At a glance
- You can use the UK trusted list to check the details and status of qualified trust service providers.
- You can download the trusted list, authenticate it to check it is legitimate and monitor it to determine when its content changes.
- How can I check the details and status of a qualified trust service?
- Where can I get the trusted list?
- How can I check the authenticity of the trusted list?
- How can I check when the trusted list changes?
The UK trusted list shows whether a trust service provider has been granted qualified status and which of its services are qualified. The trusted list is the single formal source you can use to verify that the ICO has granted a trust service with qualified status.
The trusted list contains an entry for each qualified trust service provider. This entry contains details such as:
- the qualified trust service provider name and address;
- when qualified status was granted;
- the types of services that have been approved as qualified;
- what the services can be used for, and
- associated historical information (where applicable) on the provided services.
When you are verifying a trust service output, eg a qualified electronic signature, you may need to check the UK trusted list as part of your verification procedures.
You can check the authenticity of the trusted list by verifying the digital signature on the list using the digital certificate referenced below. tScheme host the certificate and you can download it in either binary (DER) or text (Base64 encoded) format.
You can monitor for changes to the trusted list content, eg the addition of a newly qualified trust service provider or a change in the status of an existing one, by checking the SHA-256 hash value of the currently published trusted list against a locally cached version.
tScheme host the hash, which you can download as a lower-case text transformation of the HEX encoded binary value of the relevant SHA-256 hash.