At a glance
To become a qualified trust service provider you need to demonstrate to a ‘conformity assessment body’ that you meet the relevant requirements for qualified trust service providers and the trust services you wish to provide, and submit a conformity assessment report to the ICO for verification.
If you make significant changes to your qualified trust service, or intend stopping the service, you must tell the ICO.
- How do we become a qualified trust service provider?
- What is the trusted list?
- What if we need to change a qualified trust service?
- What happens if we stop providing a qualified trust service?
In summary, you need to apply to a conformity assessment body who will assess your compliance against the requirements for qualified trust service providers and qualified trust services. The conformity assessment body will produce a conformity assessment report, demonstrating how the requirements have been met. You then submit this report to the ICO for verification. The ICO will analyse the report to ensure all requirements have been met, and will grant you qualified status if appropriate.
If you gain qualified status, you will be added to the UK’s trusted list.
To maintain qualified status you will need to undergo the conformity assessment process at least every two years, at your own expense.
If you are considering becoming a qualified trust service provider, you can contact the ICO at email@example.com for further information and guidance.
The trusted list is a published list of all qualified trust service providers and qualified trust services granted qualified status in the UK by the ICO.
If you make changes to your qualified trust service you should contact the ICO to determine whether your qualified status is still valid and whether or not you should undergo a new conformity assessment.
If you decide to stop providing a qualified trust service you need to notify the ICO of your intention to stop the service. To stop providing a qualified trust service you are required to use your termination plan. After you have implemented your termination plan you need to provide to the ICO a description of how you have implemented the provisions in your termination plan.
You can contact the ICO at firstname.lastname@example.org for further information and guidance on this process.