法律人 LawPlayer logo

資料由法律人 LawPlayer整理提供·EU law / curated by LawPlayer from EUR-Lex

Regulation

Commission Implementing Regulation (EU) 2025/2530 of 16 December 2025 laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards requirements for qualified trust service providers providing qualified trust services

CELEX
Implementing Regulation (EU) 2025/2530
Date of document
Articles
6
Source
EUR-Lex
Article 1Notifications to the supervisory body

1.   In notifications referred to in Article 24(2), point (a), of Regulation (EU) No 910/2014, qualified trust service providers shall cover at least significant changes to all of the following elements:

(a)

the service descriptions, policies, practice statements or associated terms and conditions;

(b)

the technical architecture of the qualified trust services, or any trustworthy systems or products referred to in Article 24(2), points (e) and (f), of Regulation (EU) No 910/2014;

(c)

the hosting of any technical components required for the provision of the qualified trust services, or the technical services pertaining to these technical components;

(d)

the use of cryptographic techniques or cryptographic materials in the provision of the qualified trust services;

(e)

the registration and identification procedures;

(f)

the organisational structure or governance of the trust service provider;

(g)

the termination plan;

(h)

financial resources and liability insurance referred to in Article 24(2), point (c) of Regulation (EU) No 910/2014;

(i)

elements with an impact on the content of the corresponding national trusted list;

(j)

third parties involved in the provision of the qualified trust services, including subcontractors or service providers, or to contractual terms with these third parties.

2.   Notifications referred to in paragraph 1 shall include:

(a)

description of the change;

(b)

planned date and time of the change;

(c)

reasons for the change and, where applicable, evidence for the reasons;

(d)

where applicable, updated documents.

Article 2Risk management framework

The requirements laid down in Article 2, Article 3 and Article 4 of Commission Implementing Regulation 2025/2160 shall apply mutatis mutandis to qualified trust service providers with regard to the requirement to have a risk management framework laid down in Article 24(2), point (fa), of Regulation (EU) No 910/2014.

Article 3Termination plan

1.   Qualified trust service providers shall establish a termination plan for each qualified trust service they provide, that establishes the necessary provisions for the effective and correct application of the termination of the service or parts thereof, for the purposes of ensuring continuity of the service and of providing evidence in legal proceedings, including how information is kept accessible in accordance with Article 24(2), point (h) of Regulation (EU) No 910/2014.

2.   Qualified trust service providers shall set up controls and procedures to ensure the availability for internal use of documented policies, practices, procedures, third party arrangements and any other documents required to ensure the effectiveness of the termination plan.

3.   Qualified trust service providers shall set up controls and procedures to ensure that their termination plan and any document associated with it are up to date.

4.   Qualified trust service providers shall review the termination plan, and any associated documents, at least every two years and as part of the implementation of any changes to the qualified trust service provider or to the qualified trust services it provides and update the termination plan accordingly.

5.   Qualified trust service providers shall manage the risks that are specific to the termination of the provision of their qualified trust services as part of the risk management framework referred to in Article 2.

6.   Qualified trust service providers shall ensure maintenance of sufficient financial resources or obtain appropriate insurance to cover the costs required to effectively execute the termination plan, including in case of unanticipated termination.

7.   Qualified trust service providers shall ensure that the termination plan specifies appropriate procedures and arrangements for at least the following:

(a)

the termination of the qualified trust services, including, where relevant, in relation to the decommissioning of any technical components or services used to provide the concerned qualified trust service;

(b)

a timely update of the related service entries as listed in the corresponding national trusted list;

(c)

the revocation of any existing and unrevoked qualified certificates issued by them before concluding the termination of the qualified trust service for the issuance of qualified certificates, unless all relevant obligations of the terminated qualified trust services are transferred to another qualified trust service provider in a manner that ensures that the qualified certificates and all related services continue to meet the requirements of Regulation (EU) No 910/2014 in an uninterrupted manner;

(d)

ensuring that after the termination of the provision of qualified trust services, no further qualified trust service output can be created or enabled through the use of the signature or seal creation data of the qualified trust service provider;

(e)

ensuring the accessibility and usability of all relevant records held by the qualified trust service provider;

(f)

addressing scenarios of anticipated, unanticipated, partial and complete termination;

(g)

ensuring that the interests of the subscribers of the terminated qualified trust services are safeguarded upon termination, including continued maintenance of information required for the subscribers to verify the legal validity of the outputs of the qualified trust services;

(h)

where applicable, specifying any arrangements made to allow provision of alternative qualified trust services by other qualified trust service providers for the purpose of minimising disruptions for the subscribers;

(i)

providing notices to parties known to the qualified trust service provider that will be directly or indirectly affected by the termination.

8.   The procedures and arrangements referred to in paragraph 7, point (e) shall ensure the accessibility and usability of the records necessary to:

(a)

provide evidence in relation to the compliance of the qualified trust services with Regulation (EU) No 910/2014 and Regulation (EU) 2016/679;

(b)

ensure continuity of the qualified trust services, as regards the signature or seal validation data of the qualified trust service provider and as regards enabling continued maintenance of information required to verify the correctness of previously created trust service outputs.

9.   Qualified trust service providers shall ensure that the termination plan and records associated with it include at least the following documentation:

(a)

procedures for the termination of qualified trust services;

(b)

procedures for and records of regular review of the termination plan referred to in paragraph 4;

(c)

audit reports relating to the termination plan;

(d)

termination arrangements with third parties involved in the provision of the qualified trust services that are to be terminated;

(e)

terms and conditions, practices and policy documents relating to the qualified trust services.

Article 4Reference standards and specifications for qualified trust services

1.   In addition to the requirements set out in Article 1, Article 2 and Article 3, the reference standards and specifications referred to in Article 24(5) of Regulation (EU) No 910/2014 are set out in the Annex to this Regulation.

2.   Where there are discrepancies between the reference standards and specifications established by the Implementing Regulations and as set out in the Annex to this Regulation and the requirements set out in Article 1, Article 2 and Article 3 of this Regulation, the requirements set out in Article 1, Article 2 and Article 3 of this Regulation shall prevail.

Article 5Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union .

Schedules & Appendices

ANNEXList of reference standards and specifications referred to in Article 4

ANNEX

List of reference standards and specifications referred to in Article 4

(1)

For qualified trust services for the issuance of qualified certificates for electronic signatures: clauses 5.2, 6.1, 6.4, 6.5, 6.8 and 6.9 of the standard as referenced and adapted in point 1 of Annex I to Commission Implementing Regulation (EU) 2025/1943  ( 1 ) .

(2)

For qualified trust services for the issuance of qualified certificates for electronic seals: clauses 5.2, 6.1, 6.4, 6.5, 6.8 and 6.9 of the standard as referenced and adapted in point 1 of Annex II to Implementing Regulation (EU) 2025/1943.

(3)

For qualified trust services for the issuance of qualified certificates for website authentication: clauses 5.2, 6.1, 6.4, 6.5, 6.8 and 6.9 of the standard as referenced and adapted in Annex to Implementing Regulation (EU) 2025/1943.

(4)

For qualified validation services for qualified electronic signatures: clauses 5, 6 and 7 of the standard as referenced and adapted in point 1 of the Annex to Commission Implementing Regulation (EU) 2025/1942  ( 2 ) .

(5)

For qualified validation services for qualified electronic seals: clauses 5, 6 and 7 of the standard as referenced and adapted in point 1 of the Annex to Implementing Regulation (EU) 2025/1942.

(6)

For qualified preservation services for qualified electronic signatures: clauses 5, 6 and 7 of the standard as referenced and adapted in point 1 of the Annex to Commission Implementing Regulation (EU) 2025/1946  ( 3 ) .

(7)

For qualified preservation services for qualified electronic seals: clauses 5, 6 and 7 of the standard as referenced and adapted in point 1 of the Annex to Implementing Regulation (EU) 2025/1946.

(8)

For qualified trust services for the creation of qualified electronic timestamps: clauses 5, 6 and 7 of the standard as referenced and adapted in point 1 of the Annex to Commission Implementing Regulation (EU) 2025/1929  ( 4 ) .

(9)

For qualified electronic registered delivery services: clauses 4, 6 and 7 of the standard as referenced and adapted in Annex I to Commission Implementing Regulation (EU) 2025/1944  ( 5 ) .

(10)

For qualified services for the management of remote qualified electronic signature creation devices: clauses 5, 6.1, 6.4, 6.5, 6.7 and 6.8 of the standard as referenced and adapted in the Annex to Implementing Regulation (EU) 2025/1567  ( 6 ) .

(11)

For qualified services for the management of remote qualified electronic seal creation devices: clauses 5, 6.1, 6.4, 6.5, 6.7 and 6.8 of the standard as referenced and adapted in the Annex to Implementing Regulation (EU) 2025/1567.

(12)

For qualified electronic archiving services: clauses 6 and 7 of the standard as referenced and adapted in the Annex to Commission Implementing Regulation (EU) 2025/2532  ( 7 ) .

(13)

For qualified trust services for the issuance of qualified electronic attestation of attributes: the standard referenced in Annex I to Commission Implementing Regulation (EU) 2025/1569  ( 8 ) .

(14)

For qualified trust services for the recording of electronic data in a qualified electronic ledger: the standard as referenced and adapted in point 3(a) of Annex to Commission Implementing Regulation (EU) 2025/2531  ( 9 ) .

( 1 )   Commission Implementing Regulation (EU) 2025/1943 of 29 September 2025 laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards reference standards for qualified certificates for electronic signatures and qualified certificates for electronic seals( OJ L, 2025/1943, 30.9.2025, ELI: http://data.europa.eu/eli/reg_impl/2025/1943/oj ).

( 2 )   Commission Implementing Regulation (EU) 2025/1942 of 29 September 2025 laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards qualified validation services for qualified electronic signatures and qualified validation services for qualified electronic seals ( OJ L, 2025/1942, 30.9.2025, ELI: http://data.europa.eu/eli/reg_impl/2025/1942/oj ).

( 3 )   Commission Implementing Regulation (EU) 2025/1946 of 29 September 2025 laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards qualified preservation services for qualified electronic signatures and for qualified electronic seals ( OJ L, 2025/1946, 30.9.2025, ELI: http://data.europa.eu/eli/reg_impl/2025/1946/oj ).

( 4 )   Commission Implementing Regulation (EU) 2025/1929 of 29 September 2025 laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards the binding of date and time to data and establishing the accuracy of the time sources for the provision of qualified electronic time stamps ( OJ L, 2025/1929, 30.9.2025, ELI: http://data.europa.eu/eli/reg_impl/2025/1929/oj ).

( 5 )   Commission Implementing Regulation (EU) 2025/1944 of 29 September 2025 laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards reference standards for processes for sending and receiving data in qualified electronic registered delivery services and as regards interoperability of those services ( OJ L, 2025/1944, 30.9.2025, ELI: http://data.europa.eu/eli/reg_impl/2025/1944/oj ).

( 6 )   Commission Implementing Regulation (EU) 2025/1567 of 29 July 2025 laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards the management of remote qualified electronic signature creation devices and of remote qualified electronic seal creation devices as qualified trust services ( OJ L, 2025/1567, 30.7.2025, ELI: http://data.europa.eu/eli/reg_impl/2025/1567/oj ).

( 7 )   Commission Implementing Regulation (EU) 2025/2532 of 16 December 2025 laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards reference standards and specifications for qualified electronic archiving services ( OJ L, 2025/2532, 17.12.2025, ELI: http://data.europa.eu/eli/reg_impl/2025/2532/oj ).

( 8 )   Commission Implementing Regulation (EU) 2025/1569 of 29 July 2025 laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards qualified electronic attestations of attributes and electronic attestations of attributes provided by or on behalf of a public sector body responsible for an authentic source ( OJ L, 2025/1569, 30.7.2025, ELI: http://data.europa.eu/eli/reg_impl/2025/1569/oj ).

( 9 )   Commission Implementing Regulation (EU) 2025/2531 of 16 December 2025 laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards reference standards and specifications for qualified electronic ledgers ( OJ L, 2025/2531, 17.12.2025, ELI: http://data.europa.eu/eli/reg_impl/2025/2531/oj ).

6 articles

Cite this act

Commission Implementing Regulation (EU) 2025/2530 of 16 December 2025 laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards requirements for qualified trust service providers providing qualified trust services (EUR-Lex). Retrieved via LawPlayer, https://lawplayer.com/eu/act/32025R2530

© European Union, https://eur-lex.europa.eu, 1998-2026. Reuse authorised under Commission Decision 2011/833/EU, provided the source is acknowledged.

EU-EurLex-Reuse-2011-833

本頁資料來源:EUR-Lex·整理提供:法律人 LawPlayer· lawplayer.com