法律人 LawPlayer logo

資料由法律人 LawPlayer整理提供·EU law / curated by LawPlayer from EUR-Lex

Regulation

Commission Implementing Regulation (EU) 2025/1566 of 29 July 2025 laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards reference standards for the verification of the identity and attributes of the person to whom the qualified certificate or the qualified electronic attestation of attributes is to be issued

CELEX
Implementing Regulation (EU) 2025/1566
Date of document
Articles
3
Source
EUR-Lex
Article 1

The reference standards and specifications referred to in Article 24(1c) of Regulation (EU) No 910/2014 are set out in the Annex to this Regulation.

Article 2

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union .

This Regulation shall apply from 19 August 2027.

Schedules & Appendices

ANNEXReference standard for the verification of the identity and attributes of persons to whom a qualified certificate or qualified electronic attestation of attributes is to be issued

ANNEX

Reference standard for the verification of the identity and attributes of persons to whom a qualified certificate or qualified electronic attestation of attributes is to be issued

The standard ETSI TS 119 461 V2.1.1 (2025-02) for conformance with Annex C clause C.3 applies, with the following adaptations:

(1)

2.1 Normative references

[1] ETSI EN 319 401 V3.1.1 (2024-06): ‘Electronic Signatures and Trust Infrastructures (ESI); General Policy Requirements for Trust Service Providers’.

(2)

C.3 Use cases for issuance of qualified certificate or qualified electronic attestations of attributes in accordance with Article 24(1), (1a) and (1b) of Regulation (EU) No 910/2014

[CONDITIONAL] QTS-C3-01: If identity verification for qualified certificate or a qualified electronic attestation is done in conjunction with identity verification to issue authoritative evidence, that identity verification process shall:

have been peer reviewed or certified by an accredited conformity assessment body to comply with assurance level high in accordance with Regulation (EU) No 910/2014, or

comply with the requirements set out in clauses C3.1 to C3.6.

(3)

C.3.4 Use case for identity proofing by other identification means

QTS-C.3.4-06A: The independent conformity assessment body referred to in [CONDITIONAL] QTS-C.3.4-06, point c) shall be accredited as per Article 3 (18) of Regulation (EU) No 910/2014, and, if all applicable requirements are fulfilled, the assessment should result in a certificate of compliance based on a certification audit. This formal certification process shall be based on a security evaluation process that refers to the levels of assurance defined for notified electronic identification means or certified European Digital Identity Wallets under Regulation (EU) No 910/2014 and shall include rigorous testing to evaluate resistance against potential security threats. These evaluations shall employ pertinent technical standards to demonstrate robustness against such attacks.

(4)

9.2.3.4 Use case for automated operation

USE-9.2.3.4-04: The IPSP shall establish target values for the FAR and FRR, based on a risk analysis and its threats intelligence procedure, by following the methodology established in the ENISA report ‘Methodology for sectoral cybersecurity assessments’ [i.28] or an equivalent methodology, in fully automated identity proofing processes. These target values shall be equal to or lower than those set for hybrid use cases, when they exist. The IPSP shall maintain these target values for FAR and FRR consistently, supported by a risk analysis and its threats intelligence procedure.

(5)

8.3.3 Validation of physical identity document

VAL-8.3.3-21: The effectiveness of the measures for complying with the requirements VAL-8.3.3-05X, VAL-8.3.3-05A, VAL-8.3.3-05B, VAL-8.3.3-05C, VAL-8.3.3-07A and VAL-8.3.3-07X, shall be tested by an accredited laboratory or a national competent authority, whenever they are designated, at the latest by 19 August 2027 and then be repeated every second year.

(6)

7.12. Termination and termination plans

OVR-7.12-02: The termination plan shall comply with the requirements set out in the implementing acts adopted pursuant to Article 24(5) of Regulation (EU) No 910/2014 [i.1]

3 articles

Cite this act

Commission Implementing Regulation (EU) 2025/1566 of 29 July 2025 laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards reference standards for the verification of the identity and attributes of the person to whom the qualified certificate or the qualified electronic attestation of attributes is to be issued (EUR-Lex). Retrieved via LawPlayer, https://lawplayer.com/eu/act/32025R1566

© European Union, https://eur-lex.europa.eu, 1998-2026. Reuse authorised under Commission Decision 2011/833/EU, provided the source is acknowledged.

EU-EurLex-Reuse-2011-833

本頁資料來源:EUR-Lex·整理提供:法律人 LawPlayer· lawplayer.com