Trustworthiness of the qualified electronic signature is ensured by so called a tree of trust (PKI - Public Key Infrastructure). The base of PKI is created by holders of qualified certificates. The centre of PKI is created by qualifield trust service providers (QTSP) and a trust anchor of PKI is represented by a Root Certification Authority which is administrated by the CIS Operation Division of the Economy and Operations Department of the National Security Authority (see the picture).

The Root Certification Authority pursuant to Article 11 (1) letter (b) of the Act No. 272/2016 Coll. on trust services and on the amendment and supplementing of certain acts as amended issues certificates of public keys to qualifield trust service providers and recognized foreign trust service providers.

The public key of the Root Certification Authority can be used to verify the certificate authenticity of the qualifield trust service provider. The public key of the qualifield trust service providers can be used to verify the authenticity of the client's qualified certificate and his/her identity.

Within the PKI it is required to include the Object Identifier (OID) of the Certificate Policy being valid for PKI - 1.3.158.36061701.0.0.0.1.2.2 in all qualified certificates and maintenance certificates.