On Oct. 28, 2025, EU CNCL issued implementing Reg 2025/2160 of Oct. 27, 2025 laying down rules for the application of Reg 910/2014 re reference standards, specifications and procedures for management of risks to non-qualified trust services.
Also issued implementing Dec 2025/2164 of Oct. 27, 2025 amending implementing Dec 2015/1505 as regards the version of the standard on which the common template for the trusted lists is based.
Date of effect for the implementing regulation and the implementing decision is Nov. 17, 2025; the implementing decision applies from Apr. 29, 2026.
Document dated Oct. 28 summarized on Nov. 3, 2025 due to problems accessing site.
On Jun. 20, EC consulted on risk management and trusted lists rules.
EC issued two consultations on the Eidas Regulation the Risk management procedures for non-qualified trust service providers (implementing act), as well as on Trusted lists (amendment to implementing act) that are both due to be adopted during Q2 2025.
Follows EC Apr. 2025 informed of initiative on decision on trusted lists, see #251646.
Also follows EC Apr. 2025 informed non-qualified trust service initiative, see #250000.
Risk Management
EU Regulation 910/2014 on electronic identification and trust services for electronic transactions requires non-qualified trust service providers to manage all of their legal, business, their operational and their other risks according to their service provision.
These requirements must include various measures on registration and onboarding procedures; procedural and administrative checks; management and implementation.
Implementing act establishes risk management rules for non-qualified trust providers.
Documentation is the Draft implementing decision Ares(2025)4939304 and its Annex.
Trusted Lists
EU Regulation 910/2014 on electronic identification and trust services for electronic transactions (the eIDAS Regulation) requires that each member State to keep a public list with all of the information on qualified trust service providers and their services.
The previous EC Implementing Decision 2015/1505 specifies this required information.
It is now being amended as regards newly introduced qualified trust services and the format of signatures or seals to be used by member States for their own trusted lists.
Documentation is the Draft implementing decision Ares(2025)4939259 and its Annex.
Effectiveness
The feedback period for both the consultations is from Jun. 20, 2025 to Jul. 18, 2025.
Oct. 2025 Official Journal
On Oct. 28, 2025, EU CNCL issued implementing Reg 2025/2160 of Oct. 27, 2025 laying down rules for the application of Reg 910/2014 re reference standards, specifications and procedures for management of risks to non-qualified trust services.
Also issued implementing Dec 2025/2164 of Oct. 27, 2025 amending implementing Dec 2015/1505 as regards the version of the standard on which the common template for the trusted lists is based.
Date of effect for the implementing regulation and the implementing decision is Nov. 17, 2025; the implementing decision applies from Apr. 29, 2026.
Document dated Oct. 28 summarized on Nov. 3, 2025 due to problems accessing site.
Regulators
EU CMSN
Entity Types
Corp
Reference
OJ L, 2025/2164, OJ L 2025/2162, 10/28/2025; CP, Dec Ares(2025)4939304, Dec Ares(2025)4939259, 6/20/2025; eIDAS Reg 910/2014; Dec 2015/1505; Citation: Reg 2025/2160; Dec 2025/2164;
Functions
Legal; Privacy; Product Administration; Product Design; Record Retention; Risk; Technology
