This Regulation lays down technical and operational requirements of the interoperability framework in order to ensure the interoperability of the electronic identification schemes which Member States notify to the Commission.
Commission Implementing Regulation (EU) 2015/1501 of 8 September 2015 on the interoperability framework pursuant to Article 12(8) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market (Text with EEA relevance)
Commission Implementing Regulation (EU) 2015/1501 of 8 September 2015 on the interoperability framework pursuant to Article 12(8) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market (Text with EEA relevance)
THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC(1), and in particular Article 12(8) thereof,
Whereas:
Article 12(2) of Regulation (EU) No 910/2014 provides that an interoperability framework should be established for the purposes of interoperability of the national electronic identification schemes notified pursuant to Article 9(1) of that Regulation.
Nodes play a central role in the interconnection of Member States' electronic identification schemes. Their contribution is explained in the documentation related to the Connecting Europe Facility established by Regulation (EU) No 1316/2013 of the European Parliament and of the Council(2), including the functions and components of the ‘eIDAS node’.
Where a Member State or the Commission provides software to enable authentication to a node operated in another Member State, the party which supplies and updates the software used for the authentication mechanism may agree with the party which hosts the software how the operation for the authentication mechanism will be managed. Such an agreement should not impose disproportionate technical requirements or costs (including support, responsibilities, hosting and other costs) on the hosting party.
To the extent that the implementation of the interoperability framework justifies, further technical specifications providing details on technical requirements as set out in this Regulation could be developed by the Commission, in cooperation with Member States, in particular having regard to opinions of the Cooperation Network referred to in Article 14(d) of Commission Implementing Decision (EU) 2015/296(3). Such specifications should be developed as part of the digital service infrastructures of Regulation (EU) No 1316/2013 which provides the means for the practical implementation of an electronic identification building block.
The technical requirements set out in this Regulation should be applicable despite any changes in the technical specifications that might be developed pursuant to Article 12 of this Regulation.
Large-scale pilot STORK, including specifications developed by it, and the principles and concepts of the European Interoperability Framework for European Public Services have been taken into the utmost account when establishing the arrangements of the interoperability framework set out in this Regulation.
The results of the cooperation between Member States have been taken into utmost account.
The measures provided for in this Regulation are in accordance with the opinion of the Committee established by Article 48 of Regulation (EU) No 910/2014,
HAS ADOPTED THIS REGULATION:
Article 1 Subject matter
Those requirements include in particular:
-
minimum technical requirements related to the assurance levels and the mapping of national assurance levels of notified electronic identification means issued under notified electronic identification schemes under Article 8 of Regulation (EU) No 910/2014 as set out in Articles 3 and 4;
-
minimum technical requirements for interoperability, as set out in Articles 5 and 8;
-
the minimum set of person identification data uniquely representing a natural or legal person as set out in Article 11 and in the Annex;
-
common operational security standards as set out in Articles 6, 7, 9 and 10;
-
arrangements for dispute resolution as set out in Article 13.
Article 2 Definitions
For the purposes of this Regulation, the following definitions shall apply:
-
‘node’ means a connection point which is part of the electronic identification interoperability architecture and is involved in cross-border authentication of persons and which has the capability to recognise and process or forward transmissions to other nodes by enabling the national electronic identification infrastructure of one Member State to interface with national electronic identification infrastructures of other Member States;
-
‘node operator’ means the entity responsible for ensuring that the node performs correctly and reliably its functions as a connection point.
Article 3 Minimum technical requirements related to the assurance levels
Minimum technical requirements related to the assurance levels shall be as set out in Commission Implementing Regulation (EU) 2015/1502(4).
Article 4 Mapping of national assurance levels
The mapping of national assurance levels of the notified electronic identification schemes shall follow the requirements laid down in Implementing Regulation (EU) 2015/1502. The results of the mapping shall be notified to the Commission using the notification template laid down in Commission Implementing Decision (EU) 2015/1505(5).