02015R1501-20150909

EUR-Lex

Access to European Union law

This document is an excerpt from the EUR-Lex website

EUROPA
EUR-Lex home
Search results
EUR-Lex - 02015R1501-20150909 - EN

Help

Search tips

Need more search options? Use the Advanced search

Document 02015R1501-20150909

1/1

Help

Consolidated text: Commission Implementing Regulation (EU) 2015/1501 of 8 September 2015 on the interoperability framework pursuant to Article 12(8) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market (Text with EEA relevance)

Access initial legal act

(

Legal status of the document In force

)

09/09/2015

ELI: http://data.europa.eu/eli/reg_impl/2015/1501/2015-09-09

HTML

PDF

02015R1501 — EN — 09.09.2015 — 000.001

This text is meant purely as a documentation tool and has no legal effect. The Union's institutions do not assume any liability for its contents. The authentic versions of the relevant acts, including their preambles, are those published in the Official Journal of the European Union and available in EUR-Lex. Those official texts are directly accessible through the links embedded in this document

►B

COMMISSION IMPLEMENTING REGULATION (EU) 2015/1501

of 8 September 2015

on the interoperability framework pursuant to Article 12(8) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market

(Text with EEA relevance)

(OJ L 235 9.9.2015, p. 1)

Corrected by:

►C1	Corrigendum, OJ L 028, 4.2.2016, p. 18 (2015/1501)

▼B

COMMISSION IMPLEMENTING REGULATION (EU) 2015/1501

of 8 September 2015

(Text with EEA relevance)

Article 1

Subject matter

This Regulation lays down technical and operational requirements of the interoperability framework in order to ensure the interoperability of the electronic identification schemes which Member States notify to the Commission.

Those requirements include in particular:

(a)

minimum technical requirements related to the assurance levels and the mapping of national assurance levels of notified electronic identification means issued under notified electronic identification schemes under Article 8 of Regulation (EU) No 910/2014 as set out in Articles 3 and 4;

(b)

minimum technical requirements for interoperability, as set out in Articles 5 and 8;

(c)

the minimum set of person identification data uniquely representing a natural or legal person as set out in Article 11 and in the Annex;

(d)

common operational security standards as set out in Articles 6, 7, 9 and 10;

(e)

arrangements for dispute resolution as set out in Article 13.

Article 2

Definitions

For the purposes of this Regulation, the following definitions shall apply:

(1)

‘node’ means a connection point which is part of the electronic identification interoperability architecture and is involved in cross-border authentication of persons and which has the capability to recognise and process or forward transmissions to other nodes by enabling the national electronic identification infrastructure of one Member State to interface with national electronic identification infrastructures of other Member States;

(2)

‘node operator’ means the entity responsible for ensuring that the node performs correctly and reliably its functions as a connection point.

Article 3

Minimum technical requirements related to the assurance levels

Minimum technical requirements related to the assurance levels shall be as set out in Commission Implementing Regulation (EU) 2015/1502 ( 4 ).

Article 4

Mapping of national assurance levels

The mapping of national assurance levels of the notified electronic identification schemes shall follow the requirements laid down in Implementing Regulation (EU) 2015/1502. ►C1 The results of the mapping shall be notified to the Commission using the notification template laid down in Commission Implementing Decision (EU) 2015/1984 ( 5 ). ◄

Article 5

Nodes

A node in one Member State shall be able to connect with nodes of other Member States.

The nodes shall be able to distinguish between public sector bodies and other relying parties through technical means.

A Member State implementation of the technical requirements set out in this Regulation shall not impose disproportionate technical requirements and costs on other Member States in order for them to interoperate with the implementation adopted by the first Member State.

Article 6

Data privacy and confidentiality

Protection of privacy and confidentiality of the data exchanged and the maintenance of data integrity between the nodes shall be ensured by using best available technical solutions and protection practices.

The nodes shall not store any personal data, except for the purpose set out in Article 9(3).

Article 7

Data integrity and authenticity for the communication

Communication between the nodes shall ensure data integrity and authenticity to make certain that all requests and responses are authentic and have not been tampered with. For this purpose, nodes shall use solutions which have been successfully employed in cross-border operational use.

Article 8

Message format for the communication

The nodes shall use for syntax common message formats based on standards that have already been deployed more than once between Member States and proven to work in an operational environment. The syntax shall allow:

(a)

proper processing of the minimum set of person identification data uniquely representing a natural or legal person;

(b)

proper processing of the assurance level of the electronic identification means;

(c)

distinction between public sector bodies and other relying parties;

(d)

flexibility to meet the needs of additional attributes relating to identification.

Article 9

Management of security information and metadata

The node operator shall communicate the metadata of the node management in a standardised machine processable manner and in a secure and trustworthy way.

At least the parameters relevant to security shall be retrieved automatically.

The node operator shall store data which, in the event of an incident, enable reconstruction of the sequence of the message exchange for establishing the place and the nature of the incident. The data shall be stored for a period of time in accordance with national requirements and, as a minimum, shall consist of the following elements:

(a)

node's identification;

(b)

message identification.

(c)

message date and time.

Article 10

Information assurance and security standards

Node operators of nodes providing authentication shall prove that, in respect of the nodes participating in the interoperability framework, the node fulfils the requirements of standard ISO/IEC 27001 by certification, or by equivalent methods of assessment, or by complying with national legislation.

Node operators shall deploy security critical updates without undue delay.

Article 11

Person identification data

A minimum set of person identification data uniquely representing a natural or a legal person shall meet the requirements set out in the Annex when used in a cross-border context.

A minimum data set for a natural person representing a legal person shall contain the combination of the attributes listed in the Annex for natural persons and legal persons when used in a cross-border context.

Data shall be transmitted based on original characters and, where appropriate, also transliterated into Latin characters.

Article 12

Technical specifications

Where it is justified by the process of implementation of the interoperability framework, the Cooperation Network established by Implementing Decision (EU) 2015/296 may adopt opinions pursuant to Article 14(d) thereof on the need to develop technical specifications. Such technical specifications shall provide further details on technical requirements as set out in this Regulation.

Pursuant to the opinion referred to in paragraph 1 the Commission in cooperation with Member States shall develop the technical specifications as part of the digital service infrastructures of Regulation (EU) No 1316/2013.

The Cooperation Network shall adopt an opinion pursuant to Article 14(d) of Implementing Decision (EU) 2015/296 in which it evaluates whether and to what extent the technical specifications developed under paragraph 2 correspond to the need identified in the opinion referred to in paragraph 1 or the requirements set in this Regulation. It may recommend that Member States take the technical specifications into account when implementing the interoperability framework.

The Commission shall provide a reference implementation as an example interpretation of the technical specifications. Member States may apply this reference implementation or use it as a sample when testing other implementations of the technical specifications.

Article 13

Dispute resolution

Where possible, any dispute concerning the interoperability framework shall be resolved by the concerned Member States through negotiation.

If no solution is reached in accordance with paragraph 1, the Cooperation Network established in accordance with Article 12 of Implementing Decision (EU) 2015/296 shall have competence in the dispute in accordance with its rules of procedure.

Article 14

Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

This Regulation shall be binding in its entirety and directly applicable in all Member States

ANNEX

Requirements concerning the minimum set of person identification data uniquely representing a natural or a legal person, referred to in Article 11

1. The minimum data set for a natural person

The minimum data set for a natural person shall contain all of the following mandatory attributes:

(a)

current family name(s);

(b)

current first name(s);

(c)

date of birth;

(d)

a unique identifier constructed by the sending Member State in accordance with the technical specifications for the purposes of cross-border identification and which is as persistent as possible in time.

The minimum data set for a natural person may contain one or more of the following additional attributes:

(a)

first name(s) and family name(s) at birth;

(b)

place of birth;

(c)

current address;

(d)

gender.

2. The minimum data set for a legal person

The minimum data set for a legal person shall contain all of the following mandatory attributes:

(a)

current legal name;

(b)

The minimum data set for a legal person may contain one or more of the following additional attributes:

(a)

current address;

(b)

VAT registration number;

(c)

tax reference number;

(d)

the identifier related to Article 3(1) of Directive 2009/101/EC of the European Parliament and of the Council ( 6 );

(e)

Legal Entity Identifier (LEI) referred to in Commission Implementing Regulation (EU) No 1247/2012 ( 7 );

(f)

Economic Operator Registration and Identification (EORI) referred to in Commission Implementing Regulation (EU) No 1352/2013 ( 8 );

(g)

excise number provided in Article 2(12) of Council Regulation (EC) No 389/2012 ( 9 ).

( 1 ) OJ L 257, 28.8.2014, p. 73.

( 2 ) Regulation (EU) No 1316/2013 of the European Parliament and of the Council of 11 December 2013 establishing the Connecting Europe Facility, amending Regulation (EU) No 913/2010 and repealing Regulations (EC) No 680/2007 and (EC) No 67/2010 (OJ L 348, 20.12.2013, p. 129).

( 3 ) Commission Implementing Decision (EU) 2015/296 of 24 February 2015 establishing procedural arrangements for cooperation between Member States on electronic identification pursuant to Article 12(7) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market (OJ L 53, 25.2.2015, p. 14).

( 4 ) Commission Implementing Regulation (EU) 2015/1502 of 8 September 2015 on setting out minimum technical specifications and procedures for assurance levels for electronic identification means pursuant to Article 8(3) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market (see page 7 of this Official Journal).

►C1 ( 5 ) Commission Implementing Decision (EU) 2015/1984 of 3 November 2015 defining the circumstances, formats and procedures of notification pursuant to Article 9(5) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market (OJ L 289, 5.11.2015, p. 18). ◄

( 6 ) Directive 2009/101/EC of the European Parliament and of the Council of 16 September 2009 on coordination of safeguards which, for the protection of the interests of members and third parties, are required by Member States of companies within the meaning of the second paragraph of Article 48 of the Treaty, with a view to making such safeguards equivalent (OJ L 258, 1.10.2009, p. 11).

( 7 ) Commission Implementing Regulation (EU) No 1247/2012 of 19 December 2012 laying down implementing technical standards with regard to the format and frequency of trade reports to trade repositories according to Regulation (EU) No 648/2012 of the European Parliament and of the Council on OTC derivatives, central counterparties and trade repositories (OJ L 352, 21.12.2012, p. 20).

( 8 ) Commission Implementing Regulation (EU) No 1352/2013 of 4 December 2013 establishing the forms provided for in Regulation (EU) No 608/2013 of the European Parliament and of the Council concerning customs enforcement of intellectual property rights (OJ L 341, 18.12.2013, p. 10).

( 9 ) Council Regulation (EU) No 389/2012 of 2 May 2012 on administrative cooperation in the field of excise duties and repealing Regulation (EC) No 2073/2004 (OJ L 121, 8.5.2012, p. 1).

Top

Choose the experimental features you want to try