QTSP Membership Programme

QTSPs are regulated (Qualified) to provide trusted digital certificates under the electronic Identification and Signature (eIDAS) regulation. PSD2 requires specific types of eIDAS certificates to be issued.

Open Banking Exchange Europe runs an engagement group of QTSPs that offer these PSD2 compliant certificates.

This group aims to help the financial world meet the electronic security world by addressing common issues.

eIDAS Documents

A summary of the existing technology framework that is already in place in order to use certificates for website authentication and identity verification and enable secure Access to Account (XS2A) services in Europe, as required under the revised Payment Services Directive (PSD2).  To find out more, contact us.

The answers to common questions about the use of Qualified certificates to support secure communications between payment services under PSD2 and their related Regulatory Technical Standards (RTS). To find out more, contact us.

Actalis S.p.A*Global Sign
ANF Autoridad de CertificaionHarica*
Aruba PECInfocert
CamerfirmaLuxTrust S.A
D-trustPrvní certifikační autorita

Get the full list of our authorised QTSPs

PSD2 Compliant QTSPs

To the left is a list of QTSPs who are offering PSD2 certificates, and further information about where to contact the QTSP. The aim of this page is to help Payment service providers who are looking for suppliers of eIDAS certificates for PSD2 to find out who is supplying them, and how to contact them.

By PSD2 qualified certificates we mean qualified certificates (QWACs or QSEALCs) that are issued in compliance with ETSI TS119495 for the purposes of identification or PSPs within PSD2 access to account, as referenced in Article 34 of the Regulatory Technical Standards on Strong Customer Authentication and Common and Secure Communications.

Open Banking Exchange Europe is not a supervisor or certification body in relation to QTSPs and the information is based on their own statements about capabilities and services. All QTSPs listed are found in the EU trusted list, but Open Banking Exchange Europe is not responsible for the accuracy of the information.


The PSD2 RTS on strong customer authentication and Common and secure communication require that Qualified eIDAS certificates are used for identification of TPPs and ASPSPs.

Qualified certificates are issued by Qualified Trusted Service Providers (QTSPs) as described in the eIDAS regulation, and further described within various ETSI standards.

ETSI have published specific standards to support PSD2 compliant eIDAS certificates.

eIDAS Data Requirements

Data Required in PSD2 eIDAS Certificates According to the RTS

Required PSD2 Data (EBA/EC)

November 2017
Data Element
Data Format
Data Source(s)
Data Profile Location
For the purpose of this Regulation, the  registration number as referred to in the official records in accordance with Annex III (c) or Annex IV (c) to Regulation (EU) No. 901/2014 shall be the authorisation number of the PSP issuing card-based payment instruments, the Account Information Service Providers (AISP) and Payment Initiation Service Providers (PISP), including Account Servicing Payment Service Providers (ASPSP) providing such services, available in the public register of the home Member State pursuant to Art. 14 of Directive (EU) 2015/2366 or resulting from the notifications of every authorisation granted under Art. 8 of Directive 2013/36/EU of the European Parliament and of the Council in accordance with Article 20 of that Directive.
Authorisation No. of PSP


As provided from Source
MSCA PSD2 Register

EU 2015/2366 Art. 14


National Credit Institutions Registers

2013/36/EU Art. 8


EU 910/2014, Annex III – Field (c)


EU 910 2014, Annex Iv – Field (c)

For the purposes of this Regulation, qualified certificates for electronic seals or for website authentication referred to in paragraph 1 shall include, in a language customary in the sphere of international finance, additional specific attributes in relation to each of the following:

a) the role of the PSP, which maybe one or more of the following:

  • account servicing;
  • payment initiation;
  • account information;
  • issuing of card-based payment instruments;
PSD2 Role(s) of PSP


Not SpecifiedNot Specified

Not Specified


Not Specified

b) the name competent authorities where the PSP is registered.
Name of Home Competent Authority
Not SpecifiedNot Specified

Not Specified


Not Specified

ETSI eIDAS PSD2 Standard

At its plenary meeting of the 10th October 2017, the European Telecommunications Standards Institute (ETSI) agreed to create a standard for PSD2 eIDAS certificates, in accordance with the EBA RTS.

The new European Telecommunications Standards Institute (ETSI) PSD2 standards were developed by Open Banking Europe.

  1. Details of the background discussions we had with ETSI for the ratification of PSD2 standards request is here.
  2. The final standard ETSI TS 119 495 is here.
  3. For those who wish to know more, a day long event was held that describes the various aspects of PSD2 and eIDAS. Video and presentations of the event are available here.

The EC QTSP List

As per Article 5 of eIDAS,  Trust Services Providers can freely passport their services within the EU without the need for passporting.

The official list of Qualified Trust Service Providers (QTSPs) in the European Union can be found here.

The Limits of an eIDAS Certificate

The process of revocations (and its link to NCA’s) is accurately described on page 44 of the ERPB report which has a clear position.

The industry will use:

  • The eIDAS certificate for Identification.
  • The NCA registers for Authorisation.

Considering that the NCA is not obliged to inform the QTSP, and the QTSP is not obliged to check the NCA register, it is clear that although we can trust the certificates for Identification, in the case that an NCA has withdrawn a license and the certificate has not yet been revoked, there is a period when the roles in the certificate will not be accurate. In the case that anybody wishes to check the up to date role of an ASPSP, then they must look at the Home NCA of that entity.

As there will be 31 NCA’s, this raises the need for a machine readable, standardised repository of TPP
details, as published by NCAs (Recommendation #7).

Become a Member

Please fill in the form below to register your interest in joining our OBE Membership programme with us and a member of our team will contact you shortly.

Please note: fields marked with * are mandatory

On submission of this form you will be sharing your personal data with OBE S.A.S. and its partners. We will process such information for the purposes of reviewing and responding to your request. For more information on how we will process your data and your rights in relation to your data, please review our privacy policy.