The ICO exists to empower you through information.

Latest changes

09 May 2024

  • Updated to ensure consistent use of the terms ‘UK eIDAS’, ‘eIDAS Regulation’, and ‘eIDAS Regulations’.

  • Added further information on trust services in the “What is a trust service” section.

  • Added further information on the trusted list in the “What is the UK trusted list” and the “Access the UK Trusted List” sections.

06 March 2023

  • Additional requirements and guidance added in the “Becoming a qualified trust service provider” section.

29 September 2022

  • From the 1 October 2022, the ICO has responsibility for the management and publication of the trusted list.
  • We have added the binary (DER) and text (Base64 encoded) format certificates for the UK Trusted List.

19 August 2022

  • Brief description added to explain the trusted list is an authoritative source of information for qualified trust providers and their services.
  • Individual sections updated to say the ICO will be taking responsibility for the trusted list from 1 October 2022 and describing any impact.
  • Within the “Using the UK Trusted List” section we have replaced the word ‘hash’ with ‘digest’.
  • Added new UK Trusted List page. This contains a download link to the UK trusted list, information on the trusted list and the rules under which it operates.

The UK eIDAS Regulation provides the legal framework for the use of electronic trust services within the UK.

Electronic trust services can be used in a number of ways to provide security for electronic documents, communications and transactions e.g. to help ensure that documents sent electronically have not been altered, or that the sender of a document can be easily identified or that the time associated with the creation of an electronic signature can be relied upon. Electronic trust services allow for such security mechanisms to be applied and validated and thus help ensure confidence in the electronic transfer of information.

This guide is for organisations providing trust services in the UK such as certificates for electronic signatures, certificates for electronic seals, certificates for website authentication, electronic time stamps and electronic registered delivery services.

It gives a brief introduction to the UK eIDAS Regulation, summarises the requirements for trust services, and explains the ICO’s role in supervising trust service providers in the UK.