--- title: "eIDAS trusted list validation: LOTL, QTSP status, and evidence" canonical_url: "https://www.sorena.io/artifacts/eu/electronic-identification-and-trust-services-regulation/trust-list-validation" source_url: "https://www.sorena.io/artifacts/eu/electronic-identification-and-trust-services-regulation/trust-list-validation" author: "Sorena AI" description: "How to validate EU eIDAS trusted-list evidence: start from the Commission LOTL, confirm QTSP and qualified-service status, check certificate path and revocation data, and retain validation reports." published_at: "2026-05-09" updated_at: "2026-05-26" keywords: - "eIDAS trusted list validation" - "EU LOTL" - "QTSP status" - "qualified trust service" - "certificate validation" - "DSS validation report" - "EU eIDAS Regulation" - "eIDAS" - "trusted lists" - "LOTL" - "QTSP" - "qualified electronic signature" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # eIDAS trusted list validation: LOTL, QTSP status, and evidence How to validate EU eIDAS trusted-list evidence: start from the Commission LOTL, confirm QTSP and qualified-service status, check certificate path and revocation data, and retain validation reports. *Validation Guide* *EU* ## eIDAS Trust List Validation Validate whether a signature, seal, timestamp, certificate, or website-authentication service can rely on an EU qualified trust service by checking the LOTL, the Member State trusted list, the listed service, and the certificate status evidence. For relying-party, identity, product, security, legal, procurement, and compliance teams that need defensible QTSP and qualified-service evidence instead of a supplier assertion. Under eIDAS, Member State trusted lists identify qualified trust service providers and the qualified trust services they provide. Trust-list validation is therefore not just a certificate-chain check. A relying party needs to prove that the relevant service was listed with the right qualified status at the validation time or signing time, that the certificate path and revocation status were acceptable, and that the validation result can be reproduced later. ## Start from the LOTL and resolve the Member State trusted list Use the European Commission List Of Trusted Lists (LOTL) as the starting trust anchor for EU trusted-list discovery. The LOTL points to the national trusted lists published by Member States, and the ETSI portal describes it as a signed or sealed, machine-processable XML list. Do not validate qualified status from a copied certificate, supplier screenshot, or stale browser bookmark alone. The evidence should show the LOTL location used, the Member State trusted list reached, the trusted-list signing or sealing certificate accepted, and the publication or sequence information available to the validator. - Record the LOTL URL and the Member State trusted-list URL that the validator actually used. - Confirm the trusted list is signed or sealed and suitable for automated processing before relying on its service entries. - Keep the trusted-list version, sequence number, issue time, next update time, and validation time when your tooling exposes those fields. - Escalate if the validator cannot reach the LOTL, the trusted list is expired or not authentic, or the expected national list is missing. Sources for this answer: - [ETSI - Certification Authorities and other Trust Service Providers](https://portal.etsi.org/TB-SiteMap/ESI/Trust-Service-Providers?ref=sorena.io) - Explains that Member State trusted lists identify QTSPs and their qualified services, and that the Commission publishes the central LOTL. - [ETSI TS 119 612 trusted lists](https://www.etsi.org/deliver/etsi_ts/119600_119699/119612/02.03.01_60/ts_119612v020301p.pdf?ref=sorena.io) - Specifies trusted-list structure, including scheme information, pointers to other TSLs, TSP services, current status, status start time, and service history. - [Regulation (EU) No 910/2014 (eIDAS)](https://eur-lex.europa.eu/eli/reg/2014/910/oj?ref=sorena.io) - Article 22 requires Member States to establish, maintain, and publish trusted lists in a secured, machine-processable form. ## Confirm the QTSP, service type, and qualified status A provider name is not enough. The trusted-list entry must match the trust service being relied on, such as a CA issuing qualified certificates, a qualified time-stamping service, a qualified validation service, or another listed qualified trust service. For qualified legal effect, check the service status and the status history at the relevant time. ETSI explains that eIDAS trusted lists have constitutive effect: users benefit from the legal effect associated with a qualified trust service only when that service is listed as qualified. - Match the TSP name, trade name, service name, service type identifier, and service digital identity to the certificate or token under validation. - Confirm the service status is appropriate for the validation time or best-signature time, not only the day someone reviewed the file. - Use service history when a service was granted, withdrawn, ceased, replaced, or taken over before or after the transaction. - For certificate services, check whether trusted-list qualifications indicate certificates for electronic signatures, electronic seals, or website authentication. Sources for this answer: - [ETSI - Certification Authorities and other Trust Service Providers](https://portal.etsi.org/TB-SiteMap/ESI/Trust-Service-Providers?ref=sorena.io) - States that a provider or service is qualified only if it appears in the trusted lists as qualified. - [ETSI TS 119 612 trusted lists](https://www.etsi.org/deliver/etsi_ts/119600_119699/119612/02.03.01_60/ts_119612v020301p.pdf?ref=sorena.io) - Identifies the trusted-list fields used to resolve service type, service digital identity, current status, status start time, and service history. - [Regulation (EU) No 910/2014 (eIDAS)](https://eur-lex.europa.eu/eli/reg/2014/910/oj?ref=sorena.io) - Article 21 links the start of providing a qualified trust service to qualified status being indicated in the trusted list. ## Validate the certificate path and status evidence After the trusted-list match, validate the cryptographic and certificate evidence. eIDAS Article 32 requires a qualified electronic signature validation process to confirm, among other things, that the supporting certificate was qualified and valid at the time of signing, the validation data corresponds to what is provided to the relying party, and the signed data integrity has not been compromised. For qualified certificates, eIDAS also requires validity or revocation status information to be available to relying parties on at least a per-certificate basis, including beyond the certificate validity period. Validation evidence should therefore retain both path-validation and revocation-status material, not just a green result screen. - Build the certificate path from the signer, seal creator, TSA, or website-authentication certificate to the trusted-list service digital identity. - Check certificate validity period, key usage, policy or qualification indicators, and whether the relevant certificate maps to the listed service. - Capture OCSP or CRL evidence, including production time, thisUpdate, nextUpdate when available, responder identity, and whether revocation happened before or after the best-signature time. - Treat revoked, suspended, missing, stale, or unverifiable status evidence as an exception until a qualified validation report explains why the overall result remains acceptable. Sources for this answer: - [Regulation (EU) No 910/2014 (eIDAS)](https://eur-lex.europa.eu/eli/reg/2014/910/oj?ref=sorena.io) - Articles 24, 28, and 32 support certificate identity, validity, revocation-status, and qualified-signature validation checks. - [ETSI TS 119 612 trusted lists](https://www.etsi.org/deliver/etsi_ts/119600_119699/119612/02.03.01_60/ts_119612v020301p.pdf?ref=sorena.io) - Describes service digital identity and service supply points, including CRL and OCSP locations for qualified certificate status information. - [European Commission DSS documentation](https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/doc/dss-documentation.html?ref=sorena.io) - DSS validation reports include certificate path, certificate revocation, OCSP or CRL, timestamp, trusted-list, and qualification checks. ## Use DSS or equivalent tooling as validation evidence, not as an unchecked oracle The European Commission DSS project is an open-source library for Advanced Electronic Signature creation, augmentation, and validation in line with European legislation and eIDAS. Grounded DSS evidence can be useful when the report shows the LOTL and trusted-list checks, certificate path, revocation data, timestamp checks, and signature qualification result. Review the validation level and report type. A basic validation failure caused by a certificate revoked at validation time may still be resolved differently when long-term validation material and a trusted timestamp prove that the signature existed before revocation. The retained report must show that reasoning, not only the final indication. - Retain the simple report, detailed report, diagnostic data, and ETSI validation report when available. - Keep the validation policy, validation time, best-signature time, trusted-list sources, revocation tokens, timestamp tokens, and final indication together. - Document whether the result is for a basic signature, a signature with time and long-term validation material, or archival validation. - Escalate TOTAL_FAILED, INDETERMINATE, revoked-without-proof-of-existence, no trusted-list match, or missing revocation data before accepting the transaction. Sources for this answer: - [European Commission DSS documentation](https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/doc/dss-documentation.html?ref=sorena.io) - Describes DSS as an eIDAS-aligned implementation library and shows validation reports, trusted-list checks, revocation checks, and qualification reasoning. - [European Commission DSS demonstration webapp](https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/home/digital-building-blocks/DSS/webapp-demo/home?ref=sorena.io) - Lists DSS functions for validating signatures and certificates and references LOTL resources and documentation. - [Regulation (EU) No 910/2014 (eIDAS)](https://eur-lex.europa.eu/eli/reg/2014/910/oj?ref=sorena.io) - Article 33 requires qualified validation services to return validation results to relying parties in an automated, reliable, efficient manner. ## Evidence record to retain after trust-list validation A useful evidence package lets a later reviewer reproduce the trust decision without asking the supplier to explain it again. Store the source files or immutable references, the validation report, the policy used, and the business decision that depended on the result. The record should distinguish legal-status evidence from technical-validity evidence. Legal-status evidence proves the provider and service were qualified at the relevant time. Technical-validity evidence proves the signature, certificate path, revocation data, timestamps, and signed content passed the chosen validation process. - LOTL source, Member State trusted-list source, trusted-list version or sequence data, and validator configuration. - TSP name, service name, service type identifier, service digital identity, qualified status, current status start time, and relevant service-history entries. - Certificate chain, signer or seal certificate, policy and qualification indicators, OCSP or CRL records, timestamp tokens, and path-validation result. - Final validation indication, validation report files, validation time, best-signature time, validation policy, reviewer, exception notes, and the business action approved or rejected. Sources for this answer: - [ETSI TS 119 612 trusted lists](https://www.etsi.org/deliver/etsi_ts/119600_119699/119612/02.03.01_60/ts_119612v020301p.pdf?ref=sorena.io) - Supports retaining service current status and service history because trusted lists are designed to show status currently and at a past transaction time. - [European Commission DSS documentation](https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/doc/dss-documentation.html?ref=sorena.io) - Supports retaining report-level evidence such as diagnostic data, trusted-list status, path validation, revocation checks, and qualification determinations. - [Regulation (EU) No 910/2014 (eIDAS)](https://eur-lex.europa.eu/eli/reg/2014/910/oj?ref=sorena.io) - Supports keeping revocation and validity-status evidence because QTSPs issuing qualified certificates must make status information available to relying parties. *Recommended next step* *Placement: before sources* ## Review LOTL, trusted-list, QTSP, and certificate-status evidence before relying on qualified trust-service claims Sorena can help convert eIDAS trust-list validation into reusable checks, validation evidence requests, exception notes, and reviewer-ready records. - [Open Research Copilot for eIDAS evidence](/solutions/research-copilot.md): Ask source-linked questions about LOTL checks, trusted-list status, QTSP evidence, certificate revocation, and DSS reports using the cited sources on this page. - [Talk through validation evidence](/contact.md): Review an eIDAS relying-party or trust-service validation workflow before accepting qualified-status claims. ## Primary sources - [Regulation (EU) No 910/2014 (eIDAS)](https://eur-lex.europa.eu/eli/reg/2014/910/oj?ref=sorena.io) - Primary legal source for trusted lists, QTSP qualified status, qualified-signature validation, qualified validation services, and certificate validity or revocation status. - Quote: "establish, maintain and publish trusted lists" - [ETSI - Certification Authorities and other Trust Service Providers](https://portal.etsi.org/TB-SiteMap/ESI/Trust-Service-Providers?ref=sorena.io) - Explains the practical role of Member State trusted lists, the Commission LOTL, and the constitutive effect of listing for qualified trust services. - Quote: "provider/service will be qualified only if it appears in the trusted lists" - [ETSI TS 119 612 trusted lists](https://www.etsi.org/deliver/etsi_ts/119600_119699/119612/02.03.01_60/ts_119612v020301p.pdf?ref=sorena.io) - Technical specification for trusted-list structure, service status, service digital identity, service history, trusted-list pointers, CRL, and OCSP service information. - Quote: "Trusted lists therefore contain not only the service's current status, but also the history of its statuses." - [European Commission DSS documentation](https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/doc/dss-documentation.html?ref=sorena.io) - Documents DSS validation reports and checks for trusted lists, certificate paths, revocation data, timestamps, evidence records, and signature qualification. - Quote: "Are certificate path validation results acceptable?" - [European Commission DSS demonstration webapp](https://ec.europa.eu/digital-building-blocks/DSS/webapp-demo/home/digital-building-blocks/DSS/webapp-demo/home?ref=sorena.io) - European Commission DSS hub listing validation functions for signatures and certificates and references to LOTL resources and DSS documentation. - Quote: "Validate a certificate" ## Related Topic Guides - [eIDAS 2 deadlines and compliance calendar for EUDI Wallet and trust services](/artifacts/eu/electronic-identification-and-trust-services-regulation/deadlines-and-compliance-calendar.md): Calendar of grounded eIDAS and eIDAS 2 milestones for EUDI Wallet delivery, implementing acts, annual supervision reports, QTSP transitions, pilots, and ARF evidence. - [eIDAS 2.0 vs eIDAS: EUDI Wallet and trust-service changes](/artifacts/eu/electronic-identification-and-trust-services-regulation/eidas2-vs-eidas.md): Compare the original eIDAS electronic identification and trust-service framework with the eIDAS 2.0 amendments for EUDI Wallets, relying parties, attestations, QWACs, and supervision. - [eIDAS Certificates and Authentication: qualified certificates, QWACs, and validation checks](/artifacts/eu/electronic-identification-and-trust-services-regulation/certificates-and-authentication.md): Grounded guide to eIDAS qualified certificates, website authentication certificates, trusted lists, relying-party checks, and validation evidence. - [eIDAS checklist and evidence pack for trust services, signatures, and EUDI Wallet relying parties](/artifacts/eu/electronic-identification-and-trust-services-regulation/checklist-and-evidence.md): Build an eIDAS evidence pack for qualified trust services, electronic signatures, trusted-list checks, certificate validation, supervisory records, and EUDI Wallet relying-party controls. - [eIDAS compliance guide for trust services, QTSPs, signatures, and EUDI Wallet relying parties](/artifacts/eu/electronic-identification-and-trust-services-regulation/compliance.md): Grounded eIDAS compliance guide for trust-service classification, QTSP supervision evidence, qualified signatures, seals, time stamps, certificates, trusted-list validation, and EUDI Wallet relying-party records. - [eIDAS electronic signatures: SES, AES, QES legal effect and evidence](/artifacts/eu/electronic-identification-and-trust-services-regulation/electronic-signatures-and-legal-effect.md): A grounded guide to eIDAS electronic-signature legal effect: SES, AES, QES, qualified certificates, QTSP trusted-list checks, validation, recognition, and evidence records. - [eIDAS penalties and fines for trust service providers](/artifacts/eu/electronic-identification-and-trust-services-regulation/penalties-and-fines.md): Grounded guide to eIDAS Article 16 penalties, administrative fine mechanics, supervisory bodies, qualified-status withdrawal, and trusted-list evidence. - [eIDAS QES validation checks for relying parties](/artifacts/eu/electronic-identification-and-trust-services-regulation/qes-validation.md): How to validate a qualified electronic signature under eIDAS: certificate, QTSP, trusted-list, QSCD, integrity, validation result, and evidence records. - [eIDAS Qualified Trust Services: QTSP Selection](/artifacts/eu/electronic-identification-and-trust-services-regulation/qualified-trust-services-and-qtsp-selection.md): How to select an EU eIDAS qualified trust service provider: identify the qualified service type, verify trusted-list status, review supervision evidence, and retain certificate-policy records. - [eIDAS remote signature and cloud HSM controls for QTSPs](/artifacts/eu/electronic-identification-and-trust-services-regulation/remote-signature-and-cloud-hsm-controls.md): Grounded guide to eIDAS remote signature controls: remote QSCD scope, server-side signing, QTSP evidence, signer authentication, certificate validation, and trusted-list checks. - [eIDAS signature legal effect selector: SES, AES, AES-QC, or QES](/artifacts/eu/electronic-identification-and-trust-services-regulation/signature-legal-effect-selector-workflow.md): Select the right eIDAS signature level by legal effect, risk, qualified certificate status, QTSP evidence, QSCD use, validation result, and cross-border recognition. - [eIDAS trust service role scoping workflow: TSP, QTSP, validator, relying party, or QTSP customer](/artifacts/eu/electronic-identification-and-trust-services-regulation/trust-service-role-scoping-workflow.md): Classify an eIDAS role by evidence: trust service provider, qualified trust service provider, signature or seal validator, EUDI Wallet relying party, relying party, or customer of a QTSP. - [eIDAS vs ESIGN and UETA: EU qualified signatures vs U.S. e-signature laws](/artifacts/eu/electronic-identification-and-trust-services-regulation/eidas-vs-esign-and-ueta.md): Compare eIDAS with ESIGN and UETA for electronic signatures, qualified certificates, trust services, cross-border recognition, validation evidence, and source gaps. - [eIDAS vs ETSI EN 319 401: legal supervision and TSP policy requirements](/artifacts/eu/electronic-identification-and-trust-services-regulation/eidas-vs-etsi-en-319-401.md): Compare eIDAS and ETSI EN 319 401 for trust services: legal scope, QTSP supervision, conformity assessment, audits, incident evidence, and operational controls. - [eIDAS vs GDPR for identity data: wallet, trust-service, and privacy obligations](/artifacts/eu/electronic-identification-and-trust-services-regulation/eidas-vs-gdpr-identity-data.md): Compare eIDAS identity, trust-service, and EUDI Wallet rules with GDPR duties for personal-data processing, minimisation, lawful basis, evidence, security, and user rights. - [eIDAS vs NIS2 for trust service providers: QTSP and cybersecurity obligations](/artifacts/eu/electronic-identification-and-trust-services-regulation/eidas-vs-nis2-trust-services.md): Compare eIDAS trust-service and QTSP duties with NIS2 cybersecurity risk-management, incident reporting, supervision, and evidence duties for trust service providers. - [Electronic Attestations of Attributes under EU eIDAS: EAA, QEAA, issuers, wallets, and validation](/artifacts/eu/electronic-identification-and-trust-services-regulation/electronic-attestations-of-attributes.md): Grounded guide to electronic attestations of attributes under amended EU eIDAS: EAA, QEAA, public-sector authentic-source attestations, wallet use, issuer checks, relying-party validation, revocation, and legal effect. - [EU eIDAS Applicability Test for Trust Services, Wallets, and Certificates](/artifacts/eu/electronic-identification-and-trust-services-regulation/applicability-test.md): A grounded eIDAS scope test for QTSPs, trust services, electronic signatures, seals, timestamps, QWACs, EUDI Wallet relying parties, and cross-border recognition evidence. - [EU eIDAS attribute attestations: EAA, QEAA, wallet, and relying party checks](/artifacts/eu/electronic-identification-and-trust-services-regulation/faq/attribute-attestations.md): What electronic attestations of attributes mean under eIDAS, how QEAAs differ from public-sector and non-qualified attestations, and what issuers, wallets, and relying parties should verify. - [EU eIDAS checklist for signatures, trust services, and wallets](/artifacts/eu/electronic-identification-and-trust-services-regulation/checklist.md): Checklist for eIDAS trust-service and EUDI Wallet controls: qualified status, trusted lists, certificates, signatures, seals, timestamps, validation evidence, and relying-party records. - [EU eIDAS FAQ: signatures, QTSPs, trusted lists, QWACs, wallets, and validation](/artifacts/eu/electronic-identification-and-trust-services-regulation/faq.md): FAQ on eIDAS trust services and the European Digital Identity framework, covering advanced and qualified electronic signatures, QTSP status, trusted lists, QWACs, EUDI Wallet relying parties, attestations of attributes, and validation evidence. - [EU eIDAS QTSP authorization and supervision guide](/artifacts/eu/electronic-identification-and-trust-services-regulation/qtsp-authorization-and-supervision.md): How qualified trust service providers obtain and keep qualified status under eIDAS, including conformity assessment reports, supervision, trusted lists, incidents, and evidence. - [EU eIDAS QTSP Due Diligence Workflow for Trusted Lists, Certificates, and Evidence](/artifacts/eu/electronic-identification-and-trust-services-regulation/qtsp-due-diligence-workflow.md): Check a qualified trust service provider under eIDAS by validating trusted-list status, qualified service scope, certificates, policies, supervision, audits, and retained evidence. - [EU eIDAS Requirements for Trust Services, Signatures, Seals, Wallets, and Evidence](/artifacts/eu/electronic-identification-and-trust-services-regulation/requirements.md): Grounded guide to core eIDAS requirements for trust service providers, qualified trust services, electronic signatures, seals, time stamps, trusted lists, and EUDI Wallet relying parties. - [EU eIDAS Trusted Lists FAQ: LOTL, QTSP status, and validation evidence](/artifacts/eu/electronic-identification-and-trust-services-regulation/faq/trusted-lists.md): How EU eIDAS Trusted Lists and the Commission LOTL support QTSP and qualified trust-service validation, with practical evidence checks for relying parties. - [EUDI Wallet readiness for service providers under eIDAS](/artifacts/eu/electronic-identification-and-trust-services-regulation/eudi-wallet-readiness.md): Readiness guide for organisations preparing to request or verify data from European Digital Identity Wallets: roles, registration, ARF alignment, selective disclosure, implementing acts, and evidence. - [EUDI Wallet Relying Parties under eIDAS](/artifacts/eu/electronic-identification-and-trust-services-regulation/faq/eudi-wallet-relying-party.md): What EUDI Wallet relying parties must do under eIDAS: register, declare intended wallet use and requested data, identify themselves to users, and keep request evidence. - [EUDI Wallet Relying Party Onboarding Workflow under eIDAS](/artifacts/eu/electronic-identification-and-trust-services-regulation/wallet-onboarding-workflow.md): A grounded onboarding workflow for organisations that want to request data from European Digital Identity Wallet users as eIDAS wallet relying parties. - [EUDI Wallet Relying Party Registration Under eIDAS](/artifacts/eu/electronic-identification-and-trust-services-regulation/eudi-wallet-relying-party-registration.md): What eIDAS Article 5b and the EUDI Wallet ARF say about wallet relying party registration, intended uses, attribute requests, certificates, evidence, and Member State gaps. - [EUDI Wallet Technical Architecture Guide under eIDAS](/artifacts/eu/electronic-identification-and-trust-services-regulation/eudi-wallet-technical-architecture-guide.md): Technical guide to the EUDI Wallet architecture: ARF roles, wallet units, PID and attestations, relying parties, trust model, certificates, protocols, privacy, and security controls. - [QES vs AdES under EU eIDAS: legal effect, certificates, QTSPs, and validation evidence](/artifacts/eu/electronic-identification-and-trust-services-regulation/faq/qes-vs-ades.md): Compare qualified electronic signatures (QES) and advanced electronic signatures (AdES) under EU eIDAS, including legal effect, qualified certificates, QTSP status, QSCDs, and validation evidence. - [QWACs under eIDAS: website authentication certificates](/artifacts/eu/electronic-identification-and-trust-services-regulation/qwacs.md): A grounded guide to qualified website authentication certificates under eIDAS, covering Annex IV data, trusted lists, browser recognition, validation evidence, and QTSP checks. - [What eIDAS Covers: eID, Trust Services, EUDI Wallet, and QWACs](/artifacts/eu/electronic-identification-and-trust-services-regulation/what-eidas-covers.md): A grounded guide to the systems and services covered by EU eIDAS: notified electronic identification, trust services, signatures, seals, time stamps, registered delivery, website authentication, trusted lists, the EUDI Wallet, and attribute attestations. - [What is a qualified trust service provider under eIDAS?](/artifacts/eu/electronic-identification-and-trust-services-regulation/faq/qualified-trust-service-provider.md): How to verify QTSP status under eIDAS using the qualified service, supervisory body decision, trusted list entry, conformity assessment evidence, and service-specific records. - [What is a QWAC under the EU eIDAS Regulation?](/artifacts/eu/electronic-identification-and-trust-services-regulation/faq/qwac.md): Plain-language FAQ on qualified website authentication certificates under eIDAS, including website identity, QTSP trusted-list checks, browser recognition, and validation evidence. --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/eu/electronic-identification-and-trust-services-regulation/trust-list-validation