The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

At a glance

  • To become a qualified trust service provider you need to demonstrate to a ‘conformity assessment body’ that you meet the relevant requirements for qualified trust service providers and the trust services you wish to provide, and submit a conformity assessment report to the ICO for verification.

  • If you make significant changes to your qualified trust service, or intend stopping the service, you must tell the ICO. 

In brief

How do we become a qualified trust service provider?

In summary, you need to apply to a conformity assessment body who will assess your compliance against the requirements for qualified trust service providers and qualified trust services. The conformity assessment body will produce a conformity assessment report, demonstrating how the requirements have been met. You then submit this report to the ICO for verification. The ICO will analyse the report to ensure all requirements have been met, and will grant you qualified status if appropriate.

If you gain qualified status, you will be added to the UK’s trusted list.

To maintain qualified status you will need to undergo the conformity assessment process at least every two years, at your own expense.

If you are considering becoming a qualified trust service provider, you can contact the ICO at eidas@ico.org.uk for further information and guidance.  

What is the trusted list?

The trusted list is a published list of all qualified trust service providers and qualified trust services granted qualified status in the UK by the ICO. 

What if we need to change a qualified trust service?

If you make changes to your qualified trust service you should contact the ICO to determine whether your qualified status is still valid and whether or not you should undergo a new conformity assessment.

What happens if we stop providing a qualified trust service?

If you decide to stop providing a qualified trust service you need to notify the ICO of your intention to stop the service. To stop providing a qualified trust service you are required to use your termination plan. After you have implemented your termination plan you need to provide to the ICO a description of how you have implemented the provisions in your termination plan.

You can contact the ICO at eidas@ico.org.uk for further information and guidance on this process.