UAE Trusted List (TL)is the anchor of the Trust Services regulatory Framework in UAE, it acts as the authoritative source for licensed service providers and the services they provide. The UAE Trusted List is the trusted source for verifying licensed Qualified and non-qualified TSPs and Trust services they provide in the country.
The UAE Trusted List is an essential element in building trust among the different stakeholders by allowing them to obtain information about:
This information is provided by TDRA acting as supervisory body and UAE trusted list operator in accordance with the Cabinet Resolution on the Executive Regulations of Federal Law by Decree No. (46) of 2021 on Electronic Transactions and Trust Services and with the Resolution No (28) for 2023 on the UAE Trusted List Resolution.
General Requirements
The Trusted List includes both current and all historical information, dating from the inclusion of a trust service provider in the Trusted List, about the status of listed trust services.
The information provided in the trusted list is primarily aimed at supporting the validation of licensed trust services (qualified or non-qualified ones), i.e. physical or binary (logical) objects generated or issued as a result of the use of a trust service, e.g. namely (qualified) electronic signatures/seals, advanced electronic signatures/seals supported by a (qualified) certificate, qualified time-stamps, etc.
Trusting the content of UAE trusted list
Prior to any interpretation of the UAE trusted list, relying parties should:
Location of the UAE Trusted List
Initially, the TL-location and TL-signing certificates are specified in the Official Gazette.
Later, following the decision of TDRA to modify the TL-location or the set of TL-signing certificates, TDRA might, as a machine-processable approach, publish these modifications in the UAE trusted list itself.
Such an instance of the trusted list is hereafter referred to as a ‘pivot TL’, as it represents a pivot point in the historical values of the TL-location and the TL-signing certificates. These pivot TLs form a chain of changes (changes of TL-location or TL-signing certificates) starting from the initial situation published in the Official Gazette up to the current one. These pivot TLs are archived for later reference.
To conclude on the current list of TL-signing certificates in order to validate the signature of the TL as explained above, one shall reconstruct that chain of pivot TLs. The following paragraphs explain how to reconstruct that chain.
From a technical perspective, the TL-location, TL-signing certificates, and the location of archived pivot TLs are included in the UAE trusted list such as:
In this respect, once the decision of TDRA to modify the TL-location or TL-signing certificates is reflected in a publication of a pivot TL, relying parties may detect these modifications in a machine processable way in the UAE trusted list, namely from changes of:
When verifying the authenticity and integrity of the UAE trusted list, relying parties should, starting from the TL-location specified in the latest publication relevant to UAE trusted list in the Official Gazette, reconstruct the chain of pivot TLs to conclude on the current set of TL-signing certificates:
location(s) of all pivot TLs present in <SchemeInformationURI>;
the above-mentioned publication of the Official Gazette
pivot TL location(s), verify the authenticity and integrity of the list; using:
Transition period regarding the changes of TL-signing certificates or TL-location
After the publication of the pivot TL announcing changes in TL-signing certificates or TL-location, relying parties have 15 days (the duration of the transition period) to take these changes into account.
It is highly recommended to take these changes into account during the transition period rather than after it:
Read more about The technical specifications and formats relating to the United Arab Emirates trusted list.