Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (hereinafter – eIDAS Regulation) entered into application on 1st of July 2016. eIDAS Regulation introduced these types of qualified “Trust services”: creation of certificates for electronic signatures, electronic seals and website authentication, creation of electronic time stamps, verification and validation of electronic signatures and electronic seals, the preservation of electronic signatures or seals and electronic registered delivery services.
The Communications Regulatory Authority of the Republic of Lithuania was designated the national supervisory body for trust services and the body responsible for establishing, maintaining and publishing Lithuanian Trusted List by Resolution No 144 of 18 February 2016 of the Government of the Republic of Lithuania.
From 1 of July 2016, the supervisory body shall supervise qualified trust service providers established in the territory of the designating Member State and take action if necessary, in relation to non-qualified trust service providers established in the territory of the designating Member State.
Qualified trust service providers shall be audited at their own expense at least every 24 months by a conformity assessment body. Where trust service providers, without qualified status, intend to start providing qualified trust services, they shall submit to the supervisory body a notification of their intention together with a conformity assessment report issued by a conformity assessment body.
Qualified trust service providers may start providing the qualified trust service after the qualified status has been indicated in the trusted lists referred to in Article 22(1) of eIDAS Regulation.
Supervisory body shall take actions if necessary, in relation to non-qualified trust service providers through ex post supervisory activities, when informed that those non-qualified trust service providers or the trust services they provide allegedly do not meet the requirements laid down in eIDAS Regulation.