Skip to content

ETSI EN 319 401 V3.1.1 (2024-06) - General Policy Requirements for Trust Service Providers #140

New issue
New issue
Open
Open
ETSI EN 319 401 V3.1.1 (2024-06) - General Policy Requirements for Trust Service Providers#140
Labels
Art 19a(2)Requirements for non-qualified trust service providersArt 24(5)QTSPs: Compliance and security standardsArt 28(6)/38(6)Qualified certificates for electronic signatures/sealsArt 29a(2)/39(a)rQSCD managementCIR (EU)This STS is referenced in a CIR (EU)CIR (EU) 2025/1569Implementing Act Art. 44e-f electronic attestation of attributesFn: GovernanceFunctional: Governance of the EUDI Wallet ecosystemFn: QESFunctional: Qualified Electronic Signature, both for the Wallet and TSPsFn: SecurityFunctional: Security of the EUDI Wallet and and governanceFn: Trust ServicesFunctional: Trust Servicessts: cross milestoneDescribes a standard with gap affecting more than one milestonessts: readyThe standard has a stable version published
Milestone
03. Milestone 3
@IshaiO

Description

@IshaiO
IshaiO
opened on Oct 29, 2024

Formal name

ETSI EN 319 401 V3.1.1 (2024-06) - Electronic Signatures and Trust Infrastructures (ESI); General Policy Requirements for Trust Service Providers

Overview

The present document specifies general policy requirements relating to Trust Service Providers (TSPs) that are independent of the type of TSP. It defines policy requirements on the operation and management practices of TSPs. Other specifications refine and extend these requirements as applicable to particular forms of TSP.

The present document does not specify how the requirements identified can be assessed by an independent party, including requirements for information to be made available to such independent assessors, or requirements on such assessors.

The present document aims to support the requirements on NIS2 Directive and addresses the general requirements for security management and cybersecurity of trust services (qualified and non-qualified). NOTE: See ETSI EN 319 403-1 for details about requirements for conformity assessment bodies assessing Trust Service Providers.

Update EN 319 401 to align with requirements of Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union (NIS2), and to take into account updates to referenced ISO standards including ISO 27002. Also, the updates will take into account recognised improvements to best practices. This work will take into account ETSI TR 119 404.

Work Plan

  • ETSI status: https://portal.etsi.org/webapp/workprogram/Report_WorkItem.asp?WKI_ID=67940
    Further update planned. EN approval process adds at least 3 months to the process.

  • The EC has conducted an assessment and the conclusion was that this standard needs update. The published version is very close to the implementing act CIR (EU) 2024/2690. Further specifics on critical incidents TSPs per the implementing may need to be added. For article 24(5): Need to check if complementary standards that can be referenced as well to fill any gaps. Example of gaps: Termination plan (e.g. ToC) as based on ENISA guidelines on QTSP Termination, requirements on procedures for Art.24(2)(a).

  • The EC will follow up with ETSI on this standard.

Tasks

  • Update, 2025-07-07: The EC will assess the new ETSI EN 319 401 version (available in September 2025)

Alerts

Update, 2025-08-20: The standards has been referenced in CIR (EU) 2025/1569.

References

Metadata

Metadata

Assignees

No one assigned

    Labels

    Art 19a(2)Requirements for non-qualified trust service providersArt 24(5)QTSPs: Compliance and security standardsArt 28(6)/38(6)Qualified certificates for electronic signatures/sealsArt 29a(2)/39(a)rQSCD managementCIR (EU)This STS is referenced in a CIR (EU)CIR (EU) 2025/1569Implementing Act Art. 44e-f electronic attestation of attributesFn: GovernanceFunctional: Governance of the EUDI Wallet ecosystemFn: QESFunctional: Qualified Electronic Signature, both for the Wallet and TSPsFn: SecurityFunctional: Security of the EUDI Wallet and and governanceFn: Trust ServicesFunctional: Trust Servicessts: cross milestoneDescribes a standard with gap affecting more than one milestonessts: readyThe standard has a stable version published

    Type

    No type

    Projects

    STS Roadmap

    Status

    🏗 In progress

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions