Swiss Trusted List of trust service providers and their services


Scope and context of the Swiss Trusted List

Trusted lists are essential elements in building trust among electronic market operators by allowing users to determine the qualified status and the status history of trust service providers and their services.
The Swiss Trusted List allows users of certification services and interested parties to determine the qualified status and the status history of trust service providers and their services.
The Swiss Trusted List includes information related to the qualified trust service providers (TSPs) which are recognised and supervised in Switzerland, together with information related to the qualified trust services provided by them, in accordance with the relevant provisions laid down in the Federal Act of 18 March 2016 on Electronic Signatures (SR 943.03).
The Swiss Trusted List includes only recognised TSPs and only their services that meet the requirements (see section Rules for assessment of the listed services below).
The Swiss Accreditation Service (SAS) is responsible for publishing the Swiss Trusted List.
The Swiss Trusted List is available in a machine-readable format (XML) via the following link https://trustedlist.tsl-switzerland.ch/tsl-ch.xml. A human-readable list (PDF file) of recognised TSPs is available on the webpage https://www.sas.admin.ch/sas/en/home/akkreditiertestellen/akkrstellensuchesas/pki1.html.

Description and information about the national recognition and supervision scheme

In order to issue regulated and qualified certificates within the meaning of the Federal Act of 18 March 2016 on Electronic Signatures (SR 943.03), trust service providers must first be recognised in accordance with the conditions laid down in the act, ordinance and technical and administrative regulations on electronic signatures (see section Rules for assessment of the listed services below). After recognition, the trust service providers are supervised to ensure that the provided trust services continue to meet the requirements.
The Federal Office of Justice (FOJ) https://www.bj.admin.ch/bj/en/home.html and the Federal Office of Communications (OFCOM) https://www.bakom.admin.ch/bakom/en/homepage.html set the requirements.
The accredited recognition body is in charge of recognition and supervision of the TSPs in accordance with the conditions laid down in the Federal Act of 6 October 1995 on Technical Barriers to Trade (SR 946.51) and the corresponding implementing provisions. The assessment procedures comply with the rules of the ISO/IEC 17021 standard. The recognition body is responsible for granting and withdrawing the qualified status for TSPs. KPMG Ltd https://home.kpmg/ch/en/home.html is currently the only accredited recognition body.
The Swiss Accreditation Service (SAS) https://www.sas.admin.ch/sas/en/home.html accredits the recognition bodies in accordance with the provisions of the Accreditation and Designation Ordinance of 17 June 1996 (SR 946.512). The SAS is responsible for publishing the list of recognised TSPs. The SAS establishes, maintains and publishes the Trusted List in collaboration with the Federal Office of Communications (OFCOM).

Rules for assessment of the listed services

TSPs and their services included in the Swiss Trusted List are assessed against the provisions laid down in:
-the Federal Act of 18 March 2016 on Certification Services in the Area of the Electronic signature and other digital certificate applications (Federal Act on Electronic Signatures, SR 943.03),
-the Ordinance on Certification Services in the Area of the Electronic signature and other digital certificate applications (Ordinance on Electronic Signatures, SR 943.032),
-the technical and administrative regulations on Certification Services in the Area of the electronic signatures and other digital certificate applications.
The links to these documents are published on https://www.bakom.admin.ch/bakom/en/homepage/digital-switzerland-and-internet/digital-communication/electronic-signature.html

Interpretation of the Trusted List

The trust service provider is identified by the TSP information field values. The trust service is identified by the Service Name and the Service Digital Identity field values. The Swiss Trusted List includes only recognised TSPs and only their services that meet the abovementioned requirements (see section Rules for assessment of the listed services above).
The Trusted List includes both current and historical information about the status of the listed trust services. The qualified status of a trust service is indicated by the combination of the Service Type Identifier value in a service entry and the status according to the Service Current Status field value as from the date indicated in the Current Status Starting Date and Time field.
In the context of the Swiss Trusted List the following identifiers expressed as URIs apply:

https://uri.tsl-switzerland.ch/TrstSvc/TrustedList/Svcstatus/granted
indicates that following ex ante and active approval activities, in compliance with the provisions laid down in the Swiss Federal Act on Electronic Signatures, the accredited recognition body in charge of recognition and supervision of the TSPs in Switzerland has granted the "recognised" status to the trust service identified in "Service digital identity", and to the trust service provider identified in "TSP name" for the provision of that service. The "recognised" status corresponds to the "qualified" status granted by the European supervisory bodies.

https://uri.tsl-switzerland.ch /TrstSvc/TrustedList/Svcstatus/withdrawn
indicates that the "recognised" status previously granted in compliance with the provisions laid down in the Swiss Federal Act on Electronic Signatures has been withdrawn by the accredited recognition body in charge of recognition and supervision of the TSPs in Switzerland from the trust service being identified in "Service digital identity", and from its trust service provider identified in "TSP name" for the provision of that service.

A "CA/QC" "Service type identifier" ("Sti") entry (possibly further qualified as being a "RootCA-QC" through the use of the appropriate "Service information extension" ("Sie") additionalServiceInformation Extension) indicates that any end-entity certificate issued by or under the CA represented by the "Service digital identifier" ("Sdi") CA's public key and CA's name (both CA data to be considered as trust anchor input), is a qualified certificate (QC) provided that it includes the id-etsi-qcs-QcCompliance ETSI defined statement (id-etsi-qcs 1) and provided this is ensured by the Recognition Body through the valid service status recognised in Switzerland.

"Service digital identifiers" are to be used as Trust Anchors in the context of validating electronic signatures or seals for which signer's or seal creator's certificate is to be validated against TL information, hence only the public key and the associated subject name are needed as Trust Anchor information. When more than one certificate are representing the public key identifying the service, they are to be considered as Trust Anchor certificates conveying identical information with regard to the information strictly required as Trust Anchor information. The general rule for interpretation of any other "Sti" type entry is that, for that "Sti" identified service type, the listed service named according to the "Service name" field value and uniquely identified by the "Service digital identity" field value has the current qualified or approval status according to the "Service current status" field value as from the date indicated in the "Current status starting date and time".

The list is drawn up in accordance with the specification ETSI TS 119 612 (available in the Standards section of https://www.etsi.org/). Please refer to this specification for further information concerning the meaning of the field values.

Authenticity and updates of the trusted list

The authenticity of the Trusted list can be checked by verifying the digital signature on the list using the corresponding verification certificate. You can download the certificate in either binary (DER) or text (Base64 encoded) format. The certificate thumbprint is e8 63 83 62 51 30 bd f0 1e 42 a3 17 65 01 e0 79 26 1b 13 7f.

The existence of a new version of the Trusted list can be determined by checking the SHA256 digest value of the published trusted list.


Contact information

Swiss Accreditation Service (SAS) https://www.sas.admin.ch/sas/en/home/ueberuns/kontakt.html
KPMG Ltd.  https://home.kpmg/ch/en/home/misc/contact.html
Federal Office of Justice (FOJ) https://www.bj.admin.ch/bj/en/home/das-bj/kontakt.html
Federal Office of Communications (OFCOM) https://www.bakom.admin.ch/bakom/en/homepage/ofcom/contact.html