Skip to main content

User Guide

The Trusted List Hosting Service from IDunion is a specialized cloud service that enables public and private organizations to create and operate trust lists in line with eIDAS 2.0 (Regulation (EU) 2024/1183). It addresses the fundamental problem of low trust in digital identities and in business information shared online, which in globally connected industries leads to high verification effort, inefficient processes and increased business risk. By providing a standards‑compliant trust anchor within a secure, decentralized environment of EU Business Wallets and Verifiable Credentials, the service supports automated, fraud‑resistant and user‑friendly digital interactions.

Purpose and target groups

The service serves as the technical and organizational foundation for defining, managing and publishing trusted lists. Trust Ecosystem Authorities can use it to establish formal trust environments according to EU standards and invite trusted companies to join these environments. By onboarding to such a list, issuers of so-called Electronic Attestations of Attributes (EAA) can demonstrably increase confidence in the certificates they issue, as both the intended holders of information and the sources of that information can be proven cryptographically. This significantly reduces fraud risk. Verifiers benefit from the ability to automatically check whether a company is part of a given trusted list and whether the underlying trust relationships are current and valid, enabling streamlined and more reliable verification processes.

Scope of services and functions

The core capability of the service is the creation and operation of trusted lists managed by an Ecosystem Authority. Trusted companies may get invited or request to be onboarded to these lists and thereby become part of a defined ecosystem that is controlled by the Ecosystem Authority. All users can have their online identity confirmed by a qualified trust service (This service is currently being set up and will initially be available only in selected European regions). The service is available both via a user‑friendly graphical interface (GUI) and via an API, allowing manual use as well as deep integration into existing systems and workflows.

Key Benefits

Within this secure, decentralized and regulated environment of EU Business Wallets and Verifiable Credentials, processes can be automated and simplified, leading to operational savings and leaner workflows. Users benefit from an improved experience. They gain access to services using their own or their companies digital identity without having to maintain dozens of static passwords. They can rely on consistent, simplified data exchange and identity processes. Organizations that either create their own trusted list or onboard to an existing one can demonstrate robust protection of data and secure digital communications, strengthening their brand as one that takes security and authenticity seriously. Increased confidence in identity, data management and relationship management practices can in turn support higher customer spending and stronger long‑term relationships, and for industries subject to data security, privacy, protection or portability regulations, compliance tasks can become easier, faster and more resilient.

Creating a new trusted list as an Ecosystem Authority

How do I create a new trusted list?

  1. Log in with your EU Business Wallet or register for an account. [Screenshot]
  2. After logging in, select “Create trusted list”. [Screenshot]
  3. Enter a name and description for your trusted list. [Screenshot]
  4. Fill in the required data about your organization. [Screenshot]
  5. Click “Continue”. A Certificate Signing Request (CSR) is created automatically. Alternatively, you can upload a CSR you created yourself. The data you entered is digitally signed. For more details, see Key Management.
  6. A success message confirms that your trusted list has been created. [Screenshot]

Inviting organizations to join your trusted list

How do I invite others to join my trusted list?

  1. Open your trusted list in the dashboard.
  2. Enter the company name and the contact e‑mail address. [Screenshot]
  3. Click “Send invitation”. [Screenshot]
  4. The recipient is informed about your invitation by e‑mail and can start the onboarding process from there.

Approving onboarding requests

How do I approve an onboarding request?

  1. You receive an e‑mail notification when a new onboarding request is submitted.
  2. Go to your dashboard and open the pending onboarding request. [Screenshot]
  3. Review the organization’s details.
  4. Click “Approve” to onboard the organization or “Reject” to decline the request. [Screenshot]

De‑listing organizations

How can I de‑list a legal entity from my trusted list?

  1. Open your trusted list in the dashboard.
  2. Locate the organization you want to remove.
  3. Choose “De‑list” and confirm the removal.
  4. Choose "Update Trusted List".
  5. The organization’s status is updated, and verifiers will no longer see it as an active member of this trusted list.

Onboarding to a trusted list

How can I onboard to a trusted list?

There are two options:

  • Onboarding via invitation
  • Onboarding by submitting a request

Onboarding via invitation

  1. Open the invitation you received by e‑mail and follow the link.
  2. Log in with your EU Business Wallet or register for an account. [Screenshot]
  3. Fill in the required data about your organization. [Screenshot]
  4. Click “Continue”. A Certificate Signing Request (CSR) is created automatically, or you can upload your own CSR. The data you entered is digitally signed (please note: This is not a signature in the legal sense.). For more details, see Key Management.
  5. You receive a confirmation that your onboarding request is under review. [Screenshot]
  6. Wait for the Ecosystem Authority to approve or reject your request. You will be notified of the result via e‑mail.

Onboarding by request (without invitation)

  1. Go to (URL) and search for the trusted list you want to join. [Screenshot]
  2. Select the trusted list and click “Onboard”. [Screenshot]
  3. Fill in the required data about your organization. [Screenshot]
  4. Click “Continue”. A Certificate Signing Request (CSR) is created automatically, or you can upload your own CSR. The data you entered is digitally signed (please note: This is not a signature in the legal sense.) For more details, see Key Management.
  5. You receive a confirmation that your onboarding request is under review. [Screenshot]
  6. Wait for the Ecosystem Authority to approve or reject your request. You will be notified of the result via e‑mail.

Managing organization data

How can I change my organization’s data?

  1. Log in and open your organization profile or settings.
  2. Update the relevant data fields.
  3. Save your changes. A new Certificate Signing Request is being created.
  4. Choose "request Trust List update"
  5. You receive a confirmation that your update request is under review. [Screenshot]
  6. Wait for the Ecosystem Authority to approve or reject your request. You will be notified of the result via e‑mail.

Verifying against a trusted list

How do I verify whether an organization is on a trusted list?

  1. Go to (URL).
  2. Enter the name of the legal entity you are looking for.
  3. If the entity appears on one or more trusted lists, at least one record will be shown.
  4. Review the record(s) and verify whether you trust the corresponding Ecosystem Authority and list context for your use case.

Key Management

How are keys managed and what are my options?

  • By default, users’ private keys are stored in a managed key management module in a cloud environment.
  • Users may choose to upload a CSR created with keys they control locally.
  • Client‑side Hardware Security Modules (HSMs) can be supported on request.
  • If you want to manage keys entirely on your own infrastructure, please contact us at info@idunion.eu.

Overview of roles involved

There are three primary roles that actively interact with the Trusted List Service:

  • Trust Ecosystem Authorities (Trusted List Owners)
    Create trusted lists under Regulation (EU) 2024/1183 and invite trusted organizations to onboard.

  • Issuers of Electronic Attestations of Attributes (Onboardees)
    Onboard to trusted lists in order to increase confidence in the attestations they issue.

  • Verifiers (Relying Parties)
    Efficiently check whether an organization is part of a trusted list and use this information in their verification processes.

Additional role (indirectly affected)
Attestations are always issued to a specific party (the holder). This party typically holds the certificate in a business wallet and presents the relevant data to verifiers on request. While this holder does not interact directly with the trusted list itself, it is essential for every trust ecosystem.