---
title: "ETSI EN 319 411-2 vs eIDAS Qualified Trust Services"
canonical_url: "https://www.sorena.io/artifacts/global/etsi-en-319-411-2/en-319-411-2-vs-eidas-qualified-trust-services"
source_url: "https://www.sorena.io/artifacts/global/etsi-en-319-411-2/en-319-411-2-vs-eidas-qualified-trust-services"
author: "Sorena AI"
description: "Compare ETSI EN 319 411-2 certificate policy requirements with the eIDAS qualified-status, supervision, audit, and trusted-list framework."
published_at: "2026-05-09"
updated_at: "2026-05-09"
keywords:
  - "ETSI EN 319 411-2"
  - "eIDAS qualified trust services"
  - "qualified certificates"
  - "QTSP"
  - "QSCD"
  - "QWAC"
  - "eIDAS"
  - "qualified trust service provider"
  - "trusted lists"
---
**[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform

[Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io)

---

# ETSI EN 319 411-2 vs eIDAS Qualified Trust Services

Compare ETSI EN 319 411-2 certificate policy requirements with the eIDAS qualified-status, supervision, audit, and trusted-list framework.

*Artifact Guide* *GLOBAL* *ETSI EN 319 411-2*

## ETSI EN 319 411-2 vs eIDAS qualified trust services

A comparison of the ETSI certificate-policy standard used for EU qualified certificates and the eIDAS legal framework that grants and supervises qualified trust-service status.

Use this to separate standard conformance evidence from qualified-status, trusted-list, and supervisory evidence.

ETSI EN 319 411-2 and eIDAS are related, but they do different jobs. EN 319 411-2 specifies policy and security requirements for trust service providers issuing EU qualified certificates. eIDAS defines qualified trust services, qualified trust service providers, supervisory bodies, conformity assessment, and trusted lists. Meeting the ETSI standard can support a qualified-certificate evidence file; it does not, by itself, grant qualified status.

## ETSI EN 319 411-2 vs eIDAS qualified trust services: what changes?

Use this comparison to keep certificate-policy conformance separate from the legal qualified-status and trusted-list checks required under eIDAS.

- **ETSI EN 319 411-2**: A European standard for policy and security requirements for TSPs issuing EU qualified certificates.
- **eIDAS qualified trust services**: The EU legal framework for qualified trust services, qualified trust service providers, supervision, conformity assessment, and trusted lists.

| Dimension | ETSI EN 319 411-2 | eIDAS qualified trust services | Operational implication | Sources |
| --- | --- | --- | --- | --- |
| Scope and covered activity | EN 319 411-2 covers policy and security requirements for TSPs issuing EU qualified certificates, including named qualified certificate policy profiles. | eIDAS covers qualified trust services as a legal category, including qualified certificates for signatures, seals, and website authentication plus the provider status framework around them. | Start by naming both the certificate policy profile and the eIDAS service status being claimed; the standard scope and the legal qualified-service scope are related but not identical. | [ETSI EN 319 411-2 V2.6.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941102/02.06.01_60/en_31941102v020601p.pdf?ref=sorena.io) - Grounds the named qualified certificate policy profiles that define the standard side of the comparison.<br>[Regulation (EU) No 910/2014, Articles 3, 28, 38, and 45](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds the eIDAS definitions and qualified certificate categories for signatures, seals, and website authentication. |
| Who must act | The EN 319 411-2 owner is the certificate-issuing TSP and its CA, RA, repository, revocation, certificate status, CP/CPS, and security-control owners. | The eIDAS owners include the trust service provider seeking or holding qualified status, the conformity assessment body, the supervisory body, and the Member State trusted-list function. | Assign standard evidence to certificate-service operators and legal status evidence to the qualified-service governance team; one generic compliance owner will miss handoffs. | [ETSI EN 319 411-1 V1.5.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941101/01.05.01_60/en_31941101v010501p.pdf?ref=sorena.io) - Grounds the CA, subscriber, subject, repository, and certificate lifecycle roles used by the EN 319 411-2 evidence file.<br>[Regulation (EU) No 910/2014, Articles 20 to 22](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds the roles of qualified trust service provider, conformity assessment body, supervisory body, and trusted lists.<br>[Regulation (EU) No 910/2014, Article 46b](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds supervisory responsibilities for trust services. |
| Trigger or threshold | EN 319 411-2 is triggered when a TSP issues, or claims conformance for issuing, EU qualified certificates under one of the standard's qualified certificate policy profiles. | eIDAS qualified-service work is triggered when a provider intends to provide a qualified trust service or needs to maintain qualified status after it has been granted. | Do not wait until public launch copy is drafted; trigger both reviews when the certificate profile and the intended qualified-service status are selected. | [ETSI EN 319 411-2 V2.6.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941102/02.06.01_60/en_31941102v020601p.pdf?ref=sorena.io) - Grounds the standard's qualified certificate policy profiles and certificate usage sections.<br>[Regulation (EU) No 910/2014, Article 21](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds that qualified service provision begins after qualified status appears in the trusted lists. |
| Core obligations | EN 319 411-2 obligations are implemented through certificate policy selection, CP/CPS controls, identity validation, issuance, acceptance, revocation, suspension, certificate status, repository, and QSCD-related evidence where applicable. | eIDAS obligations include notification, conformity assessment, supervisory verification, ongoing audits, remedy where required, status withdrawal risk, and trusted-list publication. | Build two linked workstreams: one for certificate-service controls and one for qualified-status lifecycle controls. | [ETSI EN 319 411-2 V2.6.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941102/02.06.01_60/en_31941102v020601p.pdf?ref=sorena.io) - Grounds the certificate-service policy and lifecycle obligations for qualified certificate issuance.<br>[Regulation (EU) No 910/2014, Articles 20 to 22](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds supervision, initiation, and trusted-list obligations for qualified trust services.<br>[ETSI EN 319 411-1 V1.5.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941101/01.05.01_60/en_31941101v010501p.pdf?ref=sorena.io) - Grounds the general certificate operation controls used by EN 319 411-2. |
| Evidence and records | EN 319 411-2 evidence is the CP/CPS, certificate policy identifier, subscriber and subject validation, certificate issuance, revocation, suspension, certificate status, repository, QSCD indication, and records material. | eIDAS evidence is the conformity assessment report, notification to the supervisory body, supervisory verification, qualified-status grant, and trusted-list entry. | Keep a traceable matrix with separate columns for standard conformance artifacts and legal qualified-status artifacts. | [ETSI EN 319 411-1 V1.5.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941101/01.05.01_60/en_31941101v010501p.pdf?ref=sorena.io) - Grounds the CA, RA, lifecycle, repository, revocation, and records controls used by the qualified-certificate standard.<br>[Regulation (EU) No 910/2014, Articles 21 and 22](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds the conformity assessment, supervisory verification, qualified-status grant, and trusted-list evidence.<br>[ETSI EN 319 411-2 V2.6.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941102/02.06.01_60/en_31941102v020601p.pdf?ref=sorena.io) - Grounds the need to connect evidence to the exact qualified certificate policy. |
| Timing and cadence | EN 319 411-2 timing is driven by certificate lifecycle events such as application, issuance, acceptance, renewal, re-key, modification, revocation, suspension, status service operation, and records archival. | eIDAS timing includes the Article 20 audit cadence of at least every 24 months, submission of the conformity assessment report, supervisory verification, and trusted-list update timing. | Track certificate lifecycle clocks separately from qualified-status audit and supervisory clocks. | [ETSI EN 319 411-1 V1.5.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941101/01.05.01_60/en_31941101v010501p.pdf?ref=sorena.io) - Grounds the certificate lifecycle events and records timing that EN 319 411-2 relies on.<br>[Regulation (EU) No 910/2014, Article 20](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds the 24-month audit cadence and conformity assessment report submission.<br>[Regulation (EU) No 910/2014, Article 22](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds the trusted-list publication timing dependency for qualified service claims. |
| Enforcement or assurance route | EN 319 411-2 is enforced through assessment, audit expectations, certification or procurement requirements, and the ability to prove the certificate service matches the selected policy profile. | eIDAS supervision is performed by supervisory bodies that can audit, require remedy, and withdraw qualified status where the Regulation's requirements are not met. | Escalate when an EN 319 411-2 finding affects status evidence, because a technical nonconformity can become a supervisory issue under eIDAS. | [ETSI EN 319 411-2 V2.6.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941102/02.06.01_60/en_31941102v020601p.pdf?ref=sorena.io) - Grounds the standard requirements that can feed assessment evidence.<br>[Regulation (EU) No 910/2014, Article 20](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds supervisory powers to audit, require remedy, and withdraw qualified status.<br>[Regulation (EU) No 910/2014, Article 46b](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds the supervisory body's role in ensuring qualified services meet eIDAS requirements. |
| Overlap and reuse | Reuse EN 319 411-2 controls where the same certificate service, policy profile, CP/CPS, CA/RA process, revocation service, and records boundary are unchanged. | Reuse eIDAS qualified-service evidence only where the same provider, service, Member State supervision, qualified-status decision, and trusted-list entry are in scope. | A shared control can reduce duplication, but status evidence, certificate-profile evidence, and trusted-list evidence must remain traceable to the exact source that supports the claim. | [ETSI EN 319 411-2 V2.6.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941102/02.06.01_60/en_31941102v020601p.pdf?ref=sorena.io) - Grounds the service and policy-profile boundaries for EN 319 411-2 evidence reuse.<br>[Regulation (EU) No 910/2014, Article 22](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds the provider-and-service trusted-list boundary for eIDAS evidence reuse.<br>[ETSI EN 319 411-1 V1.5.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941101/01.05.01_60/en_31941101v010501p.pdf?ref=sorena.io) - Grounds the lifecycle and records controls that should be checked before reusing certificate-service evidence. |
| Practical decision rule | Use EN 319 411-2 when the question is whether certificate-policy, CP/CPS, lifecycle, QSCD, QWAC, or CA/RA evidence meets the qualified-certificate standard. | Use eIDAS when the question is whether the provider and service have qualified status, supervisory verification, conformity assessment evidence, and a trusted-list entry. | Use both only when the same qualified certificate service needs standard-conformance evidence and eIDAS qualified-status evidence. | [ETSI EN 319 411-2 V2.6.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941102/02.06.01_60/en_31941102v020601p.pdf?ref=sorena.io) - Grounds when EN 319 411-2 controls the certificate-policy side of the decision.<br>[Regulation (EU) No 910/2014, Articles 20 to 22](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds when eIDAS controls qualified status, supervision, and trusted-list evidence.<br>[Regulation (EU) No 910/2014, Article 3](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds the legal definition of a qualified trust service provider. |

Sources for Scope and covered activity - ETSI EN 319 411-2:

- [ETSI EN 319 411-2 V2.6.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941102/02.06.01_60/en_31941102v020601p.pdf?ref=sorena.io) - Grounds the standard's scope for TSPs issuing EU qualified certificates.
  - Quote: "Requirements for trust service providers issuing EU qualified certificates"

Sources for Scope and covered activity - eIDAS qualified trust services:

- [Regulation (EU) No 910/2014, Articles 3, 28, 38, and 45](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds the eIDAS definitions and qualified certificate categories for signatures, seals, and website authentication.
  - Quote: "qualified certificate for website authentication"

Sources for Scope and covered activity - operational implication:

- [ETSI EN 319 411-2 V2.6.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941102/02.06.01_60/en_31941102v020601p.pdf?ref=sorena.io) - Grounds the named qualified certificate policy profiles that define the standard side of the comparison.
  - Quote: "QEVCP-w, QNCP-w, QNCP-w-gen"

Sources for Who must act - ETSI EN 319 411-2:

- [ETSI EN 319 411-1 V1.5.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941101/01.05.01_60/en_31941101v010501p.pdf?ref=sorena.io) - Grounds the CA, subscriber, subject, repository, and certificate lifecycle roles used by the EN 319 411-2 evidence file.
  - Quote: "PKI participants"

Sources for Who must act - eIDAS qualified trust services:

- [Regulation (EU) No 910/2014, Articles 20 to 22](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds the roles of qualified trust service provider, conformity assessment body, supervisory body, and trusted lists.
  - Quote: "conformity assessment body"

Sources for Who must act - operational implication:

- [Regulation (EU) No 910/2014, Article 46b](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds supervisory responsibilities for trust services.
  - Quote: "to grant qualified status"

Sources for Trigger or threshold - ETSI EN 319 411-2:

- [ETSI EN 319 411-2 V2.6.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941102/02.06.01_60/en_31941102v020601p.pdf?ref=sorena.io) - Grounds the standard's qualified certificate policy profiles and certificate usage sections.
  - Quote: "Certificate Usage"

Sources for Trigger or threshold - eIDAS qualified trust services:

- [Regulation (EU) No 910/2014, Article 21](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds the initiation trigger for providers intending to start a qualified trust service.
  - Quote: "notify the supervisory body of their intention"

Sources for Trigger or threshold - operational implication:

- [Regulation (EU) No 910/2014, Article 21](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds that qualified service provision begins after qualified status appears in the trusted lists.
  - Quote: "after the qualified status has been indicated"

Sources for Core obligations - ETSI EN 319 411-2:

- [ETSI EN 319 411-2 V2.6.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941102/02.06.01_60/en_31941102v020601p.pdf?ref=sorena.io) - Grounds the certificate-service policy and lifecycle obligations for qualified certificate issuance.
  - Quote: "Certificate Life-Cycle Operational Requirements"

Sources for Core obligations - eIDAS qualified trust services:

- [Regulation (EU) No 910/2014, Articles 20 to 22](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds supervision, initiation, and trusted-list obligations for qualified trust services.
  - Quote: "Supervision of qualified trust service providers"

Sources for Core obligations - operational implication:

- [ETSI EN 319 411-1 V1.5.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941101/01.05.01_60/en_31941101v010501p.pdf?ref=sorena.io) - Grounds the general certificate operation controls used by EN 319 411-2.
  - Quote: "Certificate application processing"

Sources for Evidence and records - ETSI EN 319 411-2:

- [ETSI EN 319 411-1 V1.5.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941101/01.05.01_60/en_31941101v010501p.pdf?ref=sorena.io) - Grounds the CA, RA, lifecycle, repository, revocation, and records controls used by the qualified-certificate standard.
  - Quote: "Records archival"

Sources for Evidence and records - eIDAS qualified trust services:

- [Regulation (EU) No 910/2014, Articles 21 and 22](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds the conformity assessment, supervisory verification, qualified-status grant, and trusted-list evidence.
  - Quote: "establish, maintain and publish trusted lists"

Sources for Evidence and records - operational implication:

- [ETSI EN 319 411-2 V2.6.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941102/02.06.01_60/en_31941102v020601p.pdf?ref=sorena.io) - Grounds the need to connect evidence to the exact qualified certificate policy.
  - Quote: "Certificate Policy name and identification"

Sources for Timing and cadence - ETSI EN 319 411-2:

- [ETSI EN 319 411-1 V1.5.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941101/01.05.01_60/en_31941101v010501p.pdf?ref=sorena.io) - Grounds the certificate lifecycle events and records timing that EN 319 411-2 relies on.
  - Quote: "Certificate Renewal"

Sources for Timing and cadence - eIDAS qualified trust services:

- [Regulation (EU) No 910/2014, Article 20](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds the 24-month audit cadence and conformity assessment report submission.
  - Quote: "audited at their own expense at least every 24 months"

Sources for Timing and cadence - operational implication:

- [Regulation (EU) No 910/2014, Article 22](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds the trusted-list publication timing dependency for qualified service claims.
  - Quote: "without undue delay"

Sources for Enforcement or assurance route - ETSI EN 319 411-2:

- [ETSI EN 319 411-2 V2.6.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941102/02.06.01_60/en_31941102v020601p.pdf?ref=sorena.io) - Grounds the standard requirements that can feed assessment evidence.
  - Quote: "Trust Service Providers practice"

Sources for Enforcement or assurance route - eIDAS qualified trust services:

- [Regulation (EU) No 910/2014, Article 20](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds supervisory powers to audit, require remedy, and withdraw qualified status.
  - Quote: "withdraw the qualified status"

Sources for Enforcement or assurance route - operational implication:

- [Regulation (EU) No 910/2014, Article 46b](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds the supervisory body's role in ensuring qualified services meet eIDAS requirements.
  - Quote: "supervise qualified trust service providers"

Sources for Overlap and reuse - ETSI EN 319 411-2:

- [ETSI EN 319 411-2 V2.6.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941102/02.06.01_60/en_31941102v020601p.pdf?ref=sorena.io) - Grounds the service and policy-profile boundaries for EN 319 411-2 evidence reuse.
  - Quote: "Certificate Usage"

Sources for Overlap and reuse - eIDAS qualified trust services:

- [Regulation (EU) No 910/2014, Article 22](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds the provider-and-service trusted-list boundary for eIDAS evidence reuse.
  - Quote: "information related to the qualified trust services"

Sources for Overlap and reuse - operational implication:

- [ETSI EN 319 411-1 V1.5.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941101/01.05.01_60/en_31941101v010501p.pdf?ref=sorena.io) - Grounds the lifecycle and records controls that should be checked before reusing certificate-service evidence.
  - Quote: "Records archival"

Sources for Practical decision rule - ETSI EN 319 411-2:

- [ETSI EN 319 411-2 V2.6.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941102/02.06.01_60/en_31941102v020601p.pdf?ref=sorena.io) - Grounds when EN 319 411-2 controls the certificate-policy side of the decision.
  - Quote: "Certificate Policy"

Sources for Practical decision rule - eIDAS qualified trust services:

- [Regulation (EU) No 910/2014, Articles 20 to 22](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds when eIDAS controls qualified status, supervision, and trusted-list evidence.
  - Quote: "Supervision of qualified trust service providers"

Sources for Practical decision rule - operational implication:

- [Regulation (EU) No 910/2014, Article 3](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds the legal definition of a qualified trust service provider.
  - Quote: "granted the qualified status by the supervisory body"

### How to choose the controlling source

- Use EN 319 411-2 when the decision is about certificate policy, CP/CPS, certificate lifecycle operations, QSCD indication, or qualified certificate profile evidence.
- Use eIDAS when the decision is about qualified status, supervisory verification, conformity assessment reports, trusted-list publication, or legal qualified-service wording.
- Use both only when a specific qualified certificate service needs both standard-conformance evidence and eIDAS qualified-status evidence.

Sources for the practical decision rule:

- [ETSI EN 319 411-2 V2.6.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941102/02.06.01_60/en_31941102v020601p.pdf?ref=sorena.io) - Grounds when EN 319 411-2 controls the certificate-policy side of the decision.
  - Quote: "Certificate Policy"
- [Regulation (EU) No 910/2014, consolidated 2024-10-18](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds when eIDAS controls qualified status, supervision, and trusted-list evidence.
  - Quote: "Supervision of qualified trust service providers"

## What each source controls

Use EN 319 411-2 when the question is whether a certificate-issuing trust service provider has implemented the policy and security requirements for EU qualified certificates. The standard names the certificate policy families and points back to EN 319 411-1 for general CA, registration, repository, revocation, and certificate lifecycle requirements.

Use eIDAS when the question is whether a trust service is legally qualified in the EU. eIDAS defines a qualified trust service as one meeting the Regulation's applicable requirements and defines a qualified trust service provider as one granted qualified status by the supervisory body.

- EN 319 411-2 is evidence for certificate policy and CA operations; it is not the legal act that grants qualified status.
- eIDAS controls supervisory verification, qualified-status grant or withdrawal, trusted-list publication, and qualified-service legal effects.
- A procurement claim such as "eIDAS qualified" should be checked against the trusted list and supervisory status, not only against an EN 319 411-2 audit statement.

Sources for this answer:

- [ETSI EN 319 411-2 V2.6.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941102/02.06.01_60/en_31941102v020601p.pdf?ref=sorena.io) - Grounds the standard's scope as requirements for TSPs issuing EU qualified certificates and its QCP/QEVCP/QNCP policy profiles.
- [Regulation (EU) No 910/2014, consolidated 2024-10-18](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds eIDAS definitions of qualified trust service and qualified trust service provider.

## Certificate policy evidence vs qualified-status evidence

EN 319 411-2 evidence should show which qualified certificate policy is being used, how the certification practice statement and certificate policy implement the requirement, and how lifecycle controls such as identity validation, issuance, revocation, suspension, certificate status services, and repository publication are operated.

eIDAS evidence should show the supervisory path: notification to the supervisory body, a conformity assessment report, supervisory verification, grant of qualified status, and the trusted-list entry that indicates the provider and service are qualified.

- Keep CP/CPS, registration, identity proofing, certificate profile, QSCD indication, revocation, and certificate status evidence in the EN 319 411-2 file.
- Keep conformity assessment report, supervisory correspondence, qualified-status decision, and trusted-list verification in the eIDAS qualified-service file.
- Do not describe a service as qualified until the eIDAS status evidence exists; an ETSI standards audit alone is not enough.

Sources for this answer:

- [ETSI EN 319 411-1 V1.5.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941101/01.05.01_60/en_31941101v010501p.pdf?ref=sorena.io) - Grounds the general certificate policy, CPS, CA/RA, identity validation, lifecycle, revocation, and records controls that EN 319 411-2 builds on.
- [Regulation (EU) No 910/2014, Article 21](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds the notification, conformity assessment report, supervisory verification, grant of qualified status, and trusted-list update sequence.

*Recommended next step*

*Placement: after practical guidance*

## Review qualified-certificate claims

Use Sorena to check whether a public claim is grounded in certificate-policy evidence, eIDAS supervisory status, trusted-list evidence, or all three.

- [Open Assessment Autopilot for ETSI EN 319 411-2](/solutions/assessment.md): Build a clause-to-evidence map for CP/CPS, certificate profile, identity validation, revocation, and repository controls.
- [Research eIDAS status evidence](/solutions/research-copilot.md): Check the supervisory, conformity assessment, and trusted-list evidence behind qualified trust-service wording.
- [Review a qualified-certificate claim](/contact.md): Compare standard conformance language with eIDAS qualified-status wording before it appears in an RFP, audit pack, or product page.

## Where QCP, QSCD, and QWAC details fit

EN 319 411-2 is the better place to track certificate-policy details such as QCP-n, QCP-l, QCP-n-qscd, QCP-l-qscd, QEVCP-w, QNCP-w, and QNCP-w-gen. These profile choices affect certificate wording, evidence, and technical controls.

eIDAS is the better place to verify whether the certificate is part of a qualified trust service and whether the provider is listed as qualified for that service. eIDAS also supplies Annex requirements for qualified certificates for electronic signatures, electronic seals, and website authentication.

- For signature or seal certificates, record whether the qualified certificate indicates QSCD use where the selected policy requires it.
- For website authentication certificates, keep the EN 319 411-2 QEVCP-w or QNCP-w evidence separate from the eIDAS QWAC status and browser-recognition context.
- Use trusted-list validation to confirm the service status that relying parties should depend on.

Sources for this answer:

- [ETSI EN 319 411-2 V2.6.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941102/02.06.01_60/en_31941102v020601p.pdf?ref=sorena.io) - Grounds the qualified certificate policy identifiers and website authentication certificate policy families.
- [Regulation (EU) No 910/2014, Articles 28, 38, and 45](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds eIDAS requirements for qualified certificates for electronic signatures, electronic seals, and website authentication.

## Audit and supervision are not the same control

An EN 319 411-2 assessment can support conformity evidence, but eIDAS supervision has its own legal mechanics. Qualified trust service providers are audited at least every 24 months by a conformity assessment body and submit the report to the supervisory body.

The supervisory body can also audit, request a conformity assessment, require remedy, and withdraw qualified status where eIDAS conditions are not met. Treat this as a supervised-status lifecycle, not as a one-time certificate-policy checklist.

- Map EN 319 411-2 findings to the conformity assessment report, but keep the supervisory decision and trusted-list update as separate artifacts.
- Track the 24-month audit cadence and the report-submission obligation in the eIDAS evidence calendar.
- Escalate material CP/CPS, certificate-profile, revocation, QSCD, or service-boundary changes because they may affect both the ETSI evidence file and the eIDAS qualified-service status.

Sources for this answer:

- [Regulation (EU) No 910/2014, Article 20](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds qualified trust service provider audit cadence, supervisory powers, remedy, and status-withdrawal rules.
- [ETSI EN 319 411-2 V2.6.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941102/02.06.01_60/en_31941102v020601p.pdf?ref=sorena.io) - Grounds the EN 319 411-2 certificate-service controls that may feed an assessment file.

## Implementation checklist

Use this checklist when a product page, RFP answer, audit pack, or relying-party document uses both EN 319 411-2 and eIDAS qualified-service language.

- Identify the exact certificate service and policy profile: QCP-n, QCP-l, QCP-n-qscd, QCP-l-qscd, QEVCP-w, QNCP-w, or QNCP-w-gen.
- Map the CP/CPS, identity validation, issuance, revocation, certificate status, repository, and records evidence to EN 319 411-2 and EN 319 411-1 clauses.
- Verify the eIDAS qualified-status path: conformity assessment report, supervisory body verification, qualified-status grant, and trusted-list entry.
- Separate public wording: say "aligned with EN 319 411-2" only for standard evidence, and say "qualified trust service" only where eIDAS status and trusted-list evidence support it.
- Review both files after certificate-profile, QSCD, CA/RA, revocation, repository, supervisory, or trusted-list changes.

Sources for this answer:

- [ETSI EN 319 411-2 V2.6.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941102/02.06.01_60/en_31941102v020601p.pdf?ref=sorena.io) - Grounds the qualified certificate policy and service-operation evidence expected for EN 319 411-2.
- [Regulation (EU) No 910/2014, Articles 21 and 22](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds the qualified-status grant and trusted-list publication checks that should gate public qualified-service claims.

## Common mistakes to avoid

Most mistakes come from collapsing the technical standard and the legal status into one label. Keep the evidence split so a reader can see whether a claim is about certificate-policy conformance, qualified-service status, or both.

- Do not imply that EN 319 411-2 certification automatically makes the provider or service qualified under eIDAS.
- Do not cite a CP/CPS or audit report as a substitute for the trusted-list status check.
- Do not mix non-qualified EN 319 411-1 certificate evidence into a qualified-service claim without a clear bridge to EN 319 411-2 and eIDAS.
- Do not use QWAC, QSCD, QCP, or QTSP acronyms in public copy unless the evidence file defines the exact profile and status being claimed.

Sources for this answer:

- [Regulation (EU) No 910/2014, Articles 20 to 22](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds why qualified status depends on supervisory verification, possible withdrawal, and trusted-list publication.
- [ETSI EN 319 411-2 V2.6.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941102/02.06.01_60/en_31941102v020601p.pdf?ref=sorena.io) - Grounds the standard's narrower role as certificate-policy and security requirements for EU qualified certificates.

## Primary sources

- [ETSI EN 319 411-2 V2.6.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941102/02.06.01_60/en_31941102v020601p.pdf?ref=sorena.io) - Grounds when EN 319 411-2 controls the certificate-policy side of the decision.
  - Quote: "Certificate Policy"
- [ETSI EN 319 411-1 V1.5.1](https://www.etsi.org/deliver/etsi_en/319400_319499/31941101/01.05.01_60/en_31941101v010501p.pdf?ref=sorena.io) - Grounds the lifecycle and records controls that should be checked before reusing certificate-service evidence.
  - Quote: "Records archival"
- [Regulation (EU) No 910/2014, consolidated 2024-10-18](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds when eIDAS controls qualified status, supervision, and trusted-list evidence.
  - Quote: "Supervision of qualified trust service providers"
- [Regulation (EU) No 910/2014, Articles 3, 28, 38, and 45](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds the eIDAS definitions and qualified certificate categories for signatures, seals, and website authentication.
  - Quote: "qualified certificate for website authentication"
- [Regulation (EU) No 910/2014, Articles 20 to 22](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds when eIDAS controls qualified status, supervision, and trusted-list evidence.
  - Quote: "Supervision of qualified trust service providers"
- [Regulation (EU) No 910/2014, Article 46b](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds the supervisory body's role in ensuring qualified services meet eIDAS requirements.
  - Quote: "supervise qualified trust service providers"
- [Regulation (EU) No 910/2014, Article 21](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds that qualified service provision begins after qualified status appears in the trusted lists.
  - Quote: "after the qualified status has been indicated"
- [Regulation (EU) No 910/2014, Articles 21 and 22](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds the conformity assessment, supervisory verification, qualified-status grant, and trusted-list evidence.
  - Quote: "establish, maintain and publish trusted lists"
- [Regulation (EU) No 910/2014, Article 20](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds supervisory powers to audit, require remedy, and withdraw qualified status.
  - Quote: "withdraw the qualified status"
- [Regulation (EU) No 910/2014, Article 22](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds the provider-and-service trusted-list boundary for eIDAS evidence reuse.
  - Quote: "information related to the qualified trust services"
- [Regulation (EU) No 910/2014, Article 3](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02014R0910-20241018&ref=sorena.io) - Grounds the legal definition of a qualified trust service provider.
  - Quote: "granted the qualified status by the supervisory body"

## Related Topic Guides

- [eIDAS QTSP supervision workflow for ETSI EN 319 411-2](/artifacts/global/etsi-en-319-411-2/eidas-qtsp-supervision-workflow.md): Operational workflow for qualified trust service providers using ETSI EN 319 411-2 to manage supervisory-body changes, incidents, termination evidence, trusted-list checks, and assessment records.
- [EN 319 411-2 vs EN 319 411-1 Qualified Certs](/artifacts/global/etsi-en-319-411-2/en-319-411-2-vs-en-319-411-1.md): Compare ETSI EN 319 411-2 qualified certificate requirements with EN 319 411-1 general certificate-service requirements, including QCP profiles, QSCD evidence, CP/CPS reuse, and audit boundaries.
- [ETSI EN 319 411-2 compliance checklist](/artifacts/global/etsi-en-319-411-2/compliance.md): Compliance checklist for ETSI EN 319 411-2 qualified certificate services, covering policy selection, CP/CPS evidence, identity validation, QSCD status, trusted-list reliance, and certificate status services.
- [ETSI EN 319 411-2 FAQ for EU Qualified Certificates](/artifacts/global/etsi-en-319-411-2/faq.md): Answers to common ETSI EN 319 411-2 questions about EU qualified certificate policies, QSCD use, identity validation, trusted lists, and revocation status services.
- [ETSI EN 319 411-2 Identity Proofing](/artifacts/global/etsi-en-319-411-2/identity-proofing.md): How EN 319 411-2 applies identity validation for EU qualified certificates, including QCP natural-person, legal-person, website, and evidence-record checks.
- [ETSI EN 319 411-2 QSCD Route](/artifacts/global/etsi-en-319-411-2/qscd-route.md): When QCP-n-qscd or QCP-l-qscd is the right EN 319 411-2 route, what QSCD evidence is needed, and which certificate-profile claims must stay aligned.
- [ETSI EN 319 411-2 QTSP supervision evidence workflow](/artifacts/global/etsi-en-319-411-2/qtsp-supervision-evidence-workflow.md): Build an assessment-ready QTSP supervision evidence pack for ETSI EN 319 411-2 qualified certificate services, covering policy identifiers, trusted-list checks, incident records, QSCD evidence, and termination controls.
- [ETSI EN 319 411-2 qualified certificate operations: issuance, suspension, and revocation](/artifacts/global/etsi-en-319-411-2/qualified-certificate-operations.md): Operational guide for ETSI EN 319 411-2 qualified certificate services: policy identifiers, identity validation, issuance, QSCD handling, revocation status, and relying-party notices.
- [ETSI EN 319 411-2 Qualified Certificate Scope](/artifacts/global/etsi-en-319-411-2/qualified-certificate-scope.md): Use ETSI EN 319 411-2 to scope EU qualified certificate services by certificate policy, subject type, QSCD use, website authentication profile, and eIDAS context.
- [ETSI EN 319 411-2 requirements map](/artifacts/global/etsi-en-319-411-2/requirements.md): Map ETSI EN 319 411-2 requirements for EU qualified certificate services across QCP profiles, CP/CPS documentation, QSCD use, certificate profiles, revocation, and eIDAS Annex A references.
- [ETSI EN 319 411-2 trusted-list evidence](/artifacts/global/etsi-en-319-411-2/trusted-list-evidence.md): Build EN 319 411-2 trusted-list evidence for EU qualified certificate reliance: relying-party notice text, QTSP service identifiers, validation records, and change triggers.
- [ETSI EN 319 411-2 trusted-list validation workflow](/artifacts/global/etsi-en-319-411-2/trusted-list-validation-workflow.md): Validate an EN 319 411-2 EU qualified-certificate claim by mapping the certificate service to the QTSP trusted-list entry, policy profile, relying-party notice, and status evidence.
- [ETSI EN 319 411-2: Certificate Revocation FAQ](/artifacts/global/etsi-en-319-411-2/faq/revocation.md): Answer the ETSI EN 319 411-2 revocation question for qualified certificate services: CPS procedures, 24-hour publication, CRL or OCSP status, and evidence to retain.
- [ETSI EN 319 411-2: end-to-end qualified certificate lifecycle management workflow](/artifacts/global/etsi-en-319-411-2/qualified-certificate-lifecycle-workflow.md): Lifecycle workflow for ETSI EN 319 411-2 qualified certificate services, from policy selection and identity validation through issuance, renewal, re-key, modification, revocation, status services, and records.
- [ETSI EN 319 411-2: Legal vs Natural Person Certs](/artifacts/global/etsi-en-319-411-2/faq/legal-and-natural-persons.md): ETSI EN 319 411-2 separates qualified certificate policies for natural persons, legal persons, QSCD use, and website authentication subscribers.
- [ETSI EN 319 411-2: QCP, QNCP, and QEVCP Profile Selection](/artifacts/global/etsi-en-319-411-2/qcp-qncp-and-qevcp-profile-selection.md): Choose the right ETSI EN 319 411-2 qualified certificate policy profile: QCP-n, QCP-l, QCP-n-qscd, QCP-l-qscd, QEVCP-w, QNCP-w, or QNCP-w-gen.
- [ETSI EN 319 411-2: workflow for selecting QCP-n, QCP-l, or QCP-w certificate profile](/artifacts/global/etsi-en-319-411-2/qualified-profile-selector-workflow.md): Select the right ETSI EN 319 411-2 qualified certificate policy profile for signatures, seals, QSCD use, and website authentication.
- [How should QTSPs select an ETSI EN 319 411-2 qualified certificate profile?](/artifacts/global/etsi-en-319-411-2/faq/qualified-profile-selection.md): A focused FAQ on choosing QCP-n, QCP-l, QCP-n-qscd, QCP-l-qscd, QEVCP-w, QNCP-w, or QNCP-w-gen under ETSI EN 319 411-2.
- [How should relying parties use trusted lists under ETSI EN 319 411-2?](/artifacts/global/etsi-en-319-411-2/faq/trusted-lists.md): FAQ on EN 319 411-2 trusted-list reliance for EU qualified certificates: relying-party notices, QTSP service identifiers, validation evidence, and source references.
- [QSCD Requirements in ETSI EN 319 411-2](/artifacts/global/etsi-en-319-411-2/faq/qscd.md): How ETSI EN 319 411-2 treats QSCD-backed qualified certificates, including QCP-n-qscd and QCP-l-qscd policies, key-use controls, QSCD verification, and certificate profile evidence.
- [QTSP Supervision and ETSI EN 319 411-2](/artifacts/global/etsi-en-319-411-2/faq/qtsp-supervision.md): How ETSI EN 319 411-2 supports QTSP supervision evidence for qualified certificate services, trusted-list reliance, liability responsibility, incident records, and audit preparation.
- [Qualified certificates under ETSI EN 319 411-2](/artifacts/global/etsi-en-319-411-2/faq/qualified-certificates.md): FAQ answer for QTSPs on how ETSI EN 319 411-2 treats EU qualified certificates, policy identifiers, QSCD variants, website certificates, and lifecycle evidence.
- [What are the qualified certificate policies in ETSI EN 319 411-2?](/artifacts/global/etsi-en-319-411-2/faq/qualified-certificate-policies.md): FAQ on ETSI EN 319 411-2 qualified certificate policies, including QCP-n, QCP-l, QSCD variants, QEVCP-w, QNCP-w, and policy identifiers.
- [Which QWAC Profile Fits ETSI EN 319 411-2?](/artifacts/global/etsi-en-319-411-2/faq/website-authentication-certificates.md): Choose between QEVCP-w, QNCP-w, and QNCP-w-gen for qualified website authentication certificates under ETSI EN 319 411-2.


---

[Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us)

(c) 2026 Sorena AB (559573-7338). All rights reserved.

Source: https://www.sorena.io/artifacts/global/etsi-en-319-411-2/en-319-411-2-vs-eidas-qualified-trust-services