Trust Service Provider - TSP (Dutch site)

The Trust Service Provider of the Ministry of Infrastructure and Water Management is assosiated with the Public Key Infrastructure of the Dutch government. Currently the IenW TSP issues so called smartcards for use with the on-Board Computer Taxi (BCT).

These onboardcomputercards and system cards are issued with certificates from the hierarchy of the Public Key Infrastructure of the Dutch government (PKIoverheid). The onboardcomputercards are used to gain access to the onBoard Computer Taxi and to digitally sign the data gathered by the BCT. The system cards identify the on-board computer taxi and enables it to sign data.

Organisation and Certification

The IenW TSP issues certificates from the PKIoverheid hierarchy. To this end the TPS of the Ministry has implemented a management system that has been certified against the ETSI EN 319 411-2 en ETSI EN 319 411-1 standards.

As an eIDAS Qualified Trust Service Provider, the IenW TSP is supervised by Agentschap Telecom and is listed on the EU Trusted List.

Terms and conditions and other documentation

Certification Practice Statement, terms and conditions

The issuance and use of the cards are bound by both rights and obligations. For instance only a taxidriver that meets certain criteria can request a Driverscard. The following information on the issuance and use of onboardcomputercards is available mainly in Dutch:

Other documentation

The following documentation is relevant for manufacturers of onboard computers and software developers. For the production environment this concerns:

Documentation about the acceptance environment can be found at the website Acceptance environment

CA certificates and CRL's

The IenW TSP issues two types of card. These are onboardcomputercards and systemcards. The onboardcomputercards are used by the different users of the onboard computer, while the systemcard is used by the device itself. The certificates on both types of card have their own Certification Authority (CA) hierarchy.

To verify the validity of a certificate requires at least the following checks are required:

  • the certificate must not be expired;
  • the CA hierarchy must lead to a valid PKIoverheid root CA certificate;
  • the certificate must not be revoked i.e. the certificate serialnumber must not be listed on the so called Certificate Revocation List (CRL).

Below the download links of CA certificates and CRL's are listed both for the G3 and expired G2 generation.

CA Certificates generation G3

Root CA (all card types)

CA certificates Taxidriver and Inspection cards

CA certificates Entrepreneur and Control cards

CA certificates systemcards

CRL's generation G3

Responsible Disclosure

If you discover a weak spot in one of the ICT systems of the Ministry of Infrastructure and Water Management, let us know before you make this known to the outside world. We can then take measures first. We call this method 'responsible disclosure'.
The Ministry of Infrastructure and Water Management makes use of the facilities described on For more information, see for example how to make a report and the further conditions on the 'Responsible Disclosure' page of