(fra kommisjonsforordningen)

(1) The onboarding of users to the European Digital Identity Wallets (‘wallets’) is a crucial step as regards the verification of the identity of the wallet users, the binding of the personal identification data of the users to their wallets and to the user device in which the wallet units are installed.

(2) To foster a high level of trust and security as well as a harmonised approach across Member States for the onboarding of wallet users with remote onboarding procedures in conjunction with the electronic identification means conforming to assurance level substantial, this implementing act establishes specifications and procedures in order to facilitate the onboarding of users to the European Digital Identity Wallet by electronic identification means conforming to assurance level substantial in conjunction with additional remote onboarding procedures that together meet the requirements of assurance level high.

(3) Those standards should reflect established practices and be widely recognised within the relevant sectors. Those standards should be adapted to include requirements ensuring the security and trustworthiness of the onboarding of users.

(4) Commission Implementing Regulation (EU) 2015/1502 (2) stipulates that where electronic identification means are issued at assurance level high, and taking into account the risks of a change in the person identification data, it is not required to repeat the identity proofing and verification processes. Therefore, in such a case, Member States should leverage on electronic identification means issued at assurance level high also for the onboarding process for the purpose of this Regulation.

(5) Where Member States onboard users to wallets by using an electronic identification means that has not been notified to the Commission, the assurance level of that means should be confirmed by a conformity assessment body defined in Article 2(13) of Regulation (EC) No 765/2008 of the European Parliament and of the Council (3) or by an equivalent body and it should be demonstrated that the results of this previous issuance procedure of an electronic identification means remain valid.

(6) While the Annex sets out the requirements to fulfil for a specific level of identity proofing to be achieved, equivalence has not been established with regard to level of assurance as defined in Article 8 of Regulation (EU) No 910/2014. Therefore, requirements set out in the Annex should be considered as implementing those of Implementing Regulation (EU) 2015/1502 and to be fulfilled by the provider of person identification data or an entity providing identity proofing services on behalf of that provider.

(7) The Commission regularly assesses new technologies, practices, and technical specifications. In accordance with Recital 75 of Regulation (EU) 2024/1183 of the European Parliament and of the Council (4), the Commission should review and, if necessary, update this Implementing Regulation to keep it in line with global developments, new technologies, standards or technical specifications and to follow the best practices on the internal market in particular regarding the onboarding of users to the wallet.

(8) Regulation (EU) 2016/679 of the European Parliament and of the Council (5), and, where relevant, Regulation (EU) 2018/1725 of the European Parliament and of the Council (6), Directive 2002/58/EC of the European Parliament and of the Council (7) apply to the personal data processing activities under this Regulation.

(9) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 and delivered its opinion on 30 January 2026 (8).

(10) The committee established by Article 48 of Regulation (EU) No 910/2014 has not delivered an opinion within the time limit laid down by its Chair,