Trustworthiness of the qualified electronic signature is ensured by so called a tree of trust (PKI - Public Key Infrastructure). The base of PKI is created by holders of qualified certificates. The centre of PKI is created by accredited certification authorities (ACA) and a trust anchor of PKI is represented by a Root Certification Authority which is administrated by the Information Technology Division of the Information Security and Electronic Signature Department of the National Security Authority (see the picture).

The Root Certification Authority pursuant to Article 10 (2) letter (c) of the Act No. 215/2002 Coll. on Electronic signature and on the amendment and supplementing of certain acts as amended issues certificates of public keys to accredited certification authorities and recognized foreign certification authorities. Pursuant to Article 10 (3) of the Act on Electronic signature the requirements for the maintenance of qualified certificates by the accredited certification authority also apply to the Root Certification Authority.

The public key of the Root Certification Authority can be used to verify the certificate authenticity of the accredited certification authority. The public key of the accredited certification authority can be used to verify the authenticity of the client's qualified certificate and his/her identity.

Within the PKI it is required to include the Object Identifier (OID) of the Certificate Policy being valid for PKI - 1.3.158.36061701.0.0.0.1.2.2 in all qualified certificates and maintenance certificates.