Suggested region and language based on your location
Your current region and language
Check company, site and product certificates - Validation and Verification, Swedish and global companies
Business scope: Not applicable for this profile. Please find full digital pdf ETSI certificates published under section “Business Governance & Certifications".
Products, services or works: Not applicable for this profile. Please find full digital pdf ETSI certificates published under section “Business Governance & Certifications".
Address:
Rijnstraat 50Verification date: 45979
| Certificate/Licence number | Standard/Scheme number or name | Start Date (YYYY-MM-DD) | Expiry Date (YYYY-MM-DD) |
|---|---|---|---|
| ETS 002 | ETSI EN 319 411-2 | 2004-11-22 | 2027-11-21 |
On the request of CIBG, Uitvoeringsorganisatie van het ministerie van Volksgezondheid, Welzijn en Sport (hereafter referred to as: CIBG), the annual certification audit on all areas and processes was performed by BSI Group The Netherlands B.V. (John M. Keynesplein 9, 1066 EP Amsterdam, The Netherlands).
The full audit covered all applicable requirements from the audit criteria listed below (see “Audit Information”) and are defined in CIBG’s statement of applicability (dated 15.09.2025) and the Overview of applicability.
The scope of the assessment comprised the following Trust Service Provider component services:
·,,Registration Service (p);
·,,Certificate Generation Service (c);
·,,Dissemination Service (p);
·,,Revocation Management Service (p);
·,,Revocation Status Service (c);
·,,Subject Device Provision Service (c);
The TSP component services are performed, partly (p) or completely (c) by subcontractors under the responsibility of CIBG.
These TSP component services are being provided for the qualified trust service as defined in EU Regulation 910/2014 (eIDAS):
·,,Issuance of qualified certificates for electronic signatures (qualified trust service), in accordance with the ETSI-policy: QCP-n-qscd.
The certificates are issued through the issuing Certification Authorities, as specified below:
Root CA: Staat der Nederlanden Root CA - G3 (not in scope)
Domein CA: Staat der Nederlanden Organisatie Persoon CA - G3 (not in scope)
Issuing CA: UZI-register Zorgverlener CA G3
Sha256 Fingerprint (2017):
3EAD4F72F06F1054881D2728DE033A8E13FADE6BD165084018EB943C17378DAA
Sha256 Fingerprint (2019):
507DB60D263D3D09D283DE2E3AA435DFD8775E52BC335702E3832BBB57EC1CBD
Non-repudiation (2.16.528.1.1003.1.2.5.2), in accordance with policy: QCP-n-qscd
Issuing CA: UZI-register Medewerker op naam CA G3
Sha256 Fingerprint (2017):
D8553A2880E96B7AA4C7413DD903AFD3D580504695DD26A168FD48CCE7B1474A
Sha256 Fingerprint (2019):
D28DB435E31212A3BDCCF87620F6544B99A9C02328BF983E882FD0627A1D130F
Non-repudiation (2.16.528.1.1003.1.2.5.2), in accordance with policy: QCP-n-qscd
The Certification Authority processes and services are documented in the following documents:
·,,Certification Practice Statement (CPS) UZI-register, version 2.1 of 22.04.2025 (OID: 2.16.528.1.1007.1.1)
·,,Certification Practice Statement (CPS) ZOVAR, version 2.1 of 22.04.2025 (OID: 2.16.528.1.1007.5.1.1)
The annual certification audit was performed in September 2025. The result of the full audit, based on the objective evidence collected during the certification audit for the period from 1 September 2024 through 31 August 2025, and the areas assessed for:
·,,Issuance of qualified certificates for electronic signatures (qualified trust service), in accordance with the policy: QCP-n-qscd
were generally found to be effective, based on the applicable requirements defined in CIBG’s statement of applicability (dated 15.09.2025) and the Overview of applicability.
Statement on the issuance of S/MIME certificates:
Issuing CAs in scope of certification are technically capable of issuing S/MIME certificates. On the request of CIBG, audit procedures were conducted to confirm that ETSI TS 119 411-6 V1.1.1 (2023-08) is not applicable.
This is because from the CAs in scope of certification:
·,,No evidence that S/MIME certificates have been issued in the audit period.
·,,Controls are in place to prevent the issuance of S/MIME certificates.
Audit criteria:
-,,Regulation (EU) 910/2014 European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC, Chapter III – Trust Services.
-,,ETSI EN 319 401 V3.1.1 (2024-06) Electronic Signatures and Trust Infrastructures (ESI); General Policy Requirements for Trust Service Providers.
-,,ETSI EN 319 411-2 V2.6.1 (2025-06) Electronic Signatures and Trust Infrastructures (ESI); Policy and security requirements for Trust Service Providers issuing certificates; Part 2: Requirements for trust service providers issuing EU qualified certificates
-,,ETSI EN 319 411-1 V1.5.1 (2025-04) Electronic Signatures and Trust Infrastructures (ESI); Policy and security requirements for Trust Service Providers issuing certificates; Part 1: General requirements
-,,CA/Browser Forum - Network and Certificate System Security Requirements v1.7 (July 9, 2025)
-,,PKIoverheid - Programme of Requirements v5.2 (2025-07), for the Certificate Policies: G3 Legacy Organization Person certificates (previously 3a), G3 Legacy Organization Services certificates (previously 3b), Private Server certificates (previously 3h)
Audit Period of Time:
1 September 2024 - 31 August 2025
Audit performed:
September 2025
Information and Contact:
BSI Group the Netherlands B.V., John M. Keynesplein 9, 1066 EP Amsterdam, NL
| Certificate/Licence number | Standard/Scheme number or name | Start Date (YYYY-MM-DD) | Expiry Date (YYYY-MM-DD) |
|---|---|---|---|
| ETS 039 | ETSI EN 319 411-1 | 2014-12-18 | 2027-11-21 |
On the request of CIBG, Uitvoeringsorganisatie van het ministerie van Volksgezondheid, Welzijn en Sport (hereafter referred to as: CIBG), the annual certification audit on all areas and processes was performed by BSI Group The Netherlands B.V. (John M. Keynesplein 9, 1066 EP Amsterdam, The Netherlands).
The full audit covered all applicable requirements from the audit criteria listed below (see “Audit Information”) and are defined in CIBG’s statement of applicability (dated 15.09.2025) and the Overview of applicability.
The scope of the assessment comprised the following Trust Service Provider component services:
·,,Registration Service (p);
·,,Certificate Generation Service (c);
·,,Dissemination Service (p);
·,,Revocation Management Service (p);
·,,Revocation Status Service (c);
·,,Subject Device Provision Service (c);
The TSP component services are performed, partly (p) or completely (c) by subcontractors under the responsibility of CIBG.
These TSP component services are being provided for the qualified trust service as defined in EU Regulation 910/2014 (eIDAS):
·,,Issuance of public key certificates (non-qualified trust service), in accordance with the ETSI applicable requirements for: NCP, NCP+.
The certificates are issued through the issuing Certification Authorities, as specified below:
Root CA: Staat der Nederlanden Private Root CA - G1 (not in scope)
Domain CA: Staat der Nederlanden Private Services CA - G1 (not in scope)
Issuing CA: UZI-register Private Server CA G1
Sha256 Fingerprint:
BDD860EF8E87E2B2C7EBB34DD6E9E1771A3A3C5DEC850BA7080E3E2904DBD897
Services - Server (2.16.528.1.1003.1.2.8.6), in accordance with policy: NCP
Issuing CA: ZOVAR Private Server CA G1
Sha256 Fingerprint:
FE54263BC96C2DFBAC5BE5F449CFF7F5B12B6255A7BBCF761BA979E5986E1598
Services - Server (2.16.528.1.1003.1.2.8.6), in accordance with policy: NCP
Root CA: Staat der Nederlanden Root CA - G3 (not in scope)
Domein CA: Staat der Nederlanden Organisatie Persoon CA - G3 (not in scope)
Issuing CA: UZI-register Zorgverlener CA G3
Sha256 Fingerprint (2017):
3EAD4F72F06F1054881D2728DE033A8E13FADE6BD165084018EB943C17378DAA
Sha256 Fingerprint (2019):
507DB60D263D3D09D283DE2E3AA435DFD8775E52BC335702E3832BBB57EC1CBD
Authentication (2.16.528.1.1003.1.2.5.1), in accordance with policy: NCP+
Confidentiality (2.16.528.1.1003.1.2.5.3), in accordance with policy: NCP+
Issuing CA: UZI-register Medewerker op naam CA G3
Sha256 Fingerprint (2017):
D8553A2880E96B7AA4C7413DD903AFD3D580504695DD26A168FD48CCE7B1474A
Sha256 Fingerprint (2019):
D28DB435E31212A3BDCCF87620F6544B99A9C02328BF983E882FD0627A1D130F
Authentication (2.16.528.1.1003.1.2.5.1), in accordance with policy: NCP+
Confidentiality (2.16.528.1.1003.1.2.5.3), in accordance with policy: NCP+
Domein CA: Staat der Nederlanden Organisatie Services CA - G3 (not in scope)
Issuing CA: UZI-register Medewerker niet op naam CA G3
Sha256 Fingerprint (2017):
38DED3FF6827579008AF4887EB9698A3CFA927FA8ED59F06BA090FB9A63E2D77
Sha256 Fingerprint (2019):
972957304031234ED17679FDCB97556D6173D5F2BF0E6E66D612680CA6E77685
Authentication (2.16.528.1.1003.1.2.5.4), in accordance with policy: NCP+
Confidentiality (2.16.528.1.1003.1.2.5.5), in accordance with policy: NCP+
The Certification Authority processes and services are documented in the following documents:
·,,Certification Practice Statement (CPS) UZI-register, version 2.1 of 22.04.2025 (OID: 2.16.528.1.1007.1.1)
·,,Certification Practice Statement (CPS) ZOVAR, version 2.1 of 22.04.2025 (OID: 2.16.528.1.1007.5.1.1)
The annual certification audit was performed in September 2025. The result of the full audit, based on the objective evidence collected during the certification audit for the period from 1 September 2024 through 31 August 2025, and the areas assessed for:
·,,Issuance of qualified certificates for electronic signatures (qualified trust service), in accordance with the policy: NCP, NCP+
were generally found to be effective, based on the applicable requirements defined in CIBG’s statement of applicability (dated 15.09.2025) and the Overview of applicability.
Statement on the issuance of S/MIME certificates:
Issuing CAs in scope of certification are technically capable of issuing S/MIME certificates. On the request of CIBG, audit procedures were conducted to confirm that ETSI TS 119 411-6 V1.1.1 (2023-08) is not applicable.
This is because from the CAs in scope of certification:
·,,No evidence that S/MIME certificates have been issued in the audit period
·,,Controls are in place to prevent the issuance of S/MIME certificates.
Audit criteria:
-,,Regulation (EU) 910/2014 European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC, Chapter III – Trust Services.
-,,ETSI EN 319 401 V3.1.1 (2024-06) Electronic Signatures and Trust Infrastructures (ESI); General Policy Requirements for Trust Service Providers.
-,,ETSI EN 319 411-1 V1.5.1 (2025-04) Electronic Signatures and Trust Infrastructures (ESI); Policy and security requirements for Trust Service Providers issuing certificates; Part 1: General requirements
-,,CA/Browser Forum - Network and Certificate System Security Requirements v1.7 (July 9, 2025)
-,,PKIoverheid - Programme of Requirements v5.2 (2025-07), for the Certificate Policies: G3 Legacy Organization Person certificates (previously 3a), G3 Legacy Organization Services certificates (previously 3b), Private Server certificates (previously 3h)
Audit Period of Time:
1 September 2024 - 31 August 2025
Audit performed:
September 2025
Information and Contact:
BSI Group the Netherlands B.V., John M. Keynesplein 9, 1066 EP Amsterdam,
Years of operation
Years range: Not applicable for this profile. Please find full digital pdf ETSI certificates published below.
Type of ownership
Not applicable for this profile. Please find full digital pdf ETSI certificates published below.
Annual turnover
Not applicable for this profile. Please find full digital pdf ETSI certificates published below.
Total employees:
Not applicable for this profile. Please find full digital pdf ETSI certificates published under section “Business Governance & Certifications".
| Facilities on site(eg: office space, warehouse) | Size of facilities (m2) |
|---|---|
| Office area |
-
|
| Production area |
-
|
| Warehouse area |
-
|
| Other area |
-
|
| Key export country / region | Percentage of sales |
|---|---|
| Not applicable for this profile. Please find full digital pdf ETSI certificates published under section “Business Governance & Certifications". | N/A |
| Key sourcing country / region | Percentage of purchases |
|---|---|
| Not applicable for this profile. Please find full digital pdf ETSI certificates published under section “Business Governance & Certifications". | N/A |
Output capacity (N/A)
| Site Name | Site Address | Certificate/License number | Standard/Scheme number or name |
|---|
