Trusted List scheme info

The Law of Ukraine of 01.01.2024 N 2155-VIII “On electronic identification and electronic trust services ” (the Law) defines the legal and organizational principles of electronic identification and providing electronic trust services, the rights and obligations of legal entities in the field of electronic identification and electronic trust services, the procedure for state supervision (control) over compliance with legislation in the field of electronic identification and electronic trust services, as well as legal and organizational principles of electronic identification and electronic trust services in Ukraine.

According to Article 5 of the Law State regulation in the areas of electronic identification and electronic trust services is carried out by:the Cabinet of Ministers of Ukraine; the central executive body that ensures the formation and implementation of state policy in the areas of electronic identification and electronic trust services;

Part 2 of the Article 7 of the Law defines that the central executive body that ensures the formation and implementation of state policy in the areas of electronic identification and electronic trust services shall perform the functions of the Central certification Authority by providing free administrative services for entering information about legal entities and individual entrepreneurs who intend to provide qualified electronic trust services into the Trusted List, and making changes to the Trusted List.

Part 3 of Article 7 of the Law stipulates that the technical and technological support for the performance of the functions of the central certification authority and the integrated electronic identification system is provided by the administrator of the information and communication system of the central certification authority and the integrated electronic identification system, which is defined as a state enterprise belonging to the sphere of management of the central executive body that ensures the formation and implementation of state policy in the areas of electronic identification and electronic trust services.

Part one of Article 71 of the Law stipulates that the administrator of the information and communication system of the central certification authority shall provide technical and technological support for the performance of functions, in particular, maintaining the Trusted List;

Paragraph 1 of the Regulation on the Ministry of Digital Transformation of Ukraine, approved by the Resolution of the Cabinet of Ministers of Ukraine No. 856 dated September 18, 2019, stipulates that the Ministry of Digital Transformation of Ukraine ensures the performance of the functions of the Сentral Сertification Authority.

Article 30 of the Law defines the detailed conditions for obtaining the status of a qualified provider of electronic trust services Part 1 of Article 8.of the Law defines that the specially authorized central executive body on issues of organizing special communication and information protection shall perform the functions of a supervisory body in the areas of electronic identification and electronic trust services.

Pert 3 of Article 33 of the Law defines that the functions of the supervisory authority shall be performed by the State Service for Special Communications and Information Protection of Ukraine.

Articles 32-34 of the Law specify the details of the implementation of conformity assessment and control in the fields of electronic identification and electronic trust services.

The Resolution of the Cabinet of Ministers of Ukraine dated September 13, 2024 No. 1062 approves the Procedure- rules and criteria for conducting for assessing the conformity of the QTSP of Ukraine in the areas of electronic identification and electronic trust services.

The Resolution of the Cabinet of Ministries of Ukraine of June 28, 2024 № 764 “Some issues of electronic identification and electronic trust services ” determines the organizational, methodological, technical and technological terms that must be met by electronic identification providers and QTSP, their personnel, its separate registration points when providing electronic identification services and electronic trust services, including on information security issues. The Resolution approved the List of Standards used by UA-QTSPs while providing qualified electronic trust services in Ukraine.

The Resolution of the Cabinet of Ministers of Ukraine of August, 11, 2023 № 844 «On Approval of requirements to the Trusted List“ (Resolution on requirements) defines the requirements aimed at ensuring the maintenance of the Trusted List as part of the information and communication system of the Сentral Сertification authority, its information content, technical support, and support for the exchange of information between its components in order to ensure trust between subjects of relations in the field of electronic trust services, as well as its use for mutual recognition of electronic trust services between Ukraine and the European Union and promoting the integration of Ukraine into the global electronic information space. According to the Resolution on Requirements the Trusted List Holder - the Central Certification Authority that ensures the implementation, operation and up-to-date maintenance of the Trusted List, which is published on its own official website in three files. Trusted List includes information related to the qualified trust service providers together with information related to the qualified electronic trust services provided by them. According to the Resolution on Requirements, the structure and procedure for publishing the files of the Trusted List are determined by DSTU ETSI TS 119 612: 2016 “Electronic signatures and infrastructures. Trusted lists ”(ETSI TS 119 612: 2016, IDT).

Organizational-methodological, technical and technological terms of the Central Certification Authority during the provision of qualified electronic trust service of creation, validation and verification of qualified certificate of electronic signature or seal, the order of interaction of electronic trust service providers with the Central Certification Authority in the process of provision of qualified electronic trust service of creation, validation and verification of the qualified certificate of electronic signature or seal are established by the Practice statement of the Central Certification Authority approved by theOrder of the Ministry of Digital Transformation of Ukraine of 28.02.2024 № 33 (Practice Statement). According to the Practice statement the state enterprise "DIIA" is the administrator of the information and communication system of the Central Certification Authority, which provides technical and technological support for the performance of the functions of the Central Certification Authority, including maintaining the Trusted List.

Thus, the state enterprise “DIIA” is a Scheme operator of the Ukrainian Trusted List.

The Order of the Ministry of Digital Transformation of Ukraine of 08.11.2023 № 139 “On approval of the procedure for maintaining the Trusted List” (Procedure) determines the procedure for maintaining the Trusted List, entering information into the Trust List and providing round-the-clock access to the Trusted List through public telecommunications networks and determines that the state enterprise "DIІA" maintains the Trusted List, makes changes to the Trusted List in accordance with the rules specified in DSTU ETSI TS 119 612:2016 (ETSI TS 119 612:2016, IDT.

As of 01.12.2024 in the Ukrainian Trusted list there are two types of QTSs provided by the Scheme operator to QTSPs :I) qualified electronic trust service of creation, validation and verification of electronic signature or seal, according to the Article 20 of the Law of Ukraine "On electronic identification and electronic trust services";II) qualified electronic trust service of creation, validation, and verification of electronic time stamp, according to the Article 26 of the Law of Ukraine "On electronic identification and electronic trust services"