At a glance

  • To become a qualified trust service provider you need to demonstrate to a ‘conformity assessment body’ that you meet the relevant requirements for qualified trust service providers, and submit a conformity assessment report to the ICO for verification.
  • If you make significant changes to your qualified trust service, or decide to stop the service, you must tell the ICO.

In brief

How do we become a qualified trust service provider?

In summary, you need to apply to a conformity assessment body who will assess your compliance against the requirements for qualified trust service providers and qualified trust services. The conformity assessment body will produce a conformity assessment report, demonstrating how the requirements have been met. You then submit this report to the ICO for verification. The ICO will analyse the report to ensure all requirements have been met, and will grant you qualified status if appropriate.

If you gain qualified status, you will be added to the UK’s trusted list and will be able to use the eIDAS EU trust mark.

To maintain qualified status you will need to undergo the conformity assessment process every two years, at your own expense.

The ICO’s practical guidance on Achieving qualified status and ceasing to provide qualified trust services under the eIDAS Regulation explains the process in more detail.  

What is the trusted list?

The trusted list is a published list of all qualified trust service providers and qualified trust services. TScheme runs the UK’s trusted list service. 

What is the EU trust mark and how do we use it?

Once added to the trusted list you are free to use an EU trust mark to demonstrate you have achieved qualified status. The mark is an indicator for users of trust services that they can trust the service to carry out their online transactions in a safe, secure and convenient way. There are certain conditions around use of the mark. More information can be found on the EU Commission’s website.

What if we need to change a qualified trust service?

If you make changes to your qualified trust service you should contact the ICO to determine whether your qualified status is still valid and whether or not you should undergo a new conformity assessment.

What happens if we stop providing a qualified trust service?

If you decide to stop providing a qualified trust service you need to implement your termination plan and notify the ICO.  When you notify us you should include an account explaining how you have implemented the termination plan. Further information on this process can be found in our practical guidance on Achieving qualified status and ceasing to provide qualified trust services under the eIDAS Regulation.