- Latest available (Revised)
- Point in Time (31/01/2020)
- Original (As adopted by EU)
When the UK left the EU, legislation.gov.uk published EU legislation that had been published by the EU up to IP completion day (31 December 2020 11.00 p.m.). On legislation.gov.uk, these items of legislation are kept up-to-date with any amendments made by the UK since then.
Legislation.gov.uk publishes the UK version. EUR-Lex publishes the EU version. The EU Exit Web Archive holds a snapshot of EUR-Lex’s version from IP completion day (31 December 2020 11.00 p.m.).
Version Superseded: 31/12/2020
Point in time view as at 31/01/2020.
There are currently no known outstanding effects for the Commission Decision of 16 October 2009 setting out measures facilitating the use of procedures by electronic means through the ‘points of single contact’ under Directive 2006/123/EC of the European Parliament and of the Council on services in the internal market (notified under document C(2009) 7806) (Text with EEA relevance) (2009/767/EC), Division 2. .
Revised legislation carried on this site may not be fully up to date. At the current time any known changes or effects made by subsequent legislation have been applied to the text of the legislation you are viewing by the editorial team. Please see ‘Frequently Asked Questions’ for details regarding the timescales for which new effects are identified and recorded on this site.
The Common Template for a Member State Trusted List is structured according to ETSI TS 119 612 into the following categories of information:
A trusted list tag facilitating the identification of the Trusted List during electronic searches;
Information on the Trusted List and its issuing scheme;
A sequence of fields containing unambiguous identification information about every supervised/accredited CSP under the scheme (this sequence is optional, i.e. when not used, the list will be deemed to have no content thereby denoting the absence of any supervised or accredited CSP in the associated Member State for the purposes of the Trusted List);
For each listed CSP, the details of its specific trust services, the current status of which are recorded within the Trusted List, are provided as a sequence of fields unambiguously identifying supervised/accredited certification services provided by the CSP and their current status (this sequence must have a minimum of one entry);
For each listed supervised/accredited certification service, the information on the history of this status, when applicable;
The signature applied on the Trusted List.
In the context of a CSP issuing QCs, the structure of the Trusted List and in particular the service information component (as per point 4 above) allows for complementary information in service information extensions to compensate for those situations where insufficient (machine processable) information is available within the qualified certificate about its ‘ qualified ’ status, its potential support by an SSCD and especially in order to cope with the additional fact that most of the (commercial) CSPs are using one single issuing Certification Authority (CA) to issue several types of end-entity certificates, both qualified and non-qualified.
In the context of certificate generation (CA) services, the number of service entries in the list for a CSP may be reduced where one or several upper CA services exist within the CSP’s PKI (e.g. in the context of a hierarchy of CAs from a Root CA down to several issuing CAs) by listing such upper CA services and not the CA services issuing end-entity certificates (e.g. listing the CSP Root CA only). However in those cases, the status information applies to the whole hierarchy of CA services below the listed service and the principle of ensuring the unambiguous link between a CSP QC certification service and the set of certificates intended to be identified as QCs has to be maintained and ensured.
The following information is part of this category:
A Trusted List format version identifier ,
A Trusted List sequence (or release) number ,
A Trusted List type information (e.g. for identification of the fact that this Trusted List is providing information on the supervision/accreditation status of certification services from CSPs supervised/accredited by the referenced Member State for compliance with the provisions laid down in Directive 1999/93/EC),
A Trusted List scheme operator (owner) information (e.g. name, address, contact information, etc. of the Member State Body in charge of establishing, publishing securely and maintaining the Trusted List);
Information about the underlying supervision/accreditation scheme(s) to which the Trusted List is associated, including but not limited to:
the country in which it applies,
information on or reference to the location where information on the scheme(s) can be found (scheme model, rules, criteria, applicable community, type, etc.),
period of retention of (historical) information,
Trusted List policy and/or legal notice, liabilities, responsibilities ,
Trusted List issue date and time ,
Trusted List next planned update.
This set of information includes at least the following:
The CSP organisation name as used in formal legal registrations (including the CSP organisation UID following Member State practices),
The CSP address and contact information,
Additional information on the CSP either included directly or by reference to a location from where such additional information can be downloaded.
This set of information includes at least the following for each certification service from a listed CSP:
Service type identifier: An identifier of the type of certification service (e.g. identifier indicating that the supervised/accredited certification service from the CSP is a Certification Authority issuing QCs),
Service (trade) name: (trade) name of this certification service,
Service digital identity: An unambiguous unique identifier of the certification service,
Service current status: An identifier of the current status of the service,
The current status starting date and time,
Service information extension, when applicable: Additional information on the service (e.g. directly included or included by reference to a location from which information can be downloaded): service definition information provided by the scheme operator, access information with regards to the service, service definition information provided by the CSP and service information extensions. E.g. for CA/QC services, an optional sequence of tuples of information, each tuple providing,
Criteria to be used to further identify (filter) within the identified trust service that precise set of service outputs (e.g. set of (qualified) certificates) for which additional information is required/provided with regards to its status, the indication of the SSCD support and/or issuance to a legal person, and
The associated ‘ qualifiers ’ providing information on whether the set of service outputs identifies certificates to be considered as qualified and/or whether the identified qualified certificates from this service are supported by an SSCD or not, and/or information about whether such QCs are issued to legal person (by default they are to be considered as issued to natural persons).
Editorial Information
X1 Substituted by Corrigendum to Commission Decision 2009/767/EC of 16 October 2009 setting out measures facilitating the use of procedures by electronic means through the ‘points of single contact’ under Directive 2006/123/EC of the European Parliament and of the Council on services in the internal market (Official Journal of the European Union L 274 of 20 October 2009).
Textual Amendments
F1 Substituted by Commission Implementing Decision of 14 October 2013 amending Decision 2009/767/EC as regards the establishment, maintenance and publication of trusted lists of certification service providers supervised/accredited by Member States (notified under document C(2013) 6543) (Text with EEA relevance) (2013/662/EU).
Latest Available (revised):The latest available updated version of the legislation incorporating changes made by subsequent legislation and applied by our editorial team. Changes we have not yet applied to the text, can be found in the ‘Changes to Legislation’ area.
Original (As adopted by EU): The original version of the legislation as it stood when it was first adopted in the EU. No changes have been applied to the text.
Point in Time: This becomes available after navigating to view revised legislation as it stood at a certain point in time via Advanced Features > Show Timeline of Changes or via a point in time advanced search.
Geographical Extent: Indicates the geographical area that this provision applies to. For further information see ‘Frequently Asked Questions’.
Show Timeline of Changes: See how this legislation has or could change over time. Turning this feature on will show extra navigation options to go to these specific points in time. Return to the latest available version by using the controls above in the What Version box.
Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:
This timeline shows the different versions taken from EUR-Lex before exit day and during the implementation period as well as any subsequent versions created after the implementation period as a result of changes made by UK legislation.
The dates for the EU versions are taken from the document dates on EUR-Lex and may not always coincide with when the changes came into force for the document.
For any versions created after the implementation period as a result of changes made by UK legislation the date will coincide with the earliest date on which the change (e.g an insertion, a repeal or a substitution) that was applied came into force. For further information see our guide to revised legislation on Understanding Legislation.
Use this menu to access essential accompanying documents and information for this legislation item. Dependent on the legislation item being viewed this may include:
Click 'View More' or select 'More Resources' tab for additional information including: