Certification Practice Statements for the Policy Authority PKIoverheid

The Certification Practice Statement (CPS) within the Public Key Infrastructure (PKI) for the Dutch government (PKIoverheid) provides Trust Service Providers (TSPs), subscribers and relying parties with information regarding the procedures and measures taken in respect of the Policy Authority's (PA) services with regard to certificates issued by the following "Staat der Nederlanden" PKI root certificates:

  • Staat der Nederlanden Root CA - G3
  • Staat der Nederlanden EV Root CA
  • Staat der Nederlanden Private Root CA - G1
  • TRIAL PKIoverheid Root CA - G3
  • Staat der Nederlanden - G4 Root EUTL G-Sigs - 2024
  • Staat der Nederlanden - G4 Root Priv S-CIBG - 2024
  • Staat der Nederlanden - G4 Root Priv G-Other - 2024
  • Staat der Nederlanden - G4 Root Priv G-TLS - 2024
  • Staat der Nederlanden - G4 Root Publ G-SMIME - 2024

The names of the root certificates contain common PKI abbreviations. G1, G2, G3 and G4 stand for first, second, third and fourth generation respectively. A CA is a Certification Authority, and EV stands for Extended Validation.

The CPS offers information to relying parties and certificate owners about the setup of the PKIoverheid (PKIo) system and the interaction of the PA with the TSPs. The CPS is only maintained in English, as is this web page.

Current version

The current version of the CPS can be found below.

Historical versions

Historical versions of the CPS can be found below. These documents are provided to be compliant with Section 3.3 of the Mozilla Root Store Policy (MRSP) which states:

7. CA operators SHALL maintain links to all historic versions of each CP and CPS (or CP/CPS) from the creation of included CA certificates, regardless of changes in ownership or control of such CA certificates, until the entire CA certificate hierarchies (i.e. end entity certificates, intermediate CA certificates, and cross-certificates) operated in accordance with such documents are no longer trusted by the Mozilla root store. For CA certificates that were included in Mozilla's root store before December 31, 2022, the CA Operator shall maintain links in their online repositories to all reasonably available historic versions of CPs and CPSes (or CP/CPSes) from creation of the included CA certificates.

All documents below are semi-automated exports of documents signed off by Logius legal representatives. Version 5.0 of the CPS is the first CPS which unifies the four separate PKIoverheid root CPSs into one single document. Versions 4.6 and below of these documents were not designed taking into account the *Web Content Accessibility Guidelines- (WCAG), however several WCAG optimizations were scripted into the export proces to improve accessibility. However, full compliance with the WCAG means having to change the textual contents as well, which goes against the purpose of making these documents available with authentic contents for audit purposes. Because these documents are of no administrative purpose anymore, as well as changing them going against the purpose of making them available in the first place, these documents will remain non-compliant with the WCAG. However, people running into problems with accessibility regarding any of these documents can contact the PKIoverheid team using the contact link below. When contacted, the team will provide the desired information in a suitable format. Any accessibility enhancements made this way will be retrofitted on this website for future visitors, as long as they do not involve actual text updates.

Exported on: 2024-11-11.