Generally, in order to be accepted by a browser supplier, a certification authority must meet standards set either by the AICPA/CICA or by ETSI. The AICPA/CICA standard if called 'WebTrust for CAs' and the ETSI standard is called 'ETSI TS 101456 Policy requirements for certification authorities issuing qualified certificates'.

These audit schemes impose requirements on the certification authority’s systems, personnel and procedures. But, they don’t prescribe the methods used by the certification authority to validate the identifying information that is to be included in the certificate.

With the introduction of Extended Validation Certificates, WebTrust will be augmented to audit the certification authority’s conformance with the extended validation guidelines.