The European Commission has published the List of Trusted Lists (LOTL) at a new secure location, specified in the Official Journal of the European Union (link).

The eIDAS Regulation established a European legal framework for e-signatures, e-seals and the Trust Service Providers (TSPs) that offer related services. These qualified trust services are listed in national ‘trusted lists’ in all European Union and EEA Member States. Said lists, maintained and published by each Member State, can be browsed in a user-friendly way through the Trusted List Browser.

As stated in Article 22(4) of the eIDAS Regulation and in Article 4(3,4) of the Commission Implementing Decision 2015/1505/EU, the Commission makes available the information notified by the Member States, available in an XML document called the List of Trusted Lists or LOTL. The result is the EU Trust Backbone, composed of the LOTL and the different Member States' Trusted Lists, a critical common asset upon which electronic signatures in Europe rely.

In addition to the new secure location (the ‘LOTL location’), signing certificates of the LOTL (termed ‘LOTL-signing certificates’) announced in the last pivot LOTL (see below) have also been published in the OJEU. In this respect, the previous pivot LOTL will be removed from the LOTL (especially, from the <SchemeInformationURI> of the XML).

Relying parties should make sure that they have considered this new LOTL location and these LOTL-signing certificates in their solution (in order to verify the authenticity and integrity of the LOTL). Relying parties have 15 days (the duration of the transition period during which the LOTL is published at both the old and new locations) to take these changes into account. It is highly recommended to take these changes into account during the transition period rather than after it.

In the future, following the decision of the Commission to modify the LOTL location or the set of LOTL-signing certificates, the Commission may publish these modifications in the LOTL itself, as a machine-processable approach. Such an instance of the LOTL is referred to as a ‘pivot LOTL’, as it represents a pivot point in the historical values of the LOTL location and the LOTL-signing certificates. More information about the pivot LOTL mechanism can now be found at https://ec.europa.eu/tools/lotl/pivot-lotl-explanation.html.

Kind regards, 

The CEF eSignature team