Skip to main content

eIDAS - Qualified trust service applications

Commission Implementing Regulation (EU) 2025/1572 establishes detailed rules under Regulation (EU) No 910/2014. This regulation aims to ensure consistent standards across EU Member States, enhancing trust and interoperability within the European Digital Identity ecosystem.

An electronic edition of the same is available here.

Article 1: Verification methodology

  1. Supervisory bodies shall establish a methodology for verifying compliance of trust service providers having notified their intention to start providing a qualified trust service with the requirements laid down in Regulation (EU) No 910/2014 and Article 21(2) of Directive (EU) 2022/2555 of the European Parliament and of the Council (5).

  2. The verification methodology shall include procedures and processes for involving competent authorities designated or established pursuant to Article 8(1) of Directive (EU) 2022/2555, which carry out supervisory actions to verify the trust service provider's compliance with the requirements laid down in Article 21 of Directive (EU) 2022/2555.

Article 2: Transparency

Supervisory bodies shall make the following information publicly available:

  1. contact details of the supervisory body;

  2. the communication channels to be used when trust service providers submit a notification of the intention to start providing a qualified trust service;

  3. the list of documentation that trust service providers are to provide as a part of a notification of intention to start providing a qualified trust service;

  4. the procedures for handling complaints relating to the process of verification of compliance of trust service providers having notified their intention to start providing a qualified trust service with the requirements laid down in Regulation (EU) No 910/2014 and Article 21(2) of Directive (EU) 2022/2555;

  5. a general description of the methodology referred to in Article 1.

Article 3: Trust service provider notifications

Trust service providers shall provide at least the following information in their notifications of intention to start providing a qualified trust service:

  1. where the trust service provider is a legal person, its name and, where applicable, a registration number, name of the Member State where it is established and the name of the person(s) signing or submitting the notification on behalf of the legal person;

  2. where the trust service provider is a natural person, their name and personal identification number, and in the absence thereof their date of birth and the type and number of their identity document;

  3. the telephone number, email address and postal address of the trust service provider;

  4. the Uniform Resource Identifiers (URI) where users can obtain additional information concerning that trust service provider, including the practice statements and policies, the general terms and conditions and the customer care policies that apply to the trust service being notified;

  5. the risk analysis underlying the measures referred to in Article 24(2), point (fa) of Regulation (EU) No 910/2014, and the risk analysis underlying the measures referred to in Article 21 of Directive (EU) 2022/2555;

  6. each qualified trust service which the trust service provider intends to start providing;

  7. for each trust service that the trust service provider intends to start providing as a qualified trust service:

    • one or more identifiers and, where applicable, certificates of the trust service, for inclusion in the national trusted list in accordance with the implementing acts adopted pursuant to Article 22(5) of Regulation (EU) No 910/2014;

    • the intended start date of the provision of the trust service;

    • the conformity assessment reports(s) of the trust service and the contact details of the conformity assessment body;

    • where applicable, technical reports supporting the conformity assessment report.

  1. the termination plan referred to in Article 24(2), point (i) of Regulation (EU) No 910/2014.

Article 4: Verifications by supervisory bodies

  1. To determine whether the trust service provider and the qualified trust service it intends to provide comply with the requirements of Regulation (EU) No 910/2014 and Article 21 of Directive (EU) 2022/2555, supervisory bodies shall analyse the trust service provider's provided information and may, in addition to any measures described in the methodology established pursuant to Article 1, perform on-site verifications, as well as interviews with representatives of the trust service provider and the conformity assessment body.

  2. Supervisory bodies shall verify at least the following elements:

    (a) the submitted conformity assessment report sufficiently demonstrates compliance of the trust service provider and the qualified trust service it intends to provide with the requirements set out in Regulation (EU) No 910/2014 and in Article 21 of Directive (EU) 2022/2555;

    (b) the submitted conformity assessment report complies with the requirements set out in the implementing acts adopted pursuant to Article 20(4) of Regulation (EU) No 910/2014;

    (c) any information contained in the submitted conformity assessment report indicating non-conformity with the requirements of Regulation (EU) No 910/2014;

    (d) any additional information considered necessary to verify compliance with the requirements laid down in Regulation (EU) No 910/2014 and in Article 21 of Directive (EU) 2022/2555.

Article 5: Entry into force and applicability

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

This Regulation shall apply from 19 August 2026.

This Regulation shall be binding in its entirety and directly applicable in all Member States.

Done at Brussels, 29 July 2025.

For the Commission

The President

Ursula VON DER LEYEN