FAQEU eIDAS

EU eIDAS Trusted Lists FAQ

Trusted Lists are the official eIDAS source for checking which trust service providers and services have qualified status in a Member State.

Use them to verify the provider, exact service entry, service type, current status, status start time, and the trusted-list publication evidence behind a signature, seal, timestamp, QWAC, or other qualified trust-service decision.

Back to main artifactReview sources
Author
Sorena AI
Published
May 9, 2026
Updated
May 9, 2026
Questions
3

Structured answer sets in this page tree.

Primary sources
9

Cited legal and guidance references.

Publication metadata
Sorena AI
Published May 9, 2026
Updated May 9, 2026
Overview

Under Article 22 of eIDAS, each Member State must establish, maintain, and publish trusted lists with information about the qualified trust service providers it is responsible for and the qualified trust services they provide. For relying parties, the practical question is not just whether a supplier says it is qualified; it is whether the relevant provider and service entry in the applicable trusted list show the qualified status needed for the transaction being validated.

Search this module

Find a question or answer quickly

3 of 3 questions
Question 1

What do EU eIDAS Trusted Lists prove?

An eIDAS Trusted List is evidence of supervised qualified status for a specific trust service provider and service, not a general approval of every certificate, product, or business process the provider offers.

Article 21 links the start of qualified service provision to the qualified status being indicated in the trusted list. Article 23 also connects the EU trust mark to the relevant trusted list, so a trust-mark claim should still be checked against the list entry.

  • Check the Member State responsible for the provider and use the current national trusted list reached through the Commission's published trusted-list information or LOTL tooling.
  • Match the legal provider name and service name to the exact trusted-list entry instead of relying only on a brand, reseller, or certificate common name.
  • Confirm the service type is the one needed for the use case, such as qualified certificate issuance, qualified timestamping, qualified electronic registered delivery, or qualified website authentication.
  • Record the service current status and status starting date/time because a status change can affect whether the evidence supports the transaction at the validation time.
  • Treat non-qualified or nationally defined services separately when a list includes them; the 2015 trusted-list implementing decision says they must be clearly indicated as not qualified under eIDAS.
Citations
ETSI TS 119 612 Trusted Lists

ETSI TS 119 612 defines the trusted-list structure used for provider information, service information, service type identifiers, current status, and status starting date/time.

Question 2

How should LOTL and Member State list checks be captured?

The Commission makes Member State trusted-list publication information available, and ETSI TS 119 612 describes the Commission's central List Of Trusted Lists as a set of links to national trusted-list locations.

A useful audit record should therefore preserve both the list-discovery route and the actual service-status result, so a reviewer can distinguish a stale supplier assertion from a reproducible trusted-list check.

  • Capture the LOTL or Commission trusted-list browser/tooling reference used to locate the Member State list.
  • Capture the national trusted-list location, scheme territory, scheme operator, and list signing or sealing evidence where available from the validation tool.
  • Save the provider entry, service entry, service digital identity, service type identifier, service current status, and service status start time used in the decision.
  • Keep the validation tool output, detailed report, or diagnostic data that connects the certificate or signature to the trusted-list trust anchor.
  • Avoid closing a validation question with only a screenshot of a supplier web page, an EU trust mark, or a procurement questionnaire answer.
Citations
ETSI TS 119 612 Trusted Lists

The specification grounds practical evidence fields such as scheme information, pointers to other trusted lists, TSP information, service information, current status, and status start time.

Question 3

When is Trusted List evidence not enough by itself?

Trusted-list status is necessary for qualified-status checks, but relying-party validation still has to connect that status to the actual signature, seal, timestamp, certificate, or website-authentication certificate being relied on.

DSS validation material illustrates the practical split: a validation process may need certificate-chain validation, revocation data, timestamp or long-term validation material, and a qualification determination based on trusted-list interpretation.

  • Do not treat a provider-level qualified status as proof that the particular service, certificate profile, or timestamp token is qualified.
  • Do not treat a current status lookup as proof for a past transaction unless the validation report addresses the relevant signing or best-signature time and revocation evidence.
  • Refresh the trusted-list evidence when the provider, service entry, Member State, certificate chain, validation policy, or service status changes.
  • Escalate discrepancies between supplier claims, certificate metadata, validation-tool output, and the trusted-list entry before relying on the result in a regulated workflow.
  • For QWAC or SSL-certificate validation, preserve the certificate validation evidence and the trusted-list qualification evidence together, because both are needed to explain the relying-party conclusion.
Citations
European Commission DSS Demonstration WebApp

The DSS demo and documentation hub grounds practical validation evidence such as signature validation, certificate validation, SSL-certificate validation, multiple LOTL/TL loading, revocation handling, validation reports, and diagnostic data.

Recommended next step

Build a trusted-list evidence record for qualified trust-service decisions

Sorena can help translate this FAQ into a validation checklist that captures the LOTL source, Member State list, provider entry, service status, certificate chain result, and audit evidence for eIDAS relying-party workflows.

Research workflow
Open Research Copilot for eIDAS

Ask source-linked questions about Trusted Lists, LOTL checks, QTSP status, and signature-validation evidence using the cited sources on this page.

Explore next step
Talk to Sorena
Talk through implementation

Review your eIDAS validation workflow, source gaps, and evidence records with Sorena.

Explore next step
Primary sources

References and citations

ETSI TS 119 612 Trusted Lists
etsi.org
Referenced sections
  • The specification grounds practical evidence fields such as scheme information, pointers to other trusted lists, TSP information, service information, current status, and status start time.
"Service current status"
European Commission DSS Demonstration WebApp
ec.europa.eu
Referenced sections
  • The DSS demo and documentation hub grounds practical validation evidence such as signature validation, certificate validation, SSL-certificate validation, multiple LOTL/TL loading, revocation handling, validation reports, and diagnostic data.
"Validation reports"
European Commission eSignature building block
ec.europa.eu
Referenced sections
  • The Commission eSignature page identifies the eIDAS Dashboard resources, including the Trusted List Browser used to search for qualified trust service providers in Europe.
"Trusted List Browser"
Regulation (EU) No 910/2014 - Article 22 Trusted Lists
eur-lex.europa.eu
Referenced sections
  • Article 22 requires secured, electronically signed or sealed trusted lists suitable for automated processing and Commission publication of notified list information.
"suitable for automated processing"
Related guides

Explore more topics

eIDAS 2 deadlines and compliance calendar for EUDI Wallet and trust services
Calendar of grounded eIDAS and eIDAS 2 milestones for EUDI Wallet delivery, implementing acts, annual supervision reports, QTSP transitions, pilots, and ARF evidence.
eIDAS 2.0 vs eIDAS: EUDI Wallet and trust-service changes
Compare the original eIDAS electronic identification and trust-service framework with the eIDAS 2.0 amendments for EUDI Wallets, relying parties, attestations, QWACs, and supervision.
eIDAS Certificates and Authentication: qualified certificates, QWACs, and validation checks
Grounded guide to eIDAS qualified certificates, website authentication certificates, trusted lists, relying-party checks, and validation evidence.
eIDAS checklist and evidence pack for trust services, signatures, and EUDI Wallet relying parties
Build an eIDAS evidence pack for qualified trust services, electronic signatures, trusted-list checks, certificate validation, supervisory records, and EUDI Wallet relying-party controls.
eIDAS compliance guide for trust services, QTSPs, signatures, and EUDI Wallet relying parties
Grounded eIDAS compliance guide for trust-service classification, QTSP supervision evidence, qualified signatures, seals, time stamps, certificates, trusted-list validation, and EUDI Wallet relying-party records.
eIDAS electronic signatures: SES, AES, QES legal effect and evidence
A grounded guide to eIDAS electronic-signature legal effect: SES, AES, QES, qualified certificates, QTSP trusted-list checks, validation, recognition, and evidence records.
eIDAS penalties and fines for trust service providers
Grounded guide to eIDAS Article 16 penalties, administrative fine mechanics, supervisory bodies, qualified-status withdrawal, and trusted-list evidence.
eIDAS QES validation checks for relying parties
How to validate a qualified electronic signature under eIDAS: certificate, QTSP, trusted-list, QSCD, integrity, validation result, and evidence records.
eIDAS Qualified Trust Services: QTSP Selection
How to select an EU eIDAS qualified trust service provider: identify the qualified service type, verify trusted-list status, review supervision evidence, and retain certificate-policy records.
eIDAS remote signature and cloud HSM controls for QTSPs
Grounded guide to eIDAS remote signature controls: remote QSCD scope, server-side signing, QTSP evidence, signer authentication, certificate validation, and trusted-list checks.
eIDAS signature legal effect selector: SES, AES, AES-QC, or QES
Select the right eIDAS signature level by legal effect, risk, qualified certificate status, QTSP evidence, QSCD use, validation result, and cross-border recognition.
eIDAS trust service role scoping workflow: TSP, QTSP, validator, relying party, or QTSP customer
Classify an eIDAS role by evidence: trust service provider, qualified trust service provider, signature or seal validator, EUDI Wallet relying party, relying party, or customer of a QTSP.
eIDAS trusted list validation: LOTL, QTSP status, and evidence
How to validate EU eIDAS trusted-list evidence: start from the Commission LOTL, confirm QTSP and qualified-service status, check certificate path and revocation data, and retain validation reports.
eIDAS vs ESIGN and UETA: EU qualified signatures vs U.S. e-signature laws
Compare eIDAS with ESIGN and UETA for electronic signatures, qualified certificates, trust services, cross-border recognition, validation evidence, and source gaps.
eIDAS vs ETSI EN 319 401: legal supervision and TSP policy requirements
Compare eIDAS and ETSI EN 319 401 for trust services: legal scope, QTSP supervision, conformity assessment, audits, incident evidence, and operational controls.
eIDAS vs GDPR for identity data: wallet, trust-service, and privacy obligations
Compare eIDAS identity, trust-service, and EUDI Wallet rules with GDPR duties for personal-data processing, minimisation, lawful basis, evidence, security, and user rights.
eIDAS vs NIS2 for trust service providers: QTSP and cybersecurity obligations
Compare eIDAS trust-service and QTSP duties with NIS2 cybersecurity risk-management, incident reporting, supervision, and evidence duties for trust service providers.
Electronic Attestations of Attributes under EU eIDAS: EAA, QEAA, issuers, wallets, and validation
Grounded guide to electronic attestations of attributes under amended EU eIDAS: EAA, QEAA, public-sector authentic-source attestations, wallet use, issuer checks, relying-party validation, revocation, and legal effect.
EU eIDAS Applicability Test for Trust Services, Wallets, and Certificates
A grounded eIDAS scope test for QTSPs, trust services, electronic signatures, seals, timestamps, QWACs, EUDI Wallet relying parties, and cross-border recognition evidence.
EU eIDAS attribute attestations: EAA, QEAA, wallet, and relying party checks
What electronic attestations of attributes mean under eIDAS, how QEAAs differ from public-sector and non-qualified attestations, and what issuers, wallets, and relying parties should verify.
EU eIDAS checklist for signatures, trust services, and wallets
Checklist for eIDAS trust-service and EUDI Wallet controls: qualified status, trusted lists, certificates, signatures, seals, timestamps, validation evidence, and relying-party records.
EU eIDAS FAQ: signatures, QTSPs, trusted lists, QWACs, wallets, and validation
FAQ on eIDAS trust services and the European Digital Identity framework, covering advanced and qualified electronic signatures, QTSP status, trusted lists, QWACs, EUDI Wallet relying parties, attestations of attributes, and validation evidence.
EU eIDAS QTSP authorization and supervision guide
How qualified trust service providers obtain and keep qualified status under eIDAS, including conformity assessment reports, supervision, trusted lists, incidents, and evidence.
EU eIDAS QTSP Due Diligence Workflow for Trusted Lists, Certificates, and Evidence
Check a qualified trust service provider under eIDAS by validating trusted-list status, qualified service scope, certificates, policies, supervision, audits, and retained evidence.
EU eIDAS Requirements for Trust Services, Signatures, Seals, Wallets, and Evidence
Grounded guide to core eIDAS requirements for trust service providers, qualified trust services, electronic signatures, seals, time stamps, trusted lists, and EUDI Wallet relying parties.
EUDI Wallet readiness for service providers under eIDAS
Readiness guide for organisations preparing to request or verify data from European Digital Identity Wallets: roles, registration, ARF alignment, selective disclosure, implementing acts, and evidence.
EUDI Wallet Relying Parties under eIDAS
What EUDI Wallet relying parties must do under eIDAS: register, declare intended wallet use and requested data, identify themselves to users, and keep request evidence.
EUDI Wallet Relying Party Onboarding Workflow under eIDAS
A grounded onboarding workflow for organisations that want to request data from European Digital Identity Wallet users as eIDAS wallet relying parties.
EUDI Wallet Relying Party Registration Under eIDAS
What eIDAS Article 5b and the EUDI Wallet ARF say about wallet relying party registration, intended uses, attribute requests, certificates, evidence, and Member State gaps.
EUDI Wallet Technical Architecture Guide under eIDAS
Technical guide to the EUDI Wallet architecture: ARF roles, wallet units, PID and attestations, relying parties, trust model, certificates, protocols, privacy, and security controls.
QES vs AdES under EU eIDAS: legal effect, certificates, QTSPs, and validation evidence
Compare qualified electronic signatures (QES) and advanced electronic signatures (AdES) under EU eIDAS, including legal effect, qualified certificates, QTSP status, QSCDs, and validation evidence.
QWACs under eIDAS: website authentication certificates
A grounded guide to qualified website authentication certificates under eIDAS, covering Annex IV data, trusted lists, browser recognition, validation evidence, and QTSP checks.
What eIDAS Covers: eID, Trust Services, EUDI Wallet, and QWACs
A grounded guide to the systems and services covered by EU eIDAS: notified electronic identification, trust services, signatures, seals, time stamps, registered delivery, website authentication, trusted lists, the EUDI Wallet, and attribute attestations.
What is a qualified trust service provider under eIDAS?
How to verify QTSP status under eIDAS using the qualified service, supervisory body decision, trusted list entry, conformity assessment evidence, and service-specific records.
What is a QWAC under the EU eIDAS Regulation?
Plain-language FAQ on qualified website authentication certificates under eIDAS, including website identity, QTSP trusted-list checks, browser recognition, and validation evidence.