General information about trusted lists under Regulation (EU) No 910/2014
Member States may include in the trusted lists information on non-qualified trust service providers, together with information related to the non-qualified trust services provided by them. It shall be clearly indicated that they are not qualified according to Regulation (EU) No 910/2014.
Member States may include in the trusted lists information on nationally defined trust services of other types than those defined under Article 3(16) of Regulation (EU) No 910/2014. It shall be clearly indicated that they are not qualified according to Regulation (EU) No 910/2014.
Trusted list of Norway
The present list is the trusted list including information related to the qualified trust service providers which are supervised by Norway, together with information related to the qualified trust services provided by them, in accordance with the relevant provisions laid down in Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC.
The cross-border use of electronic signatures has been facilitated through Commission Decision 2009/767/EC of 16 October 2009 which has set the obligation for Member States to establish, maintain and publish trusted lists with information related to certification service providers issuing qualified certificates to the public in accordance with Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures and which are supervised/accredited by the Member States. The present trusted list is the continuation of the trusted list established with Decision 2009/767/EC.
The CSPs issuing Qualified Certificates established in Norway must be supervised, for compliance with the provisions laid down in Law of 15 June 2001 no. 81 and the applicable regulation:
- The Electronic Signatures Act of 15 June 2001 no. 81
- The Regulation concerning requirements for issuer of qualified certificates etc. of 15 June 2001 no. 611
The Norwegian Communications Authority (Nkom) is the supervisory body according to the Electronic Signatures Act, section 17. A CSP shall notify of its operation immediately upon the start of issuing Qualified Certificates, and may not issue Qualified Certificates before such notification of registration has been sent to Nkom. Changes in information already registered and new information to be registered shall be reported to Nkom without undue delay.
Supervision will occur once there is a need for supervision, or there is reason to believe that the CSP does not comply with the legislation. Nkom may demand the information and documents to be needed to carry out its task, and may carry out on-site visit. Nkom may require an IT audit to be carried out at the premises of CSPs, and may appoint an auditor to carry out the audit. Nkom may also deprive a CSP of the right to use the designation ‘Qualified Certificate’ if the CSP seriously or repeatedly fails to comply with the rules laid down in the Act.
The Trusted List of Norway is established, maintained and published by Nkom and is available here:
The certificates for signing of the Trusted List of Norway: