Trusted Service Status List (TSL)
The present list is the TSL implementation of Iceland’s "Trusted List of supervised/accredited Certification Service Providers”.
The present list is the ‘Trusted List of supervised/accredited Certification Service Providers’ providing information about the supervision/accreditation status of certification services from Certification Service Providers (CSPs) who are supervised/accredited by Iceland for compliance with the relevant provisions of Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures.The Trusted List aims at:
- listing and providing reliable information on the supervision/accreditation status of certification services from Certification Service Providers, who are supervised/accredited by Iceland for compliance with the relevant provisions laid down in Directive 1999/93/EC,
- allowing for a trusted validation of electronic signatures supported by those listed supervised/accredited certification services from the listed CSPs.
The Trusted List of a Member State provides a minimum of information on supervised/accredited CSPs issuing Qualified Certificates in accordance with the provisions laid down in Directive 1999/93/EC (Art. 3.3, 3.2 and Art. 7.1(a)), including information on the QC supporting the electronic signature and whether the signature is or not created by a Secure Signature Creation Device.
The CSPs issuing Qualified Certificates (QCs) listed here are supervised by Iceland and may also be accredited for compliance with the provisions laid down in Directive 1999/93/EC, including with the requirements of Annex I (requirements for QCs), and those of Annex II (requirements for CSPs issuing QCs). The applicable ‘supervision’ system (respectively ‘voluntary accreditation’ system) is defined and must meet the relevant requirements of Directive 1999/93/EC, in particular those laid down in Art. 3.3, Art. 8.1, Art. 11 (respectively, Art.2.13, Art. 3.2, Art 7.1(a), Art. 8.1, Art. 11)
Additional information on other supervised/accredited CSPs not issuing QCs but providing services related to electronic signatures (e.g. CSP providing Time Stamping Services and issuing Time Stamp Tokens, CSP issuing non-Qualified certificates, etc.) are included in the Trusted List at a national level on a voluntary basis.
The Consumer Agency (Neytendastofa) is the supervisory body according to Act28/2001 on Electronic Signatures Article 18 and Regulation 780/2011 on Electronic Signatures Article 24.A certification service provider intending to issue qualified certificates shall send notification of his operation to the Consumer Agency [Neytendastofa].The notification of a certification service provider shall be accompanied by all documents and information that the Consumer Agency considers necessary for its supervision.There is no approval process so once the CSP has sent the information it can start to issue qualified certificates and is considered to be under supervision by the Consumer Agency (Neytendastofa).The Consumer Agency may demand the information and documents to be needed to carry out its task, and may carry out on-site visits. The Consumer Agency may require an IT audit to be carried out at the premises of CSPs, and may appoint an auditor to carry out the audit. The Consumer Agency may also deprive a CSP of the right to use the designation ‘Qualified Certificate’ if the CSP seriously or repeatedly fails to comply with the rules laid down in the Act.
The Trusted List of Iceland is established, maintained and published by the Consumer Agency and is available in two versions: