ETSI 1196x2 compliant data types, codecs, serialization, parsing and validation utilities for EUDI digital identity flows, plus testing helpers and extension-friendly API design.
ā Important! Before you proceed, please read the EUDI Wallet Reference Implementation project description
The EUDI ETSI 119 6x2 Consultation Library is a Kotlin Multiplatform (KMP) project designed for the European Digital Identity (EUDI) Wallet ecosystem. It provides an extensible and secure framework for Certificate Chain Validation against Trusted Lists, enabling the verification of credentials and attestation objects within the European Union's identity framework.
In the EUDI ecosystem, verifying the trustworthiness of credentials (like PID or EAA) and attestations (like Wallet Instance Attestation) requires validating certificate chains against trust anchors from Trusted Lists.
The EUDI Wallet ecosystem uses two complementary Trusted List specifications:
This library provides unified abstractions for both Trusted List specifications, enabling consistent certificate chain validation regardless of the trust source format.
This library simplifies this process by:
GetTrustAnchors, IsChainTrustedForContext) work with both ETSI TS 119 602 LoTE and ETSI TS 119 612 Trusted ListsComposeChainTrust
This library is designed for:
The typical setup for EUDI Wallet certificate validation against LoTE (Lists of Trusted Entities):
// ETSI TS 119 602 LoTE-based validation (KMP)
// Includes transitive dependencies:
// - etsi-119602-data-model (LoTE JSON data types)
// - etsi-1196x2-consultation (core validation abstractions)
implementation("eu.europa.ec.eudi:etsi-119602-consultation:$version")For ETSI TS 119 612 Trusted Lists support (JVM/Android only):
// ETSI TS 119 612 Trusted Lists via DSS (JVM/Android)
// Includes transitive dependency:
// - etsi-1196x2-consultation (core validation abstractions)
implementation("eu.europa.ec.eudi:etsi-1196x2-consultation-dss:$version")
// Additional DSS dependencies required
implementation("eu.europa.ec.joinup.sd-dss:dss-utils-apache-commons:$dssVersion")
// OR
implementation("eu.europa.ec.joinup.sd-dss:dss-utils-google-guava:$dssVersion")
implementation("eu.europa.ec.joinup.sd-dss:dss-policy-jaxb:$dssVersion")[!NOTE] Replace
$versionwith the latest release version from the releases page. All modules share the same version number.
The library is divided into four modules:
Implements certificate chain validation against ETSI TS 119 602 Lists of Trusted Entities (LoTE).
Data model implementation for ETSI TS 119 602 Lists of Trusted Entities (LoTE).
ListOfTrustedEntities: Root LoTE document structure.ListAndSchemeInformation: LoTE metadata and scheme information.TrustedEntity: Trusted entity (e.g., PID Provider, Wallet Provider).TrustedEntityService: Service provided by a trusted entity.ServiceDigitalIdentity: Digital identity including X.509 certificates.The core module providing the unified abstractions for Trusted List-based certificate validation.
VerificationContext: Represents specific EUDI use cases (e.g., PID issuance).GetTrustAnchors: A functional interface for retrieving anchors from Trusted Lists.IsChainTrustedForContext: Combines trust anchors and validation logic for a set of supported contexts.ComposeChainTrust: Combines validators for different verification contexts (e.g., PID + PubEAA).IsChainTrustedForEUDIW: The orchestrator that resolves trust anchors and triggers validation.An extension module that leverages the Digital Signature Service (DSS) to support ETSI TS 119 612 Trusted Lists.
We welcome contributions to this project. To ensure that the process is smooth for everyone involved, follow the guidelines found in CONTRIBUTING.md.
Copyright (c) 2026 European Commission
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
ā Important! Before you proceed, please read the EUDI Wallet Reference Implementation project description
The EUDI ETSI 119 6x2 Consultation Library is a Kotlin Multiplatform (KMP) project designed for the European Digital Identity (EUDI) Wallet ecosystem. It provides an extensible and secure framework for Certificate Chain Validation against Trusted Lists, enabling the verification of credentials and attestation objects within the European Union's identity framework.
In the EUDI ecosystem, verifying the trustworthiness of credentials (like PID or EAA) and attestations (like Wallet Instance Attestation) requires validating certificate chains against trust anchors from Trusted Lists.
The EUDI Wallet ecosystem uses two complementary Trusted List specifications:
This library provides unified abstractions for both Trusted List specifications, enabling consistent certificate chain validation regardless of the trust source format.
This library simplifies this process by:
GetTrustAnchors, IsChainTrustedForContext) work with both ETSI TS 119 602 LoTE and ETSI TS 119 612 Trusted ListsComposeChainTrust
This library is designed for:
The typical setup for EUDI Wallet certificate validation against LoTE (Lists of Trusted Entities):
// ETSI TS 119 602 LoTE-based validation (KMP)
// Includes transitive dependencies:
// - etsi-119602-data-model (LoTE JSON data types)
// - etsi-1196x2-consultation (core validation abstractions)
implementation("eu.europa.ec.eudi:etsi-119602-consultation:$version")For ETSI TS 119 612 Trusted Lists support (JVM/Android only):
// ETSI TS 119 612 Trusted Lists via DSS (JVM/Android)
// Includes transitive dependency:
// - etsi-1196x2-consultation (core validation abstractions)
implementation("eu.europa.ec.eudi:etsi-1196x2-consultation-dss:$version")
// Additional DSS dependencies required
implementation("eu.europa.ec.joinup.sd-dss:dss-utils-apache-commons:$dssVersion")
// OR
implementation("eu.europa.ec.joinup.sd-dss:dss-utils-google-guava:$dssVersion")
implementation("eu.europa.ec.joinup.sd-dss:dss-policy-jaxb:$dssVersion")[!NOTE] Replace
$versionwith the latest release version from the releases page. All modules share the same version number.
The library is divided into four modules:
Implements certificate chain validation against ETSI TS 119 602 Lists of Trusted Entities (LoTE).
Data model implementation for ETSI TS 119 602 Lists of Trusted Entities (LoTE).
ListOfTrustedEntities: Root LoTE document structure.ListAndSchemeInformation: LoTE metadata and scheme information.TrustedEntity: Trusted entity (e.g., PID Provider, Wallet Provider).TrustedEntityService: Service provided by a trusted entity.ServiceDigitalIdentity: Digital identity including X.509 certificates.The core module providing the unified abstractions for Trusted List-based certificate validation.
VerificationContext: Represents specific EUDI use cases (e.g., PID issuance).GetTrustAnchors: A functional interface for retrieving anchors from Trusted Lists.IsChainTrustedForContext: Combines trust anchors and validation logic for a set of supported contexts.ComposeChainTrust: Combines validators for different verification contexts (e.g., PID + PubEAA).IsChainTrustedForEUDIW: The orchestrator that resolves trust anchors and triggers validation.An extension module that leverages the Digital Signature Service (DSS) to support ETSI TS 119 612 Trusted Lists.
We welcome contributions to this project. To ensure that the process is smooth for everyone involved, follow the guidelines found in CONTRIBUTING.md.
Copyright (c) 2026 European Commission
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.