1. Conformity of qualified electronic signature creation devices with the requirements laid down in Annex II shall be certified by appropriate public or private bodies designated by a person appointed for that purpose by the Secretary of State (“the appointed person”).

2. The appointed person must notify the supervisory body of the name and address of any body the person designates under paragraph 1.

2A. The supervisory body must maintain a list of the names and addresses of the designated bodies notified to it under paragraph 2.

3. The certification referred to in paragraph 1 shall be based on one of the following:

(a) a security evaluation process that complies with the Implementing Decision; or

(b) a process other than the process referred to in point (a), provided that it uses comparable security levels and provided that the public or private body referred to in paragraph 1 notifies that process to the supervisory body. That process may be used only in the absence of standards referred to in point (a) or when a security evaluation process referred to in point (a) is ongoing.