Kommisjonens gjennomføringsforordning (EU) 2025/1566 av 29. juli 2025 om fastsettelse av regler for anvendelse av europaparlaments- og rådsforordning (EU) nr. 910/2014 med hensyn til referansestandarder for verifisering av identitet og egenskaper til personen som det kvalifiserte sertifikatet eller den kvalifiserte elektronisk attestering av egenskaper skal utstedes
eIDAS-forordningen: verifisering av identitet og egenskaper ved utstedelse av kvalifisert sertifikat
Commission Implementing Regulation (EU) 2025/1566 of 29 July 2025 laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards reference standards for the verification of the identity and attributes of person to whom the qualified certificate or the qualified electronic attestation of attributes is to be issued
Kommisjonsforordning publisert i EU-tidende 30.7.2025
Tidligere
- Utkast til forordning lagt fram av Kommisjonen 15.4.2025 med tilbakemeldingsfrist 13.5.2025
Bakgrunn
(fra kommisjonsforordningen)
(1) Article 24 of Regulation (EU) No 910/2014 requires that qualified trust service providers verify the identity and, if applicable, any specific attributes of a natural or legal person when issuing qualified certificates or qualified electronic attestations of attributes to that person.
(2) In order to ensure equal treatment and ability to trust the result of the verification process, verifications should be carried out in an equivalent manner by all qualified trust service providers when issuing a qualified certificate or a qualified electronic attestation of attributes. In accordance with the objectives of Regulation (EU) No 910/2014, a number of standards have been selected to meet these specific requirements. These standards should reflect established practices and be widely recognised within the relevant sectors. These standards should be adapted to include additional controls ensuring the security and trustworthiness of the qualified trust service, while facilitating cross-border interoperability and the effective functioning of the internal market.
(3) An adequate transitional period for qualified trust service providers should be provided for them to be able to comply with the requirements of Regulation (EU) No 910/2014. With a view to ensuring a sufficient timeframe for the audit of trust service providers as regards compliance with the requirements of this Regulation, this Regulation should apply from 24 months as of its entry into force.
(4) The Commission regularly assesses new technologies, practices, standards or technical specifications. In accordance with Recital 75 of Regulation (EU) 2024/1183 of the European Parliament and of the Council (2), the Commission should review and update this Regulation, if necessary, to keep it in line with global developments, new technologies, standards or technical specifications and to follow the best practices on the internal market.
(5) Regulation (EU) 2016/679 of the European Parliament and of the Council (3) and, where relevant, Directive 2002/58/EC of the European Parliament and of the Council (4) apply to the personal data processing activities under this Regulation.
(6) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council (5), and delivered its opinion on 06 June 2025.
(7) The measures provided for in this Regulation are in accordance with the opinion of the committee established by Article 48 of Regulation (EU) No 910/2014,