(Utkast) Delegert kommisjonsforordning (EU) …/… av 1. juli 2026 om utfylling av direktiv (EU) 2024/2841 med hensyn til fastsetting av QR-koden på den fysiske versjonen av det europeiske handikapkortet og fastsetting av QR-koden samt etablering av felles tekniske spesifikasjoner som sikrer sikkerheten til den fysiske versjonen av det europeiske parkeringskortet for personer med nedsatt funksjonsevne, samt interoperabilitetsspørsmål
Europeisk kort for mennesker med nedsatt funksjonsevne: utfyllende regler om QR-kode
Utkast til delegert kommisjonsforordning sendt til Europaparlamentet og Rådet for klarering 1.7.2026
Tidligere
- Utkast til forordning lagt fram av Kommisjonen 15.4.2026 med tilbakemeldingsfrist 30.4.2026
Bakgrunn
(fra kommisjonsforordningen)
(1) Directive (EU) 2024/2841 lays down the rules governing the issuance of the European Disability Card and the European Parking Card for persons with disabilities and common templates for those cards. In accordance with Article 7(2) and Article 8(2) of Directive (EU) 2024/2841, European Disability Cards and European Parking Cards for persons with disabilities issued by Member States are to be mutually recognised in all Member States.
(2) The empowerments provided by Article 7(7) and Article 8(7) of Directive (EU) 2024/2841 have the same purpose, namely the prevention and combat of fraud, the security of the physical versions of the European Disability Card and the European Parking Card for persons with disabilities, including through appropriate security measures for personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council, as well as ensuring interoperability. As the subject matter and objectives of the empowerments largely coincide, it is appropriate to lay down rules supplementing Directive (EU) 2024/2841 as regards those matters in a single delegated act.
(3) Directive (EU) 2024/2841 provides for the physical versions of the European Disability Card and the European Parking Card for persons with disabilities to contain a QR code as a state-of-the-art digital feature that uses electronic means to prevent and combat fraud. As such, QR codes are a mandatory digital feature to be printed on all physical cards. To ensure a uniform approach in the creation and use of the QR codes by the Member States, the Commission should adopt technical specifications to set the QR codes, including their content.
(4) The European Parking Card for persons with disabilities will replace all existing parking cards for persons with disabilities issued in accordance with Council Recommendation 98/376/EC. That Recommendation has not been updated to reflect technological and digitalisation developments and Member States have experienced problems with fraud and forgery. Therefore, it is necessary to establish the features that ensure the security of the physical version of the European Parking Card for persons with disabilities, which take into account its specificities such as the fact that it is usually behind the windscreen of the vehicle.
(5) Mandatory common technical specifications should be introduced to ensure the security of the physical version of the European Parking Card for persons with disabilities. Printing the card on an appropriate material, such as polycarbonate, using a diffractive optically variable image device would effectively protect against forgery and falsification. Anti-scan patterns would further increase security by making card duplication detectable, as they should contain a hidden text or a pattern, which would appear when the card is photocopied or scanned. Those features are to be applied without affecting the format of the physical version of the European Parking Card for persons with disabilities set out in Annex II to Directive (EU) 2024/2841, including the visual appearance of the card.
(6) In addition to the QR code and other mandatory technical specifications established by this Regulation, Member States should have the possibility to incorporate optional digital or physical security features, based on common technical specifications laid down in this Regulation, in the physical version of the European Parking Card for persons with disabilities to enhance its security. Where optional digital features contain more personal data than those provided for in the physical versions of the cards, in accordance with point 3(b) of Annex II to Directive (EU) 2024/2841 access to such data is to be limited to public authorities of the issuing Member States and only to authorised users. To maintain a harmonised framework for security features across Member States, the list of optional features should be exhaustive. Moreover, Member States should ensure that the integration of one or more of the optional digital or physical security features does not affect the recognition of valid cards from other Member States or compromise interoperability and the functionality of the mandatory technical specifications.
(7) The physical version of the European Parking Card for persons with disabilities may contain a radio-frequency identification (RFID) chip as an optional digital security feature. RFID makes use of electromagnetic radiating waves or reactive field coupling in the radio frequency portion of the spectrum to communicate to or from a tag through a variety of modulation and encoding schemes to uniquely read the identity of a radio frequency tag or other data stored on it. RFID chips can strengthen protection against forgery and tampering through securely storing or transmitting card-related data. The physical version of the European Parking Card for persons with disabilities may also contain optically variable ink or colour-shifting ink. Such inks provide adequate protection against copying of and tampering with the card without requiring personalisation. To ensure that the card’s data are properly secured against counterfeiting and falsification attempts, the text of the data fields may be integrated into the basic material of the card using laser-engraving technology. Physical security features, whether set as mandatory or optional in this Regulation, which are not visible or that become visible following certain manipulations do not contradict the format of the European Parking Card for persons with disabilities set out in Annex II to Directive (EU) 2024/2841.
(8) Technological advancements, parking verification systems and security risks are continuously evolving. The state of the art develops and the usage of the European Disability Card and the European Parking Card for persons with disabilities evolves, driven by both user feedback and technological progress, and so do techniques of fraud and forgery, leading to evolving security challenges. Therefore, new technological solutions, including those in parking verification, as well as security and anti-fraud prevention needs might necessitate changes in the security and anti-fraud architecture of the cards, including through updating the categorisation of digital features as either mandatory or optional. Depending on technological developments this may necessitate the update of this Regulation.
(9) To ensure that the physical versions of the European Disability Card and the European Parking Card for persons with disabilities can be used seamlessly across all Member States, it is necessary to guarantee interoperability of the digital features on the physical cards, in particular the QR codes. Interoperability should enable the verification of the authenticity and validity of the physical versions of the cards by card verifiers - any natural or legal person who verifies the validity and authenticity of the physical versions of the cards, for example by means of a verification application. To that end, it is necessary to lay down provisions on matters relating to interoperability so as to enable cross-border verifications of the physical versions of the cards to be performed in a consistent and reliable manner.
(10) To ensure the integrity and origin of the data contained in the QR codes on the physical versions of the European Disability Card and the European Parking Card for persons with disabilities, that data should be sealed with a qualified electronic seal as defined in Article 3, point (27), of Regulation (EU) 910/2014 of the European Parliament and of the Council. The QR code confirms the authenticity and validity of the physical card, when cross-checked against the verification parameters, and should not in itself attest the disability status or the entitlement to specific services based on a disability.
(11) In order to facilitate interoperability and the establishment of a trustworthy and secure verification system of the physical versions of the European Disability Card and the European Parking Card for persons with disabilities across the Union, information notification and publication mechanisms should be established. In this regard, and in order to enable the verification that the physical versions of the cards are issued by a competent authority or body, Member States should provide the information necessary for the verification process, specifically the information required to verify the qualified electronic seal. Therefore, the Member States should be required to notify the Commission of the competent authorities or bodies responsible for issuing the physical versions of the cards (card issuers), as well as the relevant administrative and technical information relating to them. The information to be notified to the Commission should be limited to what is necessary to establish interoperable verification mechanisms for verifying the validity and authenticity of the physical versions of the European Disability Card and the European Parking Card for persons with disabilities. The Commission should ensure public access to that information.
(12) Furthermore, in the event of card revocation, information about the revocation of the card should be promptly made available to enable card verifiers to verify the validity of the card. For this purpose, card issuers should maintain and publish in a timely manner lists containing information on the revocation status of all cards that they have revoked prior to their expiry dates (revocation lists). Such publication should respect the privacy and protect the personal data of the card holders. Moreover, revocation lists should not contain any personal data other than the unique revocation identifiers and should be published at a specific Uniform Resource Identifier (URI) in accordance with technical specifications to ensure interoperable verification.
(13) To read the QR code and verify the authenticity and validity of the physical versions of the European Disability Card and the European Parking Card for persons with disabilities, customised verification applications at national level, may be used. The Commission can support this process by providing a common sample source code for the purpose of reading data contained in the QR codes, and for performing the main steps of the verification process, which can serve as a basis for the verification applications in Member States. All verification applications should perform the same trust-chain verification logic against the same trust infrastructure, thereby enabling the reading of data encoded in the cards by the issuing Member State. In addition, Annex I to Directive (EU) 2019/882 of the European Parliament and of the Council sets out accessibility requirements to be complied with by Member States, where applicable.
(14) Recognising the dynamic nature of technological advancements and evolving cybersecurity threats, the Union is committed to ensuring that cryptographic mechanisms employed within its regulatory framework remain effective and secure. In light of this commitment, it is important to adopt cryptographic standards endorsed by the European Cybersecurity Certification Group and disseminated through the European Union Agency for Cybersecurity (ENISA).
(15) Regulation (EU) 2016/679 applies to the processing of personal data under this Regulation. In particular, the verification of the QR codes on the physical versions of the European Disability Card and the European Parking Card for persons with disabilities involves the processing of personal data. Therefore, appropriate data protection safeguards should be established to ensure the protection of personal data contained in the QR codes in compliance with Regulation (EU) 2016/679, where applicable. The general security measures provided in this Regulation should also ensure protection of personal data contained in the QR codes. In addition, the personal data contained in the QR codes should be limited to what is strictly necessary for the purpose of this Regulation. Moreover, retention of the data after the verification is completed should be prohibited. It is also necessary to ensure appropriate security of the revocation lists.
(16) In accordance with Article 14(4) of Directive (EU) 2024/2841, in the preparation of this Regulation the Commission consulted persons with disabilities and their representative organisations as well as experts designated by each Member State in accordance with the principles laid down in the Interinstitutional Agreement of 13 April 2016 on Better Law-Making.
(17) The European Disability Card and the European Parking Card for persons with disabilities constitute a trans-European digital public service within the meaning of Regulation (EU) 2024/903 of the European Parliament and of the Council. Accordingly, an interoperability assessment has been carried out, and the resulting report is to be published on the Interoperable Europe Portal referred to in Article 8 of Regulation (EU) 2024/903.
(18) The European Data Protection Supervisor was consulted on this Regulation in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council and it delivered an opinion on 12 May 2026,