WorkflowGLOBALETSI EN 319 411-2

ETSI EN 319 411-2 eIDAS QTSP supervision workflow

A source-grounded workflow for running qualified-certificate supervision tasks before a change, incident, assessment, trusted-list update, or service termination reaches an EU supervisory body.

Use it as operational guidance for certificate-service governance, not for legal interpretation or proof of qualified status.

Back to main artifactReview sources
Author
Sorena AI
Published
May 9, 2026
Updated
May 9, 2026
Sections
5

Structured answer sets in this page tree.

Primary sources
3

Cited legal and guidance references.

Publication metadata
Sorena AI
Published May 9, 2026
Updated May 9, 2026
Overview

ETSI EN 319 411-2 is a qualified-certificate standard, not a full eIDAS supervision rulebook. Use this workflow to keep the parts the standard does support under control: the qualified certificate service boundary, certificate policy evidence, relying-party trusted-list notice, breach and change escalation, termination planning, and conformity-assessment preparation.

Section 1

1. Open the workflow with a qualified-service boundary

Start each supervision review by naming the exact qualified certificate service: natural-person certificate, legal-person certificate, QSCD-backed certificate, or qualified website authentication certificate. Record the issuing TSP, CA hierarchy, certificate policy identifier, CP/CPS versions, subscriber terms, repository location, and certificate population in scope.

This boundary matters because EN 319 411-2 builds on EN 319 411-1 and EN 319 401. A supervision pack should not mix non-qualified CA evidence with qualified certificate evidence unless it shows which inherited Part 1 or EN 319 401 requirement is being reused.

  • Required input: certificate policy identifier such as QCP-n, QCP-l, QCP-n-qscd, QCP-l-qscd, QEVCP-w, QNCP-w, or QNCP-w-gen.
  • Required input: CP, CPS, PKI disclosure statement, subscriber agreement, relying-party notice, and repository evidence for the exact service boundary.
  • Owner: certificate policy owner, with sign-off from security operations, CA operations, legal/compliance, and the assessment lead.
  • Output: a scoped supervision intake record that separates EN 319 411-2 qualified-certificate evidence from general EN 319 411-1 certificate controls.
Sources for this answer
ETSI EN 319 411-2 V2.6.1 qualified certificate requirements
Supports the page scope, qualified certificate policy identifiers, and the need to tie the workflow to a specific EU qualified certificate service.
ETSI EN 319 411-1 V1.5.1 general certificate requirements
Supports the inherited CP/CPS, repository, subscriber, revocation, and certificate life-cycle controls referenced by EN 319 411-2.
Section 2

2. Triage supervisory-body triggers before operations change

Run this gate before any material change to qualified certificate issuance, certificate profiles, CA hierarchy, QSCD handling, revocation/status services, repository publication, subcontracted service components, or termination planning. EN 319 401 maps eIDAS supervision to changes in qualified trust-service provision and to intentions to cease those activities.

The review should decide whether the change is only a CP/CPS maintenance item, an assessment item, a subscriber or relying-party notice item, or a matter for supervisory-body contact. When the source does not define the exact national filing channel, leave the channel blank and route it to the qualified-service compliance owner instead of inventing one.

  • Trigger: new or changed qualified certificate policy, certificate profile, OID, CA chain, repository, CPS, PKI disclosure statement, or subscriber terms.
  • Trigger: QSCD status change, remote QSCD component change, or loss of evidence that a certificate request used a QSCD-generated key pair.
  • Trigger: planned termination, status-service discontinuity, last-CRL handling, or a change that affects revocation information beyond certificate validity.
  • Escalation rule: if the change affects provision of a qualified trust service or cessation of that service, involve the supervisory-body liaison before release.
Sources for this answer
ETSI EN 319 401 V3.1.1 general policy requirements for TSPs
Supports supervisory escalation for changes in qualified trust-service provision and intended cessation of qualified trust-service activities.
ETSI EN 319 411-2 V2.6.1 qualified certificate requirements
Supports QSCD status monitoring, qualified certificate policy selection, certificate status services, and termination-related evidence checks.
Recommended next step

Operationalize the EN 319 411-2 supervision workflow

Use the workflow to assign certificate policy, QSCD, incident, trusted-list, termination, and assessment evidence before a supervisory or assessor review.

Assessment workflow
Open Assessment Autopilot for ETSI EN 319 411-2

Convert supervision triggers into accountable tasks, evidence requests, and assessment-ready records.

Explore next step
Research workflow
Research ETSI EN 319 411-2 source questions

Resolve policy, QSCD, incident, trusted-list, or termination questions against the cited ETSI material.

Explore next step
Talk to Sorena
Talk through qualified-certificate supervision

Review EN 319 411-2 supervision scope, evidence gaps, owners, and next actions with Sorena.

Explore next step
Section 3

3. Handle breach and loss-of-integrity escalation as a timed evidence pack

When a security breach or loss of integrity may significantly affect the qualified certificate service or personal data maintained in it, open an incident evidence pack immediately. EN 319 411-2 maps eIDAS Article 19 incident notification to certificate-service security clauses, and EN 319 401 points incident reporting toward supervisory authorities and other relevant bodies.

Do not treat the incident review as a generic security ticket. The pack should identify the trust service affected, certificates or repositories affected, relying-party impact, personal-data impact, known start time, awareness time, containment status, notification decision, and whether subscribers or affected persons also need notice.

  • Required input: incident classification, affected qualified service, affected certificate population, integrity impact, personal-data impact, and awareness timestamp.
  • Decision criterion: whether the event has significant impact on the trust service provided or on personal data maintained in the service.
  • Escalation rule: preserve the 24-hour notification assessment for supervisory-body review when the source threshold is met.
  • Output: notification decision record, evidence bundle, sent notices where applicable, and post-incident control changes.
Sources for this answer
ETSI EN 319 411-2 V2.6.1 qualified certificate requirements
Supports the incident-notification trigger and the 24-hour supervisory-body assessment language reproduced in the standard's eIDAS mapping annex.
ETSI EN 319 401 V3.1.1 general policy requirements for TSPs
Supports TSP incident reporting procedures involving supervisory authorities, CSIRTs, and post-incident review.
Section 4

4. Verify trusted-list, status-service, and termination evidence

Before assessment or supervisory review, confirm that relying-party evidence is current. EN 319 411-2 says relying-party notices should explain that the trust anchor for relying on a certificate as an EU qualified certificate is the service digital identifier in an appropriate EU trusted-list entry for the QTSP.

Also verify continuity evidence. EN 319 411-2 includes requirements for revocation status information beyond certificate validity and maps eIDAS qualified-provider requirements to record retention, certificate databases, revocation publication, and termination planning. A termination or status-service gap should block the workflow until the responsible owner documents the corrective action.

  • Trusted-list check: service digital identifier, QTSP entry, qualified service status, certificate population covered, and date checked.
  • Status-service check: CRL or OCSP method, beyond-validity availability, expired revoked certificate handling, and final-CRL or archive evidence where relevant.
  • Termination check: continuity plan, record accessibility, certificate database continuity, subscriber/relying-party communications, and supervisory-body verification point.
  • Stop condition: the certificate policy says qualified, but trusted-list, status-service, or termination evidence does not support the claim.
Sources for this answer
ETSI EN 319 411-2 V2.6.1 qualified certificate requirements
Supports relying-party trusted-list notice, certificate status services beyond validity, certificate database, revocation publication, and termination-plan checks.
Section 5

5. Close with assessment-ready outputs

The workflow is complete only when the reviewer can hand the assessor or supervisory liaison a compact evidence set. EN 319 411-2 points to ETSI TR 119 411-4 for a conformity assessment checklist, so keep requirement identifiers visible rather than replacing them with informal task names.

Close the record with the decision, source clauses used, evidence files, gaps, owner, next review trigger, and whether a supervisory-body contact, conformity-assessment follow-up, subscriber notice, relying-party notice, or CP/CPS publication update remains open.

  • Output field: service boundary, policy identifier, CP/CPS version, repository URL, and trusted-list evidence reference.
  • Output field: issue type: change, incident, QSCD status, certificate status service, termination, assessment finding, or relying-party notice.
  • Output field: clause or requirement identifier, evidence artifact, accountable owner, approval result, and open gap.
  • Output field: external action needed, such as supervisory-body contact, assessor follow-up, subscriber notice, relying-party notice, or CP/CPS publication.
Sources for this answer
ETSI EN 319 411-2 V2.6.1 qualified certificate requirements
Supports using requirement identifiers and the referenced conformity assessment checklist when preparing EN 319 411-2 assessment evidence.
ETSI EN 319 411-1 V1.5.1 general certificate requirements
Supports keeping inherited Part 1 requirement identifiers visible for general certificate-service controls reused in the assessment pack.
Primary sources

References and citations

Related guides

Explore more topics

EN 319 411-2 vs EN 319 411-1 Qualified Certs
Compare ETSI EN 319 411-2 qualified certificate requirements with EN 319 411-1 general certificate-service requirements, including QCP profiles, QSCD evidence, CP/CPS reuse, and audit boundaries.
ETSI EN 319 411-2 compliance checklist
Compliance checklist for ETSI EN 319 411-2 qualified certificate services, covering policy selection, CP/CPS evidence, identity validation, QSCD status, trusted-list reliance, and certificate status services.
ETSI EN 319 411-2 FAQ for EU Qualified Certificates
Answers to common ETSI EN 319 411-2 questions about EU qualified certificate policies, QSCD use, identity validation, trusted lists, and revocation status services.
ETSI EN 319 411-2 Identity Proofing
How EN 319 411-2 applies identity validation for EU qualified certificates, including QCP natural-person, legal-person, website, and evidence-record checks.
ETSI EN 319 411-2 QSCD Route
When QCP-n-qscd or QCP-l-qscd is the right EN 319 411-2 route, what QSCD evidence is needed, and which certificate-profile claims must stay aligned.
ETSI EN 319 411-2 QTSP supervision evidence workflow
Build an assessment-ready QTSP supervision evidence pack for ETSI EN 319 411-2 qualified certificate services, covering policy identifiers, trusted-list checks, incident records, QSCD evidence, and termination controls.
ETSI EN 319 411-2 qualified certificate operations: issuance, suspension, and revocation
Operational guide for ETSI EN 319 411-2 qualified certificate services: policy identifiers, identity validation, issuance, QSCD handling, revocation status, and relying-party notices.
ETSI EN 319 411-2 Qualified Certificate Scope
Use ETSI EN 319 411-2 to scope EU qualified certificate services by certificate policy, subject type, QSCD use, website authentication profile, and eIDAS context.
ETSI EN 319 411-2 requirements map
Map ETSI EN 319 411-2 requirements for EU qualified certificate services across QCP profiles, CP/CPS documentation, QSCD use, certificate profiles, revocation, and eIDAS Annex A references.
ETSI EN 319 411-2 trusted-list evidence
Build EN 319 411-2 trusted-list evidence for EU qualified certificate reliance: relying-party notice text, QTSP service identifiers, validation records, and change triggers.
ETSI EN 319 411-2 trusted-list validation workflow
Validate an EN 319 411-2 EU qualified-certificate claim by mapping the certificate service to the QTSP trusted-list entry, policy profile, relying-party notice, and status evidence.
ETSI EN 319 411-2 vs eIDAS Qualified Trust Services
Compare ETSI EN 319 411-2 certificate policy requirements with the eIDAS qualified-status, supervision, audit, and trusted-list framework.
ETSI EN 319 411-2: Certificate Revocation FAQ
Answer the ETSI EN 319 411-2 revocation question for qualified certificate services: CPS procedures, 24-hour publication, CRL or OCSP status, and evidence to retain.
ETSI EN 319 411-2: end-to-end qualified certificate lifecycle management workflow
Lifecycle workflow for ETSI EN 319 411-2 qualified certificate services, from policy selection and identity validation through issuance, renewal, re-key, modification, revocation, status services, and records.
ETSI EN 319 411-2: Legal vs Natural Person Certs
ETSI EN 319 411-2 separates qualified certificate policies for natural persons, legal persons, QSCD use, and website authentication subscribers.
ETSI EN 319 411-2: QCP, QNCP, and QEVCP Profile Selection
Choose the right ETSI EN 319 411-2 qualified certificate policy profile: QCP-n, QCP-l, QCP-n-qscd, QCP-l-qscd, QEVCP-w, QNCP-w, or QNCP-w-gen.
ETSI EN 319 411-2: workflow for selecting QCP-n, QCP-l, or QCP-w certificate profile
Select the right ETSI EN 319 411-2 qualified certificate policy profile for signatures, seals, QSCD use, and website authentication.
How should QTSPs select an ETSI EN 319 411-2 qualified certificate profile?
A focused FAQ on choosing QCP-n, QCP-l, QCP-n-qscd, QCP-l-qscd, QEVCP-w, QNCP-w, or QNCP-w-gen under ETSI EN 319 411-2.
How should relying parties use trusted lists under ETSI EN 319 411-2?
FAQ on EN 319 411-2 trusted-list reliance for EU qualified certificates: relying-party notices, QTSP service identifiers, validation evidence, and source references.
QSCD Requirements in ETSI EN 319 411-2
How ETSI EN 319 411-2 treats QSCD-backed qualified certificates, including QCP-n-qscd and QCP-l-qscd policies, key-use controls, QSCD verification, and certificate profile evidence.
QTSP Supervision and ETSI EN 319 411-2
How ETSI EN 319 411-2 supports QTSP supervision evidence for qualified certificate services, trusted-list reliance, liability responsibility, incident records, and audit preparation.
Qualified certificates under ETSI EN 319 411-2
FAQ answer for QTSPs on how ETSI EN 319 411-2 treats EU qualified certificates, policy identifiers, QSCD variants, website certificates, and lifecycle evidence.
What are the qualified certificate policies in ETSI EN 319 411-2?
FAQ on ETSI EN 319 411-2 qualified certificate policies, including QCP-n, QCP-l, QSCD variants, QEVCP-w, QNCP-w, and policy identifiers.
Which QWAC Profile Fits ETSI EN 319 411-2?
Choose between QEVCP-w, QNCP-w, and QNCP-w-gen for qualified website authentication certificates under ETSI EN 319 411-2.