EU Trust List: choosing a qualified signature provider for INPI

The EU Trust List (or "European Trust List") is a public list of Qualified Trust Service Providers established by the European Commission under EU eIDAS Regulation 910/2014. It plays a fundamental role in INPI signature: only providers listed there can issue a qualified signature accepted by the Guichet Unique.

What is the EU Trust List?

The EU Trust List is a federated database of all Qualified Trust Service Providers (QTSPs) operating in the European Union. Each Member State maintains its own national trust list, audited and consolidated by the European Commission.

For France: the list is maintained by ANSSI (Agence nationale de la sécurité des systèmes d'information).
European federation: aggregated by the European Commission and accessible at eidas.ec.europa.eu/efda/tl-browser.
Update frequency: continuous, with regular audits of providers.

To be listed, a provider must:

Pass an independent compliance audit against the eIDAS standard.
Implement secure infrastructures (Hardware Security Modules certified Common Criteria).
Have an audited identity verification process (PVID journey for France).
Maintain certificate revocation lists (CRL/OCSP) accessible 24/7.

Why does INPI verify the EU Trust List?

When you upload a qualified-signed PDF to the Guichet Unique, INPI cryptographically reads the signature and extracts the issuer certificate. It then checks if that certificate matches an entry in the EU Trust List.

If yes:

The signature is technically compliant with the eIDAS qualified level.
The signer was identified through an audited PVID journey.
The certificate is currently valid (not revoked).
The Guichet Unique accepts the formality.

If no:

The signature is, at most, advanced (or simple).
The Guichet Unique automatically refuses the formality.

This verification is automatic, instantaneous, and not negotiable. It's the very technical foundation of INPI signature security.

French qualified providers (April 2026)

Main French providers listed on the EU Trust List for qualified electronic signature in 2026:

Cryptolog International (commercial brand: Universign, Signaturit Group) — listed since 2016. Used by SignerSynthèse.fr.
Certigna (Tessi Group) — physical certificate provider, USB tokens.
Certinomis (Docaposte Group) — qualified certificate provider.
Certeurope (subsidiary of Oodrive) — certificate provider for businesses.
ChamberSign — chamber of commerce signature service.
DocuSign Europe — for advanced and qualified plans (via European partnerships).
Yousign — via partnership with a French QTSP.
OpenTrust / IDnomic (subsidiary of Atos) — certificate provider for businesses.

This list is non-exhaustive and evolves. Verify the exact status before any commitment.

How to verify a provider's status on the EU Trust List?

Concrete procedure:

Go to eidas.ec.europa.eu/efda/tl-browser.
Select country: "France" (or another EU country).
The complete list of qualified providers for that country is displayed.
Click on a provider to see qualified services (eSignature, eSeal, Time Stamp, etc.).
Check that the provider has Qualified certificate for electronic signature (QCertESig) as an active service.

If the provider doesn't appear there, it's not qualified. Period.

To remember Self-claimed "qualified" labels mean nothing. Only the EU Trust List makes faith. A provider claiming "qualified" without being listed there is technically incorrect at best, deceptive at worst.

How to verify your signed PDF?

If you've already received a signed PDF and want to verify it's truly qualified:

Open the PDF in Adobe Acrobat Reader (free).
Click the signature pencil at the top of the document.
The "Signatures" panel opens.
Click on your signature → "Signature properties" → "Show certificate".
In the certificate, check:
- "Issuer": should match a listed QTSP.
- "OID" or "Object Identifiers": should contain QC (Qualified Certificate) markers.
- "Validity": certificate must not be expired.

If everything is fine, you can be confident: the signature will be accepted by INPI.

Sign with a verified provider on the EU Trust List.

Universign (Cryptolog International), our technical partner, is listed since 2016. €29 ex. VAT, 2 minutes, 100% INPI acceptance.

Sign my summary →

What happens if a provider loses qualified status?

It's rare in France (ANSSI controls are strict), but it can happen — for example, after a security incident or non-compliance.

Signatures already issued: remain valid. The certificate stays usable for verification.
New signatures: cannot be issued anymore.
Indication on the Trust List: the provider's status changes from "Granted" to "Withdrawn".

For safety, periodically check the status of your provider, especially if you sign critical documents.

Mutual European recognition

The eIDAS regulation requires mutual recognition of qualified signatures between EU member states. A signature issued by a German, Spanish or Italian provider listed on the EU Trust List has the same legal value as a signature from a French provider, and will be accepted by the INPI Guichet Unique.

In practice, the convenience of having a French-language identity journey leads most users to choose a French provider. But the principle of mutual recognition is fundamental and warranted.

FAQ

Are all listed providers equivalent?

Cryptographically yes (all comply with the same eIDAS qualified level). In practice, they differ in user journey, pricing, identity check method (PVID at distance vs face-to-face) and target market.

Can I sign with a non-EU provider?

No. Only EU member state Trust Lists are recognised by INPI. A provider from the UK, Switzerland or USA, even very serious, is not accepted (unless it has subsidiaries in the EU listed on a national Trust List).

Where to verify the status of Universign?

Search "Cryptolog International" on the French Trust List. You'll find it in the list of Qualified Trust Service Providers since 2016.

Can a provider's status change quickly?

Compliance audits are scheduled (annually or biennially). Between audits, status remains stable. Sudden changes (suspension, withdrawal) are rare and well-publicised.

Conclusion

The EU Trust List is the official seal of trust for qualified electronic signature in Europe. For your French INPI formality, only signatures issued by a provider listed there are accepted. Always verify before committing to a paid service: a "qualified" signature outside the EU Trust List is, at best, advanced — and refused by INPI.