The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

At a glance

  • To become a qualified trust service provider you need to demonstrate to a ‘conformity assessment body’ that you meet the relevant requirements for qualified trust service providers and the trust services you wish to provide, and submit a conformity assessment report to the ICO for verification.

  • If you make significant changes to your qualified trust service, or intend stopping the service, you must tell the ICO. 

In brief

How do we become a qualified trust service provider?

In summary, you need to apply to a conformity assessment body who will assess your compliance against the requirements for qualified trust service providers and qualified trust services. The conformity assessment body will produce a conformity assessment report, demonstrating how the requirements have been met. You then submit this report to the ICO for verification. The ICO will analyse the report to ensure all requirements have been met, and will grant you qualified status if appropriate.

The conformity assessment body must be accredited by UKAS for undertaking conformity assessments against the UK eIDAS Regulations.

The following organisations are currently accredited.

BSI Assurance UK Ltd
Kitemark Court
Davy Avenue
Knowlhill
Milton Keynes
MK5 8PP

Email:[email protected]

When a conformity assessment body is accredited both in the UK and the EU, for any trust service provider seeking QTSP status in the UK and the EU, a single conformity assessment may (subject to approval by the relevant EU supervisory body) be used as the basis for a conformity assessment report issued against the UK eIDAS Regulations and a separate conformity assessment report issued against the EU eIDAS Regulation.

If you gain qualified status, you will be added to the UK’s trusted list.

To maintain qualified status you will need to undergo the conformity assessment process at least every two years, at your own expense.

If you are considering becoming a qualified trust service provider, you can contact the ICO at [email protected] for further information and guidance.  

What is the trusted list?

The trusted list is a published list of all qualified trust service providers and qualified trust services granted qualified status in the UK by the ICO. 

What if we need to change a qualified trust service?

If you make changes to your qualified trust service you should contact the ICO to determine whether your qualified status is still valid and whether or not you should undergo a new conformity assessment.

What happens if we stop providing a qualified trust service?

If you decide to stop providing a qualified trust service you need to notify the ICO of your intention to stop the service. To stop providing a qualified trust service you are required to use your termination plan. After you have implemented your termination plan you need to provide to the ICO a description of how you have implemented the provisions in your termination plan.

You can contact the ICO at [email protected] for further information and guidance on this process.