Trusted list under Regulation (EU) No 910/2014
EU Member States have, according to eIDAS Regulation (Article 22), the obligation to establish, maintain and publish trusted lists of qualified trust service providers and the qualified trust services provided by them.
EU Member States
EU Member States trusted list as defined in Regulation (EU) No 910/2014 include information related to the qualified trust service providers which are supervised by the competent Member State, together with information related to the qualified trust services provided by them, in accordance with the relevant provisions laid down in the Regulation.
Trusted lists are essential elements in building trust among market operators as they indicate the status of the service providers and their services, while aiming at fostering interoperability of qualified trust services by facilitating the validation of eSignatures and eSeals.
Under the eIDAS regulation national trusted lists have a constitutive effect. In other words, a trust service provider and the trust services it provides will be qualified only if it appears in the trusted lists. Consequently, the users (citizens, businesses or public administrations) will benefit from the legal effect associated with a given qualified trust service only if the latter is listed (as qualified) in the trusted lists.
The trusted lists of Member States include, as a minimum, information specified in Articles 1 and 2 of Commission Implementing Decision (EU) 2015/1505 profiling technical specifications defined in ETSI TS 119 612 v2.1.1.
The trusted lists are to be published in a secured manner, electronically signed or sealed in a form suitable for automated processing.
Member States may, on a voluntary basis, include in the trusted lists information on non-qualified trust service providers and other nationally defined trust services, provided that it is clearly indicated that they are not qualified according to Regulation (EU) No 910/2014.
To allow access to the trusted lists of all Member States in an easy and trustworthy manner, the European Commission publishes a central list with links to the locations where the trusted lists are published as notified by Member States. This central list, called the List Of Trusted Lists (LOTL), is available to the public through a secure channel to an authenticated web server, as a signed or sealed XML machine-processable form.
Trusted list of Norway
The present list is the trusted list including information related to the qualified trust service providers which are supervised by Norway, together with information related to the qualified trust services provided by them, in accordance with the relevant provisions laid down in Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC.
The cross-border use of electronic signatures has been facilitated through Commission Decision 2009/767/EC of 16 October 2009 which has set the obligation for Member States to establish, maintain and publish trusted lists with information related to certification service providers issuing qualified certificates to the public in accordance with Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures and which are supervised/accredited by the Member States. The present trusted list is the continuation of the trusted list established with Decision 2009/767/EC.
The Trusted List of Norway is established, maintained and published by Norwegian Communications Authority (Nkom) and is available here:
The certificates for signing of the Trusted List of Norway:
Supervision scheme
According to Article 17(1) of Regulation (EU) No 910/2014, Member States shall designate a supervisory body established in their territory or, upon mutual agreement with another Member State, a supervisory body established in that other Member State. That body shall be responsible for supervisory tasks in the designating Member State.
The Norwegian Communications Authority (Nkom) is the supervisory body in Norway.
The Trust Service Provider (TSP) established in Norway must be supervised, for compliance with the provisions laid down in Act on trust services of 15 June 2018.
Nkom is the supervisory body according to the Act on trust services. The TSPs established in Norway must notify the Nkom its intention to become qualified together with the conformity assessment report issued by the eIDAS accredited conformity assessment body.
The TSPs need to apply to a conformity assessment body who will assess their compliance against the requirements for qualified trust service providers and qualified trust services. The conformity assessment body will produce a conformity assessment report, demonstrating how the requirements have been met. The TSPs then submit this report to Nkom for verification. Nkom will analyse the report to ensure all requirements in eIDAS Regulation have been met, and will grant them qualified status if appropriate.
If the TSPs gain qualified status, they will be added to the national trusted list and will be able to use the eIDAS EU trust mark.
To maintain qualified status the TSPs will need to undergo the conformity assessment process every two years, at their own expense.
If the TSPs make significant changes to their qualified trust service, or decide to stop the service, they must notify Nkom.