Scheme/community rules of the final EU UK TL
Prior to January 1st 2021, the United Kingdom was taking part in the common trusted list scheme established by Regulation (EU) 910/2014, hereafter referred to as the “eIDAS common TL scheme”. The present statement pertains strictly to the content and preservation of the last trusted list published by the UK under that eIDAS common TL scheme and does not concern any national trusted list managed by the UK post 2021-01-01 outside of that common scheme.
Under Regulation (EU) 910/2014, trusted lists are published by EU Member States in accordance with Commission Implementing Decision (EU) 2015/1505 on trusted list formats. In particular, the CID makes mandatory the format specified in ETSI TS 119 612 v2.1.1.
Clause 5.3.15 of the ETSI standard specifies the content of the “Next Update” field:
“It specifies the date and time by which, at the latest, an update of the TL will be made available by the scheme operator or be null to indicate a closed TL.
[…]
The difference between the 'Next update' date and time and the 'List issue date and time' shall not exceed six (6) months.
If a scheme ceases operations or halts publication of its TL, a final version shall be published with all services' status shown as "expired" (see Service current status) and this field set null”.
Following the withdrawal of the UK from the EU, UK left the eIDAS common TL scheme when the transition period ended on 31/12/2020.
The last trusted list published by UK under the eIDAS common TL scheme (hereafter the “last EU UK TL”) reflects that situation by setting the “Next Update” field to null, as specified in Clause 5.3.15 above.
This trusted list is the last trusted list issued by the UK under eIDAS and will remain unchanged. It is now published by the European Commission and is referenced in the EU LOTL for the sake of the availability of the historical information of the qualified status of UK QTSP/QTSs.
The last EU UK TL needs to be preserved in the long term to extend its trustworthiness beyond the technological validity period of its signature. On the other hand, machine-processability of that last EU UK TL has to be ensured, to avoid any impact to relying parties.
The trust in the signing certificates of the EU trusted lists is based on a direct trust model, where signing certificates of EU trusted lists are direct trust anchors to be notified to the European Commission, and may be self-signed.
Considering that Clause 5.7.1 of ETSI TS 119 612 v2.1.1 requires that “The format of the digital signature shall be XAdES BES or EPES as defined by ETSI TS 101 903”, the European Commission makes available to relying parties:
a) An archived (timestamped) version of the original last EU UK TL published in an ASiC-E container. This ASiC archive contains:
o the original last EU UK TL, i.e. signed by UK; together with
o the last EU LOTL published before 31/12/2020, as a proof of existence of the signing certificate of UK as a certificate notified to the European Commission;
o the first EU LOTL published after 31/12/2020, as a proof of continuity of the above on 31/12/2020; and
o a qualified timestamp covering all three (3) above XML files.
The ASiC archive will be regularly augmented with additional archival timestamps, to preserve the proof of existence of its original content.
b) A version of the last EU UK TL conformant to ETSI TS 119 612 v2.1.1 and signed by a European Commission signing certificate, to not impact the machine-processability of the last EU UK TL.
Both files are publically available:
- The signed version of the last EU UK TL described in point b) above can be retrieved by dereferencing the UK TL pointer present in the EU LOTL. The corresponding signing certificate is included in the said pointer.
- The archived version of the last EU UK TL described in point a) can be retrieved by:
o Retrieving the UK TL URI provided in the UK TL pointer of the EU LOTL;
o Replacing the string “.xml” by “-timestamped-archival.sce” in the UK TL URI retrieved in the point above;
o Dereferencing the new URI obtained by applying the replacement described in the point above.
In case of discrepancies between the content of the re-signed version of the last EU UK TL and the content of the original last EU UK TL contained in the ASiC-E archive, it is the content of the original archived TL that takes precedence.