UK’s eIDAS Trusted List
Support for the UK eIDAS Regulation
tScheme Ltd. was the UK’s Trusted List Scheme Operator (TLSO) under the EU's eIDAS Regulation and, post-Brexit, we continued that role. However, the responsible UK Government department, DCMS, has decided to transfer that responsibility to the ICO – who were the UK’s Supervisory Body under eIDAS and now fulfil that role under the UK-eIDAS regulation. The ICO will take responsibility from the 30th September 2022. See https://ico.org.uk/for-organisations/guide-to-eidas for more details.
The original eIDAS Regulation made use of the Trusted List (TL) provisions of the Services Directive to list Qualified Trust Service Providers (QTSPs) but it also allowed Member States to list providers of non-Qualified Services. Given that there were no QTSPs operating in the UK until recently, it was agreed that the TL produced and maintained by tScheme would also include nationally-recognised Trust Services, which later included the Identity Service Providers supporting GOV.UK Verify.
However, in transferring the TLSO role to the ICO, DCMS have decided that the UK TL will now only include details of QTSPs. For the sake of continuity and to allow for any continued trust checks against output from these non-QTSP services, tScheme will continue to maintain the final version of the list for which it was responsible (see https://www.tscheme.org/tsl/old-tsl-non-qtsp-services).
If you have any queries about the future of the UK Trusted List Scheme please contact the ICO at eidas@ico.org.uk
Support for the original EU eIDAS Regulation
Up until the end of the transition period, the UK maintained a trusted list in accordance with Article 22 of the eIDAS Regulation. This trusted list contains information on both current and historical qualified trust service providers (QTSPs) supervised by the UK supervisory body, as well as information on the trust services that those QTSPs provide.
Further information related to the situation for maintaining continuity of Trust in the output from Qualified Trust Services that operated under the eIDAS Regulation when the UK was a member of the EU can be found here.
As required by the European Commission’s Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (eIDAS), this section of our website provides information as required by Article 22 of the Regulation relating to the UK’s Trusted List of ‘Qualified Trust Service Providers’ as well as ‘nationally defined trust services’' of types other than those defined under Article 3(16) of Regulation (EU) No 910/2014.
NB these other types of nationally defined trust services are not 'Qualified' according to Regulation (EU) No 910/2014.
The European Commission maintains a tool to browse the national Trusted Lists and the overarching European List of Trusted Lists (LOTL).
List of certified QeSCDs
In accordance with Article 31 of eIDAS, the EC maintains a list of certified QeSCDs on a per-Member State basis together with the Designated Body that carried out the certification.