ETSI Trusted Lists
ETSI Trusted Lists are standardized, digitally signed, machine-readable registries that provide authoritative information about qualified trust service providers (TSPs) and their services. Defined by the ETSI TS 119 612 standard, these lists are foundational to secure, interoperable, and legally recognized digital transactions—especially within the European Union under the eIDAS Regulation.
The Purpose and Scope of ETSI Trusted Lists
The core function of an ETSI-compliant trusted list is to publish up-to-date information about trust service providers and the status of the services they offer—such as electronic signatures, seals, timestamps, and website authentication. These lists allow relying parties (e.g., digital services, public institutions, or enterprises) to verify whether a given trust service is currently valid, qualified, suspended, or revoked.
Though designed to support EU member states as required under eIDAS, the standard is also usable by non-EU jurisdictions that wish to maintain compatible trust frameworks or facilitate international recognition.
By ensuring consistency in structure, integrity, and access mechanisms, ETSI Trusted Lists establish a reliable foundation for digital trust infrastructure.
Structure and Components
An ETSI-compliant trusted list includes several defined elements that ensure both human and machine readability:
-
Trusted List Metadata
Each list includes high-level metadata such as:
-
A Trusted List Tag (unique identifier)
-
The type of list (e.g., supervision or accreditation list)
-
The format version
-
The sequence number for tracking updates
-
Contact information and details about the scheme operator
-
-
Trust Service Providers
The list enumerates each recognized TSP, identified by name, unique identifiers, and service scope.
-
Services and Statuses
For every TSP, the list outlines:
-
The types of services offered (e.g., qualified electronic signature, time-stamping)
-
The status of each service (valid, suspended, revoked)
-
Validity periods and any status history, ensuring auditable trails
-
Access and Authentication
Trusted lists must be:
-
Digitally signed by the scheme operator or national authority to protect integrity and authenticity
-
Published in machine-readable formats, typically XML, optimized for automated consumption by validation systems
-
Made available through secure, discoverable endpoints so that trust frameworks, verifiers, and relying parties can locate and authenticate the list
Systems that consume trusted lists are expected to verify digital signatures and ensure they only accept up-to-date versions issued by legitimate authorities.
How Relying Parties Use ETSI Trusted Lists
For any digital transaction involving a trust service—such as accepting an e-signature on a document or verifying a timestamp—relying parties must confirm the service’s validity and qualification status.
ETSI Trusted Lists provide this assurance. Before accepting a signature, a verifier can:
-
Resolve the trust service back to its issuing provider
-
Check the provider’s presence in the trusted list
-
Confirm that the service is currently active and qualified
This process ensures that users and systems are only relying on vetted, compliant, and properly accredited trust services.
Regulatory Foundation and Evolution
ETSI TS 119 612 forms the technical backbone of the eIDAS trust list requirement under Regulation (EU) No 910/2014. It defines the rules EU Member States must follow when building and publishing their national trusted lists.
Each state’s list feeds into a broader EU-wide framework maintained by the European Commission, enabling cross-border recognition of qualified trust services. The standard continues to evolve, with new versions improving coverage for additional service types, refining metadata semantics, and supporting stronger cryptographic mechanisms.
Significance in the European Trust Ecosystem
ETSI Trusted Lists support many critical use cases:
-
Electronic signatures and seals in contracts, filings, or communications
-
Digital identity wallets, where verified issuers must appear in a trusted list
-
Cross-border business and government interactions, where mutual trust is essential
By standardizing how trust is declared and verified, ETSI Trusted Lists reduce fraud, prevent unauthorized services, and foster a consistent legal and operational baseline across Europe.
Summary Table
| Feature | Description |
|---|---|
| Standard | ETSI TS 119 612 |
| Format | XML, digitally signed |
| Trust Elements | Service type, provider, status, validity, historical changes |
| Governance | Managed by national or regional scheme operators |
| Purpose | Enable verifiers to validate the legal and operational status of services |
| Use Cases | eIDAS-qualified signatures, identity wallet verification, timestamp checks |
