, certificate issuance, identity or attribute verification, revocation, incident handling, subcontracting, cloud hosting, termination planning, and service changes. Where qualified certificates are issued, eIDAS requires revocation status publication in a timely manner and in any event within 24 hours after receipt of the request.

- Conformity assessment report scope, date, assessment body, and the qualified services covered.
- Supervisory body grant or withdrawal evidence and any conditions, remediation requests, or change approvals.
- Policies for identity verification, attribute verification, certificate issuance, revocation, status services, cryptographic controls, logging, staff competence, subcontractors, and termination.
- Incident and disruption notifications where the event significantly affects the trust service or personal data maintained in the service.
- Contract and architecture evidence showing the deployed product uses the listed qualified service, not a non-qualified variant or separate reseller service.

Sources for this answer:

- [Regulation (EU) No 910/2014 (eIDAS), supervision of QTSPs](https://eur-lex.europa.eu/eli/reg/2014/910/oj?ref=sorena.io) - Article 20 sets recurring conformity assessment and supervisory powers for qualified trust service providers.
- [Regulation (EU) No 910/2014 (eIDAS), QTSP requirements](https://eur-lex.europa.eu/eli/reg/2014/910/oj?ref=sorena.io) - Article 24 covers QTSP duties including identity checks, trustworthy systems, incident notification, records, termination planning, and certificate revocation status.
- [ENISA - Guidelines on Supervision of Qualified Trust Services](https://www.enisa.europa.eu/publications/tsp-supervision?ref=sorena.io) - ENISA guidance supports supervisory practice and technical oversight of qualified trust service providers.
- [ETSI EN 319 401 - General Policy Requirements for Trust Service Providers](https://www.etsi.org/deliver/etsi_en/319400_319499/319401/03.01.01_60/en_319401v030101p.pdf?ref=sorena.io) - ETSI baseline policy standard for trust service providers, useful for mapping operational controls to TSP evidence.

## Primary sources

- [Regulation (EU) No 910/2014 (eIDAS), consolidated text](https://eur-lex.europa.eu/eli/reg/2014/910/oj?ref=sorena.io) - Primary legal source for QTSP definitions, qualified-service initiation, supervision, trusted lists, QTSP requirements, and cross-border recognition of qualified trust services.
  - Quote: "qualified trust service provider"
- [European Commission Digital Building Blocks - eSignature](https://ec.europa.eu/digital-building-blocks/sites/spaces/DIGITAL/pages/467109036/eSignature?ref=sorena.io) - Commission eSignature hub that points users to trusted-list tooling for qualified trust service provider checks.
  - Quote: "Trusted List Browser"
- [ETSI TS 119 612 - Trusted Lists](https://www.etsi.org/deliver/etsi_ts/119600_119699/119612/02.03.01_60/ts_119612v020301p.pdf?ref=sorena.io) - Technical specification for trusted-list structure, fields, status handling, and use in validation systems.
  - Quote: "Trusted Lists"
- [ENISA - Guidelines on Supervision of Qualified Trust Services](https://www.enisa.europa.eu/publications/tsp-supervision?ref=sorena.io) - ENISA supervision guidance for qualified trust service provider oversight.
  - Quote: "supervision of qualified trust services"
- [ETSI EN 319 401 - General Policy Requirements for Trust Service Providers](https://www.etsi.org/deliver/etsi_en/319400_319499/319401/03.01.01_60/en_319401v030101p.pdf?ref=sorena.io) - General TSP policy requirements standard used as supporting evidence for trust-service provider operational controls.
  - Quote: "Trust Service Providers"

## Topic Guides

- [eIDAS 2 deadlines and compliance calendar for EUDI Wallet and trust services](/artifacts/eu/electronic-identification-and-trust-services-regulation/deadlines-and-compliance-calendar.md): Calendar of grounded eIDAS and eIDAS 2 milestones for EUDI Wallet delivery, implementing acts, annual supervision reports, QTSP transitions, pilots, and ARF evidence.
- [eIDAS 2.0 vs eIDAS: EUDI Wallet and trust-service changes](/artifacts/eu/electronic-identification-and-trust-services-regulation/eidas2-vs-eidas.md): Compare the original eIDAS electronic identification and trust-service framework with the eIDAS 2.0 amendments for EUDI Wallets, relying parties, attestations, QWACs, and supervision.
- [eIDAS Certificates and Authentication: qualified certificates, QWACs, and validation checks](/artifacts/eu/electronic-identification-and-trust-services-regulation/certificates-and-authentication.md): Grounded guide to eIDAS qualified certificates, website authentication certificates, trusted lists, relying-party checks, and validation evidence.
- [eIDAS checklist and evidence pack for trust services, signatures, and EUDI Wallet relying parties](/artifacts/eu/electronic-identification-and-trust-services-regulation/checklist-and-evidence.md): Build an eIDAS evidence pack for qualified trust services, electronic signatures, trusted-list checks, certificate validation, supervisory records, and EUDI Wallet relying-party controls.
- [eIDAS compliance guide for trust services, QTSPs, signatures, and EUDI Wallet relying parties](/artifacts/eu/electronic-identification-and-trust-services-regulation/compliance.md): Grounded eIDAS compliance guide for trust-service classification, QTSP supervision evidence, qualified signatures, seals, time stamps, certificates, trusted-list validation, and EUDI Wallet relying-party records.
- [eIDAS electronic signatures: SES, AES, QES legal effect and evidence](/artifacts/eu/electronic-identification-and-trust-services-regulation/electronic-signatures-and-legal-effect.md): A grounded guide to eIDAS electronic-signature legal effect: SES, AES, QES, qualified certificates, QTSP trusted-list checks, validation, recognition, and evidence records.
- [eIDAS penalties and fines for trust service providers](/artifacts/eu/electronic-identification-and-trust-services-regulation/penalties-and-fines.md): Grounded guide to eIDAS Article 16 penalties, administrative fine mechanics, supervisory bodies, qualified-status withdrawal, and trusted-list evidence.
- [eIDAS QES validation checks for relying parties](/artifacts/eu/electronic-identification-and-trust-services-regulation/qes-validation.md): How to validate a qualified electronic signature under eIDAS: certificate, QTSP, trusted-list, QSCD, integrity, validation result, and evidence records.
- [eIDAS Qualified Trust Services: QTSP Selection](/artifacts/eu/electronic-identification-and-trust-services-regulation/qualified-trust-services-and-qtsp-selection.md): How to select an EU eIDAS qualified trust service provider: identify the qualified service type, verify trusted-list status, review supervision evidence, and retain certificate-policy records.
- [eIDAS remote signature and cloud HSM controls for QTSPs](/artifacts/eu/electronic-identification-and-trust-services-regulation/remote-signature-and-cloud-hsm-controls.md): Grounded guide to eIDAS remote signature controls: remote QSCD scope, server-side signing, QTSP evidence, signer authentication, certificate validation, and trusted-list checks.
- [eIDAS signature legal effect selector: SES, AES, AES-QC, or QES](/artifacts/eu/electronic-identification-and-trust-services-regulation/signature-legal-effect-selector-workflow.md): Select the right eIDAS signature level by legal effect, risk, qualified certificate status, QTSP evidence, QSCD use, validation result, and cross-border recognition.
- [eIDAS trust service role scoping workflow: TSP, QTSP, validator, relying party, or QTSP customer](/artifacts/eu/electronic-identification-and-trust-services-regulation/trust-service-role-scoping-workflow.md): Classify an eIDAS role by evidence: trust service provider, qualified trust service provider, signature or seal validator, EUDI Wallet relying party, relying party, or customer of a QTSP.
- [eIDAS trusted list validation: LOTL, QTSP status, and evidence](/artifacts/eu/electronic-identification-and-trust-services-regulation/trust-list-validation.md): How to validate EU eIDAS trusted-list evidence: start from the Commission LOTL, confirm QTSP and qualified-service status, check certificate path and revocation data, and retain validation reports.
- [eIDAS vs ESIGN and UETA: EU qualified signatures vs U.S. e-signature laws](/artifacts/eu/electronic-identification-and-trust-services-regulation/eidas-vs-esign-and-ueta.md): Compare eIDAS with ESIGN and UETA for electronic signatures, qualified certificates, trust services, cross-border recognition, validation evidence, and source gaps.
- [eIDAS vs ETSI EN 319 401: legal supervision and TSP policy requirements](/artifacts/eu/electronic-identification-and-trust-services-regulation/eidas-vs-etsi-en-319-401.md): Compare eIDAS and ETSI EN 319 401 for trust services: legal scope, QTSP supervision, conformity assessment, audits, incident evidence, and operational controls.
- [eIDAS vs GDPR for identity data: wallet, trust-service, and privacy obligations](/artifacts/eu/electronic-identification-and-trust-services-regulation/eidas-vs-gdpr-identity-data.md): Compare eIDAS identity, trust-service, and EUDI Wallet rules with GDPR duties for personal-data processing, minimisation, lawful basis, evidence, security, and user rights.
- [eIDAS vs NIS2 for trust service providers: QTSP and cybersecurity obligations](/artifacts/eu/electronic-identification-and-trust-services-regulation/eidas-vs-nis2-trust-services.md): Compare eIDAS trust-service and QTSP duties with NIS2 cybersecurity risk-management, incident reporting, supervision, and evidence duties for trust service providers.
- [Electronic Attestations of Attributes under EU eIDAS: EAA, QEAA, issuers, wallets, and validation](/artifacts/eu/electronic-identification-and-trust-services-regulation/electronic-attestations-of-attributes.md): Grounded guide to electronic attestations of attributes under amended EU eIDAS: EAA, QEAA, public-sector authentic-source attestations, wallet use, issuer checks, relying-party validation, revocation, and legal effect.
- [EU eIDAS Applicability Test for Trust Services, Wallets, and Certificates](/artifacts/eu/electronic-identification-and-trust-services-regulation/applicability-test.md): A grounded eIDAS scope test for QTSPs, trust services, electronic signatures, seals, timestamps, QWACs, EUDI Wallet relying parties, and cross-border recognition evidence.
- [EU eIDAS attribute attestations: EAA, QEAA, wallet, and relying party checks](/artifacts/eu/electronic-identification-and-trust-services-regulation/faq/attribute-attestations.md): What electronic attestations of attributes mean under eIDAS, how QEAAs differ from public-sector and non-qualified attestations, and what issuers, wallets, and relying parties should verify.
- [EU eIDAS checklist for signatures, trust services, and wallets](/artifacts/eu/electronic-identification-and-trust-services-regulation/checklist.md): Checklist for eIDAS trust-service and EUDI Wallet controls: qualified status, trusted lists, certificates, signatures, seals, timestamps, validation evidence, and relying-party records.
- [EU eIDAS FAQ: signatures, QTSPs, trusted lists, QWACs, wallets, and validation](/artifacts/eu/electronic-identification-and-trust-services-regulation/faq.md): FAQ on eIDAS trust services and the European Digital Identity framework, covering advanced and qualified electronic signatures, QTSP status, trusted lists, QWACs, EUDI Wallet relying parties, attestations of attributes, and validation evidence.
- [EU eIDAS QTSP authorization and supervision guide](/artifacts/eu/electronic-identification-and-trust-services-regulation/qtsp-authorization-and-supervision.md): How qualified trust service providers obtain and keep qualified status under eIDAS, including conformity assessment reports, supervision, trusted lists, incidents, and evidence.
- [EU eIDAS QTSP Due Diligence Workflow for Trusted Lists, Certificates, and Evidence](/artifacts/eu/electronic-identification-and-trust-services-regulation/qtsp-due-diligence-workflow.md): Check a qualified trust service provider under eIDAS by validating trusted-list status, qualified service scope, certificates, policies, supervision, audits, and retained evidence.
- [EU eIDAS Requirements for Trust Services, Signatures, Seals, Wallets, and Evidence](/artifacts/eu/electronic-identification-and-trust-services-regulation/requirements.md): Grounded guide to core eIDAS requirements for trust service providers, qualified trust services, electronic signatures, seals, time stamps, trusted lists, and EUDI Wallet relying parties.
- [EU eIDAS Trusted Lists FAQ: LOTL, QTSP status, and validation evidence](/artifacts/eu/electronic-identification-and-trust-services-regulation/faq/trusted-lists.md): How EU eIDAS Trusted Lists and the Commission LOTL support QTSP and qualified trust-service validation, with practical evidence checks for relying parties.
- [EUDI Wallet readiness for service providers under eIDAS](/artifacts/eu/electronic-identification-and-trust-services-regulation/eudi-wallet-readiness.md): Readiness guide for organisations preparing to request or verify data from European Digital Identity Wallets: roles, registration, ARF alignment, selective disclosure, implementing acts, and evidence.
- [EUDI Wallet Relying Parties under eIDAS](/artifacts/eu/electronic-identification-and-trust-services-regulation/faq/eudi-wallet-relying-party.md): What EUDI Wallet relying parties must do under eIDAS: register, declare intended wallet use and requested data, identify themselves to users, and keep request evidence.
- [EUDI Wallet Relying Party Onboarding Workflow under eIDAS](/artifacts/eu/electronic-identification-and-trust-services-regulation/wallet-onboarding-workflow.md): A grounded onboarding workflow for organisations that want to request data from European Digital Identity Wallet users as eIDAS wallet relying parties.
- [EUDI Wallet Relying Party Registration Under eIDAS](/artifacts/eu/electronic-identification-and-trust-services-regulation/eudi-wallet-relying-party-registration.md): What eIDAS Article 5b and the EUDI Wallet ARF say about wallet relying party registration, intended uses, attribute requests, certificates, evidence, and Member State gaps.
- [EUDI Wallet Technical Architecture Guide under eIDAS](/artifacts/eu/electronic-identification-and-trust-services-regulation/eudi-wallet-technical-architecture-guide.md): Technical guide to the EUDI Wallet architecture: ARF roles, wallet units, PID and attestations, relying parties, trust model, certificates, protocols, privacy, and security controls.
- [QES vs AdES under EU eIDAS: legal effect, certificates, QTSPs, and validation evidence](/artifacts/eu/electronic-identification-and-trust-services-regulation/faq/qes-vs-ades.md): Compare qualified electronic signatures (QES) and advanced electronic signatures (AdES) under EU eIDAS, including legal effect, qualified certificates, QTSP status, QSCDs, and validation evidence.
- [QWACs under eIDAS: website authentication certificates](/artifacts/eu/electronic-identification-and-trust-services-regulation/qwacs.md): A grounded guide to qualified website authentication certificates under eIDAS, covering Annex IV data, trusted lists, browser recognition, validation evidence, and QTSP checks.
- [What eIDAS Covers: eID, Trust Services, EUDI Wallet, and QWACs](/artifacts/eu/electronic-identification-and-trust-services-regulation/what-eidas-covers.md): A grounded guide to the systems and services covered by EU eIDAS: notified electronic identification, trust services, signatures, seals, time stamps, registered delivery, website authentication, trusted lists, the EUDI Wallet, and attribute attestations.
- [What is a QWAC under the EU eIDAS Regulation?](/artifacts/eu/electronic-identification-and-trust-services-regulation/faq/qwac.md): Plain-language FAQ on qualified website authentication certificates under eIDAS, including website identity, QTSP trusted-list checks, browser recognition, and validation evidence.

*Recommended next step*

*Placement: before sources*

## Turn QTSP checks into repeatable evidence

Sorena can help turn QTSP, trusted-list, conformity assessment, and service-status checks into cited procurement, product, and assurance workflows.

- [Open Research Copilot for EU eIDAS Regulation](/solutions/research-copilot.md): Ask source-linked questions about QTSP status, qualified trust services, trusted lists, supervision, and evidence using the cited sources on this page.
- [Talk through eIDAS QTSP evidence](/contact.md): Review your QTSP supplier evidence, trusted-list validation, service scope, and operational controls with Sorena.


---

[Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us)

(c) 2026 Sorena AB (559573-7338). All rights reserved.

Source: https://www.sorena.io/artifacts/eu/electronic-identification-and-trust-services-regulation/faq/qualified-trust-service-provider