Artifact GuideGLOBALETSI EN 319 411-2

ETSI EN 319 411-2 ETSI EN 319 411-2 vs ETSI EN 319 411-1

A focused comparison of Part 2 requirements for EU qualified certificates and Part 1 general certificate-service policy requirements.

Use it to separate qualified certificate policy, QSCD, QWAC, and EU trusted-list evidence from reusable CP/CPS and certificate lifecycle controls.

Back to main artifactReview sources
Author
Sorena AI
Published
May 9, 2026
Updated
May 9, 2026
Sections
6

Structured answer sets in this page tree.

Primary sources
3

Cited legal and guidance references.

Publication metadata
Sorena AI
Published May 9, 2026
Updated May 9, 2026
Overview

Use this page when a qualified certificate service, conformity assessment file, customer questionnaire, or CP/CPS review mentions both ETSI EN 319 411-2 and ETSI EN 319 411-1. EN 319 411-2 is the qualified-certificate layer for EU qualified certificates and qualified website authentication certificate policy profiles; EN 319 411-1 is the general certificate-service requirements baseline that Part 2 repeatedly builds on.

Document comparison

ETSI EN 319 411-2 vs ETSI EN 319 411-1

Use this comparison to decide when EN 319 411-2 qualified certificate requirements add separate policy, evidence, and assurance work on top of EN 319 411-1 general certificate-service controls.

Review all sources
First framework
ETSI EN 319 411-2

Part 2 covers EU qualified certificate requirements, including qualified profiles and qualified-status evidence.

Second framework
ETSI EN 319 411-1

Part 1 covers general certificate-service policy and security requirements for TSPs.

Comparison row 1

Primary scope

ETSI EN 319 411-2

Part 2 is scoped to requirements for trust service providers issuing EU qualified certificates, including qualified certificate policies for natural persons, legal persons, QSCD-backed certificates, and qualified website authentication certificates.

ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirementsSources 1ETSI EN 319 411-1 V1.5.1 certificate policy and security requirementsSources 2ETSI EN 319 401 V3.1.1 general policy requirements for TSPsSources 3
ETSI EN 319 411-1

Part 1 specifies generally applicable policy and security requirements for TSPs issuing public key certificates, including trusted website certificates and general certificate lifecycle management.

ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirementsSources 1ETSI EN 319 411-1 V1.5.1 certificate policy and security requirementsSources 2ETSI EN 319 401 V3.1.1 general policy requirements for TSPsSources 3
Operational implication

Start with the public claim. A qualified certificate claim needs Part 2 evidence; an ordinary certificate-service claim can stay in the Part 1 evidence boundary.

ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirementsSources 1ETSI EN 319 411-1 V1.5.1 certificate policy and security requirementsSources 2ETSI EN 319 401 V3.1.1 general policy requirements for TSPsSources 3
Comparison row 2

Covered actors

ETSI EN 319 411-2

Part 2 names qualified profiles such as QCP-n, QCP-l, QCP-n-qscd, QCP-l-qscd, QEVCP-w, QNCP-w, and QNCP-w-gen, and requires certificate policy statements to make the qualified and QSCD posture clear.

ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirementsSources 1ETSI EN 319 411-1 V1.5.1 certificate policy and security requirementsSources 2ETSI EN 319 401 V3.1.1 general policy requirements for TSPsSources 3
ETSI EN 319 411-1

Part 1 uses general certificate policy concepts such as NCP, LCP, EVCP, DVCP, OVCP, and IVCP, with CP describing what applies and CPS describing how the TSP implements it.

ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirementsSources 1ETSI EN 319 411-1 V1.5.1 certificate policy and security requirementsSources 2ETSI EN 319 401 V3.1.1 general policy requirements for TSPsSources 3
Operational implication

Do not map by acronym alone. Match the policy object identifier, certificate profile, subscriber type, and qualified-status claim before reusing evidence.

ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirementsSources 1ETSI EN 319 411-1 V1.5.1 certificate policy and security requirementsSources 2ETSI EN 319 401 V3.1.1 general policy requirements for TSPsSources 3
Comparison row 3

Trigger

ETSI EN 319 411-2

Part 2 adds qualified-certificate identity routes: natural-person and legal-person identities must be verified by physical presence or methods with equivalent assurance, and QWAC routes must also verify the subscriber link with the domain name.

ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirementsSources 1ETSI EN 319 411-1 V1.5.1 certificate policy and security requirementsSources 2ETSI EN 319 401 V3.1.1 general policy requirements for TSPsSources 3
ETSI EN 319 411-1

Part 1 covers initial identity validation, naming, subscribers and subjects, registration service responsibilities, certificate applications, and re-key or revocation request authentication for general certificate services.

ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirementsSources 1ETSI EN 319 411-1 V1.5.1 certificate policy and security requirementsSources 2ETSI EN 319 401 V3.1.1 general policy requirements for TSPsSources 3
Operational implication

Use Part 1 records for common registration controls, but add Part 2 proof where the qualified profile requires natural-person, legal-person, domain-link, or equivalent-assurance evidence.

ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirementsSources 1ETSI EN 319 411-1 V1.5.1 certificate policy and security requirementsSources 2ETSI EN 319 401 V3.1.1 general policy requirements for TSPsSources 3
Comparison row 4

Core obligations

ETSI EN 319 411-2

Part 2 distinguishes QSCD-backed profiles and says the QSCD qcStatement belongs in QCP-n-qscd and QCP-l-qscd certificates, while it must not be included for certificates not issued under those requirements.

ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirementsSources 1ETSI EN 319 411-1 V1.5.1 certificate policy and security requirementsSources 2ETSI EN 319 401 V3.1.1 general policy requirements for TSPsSources 3
ETSI EN 319 411-1

Part 1 handles general secure cryptographic device and certificate profile evidence, but it does not turn a certificate into a qualified QSCD-backed certificate by itself.

ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirementsSources 1ETSI EN 319 411-1 V1.5.1 certificate policy and security requirementsSources 2ETSI EN 319 401 V3.1.1 general policy requirements for TSPsSources 3
Operational implication

Keep the QSCD route as a Part 2 decision. A certificate sample, device-status check, and CP/CPS statement should show when the QSCD-backed profile applies.

ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirementsSources 1ETSI EN 319 411-1 V1.5.1 certificate policy and security requirementsSources 2ETSI EN 319 401 V3.1.1 general policy requirements for TSPsSources 3
Comparison row 5

Evidence and records

ETSI EN 319 411-2

Part 2 evidence should include the qualified profile decision, CP/CPS clauses, qualified status context, certificate samples, qcStatements, QSCD route where applicable, trusted-list checks, QWAC domain-link evidence where relevant, and conformity-assessment findings.

ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirementsSources 1ETSI EN 319 411-1 V1.5.1 certificate policy and security requirementsSources 2ETSI EN 319 401 V3.1.1 general policy requirements for TSPsSources 3
ETSI EN 319 411-1

Part 1 evidence should include CP and CPS versions, certificate policy identifiers, subscriber agreements, identity validation records, RA delegation evidence, issuance logs, CRL or OCSP records, revocation files, repository publication records, audit logs, and records archival evidence.

ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirementsSources 1ETSI EN 319 411-1 V1.5.1 certificate policy and security requirementsSources 2ETSI EN 319 401 V3.1.1 general policy requirements for TSPsSources 3
Operational implication

Keep a traceable evidence matrix: source, claim, profile, owner, artifact, review date, and whether the artifact supports Part 2, Part 1, or both.

ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirementsSources 1ETSI EN 319 411-1 V1.5.1 certificate policy and security requirementsSources 2ETSI EN 319 401 V3.1.1 general policy requirements for TSPsSources 3
Comparison row 6

Timing

ETSI EN 319 411-2

Part 2 repeatedly incorporates Part 1 lifecycle controls for publication, identity validation, certificate application, issuance, revocation requests, CRL, OCSP, business matters, and policy management, then adds qualified-profile constraints.

ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirementsSources 1ETSI EN 319 411-1 V1.5.1 certificate policy and security requirementsSources 2ETSI EN 319 401 V3.1.1 general policy requirements for TSPsSources 3
ETSI EN 319 411-1

Part 1 is the operational backbone for certification services: registration, certificate generation, dissemination, revocation management, revocation status, repositories, and records archival.

ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirementsSources 1ETSI EN 319 411-1 V1.5.1 certificate policy and security requirementsSources 2ETSI EN 319 401 V3.1.1 general policy requirements for TSPsSources 3
Operational implication

Reuse operational evidence where Part 2 points back to Part 1, but keep a Part 2 row showing the qualified profile or qualified-service condition that made the reuse valid.

ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirementsSources 1ETSI EN 319 411-1 V1.5.1 certificate policy and security requirementsSources 2ETSI EN 319 401 V3.1.1 general policy requirements for TSPsSources 3
Comparison row 7

Enforcement

ETSI EN 319 411-2

Part 2 maps EU qualified certificate policies to eIDAS qualified trust-service requirements, but its annex warns that the mapping is not a definitive legal conformance statement and that some Regulation requirements are outside the technical standard.

ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirementsSources 1ETSI EN 319 411-1 V1.5.1 certificate policy and security requirementsSources 2ETSI EN 319 401 V3.1.1 general policy requirements for TSPsSources 3
ETSI EN 319 411-1

Part 1 is a technical standard for certificate-service policy and security requirements and points to EN 319 403 for conformity assessment of TSP processes and services.

ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirementsSources 1ETSI EN 319 411-1 V1.5.1 certificate policy and security requirementsSources 2ETSI EN 319 401 V3.1.1 general policy requirements for TSPsSources 3
Operational implication

Do not claim eIDAS qualified status from the ETSI comparison alone. Keep supervisory, trusted-list, conformity-assessment, and legal-context evidence separate from the standard crosswalk.

ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirementsSources 1ETSI EN 319 411-1 V1.5.1 certificate policy and security requirementsSources 2ETSI EN 319 401 V3.1.1 general policy requirements for TSPsSources 3
Comparison row 8

Overlap and reuse

ETSI EN 319 411-2

Part 2 can reuse common PKI evidence only after adding the qualified certificate policy context and any qualified-status, QWAC, trusted-list, or QSCD evidence needed for the qualified claim.

ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirementsSources 1ETSI EN 319 411-1 V1.5.1 certificate policy and security requirementsSources 2ETSI EN 319 401 V3.1.1 general policy requirements for TSPsSources 3
ETSI EN 319 411-1

Part 1 evidence can be reused for common PKI operations, such as lifecycle processing, revocation services, repositories, audit logging, and records archival, when the service boundary and policy profile match.

ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirementsSources 1ETSI EN 319 411-1 V1.5.1 certificate policy and security requirementsSources 2ETSI EN 319 401 V3.1.1 general policy requirements for TSPsSources 3
Operational implication

Reuse the operational artifact, not the conclusion. The same log or CP/CPS section may support both sides, but the qualified-certificate conclusion needs its own source-linked row.

ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirementsSources 1ETSI EN 319 411-1 V1.5.1 certificate policy and security requirementsSources 2ETSI EN 319 401 V3.1.1 general policy requirements for TSPsSources 3
Comparison row 9

Practical decision rule

ETSI EN 319 411-2

Use EN 319 411-2 as the controlling side when the service issues EU qualified certificates or uses a Part 2 qualified certificate policy profile.

ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirementsSources 1ETSI EN 319 411-1 V1.5.1 certificate policy and security requirementsSources 2ETSI EN 319 401 V3.1.1 general policy requirements for TSPsSources 3
ETSI EN 319 411-1

Use EN 319 411-1 as the controlling side when the claim is that a TSP certificate service meets the general Part 1 certificate policy and security requirements.

ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirementsSources 1ETSI EN 319 411-1 V1.5.1 certificate policy and security requirementsSources 2ETSI EN 319 401 V3.1.1 general policy requirements for TSPsSources 3
Operational implication

Do not collapse the standards into one checklist. Start with the qualified profile and public claim, then show exactly which Part 1 controls are reused by the Part 2 qualified certificate claim.

ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirementsSources 1ETSI EN 319 411-1 V1.5.1 certificate policy and security requirementsSources 2ETSI EN 319 401 V3.1.1 general policy requirements for TSPsSources 3
Practical decision rule

How to choose between ETSI EN 319 411-2 and ETSI EN 319 411-1

  • Start with the qualified-status claim and certificate policy profile, not with the standard title alone.
  • Use EN 319 411-2 when the service claims EU qualified certificate status, a qualified certificate policy profile, QWAC coverage, or QSCD-backed qualified certificate issuance.
  • Use EN 319 411-1 for general certificate-service CP/CPS, lifecycle, repository, revocation, and CA/RA operational evidence.
ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirementsSources 1ETSI EN 319 411-1 V1.5.1 certificate policy and security requirementsSources 2ETSI EN 319 401 V3.1.1 general policy requirements for TSPsSources 3
Section 1

When should teams compare ETSI EN 319 411-2 with ETSI EN 319 411-1?

Compare them before a QTSP, product team, auditor, or procurement reviewer reuses ordinary certificate-service evidence for an EU qualified certificate claim.

The practical question is whether the work is controlled by Part 2 qualified certificate policy requirements, by Part 1 general certificate-service requirements, or by both with different evidence boundaries.

  • Start with the qualified certificate policy profile: QCP-n, QCP-l, QCP-n-qscd, QCP-l-qscd, QEVCP-w, QNCP-w, or QNCP-w-gen belong in the Part 2 analysis.
  • Separate qualified-service proof, such as QTSP status, trusted-list evidence, QSCD route, and qualified website authentication certificate material, from common PKI operations reused from Part 1.
  • Keep crosswalk rows source-linked so audit reviewers can see when Part 2 incorporates or points back to Part 1 requirements.
Sources for this answer
ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirements
Primary source for qualified certificate policy profiles, QSCD-related routes, qualified website authentication certificates, and QTSP certificate operations.
ETSI EN 319 411-1 V1.5.1 certificate policy and security requirements
Primary source for general certificate-service policy, CPS, subscriber identity, revocation, repository, CA/RA, and certificate lifecycle requirements.
ETSI EN 319 401 V3.1.1 general policy requirements for TSPs
Primary ETSI source for general policy, risk assessment, management, security, incident, continuity, and audit evidence requirements for trust service providers.
Section 2

Decision rules for qualified and general certificate services

Use EN 319 411-2 when the claim is specifically about EU qualified certificates, including the qualified certificate policy profiles named in Part 2. Use EN 319 411-1 when the service is about policy and security requirements for TSPs issuing certificates in the general Part 1 scope.

Do not treat Part 2 as a complete standalone checklist. The Part 2 grounding references EN 319 411-1 and EN 319 401, while adding qualified certificate policy profiles and qualified-certificate-specific requirements.

  • If the service claims qualified status, document the Part 2 policy profile, qualified status evidence, trusted-list dependency, and any QSCD-related route before reusing Part 1 evidence.
  • If the certificate service is not making an EU qualified certificate claim, keep the work anchored in EN 319 411-1 and avoid importing qualified-certificate obligations by label alone.
  • When Part 2 points back to Part 1 clauses, cite both sides in the audit file and explain which requirement is being satisfied.
Sources for this answer
ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirements
Primary source for qualified certificate policy profiles, QSCD-related routes, qualified website authentication certificates, and QTSP certificate operations.
ETSI EN 319 411-1 V1.5.1 certificate policy and security requirements
Primary source for general certificate-service policy, CPS, subscriber identity, revocation, repository, CA/RA, and certificate lifecycle requirements.
ETSI EN 319 401 V3.1.1 general policy requirements for TSPs
Primary ETSI source for general policy, risk assessment, management, security, incident, continuity, and audit evidence requirements for trust service providers.
Section 3

What to decide before reusing CP/CPS evidence

Decide whether the same CP/CPS text actually covers the qualified certificate policy profile, certificate usage, participants, publication responsibilities, and qualified-service claims on both sides. Part 2 and Part 1 both use CP/CPS concepts, but Part 2 changes what the evidence must prove.

For EN 319 411-2, add the qualified certificate policy profile, qualified status context, qualified website authentication certificate route if relevant, and QSCD-related evidence only where the Part 2 profile calls for it. For EN 319 411-1, keep the general certificate-service evidence for CA and RA responsibilities, subscribers and subjects, naming, initial identity validation, certificate application and issuance, acceptance, revocation, status services, repositories, and records archival.

  • Name the qualified certificate service, Part 2 profile, certificate policy, certificate profile, CA, RA or registration service provider, repository, and revocation-status service in scope.
  • Record whether the service is qualified for natural persons, qualified for legal persons, QSCD-backed, a qualified website authentication certificate profile, or only a general certificate-service route.
  • Separate Part 2-only evidence from Part 1 evidence reused by Part 2 so the audit file does not hide qualified-service assumptions.
  • Version evidence by standard version, CP/CPS version, certificate profile, assessment period, and certificate service boundary.
Sources for this answer
ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirements
Primary source for qualified certificate policy profiles, QSCD-related routes, qualified website authentication certificates, and QTSP certificate operations.
ETSI EN 319 411-1 V1.5.1 certificate policy and security requirements
Primary source for general certificate-service policy, CPS, subscriber identity, revocation, repository, CA/RA, and certificate lifecycle requirements.
ETSI EN 319 401 V3.1.1 general policy requirements for TSPs
Primary ETSI source for general policy, risk assessment, management, security, incident, continuity, and audit evidence requirements for trust service providers.
Recommended next step

Operationalize the qualified certificate crosswalk

Use this comparison as the shared source for qualified profile selection, CP/CPS reuse decisions, evidence requests, and audit-review checkpoints.

Assessment workflow
Open Assessment Autopilot for ETSI EN 319 411-2

Convert the EN 319 411-2 and EN 319 411-1 crosswalk into accountable tasks, evidence requests, and review milestones.

Explore next step
Research workflow
Research qualified certificate source questions

Use cited source material to resolve QCP profile, QSCD, QWAC, trusted-list, and CP/CPS reuse questions before implementation.

Explore next step
Talk to Sorena
Talk through implementation

Review scope, evidence, owners, and the next qualified certificate compliance actions with Sorena.

Explore next step
Section 4

Evidence that belongs on each side of the comparison

Build the comparison as an evidence map, not as a merged checklist. The same operational record can sometimes support both standards, but the claim it supports should stay tied to the relevant Part 2 or Part 1 clause set.

For Part 2, keep qualified certificate policy profile evidence, QTSP or qualified-status records, EU trusted-list validation references, qualified website authentication certificate material where used, and QSCD-related evidence only when the profile depends on it. For Part 1, keep CP and CPS versions, certificate policy identifiers, subscriber agreements, identity validation records, RA delegation evidence, issuance logs, CRL or OCSP records, revocation files, repository publication records, key-management records, audit logs, and records archival evidence.

  • Mark each evidence item as Part 2-only, Part 1-only, or shared with a clause-level explanation.
  • Do not describe ordinary certificate-service evidence as enough for a qualified certificate claim unless the Part 2 source incorporates or aligns with that Part 1 requirement.
  • Do not include the QSCD qcStatement route unless the certificate is issued under a QCP-n-qscd or QCP-l-qscd profile.
  • Review the crosswalk after CP/CPS changes, qualified profile changes, RA changes, revocation-service changes, key-management changes, trusted-list changes, or conformity-assessment scope changes.
Sources for this answer
ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirements
Primary source for qualified certificate policy profiles, QSCD-related routes, qualified website authentication certificates, and QTSP certificate operations.
ETSI EN 319 411-1 V1.5.1 certificate policy and security requirements
Primary source for general certificate-service policy, CPS, subscriber identity, revocation, repository, CA/RA, and certificate lifecycle requirements.
ETSI EN 319 401 V3.1.1 general policy requirements for TSPs
Primary ETSI source for general policy, risk assessment, management, security, incident, continuity, and audit evidence requirements for trust service providers.
Section 5

Comparison checklist for qualified certificate teams

Use this checklist when preparing a CP/CPS update, qualified certificate service review, conformity assessment evidence pack, or procurement response that mentions both standards.

  • Identify which Part 2 policy profile applies: QCP-n, QCP-l, QCP-n-qscd, QCP-l-qscd, QEVCP-w, QNCP-w, or QNCP-w-gen.
  • List the certificate service, certificate policy object identifier, CP/CPS version, certificate profile, CA, RA, repository, and status service covered by EN 319 411-1.
  • Create a row for every shared operation, including identity validation, issuance, acceptance, revocation, status services, records archival, and CA or RA termination.
  • Attach the evidence artifact to the row: CP/CPS text, subscriber record, validation record, certificate sample, CRL or OCSP record, trusted-list reference, audit log, or conformity-assessment finding.
  • Flag unsupported reuse where Part 1 evidence proves ordinary certificate-service operation but does not prove the qualified certificate claim.
Sources for this answer
ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirements
Primary source for qualified certificate policy profiles, QSCD-related routes, qualified website authentication certificates, and QTSP certificate operations.
ETSI EN 319 411-1 V1.5.1 certificate policy and security requirements
Primary source for general certificate-service policy, CPS, subscriber identity, revocation, repository, CA/RA, and certificate lifecycle requirements.
ETSI EN 319 401 V3.1.1 general policy requirements for TSPs
Primary ETSI source for general policy, risk assessment, management, security, incident, continuity, and audit evidence requirements for trust service providers.
Section 6

Comparison mistakes that create qualified-certificate audit gaps

The main failure pattern is treating Part 2 as just a qualified label on the same audit file. The standards overlap through TSP policy, security, and certificate lifecycle concepts, but Part 2 is narrower and more specific because it addresses EU qualified certificates.

  • Do not call a service qualified because it satisfies EN 319 411-1 general requirements; Part 2 qualified certificate policy evidence is still needed.
  • Do not hide QCP, QWAC, or QSCD profile differences behind a vague CP/CPS title.
  • Do not reuse identity validation, revocation, repository, or audit-log evidence unless the certificate service boundary and policy profile match.
  • Do not mix CA/Browser Forum web certificate requirements, qualified website authentication certificate requirements, and ordinary certificate policy requirements without a row-level source reference .
Sources for this answer
ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirements
Primary source for qualified certificate policy profiles, QSCD-related routes, qualified website authentication certificates, and QTSP certificate operations.
ETSI EN 319 411-1 V1.5.1 certificate policy and security requirements
Primary source for general certificate-service policy, CPS, subscriber identity, revocation, repository, CA/RA, and certificate lifecycle requirements.
ETSI EN 319 401 V3.1.1 general policy requirements for TSPs
Primary ETSI source for general policy, risk assessment, management, security, incident, continuity, and audit evidence requirements for trust service providers.
Primary sources

References and citations

ETSI EN 319 401 V3.1.1 general policy requirements for TSPs
etsi.org
Referenced sections
  • Primary ETSI source for general policy, risk assessment, management, security, incident, continuity, and audit evidence requirements for trust service providers.
"General Policy Requirements for Trust Service Providers"
Related guides

Explore more topics

eIDAS QTSP supervision workflow for ETSI EN 319 411-2
Operational workflow for qualified trust service providers using ETSI EN 319 411-2 to manage supervisory-body changes, incidents, termination evidence, trusted-list checks, and assessment records.
ETSI EN 319 411-2 compliance checklist
Compliance checklist for ETSI EN 319 411-2 qualified certificate services, covering policy selection, CP/CPS evidence, identity validation, QSCD status, trusted-list reliance, and certificate status services.
ETSI EN 319 411-2 FAQ for EU Qualified Certificates
Answers to common ETSI EN 319 411-2 questions about EU qualified certificate policies, QSCD use, identity validation, trusted lists, and revocation status services.
ETSI EN 319 411-2 Identity Proofing
How EN 319 411-2 applies identity validation for EU qualified certificates, including QCP natural-person, legal-person, website, and evidence-record checks.
ETSI EN 319 411-2 QSCD Route
When QCP-n-qscd or QCP-l-qscd is the right EN 319 411-2 route, what QSCD evidence is needed, and which certificate-profile claims must stay aligned.
ETSI EN 319 411-2 QTSP supervision evidence workflow
Build an assessment-ready QTSP supervision evidence pack for ETSI EN 319 411-2 qualified certificate services, covering policy identifiers, trusted-list checks, incident records, QSCD evidence, and termination controls.
ETSI EN 319 411-2 qualified certificate operations: issuance, suspension, and revocation
Operational guide for ETSI EN 319 411-2 qualified certificate services: policy identifiers, identity validation, issuance, QSCD handling, revocation status, and relying-party notices.
ETSI EN 319 411-2 Qualified Certificate Scope
Use ETSI EN 319 411-2 to scope EU qualified certificate services by certificate policy, subject type, QSCD use, website authentication profile, and eIDAS context.
ETSI EN 319 411-2 requirements map
Map ETSI EN 319 411-2 requirements for EU qualified certificate services across QCP profiles, CP/CPS documentation, QSCD use, certificate profiles, revocation, and eIDAS Annex A references.
ETSI EN 319 411-2 trusted-list evidence
Build EN 319 411-2 trusted-list evidence for EU qualified certificate reliance: relying-party notice text, QTSP service identifiers, validation records, and change triggers.
ETSI EN 319 411-2 trusted-list validation workflow
Validate an EN 319 411-2 EU qualified-certificate claim by mapping the certificate service to the QTSP trusted-list entry, policy profile, relying-party notice, and status evidence.
ETSI EN 319 411-2 vs eIDAS Qualified Trust Services
Compare ETSI EN 319 411-2 certificate policy requirements with the eIDAS qualified-status, supervision, audit, and trusted-list framework.
ETSI EN 319 411-2: Certificate Revocation FAQ
Answer the ETSI EN 319 411-2 revocation question for qualified certificate services: CPS procedures, 24-hour publication, CRL or OCSP status, and evidence to retain.
ETSI EN 319 411-2: end-to-end qualified certificate lifecycle management workflow
Lifecycle workflow for ETSI EN 319 411-2 qualified certificate services, from policy selection and identity validation through issuance, renewal, re-key, modification, revocation, status services, and records.
ETSI EN 319 411-2: Legal vs Natural Person Certs
ETSI EN 319 411-2 separates qualified certificate policies for natural persons, legal persons, QSCD use, and website authentication subscribers.
ETSI EN 319 411-2: QCP, QNCP, and QEVCP Profile Selection
Choose the right ETSI EN 319 411-2 qualified certificate policy profile: QCP-n, QCP-l, QCP-n-qscd, QCP-l-qscd, QEVCP-w, QNCP-w, or QNCP-w-gen.
ETSI EN 319 411-2: workflow for selecting QCP-n, QCP-l, or QCP-w certificate profile
Select the right ETSI EN 319 411-2 qualified certificate policy profile for signatures, seals, QSCD use, and website authentication.
How should QTSPs select an ETSI EN 319 411-2 qualified certificate profile?
A focused FAQ on choosing QCP-n, QCP-l, QCP-n-qscd, QCP-l-qscd, QEVCP-w, QNCP-w, or QNCP-w-gen under ETSI EN 319 411-2.
How should relying parties use trusted lists under ETSI EN 319 411-2?
FAQ on EN 319 411-2 trusted-list reliance for EU qualified certificates: relying-party notices, QTSP service identifiers, validation evidence, and source references.
QSCD Requirements in ETSI EN 319 411-2
How ETSI EN 319 411-2 treats QSCD-backed qualified certificates, including QCP-n-qscd and QCP-l-qscd policies, key-use controls, QSCD verification, and certificate profile evidence.
QTSP Supervision and ETSI EN 319 411-2
How ETSI EN 319 411-2 supports QTSP supervision evidence for qualified certificate services, trusted-list reliance, liability responsibility, incident records, and audit preparation.
Qualified certificates under ETSI EN 319 411-2
FAQ answer for QTSPs on how ETSI EN 319 411-2 treats EU qualified certificates, policy identifiers, QSCD variants, website certificates, and lifecycle evidence.
What are the qualified certificate policies in ETSI EN 319 411-2?
FAQ on ETSI EN 319 411-2 qualified certificate policies, including QCP-n, QCP-l, QSCD variants, QEVCP-w, QNCP-w, and policy identifiers.
Which QWAC Profile Fits ETSI EN 319 411-2?
Choose between QEVCP-w, QNCP-w, and QNCP-w-gen for qualified website authentication certificates under ETSI EN 319 411-2.