Public Key Infrastructure for the Dutch government

A Public Key Infrastructure (PKI) is a system that provides users of electronic communication services with digital key pairs, consisting of a private and public key. The key pairs are associated with one or more certificates, attesting to the identity or to attributes of the certificate and key holder. In this context, trust is based on a certificate hierarchy. The root certificate is the first certificate in the certificate chain. This root certificate has been signed by a trusted organisation. A well-developed, thorough approach to electronic service provision requires a reliable system that offers the same guarantees currently standard in non-automated services. Electronic transactions require:

  • authentication of the identity of the parties concerned;
  • a statement of the parties' intentions;
  • secure communication between parties.

PKIoverheid is the name for the PKI designed for trustworthy electronic communication within and with the Dutch government. To reach this goal a national PKI certificate hierarchy has been realised. This national hierarchy consists of 1 root and 2 domains (sub-CAs) each having TrustService Providers (TSPs) below them. Logius supports the Dutch Minister of Interior and Kingdom Relations with the management and control of the PKIoverheid system. The PKIoverheid root certificate can be found on

Each TSP can issue several types of certificates (e.g. authentication, encryption, non-repudiation, service (such as SSL)). Before being allowed as a TSP in the national PKI hierarchy the TSP needs to prove that it complies with ETSI TS 101 456 (European specification for qualified certificates) and additional governmental PKI requirements contained in the Programme of Requirements. The Programme of Requirements (in Dutch) can be found on this website.