What are ETSI Trust Lists? How the EUDI Wallet Establishes Trust, Explained for 2026
The trust problem
In an ecosystem where millions of parties interact digitally, a fundamental question arises: how does one party know whether another is authorized to do what it claims? For example:
- A hospital verifying a patient's identity needs to know that the wallet presenting the credential is genuine
- A relying party accepting a driving licence needs to know that the issuer is recognized by the relevant authority
- A wallet needs to know that the service provider requesting its user's data is registered and legitimate
Answering these questions through direct, bilateral agreements between every pair of parties does not scale. With thousands of issuers, wallet providers, and relying parties across dozens of jurisdictions, something else is needed: an authoritative, machine-readable source of truth that says "these entities are approved, for this purpose, under this scheme".
This is what a trust list provides. This document covers how ETSI TS 119 602 defines trust lists for the EU digital identity ecosystem.
How trust lists work
A trust list is a signed, structured document published by a scheme operator, an authority responsible for assessing entities and maintaining a record of their approval status. Three parties are involved in any trust list ecosystem:
- A scheme operator defines the rules of the approval scheme, assesses entities against those rules, and publishes and maintains the trust list
- Trusted entities are organizations or individuals that have been assessed and approved under the scheme, and whose approval status is recorded in the list
- Relying parties consume the trust list to make automated trust decisions — verifying that an entity they are interacting with is currently approved for the relevant purpose
Structure
Every trust list contains three major parts:
Scheme information describes the list itself and the approval scheme under which it is published. This includes the identity and contact details of the scheme operator, the type of list, the territory in which the scheme applies, applicable policies, and the issue date and next planned update.
Trusted entities is the body of the list — a sequence of entries, each representing an entity recognized as trustworthy under the scheme. Each entry contains identifying information about the entity and one or more services, which define the specific scope for which the entity has been recognized. A wallet provider might have separate service entries for wallet issuance and wallet revocation, for example.
Digital signature authenticates the list. Every trust list is signed by the scheme operator, allowing consumers to verify the integrity and origin of the list before relying on its contents.
Profiles
Not all trust lists serve the same purpose. A profile is a defined set of constraints on the trust list data model, tailored to a specific scheme or use case. Profiles specify which fields are required, what values they must contain, and what service types are permitted.
Each profile is identified by a type URI carried in the scheme information of the list. This allows consuming software to identify what kind of list it is processing and apply the appropriate validation rules.
Lifecyle
Trust lists are not static. A scheme operator publishes a new version whenever the approval status of any entity changes — when a new entity is approved, or when an existing entity's approval is withdrawn. Each version carries a sequence number that increments with every publication and a next update date by which the operator must publish a fresh version at the latest, even if nothing has changed. This ensures that consumers can always determine whether the list they hold reflects the current state of the scheme.
Status
For most EU profile types, approval status is conveyed implicitly: presence
on the list means the entity is currently approved, and removal is how
approval is withdrawn. There is one notable exception — the Pub-EAA
providers profile uses explicit notified and withdrawn status values
against each service entry, and retains a full history of status changes.
This allows consumers to determine what the approval status of a Pub-EAA
provider was at any point in the past, not just at the current time.
Signatures
Every trust list is digitally signed by the scheme operator using an AdES Baseline B signature. The signing certificate identifies the scheme operator, allowing consumers to verify both the integrity of the list and the identity of the authority that published it. A list whose signature cannot be verified, or whose sequence number is lower than a previously seen version, should be rejected. Consumers should always verify the signature before relying on any content in the list.
Trust Lists in the EU Digital Identity Ecosystem
eIDAS and the EUDI Wallet
The European Union's revised electronic identification regulation, Regulation (EU) No 910/2014 (eIDAS), establishes a framework for digital identity across EU Member States. Central to this framework is the European Digital Identity (EUDI) Wallet — a standardized wallet application that citizens can use to hold and present digital credentials such as identity documents, diplomas, and professional qualifications.
For the EUDI Wallet ecosystem to function, all parties need a reliable way to establish the legitimacy of the entities they interact with. Wallet providers must be certified. Issuers of identity data must be authorized by Member States. Relying parties must be registered. Trust lists are the mechanism by which this authorization status is published in a standardized, machine-readable form — allowing every participant in the ecosystem to make automated trust decisions without needing prior knowledge of every other party.
EU Member States notify the European Commission when providers have been approved under eIDAS. That notification status is then published in trust lists conforming to ETSI TS 119 602, the standard that defines the data model and profiles for EU trust infrastructure.
Supported profile types
ETSI TS 119 602 defines a set of normative profiles for the different categories of entity that must be published under eIDAS. Each profile addresses a distinct part of the ecosystem:
| Profile | Description |
|---|---|
| PID Providers | Providers of person identity data — the foundational identity credentials issued to wallet users by Member States |
| Wallet Providers | Providers of certified wallet solutions approved for use in the EUDI ecosystem |
| WRPAC Providers | Providers of wallet-relying party access certificates, which allow relying parties to identify themselves to wallets |
| WRPRC Providers | Providers of wallet-relying party registration certificates, used in the registration of relying parties |
| Pub-EAA Providers | Public sector bodies authorized to issue electronic attestations of attributes on behalf of authentic sources |
| Registrars and Registers | Bodies responsible for registering wallet-relying parties and maintaining the registers of those registrations |
Together these lists form the trust backbone of the EUDI Wallet ecosystem. Any member of the ecosystem can refer to the relevant lists to verify the legitimacy of:
- Credential issuers
- Access and Registration Certificate Providers
- Wallet providers
Using ETSI trust lists with Procivis One
Procivis One implements ETSI TS 119 602 V1.1.1 with a JSON binding, supporting all six EU profile types defined in the specification. The platform supports both sides of the trust list ecosystem:
- Scheme operators can create, manage, and publish trust lists through the Procivis One API, with the platform enforcing the profile-specific requirements for each list type at publication time.
- Trust list consumers can resolve and validate trust lists, with signature verification handled by the platform.
For guidance on publishing and managing trust lists, see ETSI: Scheme Operators.