(fra kommisjonsbeslutningen)

(1) Trusted lists provided for in Article 22(1) of Regulation (EU) No 910/2014 are essential for building trust among market operators as they allow a validation of the qualified status of the trust service providers and of the trust services they provide. Therefore, qualified trust service providers are only to begin to provide a qualified trust service after the qualified status has been indicated in the trusted lists.

(2) Commission Implementing Decision (EU) 2015/1505 (2) lays down technical specifications and formats relating to trusted lists. Those specifications and formats leverage the specifications and requirements set out in standard ETSI TS 119 612 version 2.1.1.

(3) Regulation (EU) 2024/1183 of the European Parliament and of the Council (3) amended Regulation (EU) No 910/2014 by introducing new qualified trust services, namely the management of remote qualified electronic signature creation devices, the management of remote qualified electronic seal creation devices, the issuance of qualified electronic attestation of attributes, the provision of qualified electronic archiving services, and the recording of electronic data in a qualified electronic ledger. Standard ETSI TS 119 612 has been updated to version 2.4.1, and now contains specifications that allow trusted lists to include and indicate the status of those new qualified trust services. The updated version 2.4.1 has also amended the specifications for the format of signatures or seals to be used by Member States to sign or seal their national trusted lists.

(4) Therefore, Commission Implementing Decision (EU) 2015/1505 should be amended to update the reference to standard ETSI TS 119 612 to its newer version 2.4.1. As a result of this amendment, certain additional changes to that Implementing Decision are also required. Firstly, the information, to be referred to in the trusted lists, as regards the interpretation of the content of such lists, should be clarified to allow relying parties to interpret the information in the trusted lists. Secondly, the specifications related to the creation of the electronic signatures or seals that are to be applied to the trusted lists should be adapted to prevent certain known and reported vulnerabilities.

(5) To ensure that relying parties have sufficient time to adapt to the specifications set out in the Annex, the application of this Decision should be delayed.

(6) Regulation (EU) 2016/679 of the European Parliament and of the Council (4) and, where relevant, Directive 2002/58/EC of the European Parliament and of the Council (5) apply to all personal data processing activities under this Decision.

(7) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council (6) and delivered its opinion on 8 August 2025 (7).

(8) The measures provided for in this Decision are in accordance with the opinion of the committee established by Article 48 of Regulation (EU) No 910/2014,