SRPS ETSI EN 319 401 V3.2.1:2026

Electronic Signatures and Trust Infrastructures (ESI); General Policy Requirements for Trust Service Providers

Scope

The present document specifies general policy requirements relating to Trust Service Providers (TSPs) that are independent of the type of TSP. It defines policy requirements on the operation and management practices of TSPs. Other specifications refine and extend these requirements as applicable to particular forms of TSP. The present document does not specify how the requirements identified can be assessed by an independent party, including requirements for information to be made available to such independent assessors, or requirements on such assessors. The present document aims to support the requirements on NIS2 Directive [i.13] and addresses the general requirements for security management and cybersecurity of trust services (qualified and non-qualified). NOTE: See ETSI EN 319 403-1 [i.2] for details about requirements for conformity assessment bodies assessing Trust Service Providers.