How to become a qualified trust service provider

Legal basis: Article 30 of the Law of Ukraine “On Electronic Identification and Electronic Trust Services”; Resolution of the Cabinet of Ministers of Ukraine dated 28.06.2024 No. 764 “Some Issues of Electronic Identification and Electronic Trust Services”.

Who can become a qualified electronic trust service provider

Legal entities and individual entrepreneurs acquire the status of a qualified electronic trust service provider from the date of entering information about them into the Trust List:

• by decision of the Central Certification Authority (CCA) — for most providers;
• by decision of the NBU Certification Center — for banks, other persons operating in the financial services markets under the supervision of the NBU, operators and participants of payment systems, technological operators of payment services.

Preliminary stage: documents requiring approval from the Ministry of Digital Transformation

Before submitting a package of documents to the CCA, three documents must be developed and approved by the Ministry of Digital Transformation of Ukraine. All of them are mandatory components of the main package (part 2 of Article 30 of the Law):

1. Regulations of a QTSP
The main regulatory document that determines the procedure for providing all qualified trust services. The structure of the regulations meets the requirements of DSTU ETSI EN 319 401:2022 and DSTU ETSI EN 319 411-1:2022.

Approval procedure:

• sent to the Ministry of Digital via the ICS of the Central Certification Authority in electronic form;
• consideration period — 30 calendar days;
• after approval, the head approves the regulations and submits them to the Ministry of Digital within 10 working days from the date of approval;
• The Ministry of Digital Transformation sends a copy of the document to the Administration of the State Service for Special Communications within 5 working days.

Changes to the regulations are approved in the same manner.

2. Time synchronization procedure
A document describing the mechanism for synchronizing the software and hardware complex with the Coordinated Universal Time (UTC) using the national UTC(UA) time scale and the technical equipment structure.

Approval procedure: approved by the Ministry of Digital Transformation of Ukraine before the start of service provision (paragraph 46 of the RCMU No. 764).

3. Termination plan
A document establishing the procedure for the QTSP in the event of termination of the provision of qualified electronic trust services: protection of user interests, terms and procedure for transferring documented information to the CCA or to another QTSP.

The form of the plan is established by the Ministry of Digital Transformation of Ukraine (order of the Ministry of Digital Transformation, form for reference in paragraph 1 of part two of Article 30 of the Law). Submitted as an original or a certified copy.

Step 1. Create and submit a package of documents to the CCA

Documents are submitted to the CCA in paper or electronic form. In the case of submission the documents in paper form, electronic copies of all documents are additionally provided.

List of the documents (part two of Article 30 of the Law):

1. Application for inclusion in the Trusted List.
2. A document that allows for the unambiguous identification of an individual - an entrepreneur or an authorized representative of a legal entity.
3. The original or a copy certified in accordance with the procedure established by law of a document on compliance with the requirements for qualified providers of electronic trust services and the services they provide, issued based on the results of the conformity assessment procedure in the field of electronic trust services.
4. Documents on the compliance of the means of qualified electronic signature or seal, which will be used to provide qualified electronic trust services, with the requirements established by this Law, issued based on the results of certification of such means.
5. Certified copies of documents confirming the right of ownership or the right to use non-residential premises, which will be used to accommodate all components of the software and hardware complex that will ensure the provision of qualified electronic trust services.
6. Personal and job composition of employees whose duties will be directly related to the provision of qualified electronic trust services.
7. Certified copies of documents confirming the right of ownership or the right to use the means of qualified electronic signature or seal, which will be used to provide qualified electronic trust services, in accordance with the procedure established by law.
8. The original or a copy of the liability insurance contract certified in accordance with the procedure established by law or copies of documents certified in accordance with the procedure established by law confirming the deposit of funds into a current account with a special use regime in a bank (an account in a body that carries out treasury services for budget funds, or an account with the National Bank of Ukraine - for banks that are qualified trust services providers, a QTSP established by the National Bank of Ukraine) to ensure compensation for losses that may be caused by a QTSP to users of electronic trust services as a result of improper performance of its duties.
9. Original or a copy certified in accordance with the procedure established by law of the regulations of the QTSP, agreed with the central executive body that ensures the formation and implementation of state policy in the areas of electronic identification and electronic trust services, or by the certification center - for providers of electronic trust services that are entered into the Trusted List upon submission by the certification center that meets the requirements for the regulations of the qualified electronic trust service provider.
10. Original or a copy certified in accordance with the procedure established by law of the termination plan of activities for the provision of qualified electronic trust services in accordance with the form established by the central executive body that ensures the formation and implementation of state policy in the areas of electronic identification and electronic trust services.

If the provider plans to operate through separate registration points, information about each such point and its employees is submitted along with the main package (Part 3 of Article 30 of the Law).

Step 2. Consideration of the application by the Central Certification Authority

The CCA considers the submitted documents within 15 business days from the date of registration of the application and makes one of the following decisions (part four of article 30 of the Law):

• ✅ Decision to include information in the Trusted List.
• ❌ Reasoned refusal.

Grounds for refusal (part six of article 30 of the Law):

• incomplete package of documents or violation of the established requirements for their execution;
• detection of inaccurate information, damage, corrections or additions in the application or attached documents.

The decision to refuse is made in compliance with the person's right to participate in administrative proceedings in accordance with the Law of Ukraine "On Administrative Procedure".

Step 3. Obtaining qualified certificates

Changes in the Trusted List: In case of any changes in information (address, personnel, range of services, etc.), the QTSP is obliged to submit to the CCA an application for changes together with supporting documents within 5 business days from the date of the changes. If the deadline is missed, the provision of qualified services is prohibited until the relevant changes are made (part seven of article 30 of the Law).

Cancellation of status: Occurs by decision of the CCA in the event of: application by the QTSP itself to terminate its activities, submission by a certification center or supervisory authority, termination of a legal entity or death of an individual entrepreneur, entry into force of a relevant court decision (part nine of article 30 of the Law). Information about the QTSP is stored in the Trusted List even after the status is canceled - to ensure verification of previously issued certificates.

Replacement of a QTSP: By mutual consent or on the basis of legal succession, the CCA may replace one QTSP with another in the Trusted List - to ensure continuous provision of services to users (Part 10 of Article 30 of the Law).

Useful links

• Document forms for QTSP
• Regulations of the CCA
• Regulatory and legal acts in the field of TS
• Trusted List
• Law of Ukraine “On Electronic Identification and Electronic Trust Services”