Our certificates are now fourth generation (G4)
From today, you sign with us under the fourth-generation (G4) PKI Root of the State of the Netherlands. With our new certificate authority (CA) on the European Trusted List, you place online signatures at the highest eIDAS level. Over the coming days we will test the entire chain so that your signature is correctly recognised as valid everywhere.
Jul 1, 2026

The State of the Netherlands periodically renews the root of the PKI infrastructure. With the fourth generation (G4), we are moving to a new CA that is included on the European Trusted List. This keeps your signatures aligned with the highest level of trust that eIDAS recognises, without you having to do anything.
As you are used to from us, you sign under a modern, up-to-date trust chain that meets the latest European standards. The certificates are ready for long-term validation, so that a signature remains verifiable and demonstrably valid even years later. In addition, we are prepared for professional certificates for organisations that want to sign in their name or on behalf of a role.
A new key on the European Trusted List should be automatically recognised and trusted by validators. In practice this is happening more and more often, but not every application works this way yet. Some applications use their own outdated copy of the Trusted List or need time to process the new root.
That is why we are testing the entire chain over the coming days. This prevents you from unnecessarily receiving a 'not valid' message while your signature is in fact completely in order. Where needed, we help chain partners with the implementation or the correct integration, so that the transition to G4 goes smoothly for everyone.
Do you receive a 'not valid' message and believe that is incorrect? Then verify the signature free of charge via one of our validators:
Check with our Validator
Check with the EU Demo app
Questions or feedback?
Then get in touch with us, we are happy to help.