
Article 1 
Decision 2009/767/EC is amended as follows:

1.. Article 2 is amended as follows:

((a)) paragraph 2 is replaced by the following:
'
2. Member States shall establish and publish both a human readable and a machine processable form of the trusted list in accordance with the specifications set out in the Annex.';
((b)) the following paragraph 2a is inserted:
'
2a. Member States shall sign electronically the machine processable form of their trusted list and they shall, as a minimum, publish the human readable form of the trusted list through a secure channel in order to ensure its authenticity and integrity.';
((c)) paragraph 3 is replaced by the following:
'
3. Member States shall notify to the Commission the following information:
(a) the body or bodies responsible for the establishment, maintenance and publication of the human readable and machine processable forms of the trusted list;
(b) the locations where the human readable and machine processable forms of the trusted list are published;
(c) the public key certificate used to implement the secure channel through which the human readable form of the trusted list is published or, if the human readable list is electronically signed, the public key certificate used to sign it;
(d) the public key certificate used to electronically sign the machine processable form of the trusted list;
(e) any changes to the information in points (a) to (d).';
((d)) the following paragraph 4 is added:
'
4. The Commission shall make available to all Member States, through a secure channel to an authenticated web server, the information, referred to in paragraph 3, as notified by Member States, both in a human readable form and in a signed machine processable form.';
2.. the Annex is amended as set out in the Annex to this Decision.
Article 2 
This Decision shall apply from 1 December 2010.
Article 3 
This Decision is addressed to the Member States.
Done at Brussels, 28 July 2010.
For the Commission
Michel BARNIER
Member of the Commission
ANNEX

The Annex to Decision 2009/767/EC is amended as follows:

1.. Chapter I is amended as follows:

((a)) the first and second sentences of the second paragraph are replaced by the following:
'The present specifications are relying on the specifications and requirements stated in ETSI TS 102 231 v.3.1.2. When no specific requirement is stated in the present specifications, requirements from ETSI TS 102 231 v.3.1.2 SHALL apply entirely.';
((b)) the second paragraph of section ‘TSL tag (clause 5.2.1)’ is deleted;
((c)) the paragraph following the section title ‘TSL sequence number (clause 5.3.2)’ is replaced by the following:
'This field is REQUIRED. It SHALL specify the sequence number of the TSL. Starting from “1” at the first release of the TSL, this integer value SHALL be incremented at each subsequent release of the TSL. It SHALL NOT be recycled to “1” when the “TSL version identifier” above is incremented.';
((d)) the first paragraph following the section title ‘TSL type (clause 5.3.3)’ is replaced by the following:
'This field is REQUIRED specifying the type of TSL. It SHALL be set to http://uri.etsi.org/TrstSvc/eSigDir-1999-93-EC-TrustedList/TSLType/generic (Generic).';
((e)) the third paragraph following the section title ‘TSL type (clause 5.3.3)’ is replaced by the following:
'URI: (Generic) http://uri.etsi.org/TrstSvc/eSigDir-1999-93-EC-TrustedList/TSLType/generic';
((f)) the second sentence of the second paragraph following the section title ‘Scheme operator name (clause 5.3.4)’ is replaced by the following:
'It is up to each Member State to designate the Scheme operator of the TSL implementation of the Member State TL.';
((g)) the fourth paragraph following the section title ‘Scheme operator name (clause 5.3.4)’ is replaced by the following:
'The named Scheme Operator (clause 5.3.4) is the entity who will sign the TSL.';
((h)) the fourth indent following the section title ‘Scheme name (clause 5.3.6)’ is replaced by the following:
' “EN_name_value”Supervision/Accreditation Status List of certification services from Certification Service Providers, which are supervised/accredited by the referenced Member State for compliance with the relevant provisions laid down in Directive 1999/93/EC and its implementation in the referenced Member State’s laws.';
((i)) the first paragraph following the section title ‘Service type identifier (clause 5.5.1)’ is replaced by the following:
'This field is REQUIRED and SHALL specify the identifier of the service type according to the type of the present TSL specifications (i.e. “/eSigDir-1999-93-EC-TrustedList/TSLType/generic”).';
((j)) the fifth indent following the section title ‘Service current status (clause 5.5.4)’ is replaced by the following:
'
— Accredited (http://uri.etsi.org/TrstSvc/eSigDir-1999-93-EC-TrustedList/Svcstatus/accredited);';
((k)) the ninth indent following the section title ‘Service current status (clause 5.5.4)’ is replaced by the following:
'— Supervision of Service in CessationThe service identified in “Service digital identity” (clause 5.5.3) provided by the CSP identified in “TSP name” (clause 5.4.1) is currently in a cessation phase but still supervised until supervision is ceased or revoked. In the event a different legal person than the one identified in “TSP name” has taken over the responsibility of ensuring this cessation phase, the identification of this new or fallback legal person (fallback CSP) SHALL be provided in “Scheme service definition URI” (clause 5.5.6) and in the “TakenOverBy” extension (clause L.3.2) of the service entry.';
((l)) the fifth paragraph following the section title ‘Service information extensions (clause 5.5.9)’ is replaced by the following:
'In the context of an XML implementation, the specific content of such additional information has to be coded using the xsd files provided in Annex C of ETSI TS 102 231.';
((m)) the section entitled ‘Service digital identity (clause 5.6.3)’ is replaced by the following:
'
This field is REQUIRED and SHALL specify at least one representation of the digital identifier (i.e. X.509v3 certificate) used in “TSP Service Information — Service digital identity” (clause 5.5.3) with the format and meaning as defined in ETSI TS 102 231, clause 5.5.3.
Note: For an X.509v3 certificate value used in the “Sdi” clause 5.5.3 of a service, there must be only one single service entry in a Trusted List per “Sti:Sie/additionalServiceInformation” value. The “Sdi” (clause 5.6.3) information used in the service approval history information associated to a service entry and the “Sdi” (clause 5.5.3) information used in this service entry MUST relate to the same X.509v3 certificate value. When a listed service is changing its “Sdi” (i.e. renewal or rekey of an X.509v3 certificate for e.g. a CA/PKC or CA/QC) or creating a new “Sdi” for such a service, even with identical values for the associated “Sti”, “Sn”, and [“Sie”], it means that the Scheme Operator MUST create a different service entry than the previous one.';
((n)) the section entitled ‘Signed TSL’ is replaced by the following:
'
The human readable TSL implementation of the Trusted List, established under the present specifications and in particular Chapter IV, SHOULD be signed by the “Scheme operator name” (clause 5.3.4) to ensure its authenticity and integrity. The format of the signature SHOULD be PAdES part 3 (ETSI TS 102 778-3) but MAY be PAdES part 2 (ETSI TS 102 778-2) in the context of the specific trust model established through the publication of the certificates used to sign the Trusted Lists.

The machine processable TSL implementation of the Trusted List, established under the present specifications, SHALL be signed by the “Scheme operator name” (clause 5.3.4) to ensure its authenticity and integrity. The format of the machine processable TSL implementation of the Trusted List, established under the present specifications, SHALL be XML and SHALL comply with the specifications stated in Annexes B and C of ETSI TS 102 231.

The format of the signature SHALL be XAdES BES or EPES as defined by ETSI TS 101 903 specifications for XML implementations. Such electronic signature implementation SHALL meet requirements as stated in Annex B of ETSI TS 102 231. Additional general requirements regarding this signature are stated in the following sections.
';
((o)) the second paragraph after the section title ‘Scheme identification (clause 5.7.2)’ is replaced by the following:
'In the context of the present specifications the assigned reference SHALL include the “TSL type” (clause 5.3.3), the “Scheme name” (clause 5.3.6) and the value of the SubjectKeyIdentifier extension of the certificate used by the Scheme operator to electronically sign the TSL.';
((p)) the second paragraph following the section title ‘additionalServiceInformation Extension (clause 5.8.2)’ is replaced by the following:
'Dereferencing the URI SHOULD lead to human readable information (as a minimum in EN and potentially in one or more national languages) which is deemed appropriate and sufficient for a relying party to understand the extension, and in particular explaining the meaning of the given URIs, specifying the possible values for serviceInformation and the meaning for each value.';
((q)) the section entitled ‘Qualifications Extension (clause L.3.1)’ is replaced by the following:
'
DescriptionThis field is OPTIONAL but SHALL be present when its use is REQUIRED, e.g. for RootCA/QC or CA/QC services, and when

— the information provided in the “Service digital identity” is not sufficient to unambiguously identify the qualified certificates issued by this service,
— the information present in the related qualified certificates does not allow machine-processable identification of the facts about whether or not the QC is supported by an SSCD.When used, this service level extension MUST only be used in the field defined in “Service information extension” (clause 5.5.9) and SHALL comply with specifications laid down in Annex L.3.1 of ETSI TS 102 231.
';
((r)) after section ‘Qualifications Extension (clause L.3.1)’, section TakenOverBy Extension (clause L.3.2) is inserted as follows:
'
DescriptionThis extension is OPTIONAL but SHALL be present when a service that was formerly under the legal responsibility of a CSP is taken over by another TSP and is meant to state formally the legal responsibility of a service and to enable the verification software to display to the user some legal detail. The information provided in this extension SHALL be consistent with the related use of clause 5.5.6 and SHALL comply with specifications in Annex L.3.2 of ETSI TS 102 231.
';
2.. Chapter II is replaced by the following:
'
CHAPTER II When establishing their Trusted Lists, Member States will use:

 Language codes in lower case and country codes in upper case;
 Language and country codes according to the Table provided here below.
When a Latin script is present (with its proper language code) a transliteration in Latin script with the related language codes specified in the Table below is added.

Short name(source language) Short name(English) Country Code Language Code Notes Transliteration in Latin script
Belgique/België Belgium BE nl, fr, de  
България Bulgaria BG bg  bg-Latn
Česká republika Czech Republic CZ cs  
Danmark Denmark DK da  
Deutschland Germany DE de  
Eesti Estonia EE et  
Éire/Ireland Ireland IE ga, en  
Ελλάδα Greece EL el Country code recommended by EU el-Latn
España Spain ES es also Catalan (ca), Basque (eu), Galician (gl) 
France France FR fr  
Italia Italy IT it  
Κύπρος/Kıbrıs Cyprus CY el, tr  el-Latn
Latvija Latvia LV lv  
Lietuva Lithuania LT lt  
Luxembourg Luxembourg LU fr, de, lb  
Magyarország Hungary HU hu  
Malta Malta MT mt, en  
Nederland Netherlands NL nl  
Österreich Austria AT de  
Polska Poland PL pl  
Portugal Portugal PT pt  
România Romania RO ro  
Slovenija Slovenia SI sl  
Slovensko Slovakia SK sk  
Suomi/Finland Finland FI fi, sv  
Sverige Sweden SE sv  
United Kingdom United Kingdom UK en Country code recommended by EU 
Ísland Iceland IS is  
Liechtenstein Liechtenstein LI de  
Norge/Noreg Norway NO no, nb, nn  

'
3.. Chapter III is deleted;
4.. in Chapter IV, the following indent is inserted after the introductory phrase ‘The content of the PDF/A based HR form of the TSL implementation of the Trusted List SHOULD comply with the following requirements:’:
'
— The title of the Human readable form of Trusted Lists shall be constructed as the concatenation of the following elements:

— Optional picture of the Member State national flag;
— Blank space;
— Country Short Name in source language(s) (as provided in the first column of Chapter II Table);
— Blank space;
— “(”;
— Country Short Name in English (as provided in the second column of Chapter II Table) inside the parenthesis;
— “):” as closing parenthesis and separator;
— Blank space;
— “Trusted List”;
— Optional logo of the Member State Scheme Operator.'
