法律人 LawPlayer logo

資料由法律人 LawPlayer整理提供·EU law / curated by LawPlayer from EUR-Lex

Regulation

Commission Implementing Regulation (EU) 2025/1571 of 29 July 2025 laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards the formats and procedures for annual reports by supervisory bodies

CELEX
Implementing Regulation (EU) 2025/1571
Date of document
Articles
4
Source
EUR-Lex
Article 1Format and procedures of annual reports

1.   Supervisory bodies shall submit their annual reports referred to in Article 46a(6) and Article 46b(6) of Regulation (EU) No 910/2014 to the Commission, through a secure electronic channel made available by the Commission.

2.   Supervisory bodies shall submit the information in their annual reports only once, by re-using previously submitted information where appropriate.

3.   Supervisory bodies for the European Digital Identity Wallets referred to in Article 46a(1) of Regulation (EU) No 910/2014 shall ensure that their annual reports include at least the information set out in Annex I to this Regulation.

4.   Supervisory bodies for trust services referred to in Article 46b(1) of Regulation (EU) No 910/2014 shall ensure that their annual reports include at least the information set out in Annex II to this Regulation.

Article 2Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union .

Schedules & Appendices

ANNEX IInformation to be included in the annual reports of supervisory bodies for the European Digital Identity Wallets

ANNEX I

Information to be included in the annual reports of supervisory bodies for the European Digital Identity Wallets

The annual reports of supervisory bodies for the European Digital Identity Wallets shall include at least the following information:

(1)

the name, address and contact details of the supervisory body submitting the annual report;

(2)

where more than one supervisory body has been designated in accordance with Article 46a(1) of Regulation (EU) No 910/2014, the scope of the supervisory activities of the supervisory body submitting the annual report;

(3)

a description of the organisation, structure, resources and capabilities of the supervisory body;

(4)

a description of ex post and ex ante supervisory activities for each wallet provider carried out during the previous calendar year pursuant to Article 46a(3), point (a), including cases of suspected or potential infringements of Regulation (EU) No 910/2014 and a summary of main challenges identified;

(5)

a summary of on-site inspections and off-site supervision activities carried out by the supervisory body, including at least the following information:

(a)

the identification of the wallet provider or providers;

(b)

the affected wallet solution or solutions;

(c)

a summary of the outcome;

(d)

any measures imposed;

(e)

any actions undertaken by the supervisory body;

(6)

a description of ex post supervisory activities carried out pursuant to Article 46a(3), point (b), of Regulation (EU) No 910/2014 and a summary of main challenges identified;

(7)

a description of any significant security breach or loss of integrity notifications made by the supervisory body to the competent authorities of the Member State concerned, designated or established pursuant to Article 8(1) of Directive (EU) 2022/2555 to the single points of contact of the Member State concerned designated or established pursuant to Article 8(3) of Directive (EU) 2022/2555, to the single points of contact of the other Member State or Member States concerned designated pursuant to Article 46c(1) of Regulation (EU) No 910/2014, or to the public;

(8)

information on requests to wallet providers to remedy any failure to fulfil the requirements laid down in Regulation (EU) No 910/2014;

(9)

a description of cases where the registration of relying parties in the mechanism referred to in Article 5b(7) of Regulation (EU) No 910/2014 was cancelled for reasons of illegal or fraudulent use of the European Digital Identity Wallet;

(10)

a description of any cooperation with, or provision of assistance to, other supervisory bodies established in other Member States, in accordance with Articles 46c and 46e of Regulation (EU) No 910/2014 and an overview of outcomes of such cooperation;

(11)

the frequency and nature of cooperation with competent supervisory authorities established pursuant to Article 51 of Regulation (EU) 2016/679 of the European Parliament and of the Council;

(12)

an outlook on supervisory activities and priorities that the supervisory body intends to focus on in the following year.

ANNEX IIInformation to be included in the annual reports of supervisory bodies of trust services

ANNEX II

Information to be included in the annual reports of supervisory bodies of trust services

The annual reports of supervisory bodies shall include at least the following information:

(1)

the name, address and contact details of the supervisory body submitting the annual report;

(2)

where more than one supervisory body has been designated in accordance with Article 46b(1) of Regulation (EU) No 910/2014, the scope of the supervisory activities of the supervisory body submitting the annual report;

(3)

a description of the organisation, structure, resources and capabilities of the supervisory authority submitting the annual report;

(4)

a description of supervisory activities carried out pursuant to Article 46b(3), point (a) and point (b), during the reported calendar year in relation to non-qualified and qualified trust service providers established in the territory of the designating Member State and the trust services they provide, including cases of suspected or potential infringements of Regulation (EU) No 910/2014 and a summary of main challenges identified;

(5)

a summary of on-site inspections and off-site supervision activities carried out by the supervisory body submitting the annual report, including at least the following information:

(a)

the identification of the qualified trust service provider or providers;

(b)

the affected trust service or services;

(c)

a description of the supervision activity;

(d)

a summary of the outcome;

(e)

any measures imposed;

(f)

actions undertaken by the supervisory body.

(6)

a description of any additional action taken by the supervisory body pursuant to Article 46b(3), of Regulation (EU) No 910/2014;

(7)

a description of any significant security breach or loss of integrity notifications made by the supervisory body submitting the annual report to the competent authorities of the Member State or Member States concerned designated or established pursuant to Article 8(1) of Directive (EU) 2022/2555, to the single points of contact of the Member State or Member States concerned designated or established pursuant to Article 8(3) of Directive (EU) 2022/2555, to the single points of contact in the other Member States concerned designated pursuant to Article 46c(1) of Regulation (EU) No 910/2014, or to the public;

(8)

a description of the scope of cooperation with other supervisory bodies established in other Member States and a description of assistance provided in accordance with Article 46c and Article 46e of Regulation (EU) No 910/2014 and an overview of outcomes of such cooperation;

(9)

a description of the frequency and nature of cooperation of the supervisory bodies for trust services with competent supervisory authorities established pursuant to Article 51 of Regulation (EU) 2016/679 where personal data protection rules appear to have been breached and about security breaches which appear to constitute personal data breaches as regards trust service providers and the trust services they provide;

(10)

a summary of the result of verifying the existence of provisions on termination plans and of verifying their correct application where a supervised qualified trust service provider ceases its activities, including an indication on how information is kept accessible in accordance with Article 24(2), point (h) of Regulation (EU) No 910/2014;

(11)

a description of any investigations of claims made by providers of web browsers that they were investigating during the reporting period pursuant to Article 45a of Regulation (EU) No 910/2014 and on any other consequential actions taken in that context;

(12)

a description of activities relating to trusted lists referred to in Article 22 of Regulation (EU) No 910/2014, including noticeable updates following supervisory activities, relevant experience or compliance issues with Commission Implementing Decision (EU) 2015/1505  ( 1 ) , in particular with availability requirements;

(13)

information about national accreditation schemes of conformity assessment bodies, national conformity assessment schemes or related guidance to conformity assessment schemes, or information about related initiatives;

(14)

a description, where applicable, of any trust infrastructure established, maintained and updated by a supervisory body at a Member State’s request and in accordance with national law.

( 1 )   Commission Implementing Decision (EU) 2015/1505 of 8 September 2015 laying down technical specifications and formats relating to trusted lists pursuant to Article 22(5) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market ( OJ L 235, 9.9.2015, p. 26 , ELI: http://data.europa.eu/eli/dec_impl/2015/1505/oj ).

4 articles

Cite this act

Commission Implementing Regulation (EU) 2025/1571 of 29 July 2025 laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards the formats and procedures for annual reports by supervisory bodies (EUR-Lex). Retrieved via LawPlayer, https://lawplayer.com/eu/act/32025R1571

© European Union, https://eur-lex.europa.eu, 1998-2026. Reuse authorised under Commission Decision 2011/833/EU, provided the source is acknowledged.

EU-EurLex-Reuse-2011-833

本頁資料來源:EUR-Lex·整理提供:法律人 LawPlayer· lawplayer.com