Kommisjonens gjennomføringsforordning (EU) 2025/2532 av 16. desember 2025 om fastsettelse av regler for anvendelsen av europaparlaments- og rådsforordning (EU) nr. 910/2014 med hensyn til referansestandarder og spesifikasjoner for kvalifiserte elektroniske arkivtjenester
eIDAS-forordningen: utfyllende bestemmelser om kvalifiserte elektroniske arkivtjenester
Commission Implementing Regulation (EU) 2025/2532 of 16 December 2025 laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards reference standards and specifications for qualified electronic archiving services
Kommisjonsforordning publisert i EU-tidende 17.12.2025
Tidligere
- Utkast til forordning lagt fram av Kommisjonen 4.9.2025 med tilbakemeldingsfrist 2.10.2025
Bakgrunn
(fra kommisjonsforordningen)
(1) By Regulation (EU) 2024/1183 of the European Parliament and of the Council (2), a list of new trust services and qualified trust services, including the qualified electronic archiving service, was introduced in Regulation (EU) No 910/2014. The Commission is to establish a list of reference standards and, where necessary, establish specifications for such services.
(2) Electronic archiving is a service for the receipt, storage, retrieval and deletion of electronic data and electronic documents to ensure their durability and legibility as well as to preserve their integrity, confidentiality and proof of origin throughout the preservation period. Qualified electronic archiving services play a crucial role in the digital business environment by promoting the transition from traditional paper-based processes to electronic equivalents. To ensure that electronic data and electronic documents preserve the presumption of their integrity and of their origin for the duration of the preservation period by the qualified trust service provider, and to achieve a high level of transparency and confidence among all participants in the information lifecycle, it is necessary to establish a common set of specifications for qualified electronic archiving services.
(3) To increase the evidentiary value, security and trustworthiness of qualified electronic archiving services, where electronic signatures, electronic seals or electronic time stamps are used to create, sign, seal or attest the date and time of, for example, archiving evidences, evidence records, records of events, records of the correct implementation of procedures, or archiving confirmation reports, qualified trust services should be used.
(4) The presumption of compliance laid down in Article 45j(2) of Regulation (EU) No 910/2014 should only apply where qualified electronic archiving services comply with the requirements set out in this Regulation. The reference standards for qualified electronic archiving services should reflect established practices and be widely recognised within the relevant sectors. They should be adapted to include additional controls ensuring the security and trustworthiness of the qualified electronic archiving services.
(5) If a trust service provider adheres to the requirements set out in this Regulation, supervisory bodies should presume compliance with the relevant requirements of Regulation (EU) No 910/2014 and duly consider such presumption for granting or confirming the qualified status of the trust service. However, a qualified trust services provider may still rely on other practices to demonstrate compliance with the requirements of Regulation (EU) No 910/2014.
(6) In order to preserve the integrity and proof of origin of electronic data and electronic documents containing one or more qualified electronic signatures or seals, qualified electronic archiving services should use procedures and technologies capable of extending the trustworthiness of those electronic signatures and seals beyond the technological validity period, at least throughout the preservation period.
(7) The Commission regularly assesses new technologies, practices, standards or technical specifications. In accordance with recital 75 of Regulation (EU) 2024/1183, the Commission should review and, if necessary, update this Regulation, to keep it in line with global developments, new technologies, practices, standards or technical specifications and to follow the best practices on the internal market.
(8) Regulation (EU) 2016/679 of the European Parliament and of the Council (3) and, where relevant, Directive 2002/58/EC of the European Parliament and of the Council (4) apply to the personal data processing activities under this Regulation.
(9) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council (5) and delivered its opinion on 21 October 2025 (6).
(10) The measures provided for in this Regulation are in accordance with the opinion of the committee established by Article 48 of Regulation (EU) No 910/2014,