---
checkId: check.timestamp.eidas.qts.status-change
plugin: stellaops.doctor.timestamping
severity: warn
tags: [timestamping, eidas, qts, status, monitoring]
---
# QTS Status Changes

## What It Checks
Alerts on TSA qualification status changes in the past 7 days. The check:

- Queries the status change tracker for recent changes within a 7-day window.
- Reports each change (provider name, previous status, new status, change date).
- Warns if any withdrawals occurred (provider moved from Qualified to Withdrawn/Suspended/Deprecated).
- Passes if no changes occurred or all changes are positive (e.g., new qualification grants).

## Why It Matters
Qualification status changes require operational response. A withdrawal means the provider's timestamps no longer satisfy eIDAS requirements, and traffic should be migrated to an alternative provider. Early detection of changes enables proactive migration before compliance deadlines.

## Common Causes
- Supervisory body action against a TSA provider
- Provider voluntary withdrawal from qualification
- New provider achieving qualification (positive change)

## How to Fix

### Docker Compose
```bash
# Review recent changes
docker exec <platform-container> stella tsa qualification changes --days 7

# If a provider was withdrawn, add a replacement
docker exec <platform-container> stella tsa add --name "Replacement QTS" --url "https://new-tsa.eu/tsr" --qualified
```

### Bare Metal / systemd
```bash
stella tsa qualification changes --days 7
stella tsa qualification status
```

### Kubernetes / Helm
Review changes and update provider configuration as needed.

## Verification
```
stella doctor run --check check.timestamp.eidas.qts.status-change
```

## Related Checks
- `check.timestamp.eidas.qts.qualified` — checks provider qualification status
- `check.timestamp.eidas.trustlist.fresh` — checks EU Trust List freshness