In force pmore stringent implementing regulations European Digital Identity Framework revised eIDAS
AmendedRRegulation eIDASestablishing European Identity FrameworkDigital has been in force since May 2024. Legislative process no is but completed,Because inactive requiredare regulations implementing acts. OCurrenteIDAS, asMain legislative paper wassupplementthey by the first five suchacts.
Below♪ We'll take it ♪ short summaries These regulationsauImplementing.
1. Certification European digital identity portfolios (C (2024) 8507)
The first of the Regulations sets mention standards and establishes specifications and procedures to make a permanent portfolio certification framework. This framework will be regularly updated to guarantee compliance with technology developments and standards developed. The updates will besides take into account the work carried out on the basis of a advice issued by the European Commission in 2021 for a common EU toolbox for the European Digital Identity Framework, in peculiar with respect to their architecture and mention framework (formerly called ARF).
This act aims to establish requirements for certification of the conformity of European digital identity portfolios. Where associate States cannot usage European cybersecurity certification schemes based on Regulation (EU) 2019/881 or where specified systems are not sufficient, they must establish national certification schemes to supplement them. Currently, at European level, ENISA is liable for developing a certification programme. A working group was set up to support ENISA in this respect.
2. Integrance and basic functionsEuropeandigital identity portfolios(C (2024) 8495)
Second Regulationis 1 of 4 structural initiatives technical European digital identity portfolios. Its nonsubjective is to lay down rules to guarantee that associate States make available interoperable portfolios which may be utilized for all intended purposes.
Wallets have allow among others.:
- secure cross-border recognition online for a wide scope of public and private services
- making electronic certificates available
- issuing electronic signatures.
DerauRegulation annex contains a list of standards toconcerning bsafej applicationand cryptographicj portfolio and formatof data identifying the individual and electronic attribute endorsements and stechnical specifications for generating pseudonyms and list of mandatory and optional formatthe signature and seal.
3. Ecosystem European identity portfolio digitalj (C (2024) 8516)
The next act concerns obligations to notify the Commission of the ecosystem of the electronic recognition portfolio. It aims to guarantee that the electronic notification strategy established by the European Commission functions as a channel for safe and transparent communication for the exchange of information between the Commission and the associate States.
This Implementing Regulation lays down obligations for associate States to supply the European Commission with information which will enable the validation of:
- electronic registers utilized by a associate State to print information on trust parties registered in that associate State, information on the location of trust parties registers and recognition of the trust parties
- identity of registered trust parties
- the authenticity and validity of the portfolio instance
- identification of portfolio providers
- the authenticity of the individual recognition data (PID)
- identification of data providers identifying the individual (PID).
4. WSubverted protocols and interfaces supported by European Digital Identity Framework (C (2024) 8496)
Act concerninggranulateau Minutesof and interfaceof is another of regulation concerning ActionsEuropean digital identity portfolios. It aims to guarantee the appropriate implementation of the protocols and interfaces guaranteeing the effective functioning of portfolios.
With the support of common protocols and interfaces, wallets will provide:
- effective issuance and presentation of recognition and electronic certification data to trust parties and another entities of the portfolio
- effective exchange of data between portfolios
- Transmission of data deletion requests to trust parties and reporting to trust parties to supervisory authorities.
These rules on portfolio resolution protocols and interfaceswill also subject regular updates to guarantee compliance with technology improvement and new standards that will appear in the future.
5. Dane identifying the individual and electronic Attribute Certificatesissued to European portfoliosdigital identity (C (2024) 8498)
This Act lays down rules on the issuing of individual recognition data (PID-Person recognition Data) and electronic attributes certificates to portfolio units;
The intent of this implementing Regulation is to guarantee the efficient management of the identity of the individual and of the electronic certificates, including:
- issue
- Verification
- withdrawal
- suspension.
This process is to guarantee that data identifying users and electronic certificates are transferred to the portfolio and made available to applicable trust parties.
The Annex to the Regulation contains method specifications for the data identifying the individual specified as:
- mandatory and optional data identifying the individual in the case of a natural or legal person
- metadata for individual recognition data
- Encoding data attributes identifying the person.
The implementing Regulations listed above are the first ‘package’ of acts which were adopted on 28 November 2024. 04.12.2024 were published in the authoritative diary of the European Union and entered into force after 20 days.
The European Commission has already completed the public consultation of the next 5 draft acts covering areas specified as:
- Verification of electronic Attribute Certificates;
- Cross-border identity matching;
- List of certified portfolios;
- Security breaches;
- Registration of trust parties.
Their admission is planned for the first 4th of 2025.
Publication date: 27.02.2025
