---
title: "QTSP Supervision and ETSI EN 319 411-2"
canonical_url: "https://www.sorena.io/artifacts/global/etsi-en-319-411-2/faq/qtsp-supervision"
source_url: "https://www.sorena.io/artifacts/global/etsi-en-319-411-2/faq/qtsp-supervision"
author: "Sorena AI"
description: "How ETSI EN 319 411-2 supports QTSP supervision evidence for qualified certificate services, trusted-list reliance, liability responsibility, incident records, and audit preparation."
published_at: "2026-05-09"
updated_at: "2026-05-09"
keywords:
  - "ETSI EN 319 411-2"
  - "QTSP supervision"
  - "EU qualified certificates"
  - "trusted lists"
  - "audit evidence"
  - "FAQ"
---
**[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform

[Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io)

---

# QTSP Supervision and ETSI EN 319 411-2

How ETSI EN 319 411-2 supports QTSP supervision evidence for qualified certificate services, trusted-list reliance, liability responsibility, incident records, and audit preparation.

*Artifact Guide* *GLOBAL* *ETSI EN 319 411-2*

## ETSI EN 319 411-2 QTSP supervision evidence for qualified certificate services

ETSI EN 319 411-2 gives certificate-policy and security requirements for EU qualified certificate services, but it does not by itself make a provider or certificate qualified.

Use this FAQ to separate standards conformance evidence from trusted-list status, independent assessment, and supervisory records.

Short answer: use ETSI EN 319 411-2 as the evidence framework for a QTSP's EU qualified certificate service, not as the supervision decision itself. The supervision file should show the selected qualified certificate policy, the incorporated EN 319 411-1 controls, the trusted-list reliance path, incident and lifecycle records, and any independent assessment evidence.

## Does ETSI EN 319 411-2 make a TSP qualified?

No. ETSI EN 319 411-2 expressly warns that conformance to the standard alone does not mean that the TSP or its certificates are qualified. A supervision answer should therefore avoid treating an EN 319 411-2 audit result as a substitute for qualified status.

For a QTSP issuing EU qualified certificates, the standard is still central evidence. It incorporates EN 319 411-1 general policy and security requirements, then adds requirements for EU qualified certificates for signatures, seals, and website authentication.

- Keep the qualified-status decision separate from EN 319 411-2 conformance evidence.
- Identify the exact qualified certificate policy in scope, such as QCP-n, QCP-l, QCP-n-qscd, QCP-l-qscd, QEVCP-w, QNCP-w, or QNCP-w-gen.
- Show how EN 319 411-2 adds EU qualified certificate requirements on top of the EN 319 411-1 certificate policy baseline.

Sources for this answer:

- [ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirements](https://www.etsi.org/deliver/etsi_en/319400_319499/31941102/02.06.01_60/en_31941102v020601p.pdf?ref=sorena.io) - Supports the distinction between EN 319 411-2 conformance and legal qualified status, and defines the EU qualified certificate policy scope.
- [ETSI EN 319 411-1 V1.5.1 certificate policy and security requirements](https://www.etsi.org/deliver/etsi_en/319400_319499/31941101/01.05.01_60/en_31941101v010501p.pdf?ref=sorena.io) - Provides the incorporated baseline for certificate policy, CPS, repository, revocation, subscriber identity, and lifecycle controls.

## What should a QTSP supervision file contain?

A useful supervision file should start with the certificate service and policy identifier, then link the CPS, certificate profile, repository, identity proofing, revocation, status service, incident, and termination evidence to the relevant EN 319 411-2 and incorporated EN 319 411-1 requirements.

The file should also prove the relying-party path. EN 319 411-2 says relying-party notices for EU qualified certificates need to explain that the trust anchor is identified in an appropriate EU trusted-list service digital identifier for the QTSP.

- Preserve the selected policy identifier and the certificate profile evidence used to signal that policy.
- Attach CPS sections for issuance, maintenance, revocation, status services, records, and service termination.
- Keep trusted-list evidence for the QTSP service digital identifier used as the relying-party trust anchor.

Sources for this answer:

- [ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirements](https://www.etsi.org/deliver/etsi_en/319400_319499/31941102/02.06.01_60/en_31941102v020601p.pdf?ref=sorena.io) - Supports policy identifier evidence, relying-party notice requirements, and the EU trusted-list trust-anchor path for QTSP certificates.
- [ETSI EN 319 411-1 V1.5.1 certificate policy and security requirements](https://www.etsi.org/deliver/etsi_en/319400_319499/31941101/01.05.01_60/en_31941101v010501p.pdf?ref=sorena.io) - Provides the underlying certificate lifecycle and CPS controls that the QTSP supervision file should map to the qualified certificate service.

## What are the most common supervision mistakes?

The most common mistakes are to blur qualified-status evidence with standards conformance, omit the trusted-list reliance path, or leave the supervision file without a traceable link from the selected certificate policy to the operational records.

Another common problem is treating incident, revocation, and records-retention evidence as optional. EN 319 411-2 and EN 319 411-1 map those topics into the qualified-certificate supervision file, so they need to be present and easy to review.

- Do not claim qualified status from EN 319 411-2 conformance alone.
- Do not omit the trusted-list service digital identifier or the notice to relying parties.
- Do not leave revocation, incident, and records-retention evidence outside the supervision pack.

Sources for this answer:

- [ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirements](https://www.etsi.org/deliver/etsi_en/319400_319499/31941102/02.06.01_60/en_31941102v020601p.pdf?ref=sorena.io) - Supports the liability-responsibility point for the qualified TSP identified in the trusted list and the mapped controls for incidents, records, termination, revocation, and certificate status services.
- [ETSI EN 319 411-1 V1.5.1 certificate policy and security requirements](https://www.etsi.org/deliver/etsi_en/319400_319499/31941101/01.05.01_60/en_31941101v010501p.pdf?ref=sorena.io) - Provides the incorporated baseline controls for certificate lifecycle operations, revocation, records, publication, and repository responsibilities.

## Primary sources

- [ETSI EN 319 411-2 V2.6.1 EU qualified certificate requirements](https://www.etsi.org/deliver/etsi_en/319400_319499/31941102/02.06.01_60/en_31941102v020601p.pdf?ref=sorena.io) - Defines the EU qualified certificate policy requirements, warns that standards conformance alone does not create qualified status, and maps QTSP lifecycle evidence to trusted-list, incident, revocation, recordkeeping, and termination topics.
  - Quote: "does not imply"
- [ETSI EN 319 411-1 V1.5.1 certificate policy and security requirements](https://www.etsi.org/deliver/etsi_en/319400_319499/31941101/01.05.01_60/en_31941101v010501p.pdf?ref=sorena.io) - Provides the incorporated certificate policy and security baseline for CPS, publication, repository, identity validation, revocation, status service, records, and lifecycle evidence.
  - Quote: "Trust Service Providers issuing certificates"

## Topic Guides

- [eIDAS QTSP supervision workflow for ETSI EN 319 411-2](/artifacts/global/etsi-en-319-411-2/eidas-qtsp-supervision-workflow.md): Operational workflow for qualified trust service providers using ETSI EN 319 411-2 to manage supervisory-body changes, incidents, termination evidence, trusted-list checks, and assessment records.
- [EN 319 411-2 vs EN 319 411-1 Qualified Certs](/artifacts/global/etsi-en-319-411-2/en-319-411-2-vs-en-319-411-1.md): Compare ETSI EN 319 411-2 qualified certificate requirements with EN 319 411-1 general certificate-service requirements, including QCP profiles, QSCD evidence, CP/CPS reuse, and audit boundaries.
- [ETSI EN 319 411-2 compliance checklist](/artifacts/global/etsi-en-319-411-2/compliance.md): Compliance checklist for ETSI EN 319 411-2 qualified certificate services, covering policy selection, CP/CPS evidence, identity validation, QSCD status, trusted-list reliance, and certificate status services.
- [ETSI EN 319 411-2 FAQ for EU Qualified Certificates](/artifacts/global/etsi-en-319-411-2/faq.md): Answers to common ETSI EN 319 411-2 questions about EU qualified certificate policies, QSCD use, identity validation, trusted lists, and revocation status services.
- [ETSI EN 319 411-2 Identity Proofing](/artifacts/global/etsi-en-319-411-2/identity-proofing.md): How EN 319 411-2 applies identity validation for EU qualified certificates, including QCP natural-person, legal-person, website, and evidence-record checks.
- [ETSI EN 319 411-2 QSCD Route](/artifacts/global/etsi-en-319-411-2/qscd-route.md): When QCP-n-qscd or QCP-l-qscd is the right EN 319 411-2 route, what QSCD evidence is needed, and which certificate-profile claims must stay aligned.
- [ETSI EN 319 411-2 QTSP supervision evidence workflow](/artifacts/global/etsi-en-319-411-2/qtsp-supervision-evidence-workflow.md): Build an assessment-ready QTSP supervision evidence pack for ETSI EN 319 411-2 qualified certificate services, covering policy identifiers, trusted-list checks, incident records, QSCD evidence, and termination controls.
- [ETSI EN 319 411-2 qualified certificate operations: issuance, suspension, and revocation](/artifacts/global/etsi-en-319-411-2/qualified-certificate-operations.md): Operational guide for ETSI EN 319 411-2 qualified certificate services: policy identifiers, identity validation, issuance, QSCD handling, revocation status, and relying-party notices.
- [ETSI EN 319 411-2 Qualified Certificate Scope](/artifacts/global/etsi-en-319-411-2/qualified-certificate-scope.md): Use ETSI EN 319 411-2 to scope EU qualified certificate services by certificate policy, subject type, QSCD use, website authentication profile, and eIDAS context.
- [ETSI EN 319 411-2 requirements map](/artifacts/global/etsi-en-319-411-2/requirements.md): Map ETSI EN 319 411-2 requirements for EU qualified certificate services across QCP profiles, CP/CPS documentation, QSCD use, certificate profiles, revocation, and eIDAS Annex A references.
- [ETSI EN 319 411-2 trusted-list evidence](/artifacts/global/etsi-en-319-411-2/trusted-list-evidence.md): Build EN 319 411-2 trusted-list evidence for EU qualified certificate reliance: relying-party notice text, QTSP service identifiers, validation records, and change triggers.
- [ETSI EN 319 411-2 trusted-list validation workflow](/artifacts/global/etsi-en-319-411-2/trusted-list-validation-workflow.md): Validate an EN 319 411-2 EU qualified-certificate claim by mapping the certificate service to the QTSP trusted-list entry, policy profile, relying-party notice, and status evidence.
- [ETSI EN 319 411-2 vs eIDAS Qualified Trust Services](/artifacts/global/etsi-en-319-411-2/en-319-411-2-vs-eidas-qualified-trust-services.md): Compare ETSI EN 319 411-2 certificate policy requirements with the eIDAS qualified-status, supervision, audit, and trusted-list framework.
- [ETSI EN 319 411-2: Certificate Revocation FAQ](/artifacts/global/etsi-en-319-411-2/faq/revocation.md): Answer the ETSI EN 319 411-2 revocation question for qualified certificate services: CPS procedures, 24-hour publication, CRL or OCSP status, and evidence to retain.
- [ETSI EN 319 411-2: end-to-end qualified certificate lifecycle management workflow](/artifacts/global/etsi-en-319-411-2/qualified-certificate-lifecycle-workflow.md): Lifecycle workflow for ETSI EN 319 411-2 qualified certificate services, from policy selection and identity validation through issuance, renewal, re-key, modification, revocation, status services, and records.
- [ETSI EN 319 411-2: Legal vs Natural Person Certs](/artifacts/global/etsi-en-319-411-2/faq/legal-and-natural-persons.md): ETSI EN 319 411-2 separates qualified certificate policies for natural persons, legal persons, QSCD use, and website authentication subscribers.
- [ETSI EN 319 411-2: QCP, QNCP, and QEVCP Profile Selection](/artifacts/global/etsi-en-319-411-2/qcp-qncp-and-qevcp-profile-selection.md): Choose the right ETSI EN 319 411-2 qualified certificate policy profile: QCP-n, QCP-l, QCP-n-qscd, QCP-l-qscd, QEVCP-w, QNCP-w, or QNCP-w-gen.
- [ETSI EN 319 411-2: workflow for selecting QCP-n, QCP-l, or QCP-w certificate profile](/artifacts/global/etsi-en-319-411-2/qualified-profile-selector-workflow.md): Select the right ETSI EN 319 411-2 qualified certificate policy profile for signatures, seals, QSCD use, and website authentication.
- [How should QTSPs select an ETSI EN 319 411-2 qualified certificate profile?](/artifacts/global/etsi-en-319-411-2/faq/qualified-profile-selection.md): A focused FAQ on choosing QCP-n, QCP-l, QCP-n-qscd, QCP-l-qscd, QEVCP-w, QNCP-w, or QNCP-w-gen under ETSI EN 319 411-2.
- [How should relying parties use trusted lists under ETSI EN 319 411-2?](/artifacts/global/etsi-en-319-411-2/faq/trusted-lists.md): FAQ on EN 319 411-2 trusted-list reliance for EU qualified certificates: relying-party notices, QTSP service identifiers, validation evidence, and source references.
- [QSCD Requirements in ETSI EN 319 411-2](/artifacts/global/etsi-en-319-411-2/faq/qscd.md): How ETSI EN 319 411-2 treats QSCD-backed qualified certificates, including QCP-n-qscd and QCP-l-qscd policies, key-use controls, QSCD verification, and certificate profile evidence.
- [Qualified certificates under ETSI EN 319 411-2](/artifacts/global/etsi-en-319-411-2/faq/qualified-certificates.md): FAQ answer for QTSPs on how ETSI EN 319 411-2 treats EU qualified certificates, policy identifiers, QSCD variants, website certificates, and lifecycle evidence.
- [What are the qualified certificate policies in ETSI EN 319 411-2?](/artifacts/global/etsi-en-319-411-2/faq/qualified-certificate-policies.md): FAQ on ETSI EN 319 411-2 qualified certificate policies, including QCP-n, QCP-l, QSCD variants, QEVCP-w, QNCP-w, and policy identifiers.
- [Which QWAC Profile Fits ETSI EN 319 411-2?](/artifacts/global/etsi-en-319-411-2/faq/website-authentication-certificates.md): Choose between QEVCP-w, QNCP-w, and QNCP-w-gen for qualified website authentication certificates under ETSI EN 319 411-2.

*Recommended next step*

*Placement: after practical guidance*

## Map EN 319 411-2 evidence to qualified certificate supervision

Use this ETSI EN 319 411-2 guidance to connect policy identifiers, CPS commitments, trusted-list evidence, lifecycle controls, and audit records.

- [Build the supervision pack](/solutions/assessment.md): Convert qualified certificate requirements into owned controls, evidence requests, and review gates.
- [Check a QTSP interpretation](/solutions/research-copilot.md): Use cited research support when trusted-list status, policy identifiers, or lifecycle evidence is unclear.
- [Talk through supervision evidence](/contact.md): Review certificate scope, CPS evidence, trusted-list records, owners, and next compliance actions with Sorena.


---

[Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us)

(c) 2026 Sorena AB (559573-7338). All rights reserved.

Source: https://www.sorena.io/artifacts/global/etsi-en-319-411-2/faq/qtsp-supervision