In the Official Gazette no. 81 of February 2, 2026, Order MEDAT 102/2026 was published, regulating the procedures for trust service providers, both qualified and non-qualified. The document establishes the operational, institutional, and technical framework for granting, suspending, and revoking the status of qualified trust service provider, in accordance with Law no. 214/2024 and Regulation (EU) No. 910/2014 on electronic identification and trust services.
The procedure applies to all legal entities requesting this status and to those already qualified, subject to evaluation and supervision by ADR – the Romanian Authority for Digitalization. ADR is responsible for granting, suspending, or revoking the status, ensuring that providers comply with legal requirements and requesting corrective measures in case of non-compliance.
To obtain qualified status, the applicant must submit to ADR, at least 30 days before starting operations, a notification along with complete documentation, including a conformity assessment report, security plan, service architecture, financial evidence, continuity plan, and other relevant documents, according to the annexes of the Order. All documents must be signed and submitted in original form.
ADR reviews the documentation within 30 days and, if all conditions are met, the provider is listed in the Trusted List and receives the status of qualified trust service provider. Conformity assessments are carried out at intervals of no more than 24 months, and providers must retain information and traceability of qualified certificates for 10 years, ensuring long-term validity of electronic signatures.
In the event of suspension or revocation of the status, ADR informs the provider and the competent authorities, ensuring the revocation of issued digital certificates or the takeover of activities by another provider, to protect end-users.