UK’s Trusted List
Post-Brexit Support for the eIDAS Regulation
In the UK now, the applicable legal framework for the present trusted list is the amendment to retained EU law made by The Electronic Identification and Trust Services for Electronic Transactions (Amendment etc.) (EU Exit) Regulations 2019 (UK-eIDAS).
Format of Trusted List (TL)
Until the Secretary of State makes arrangements pursuant to Article 17 of UK-eIDAS, which modifies the original eIDAS Regulation, then those provisions will continue. In particular, Article 22(5) of the eIDAS Regulation required the Commission to specify the information to be included in the TL and to define the technical specifications and formats for TL. This was effected by Commission Implementing Decision (EU) 2015/1505 of 8 September 2015.
As of 27th July 2021, the latest version of the TSL is at sequence number 26 and with a TSL Identifier value of “UKTL27July2021”. Update from number 22, which was the last published by the UK whilst it was a member of the EU, to number 25 was to make the changes necessary to effectively archive that last EU-UK Trusted List, which is now manaqed by the EC as referred to above. Update from number 25 to number 26 was to add the first QTSP, GlobalSign, given Qualified status under UK-eIDAS for their 12 Qualified Trust Services.
The previous version is still available here:
* According to ETSI TS 119 612 V2.1.1 clause 6.1 (TL publication) it is recommended to publish, as a companion file, a .sha2 digest file that shall be computed as the SHA-256 hash value of the binary representation of the trusted list XML file. The above file is the lower case text transformation of the HEX encoded binary value of the relevant SHA-256 hash.
For users of the UK’s Trusted List (relying parties) the Scheme Information page is where they can obtain scheme-specific information, including general introductory information common to all Member States with regard to the scope and context of the Trusted List, and the underlying supervision/accreditation scheme(s) as well as specific information on the UK’s particular supervision/accreditation scheme(s).
Also, Trusted Lists published in conformance with ETSI TS 119 612 must specify the Scheme type/community/rules by which the information in the TLs is compiled. In the current TL, this is achieved by the inclusion of a URI that refers to the guidance published by the UK’s Supervisory Body - the Office of the Information Commissioner:
Support for the original EU eIDAS Regulation
Up until the end of the transition period, the UK maintained a trusted list in accordance with Article 22 of the eIDAS Regulation. This trusted list contains information on both current and historical qualified trust service providers (QTSPs) supervised by the UK supervisory body, as well as information on the trust services that those QTSPs provide.
Further information related to the situation for maintaining continuity of Trust in the output from Qualified Trust Services that operated under the eIDAS Regulation when the UK was a member of the EU can be found here.
As required by the European Commission’s Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (eIDAS), this section of our website provides information as required by Article 22 of the Regulation relating to the UK’s Trusted List of ‘Qualified Trust Service Providers’ as well as ‘nationally defined trust services’' of types other than those defined under Article 3(16) of Regulation (EU) No 910/2014.
NB these other types of nationally defined trust services are not 'Qualified' according to Regulation (EU) No 910/2014.
The European Commission maintains a tool to browse the national Trusted Lists and the overarching European List of Trusted Lists (LOTL).
List of certified QeSCDs
In accordance with Article 31 of eIDAS, the EC maintains a list of certified QeSCDs on a per-Member State basis together with the Designated Body that carried out the certification.