Access to European Union law
<a href="https://eur-lex.europa.eu/content/help/eurlex-content/experimental-features.html" target="_blank">More about the experimental features corner</a>
Choose the experimental features you want to try
EUR-Lex
Access to European Union law

This document is an excerpt from the EUR-Lex website

You are here
Use quotation marks to search for an "exact phrase". Append an asterisk (*) to a search term to find variations of it (transp*, 32019R*). Use a question mark (?) instead of a single character in your search term to find variations of it (ca?e finds case, cane, care).
Search tips
Need more search options? Use the Advanced search

Document 32025R0849

Commission Implementing Regulation (EU) 2025/849 of 6 May 2025 laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards the submission of information to the Commission and to the Cooperation Group for the list of certified European Digital Identity Wallets

C/2025/2623

OJ L, 2025/849, 7.5.2025, ELI: http://data.europa.eu/eli/reg_impl/2025/849/oj (BG, ES, CS, DA, DE, ET, EL, EN, FR, GA, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)

Legal status of the document Date of entry into force unknown (pending notification) or not yet in force., Date of effect: 27/05/2025

ELI: http://data.europa.eu/eli/reg_impl/2025/849/oj

European flag

Official Journal
of the European Union

EN

L series

2025/849

7.5.2025

COMMISSION IMPLEMENTING REGULATION (EU) 2025/849

of 6 May 2025

laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards the submission of information to the Commission and to the Cooperation Group for the list of certified European Digital Identity Wallets

THE EUROPEAN COMMISSION,

Having regard to the Treaty on the Functioning of the European Union,

Having regard to Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (1), and in particular Article 5d(7) thereof,

Whereas:

(1)

The European Digital Identity Framework (‘framework’) set out in Regulation (EU) No 910/2014 is a crucial component in the establishment of a secure and interoperable digital identity ecosystem across the Union. With the European Digital Identity Wallets (‘wallets’) as its cornerstone, the framework, aims to facilitate access to online services across Member States, for citizens, residents, and businesses, while ensuring the protection of personal data and privacy.

(2)

Regulation (EU) 2016/679 of the European Parliament and of the Council (2) and, where relevant, Directive 2002/58/EC of the European Parliament and of the Council (3) apply to the personal data processing activities under this Regulation.

(3)

In order for the Commission to establish, publish in the Official Journal of the European Union and maintain in machine-readable form a list with information submitted by Member States about certified wallets, the Commission should establish formats and procedures for Member States to submit and update the required information to the Commission and the European Digital Identity Cooperation Group established pursuant to Article 46e(1) of Regulation (EU) No 910/2014 (‘Cooperation Group’). Considering that the submitted information is intended to be used by the Commission, the Cooperation Group and the general public, Member States should submit the information at least in English as this facilitates its wide accessibility, assessment and comprehension and at the same time enhances cooperation.

(4)

The information about certified wallets that Member States should submit is essential to ensure trust, transparency and harmonisation across the wallet ecosystem, fostering confidence among wallet users, wallet providers and regulatory authorities. Therefore, it should include a description of a wallet solution and the electronic identification scheme under which the wallet solution is provided. Such description should entail details on the authority or authorities responsible for the wallet solution and the electronic identification scheme, the applicable supervisory regime, the liability regime with respect to the party providing the wallet solution, arrangements for suspension or revocation of the electronic identification scheme, the wallet solution provided under it or of any compromised parts of it, and on the certificate and certification assessment report of the provision and operation of wallet solutions and of the electronic identification schemes under which they are provided. The information should be sufficient to enable the Commission to establish, publish in the Official Journal of the European Union and maintain in a machine-readable form a list of certified wallets. The secure electronic channel used for submitting information related to certified wallets should avoid duplicate submissions of the same information by Member States.

(5)

The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council (4) and delivered its opinion on 31 January 2025.

(6)

The measures provided for in this Regulation are in accordance with the opinion of the Committee established in Article 48 of Regulation (EU) No 910/2014,

HAS ADOPTED THIS REGULATION:

Article 1

Subject matter

This Regulation lays down the formats and procedures as regards the submission of information by Member States to the Commission and the Cooperation Group for the list of certified wallets pursuant to Article 5d of Regulation (EU) No 910/2014, to be updated on a regular basis to keep in line with technology and standards developments and with the work carried out on the basis of Commission Recommendation (EU) 2021/946 (5), and in particular the Architecture and Reference Framework.

Article 2

Definitions

For the purposes of this Regulation, the following definitions apply:

(1)

‘wallet solution’ means a combination of software, hardware, services, settings, and configurations, including wallet instances, one or more wallet secure cryptographic applications and one or more wallet secure cryptographic devices;

(2)

‘wallet instance’ means the application installed and configured on a wallet user’s device or environment, which is part of a wallet unit, and that the wallet user uses to interact with the wallet unit;

(3)

‘wallet unit’ means a unique configuration of a wallet solution that includes wallet instances, wallet secure cryptographic applications and wallet secure cryptographic devices provided by a wallet provider to an individual wallet user;

(4)

‘wallet provider’ means a natural or legal person who provides wallet solutions;

(5)

‘wallet user’ means a user who is in control of the wallet unit;

(6)

‘wallet secure cryptographic application’ means an application that manages critical assets by being linked to and using the cryptographic and non-cryptographic functions provided by the wallet secure cryptographic device;

(7)

‘wallet secure cryptographic device’ means a tamper-resistant device that provides an environment that is linked to and used by the wallet secure cryptographic application to protect critical assets and provide cryptographic functions for the secure execution of critical operations;

(8)

‘critical assets’ means assets within or in relation to a wallet unit of such extraordinary importance that where their availability, confidentiality or integrity are compromised, this would have a very serious, debilitating effect on the ability to rely on the wallet unit;

(9)

‘provider of person identification data’ means a natural or legal person responsible for issuing and revoking the person identification data and ensuring that the person identification data of a user is cryptographically bound to a wallet unit.

Article 3

Format, procedure for submissions and information to be submitted by Member States to the Commission

1.   Member States shall submit the information set out in the Annex to the Commission and to the Cooperation Group through a secure electronic channel made available by the Commission.

2.   Member States shall submit the information required under paragraph 1 at least in English.

3.   Where there are any changes to the submitted information, including changes to the certification status of the wallets, Member States shall submit the updated information through the channel referred to in paragraph 1.

Article 4

Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

This Regulation shall be binding in its entirety and directly applicable in all Member States.

Done at Brussels, 6 May 2025.

For the Commission

The President

Ursula VON DER LEYEN

(1)   OJ L 257, 28.8.2014, p. 73, ELI: http://data.europa.eu/eli/reg/2014/910/oj.

(2)  Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1, ELI: http://data.europa.eu/eli/reg/2016/679/oj).

(3)  Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) (OJ L 201, 31.7.2002, p. 37, ELI: http://data.europa.eu/eli/dir/2002/58/oj).

(4)  Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39, ELI: http://data.europa.eu/eli/reg/2018/1725/oj).

(5)  Commission Recommendation (EU) 2021/946 of 3 June 2021 on a common Union Toolbox for a coordinated approach towards a European Digital Identity Framework (OJ L 210, 14.6.2021, p. 51, ELI: http://data.europa.eu/eli/reco/2021/946/oj).

ANNEX

Information to be submitted by Member States

1.

The purpose of the submission, indicated as one of the following:

(a)

a provided and certified wallet;

(b)

a change is made to any previously submitted information regarding a wallet;

(c)

a request to remove a wallet from the list of provided and certified wallets.

2.

Information to be submitted about a provided and certified wallet:

(a)

a description of the wallet solution, including:

the name of the wallet solution;

a unique reference identifier of the wallet solution;

the name, the trade name where applicable, address, and, where relevant, additional information on the wallet provider;

a description of the management of the wallet solution, including:

characteristics and design;

issuance, delivery, and activation;

suspension, revocation, and reactivation;

recovery and backup, where applicable;

renewal and replacement;

management practices for wallet transaction logs;

(b)

a description of the electronic identification scheme under which the wallet solution is provided and certified, including:

the title of the electronic identification scheme;

a unique identifier for the electronic identification scheme;

the name of the authority or names of the authorities responsible for the electronic identification scheme;

a description of the management and organisation of the electronic identification scheme;

the name, trade name where applicable, address, and, where relevant, additional information on the provider or providers of person identification data;

for each provider of person identification data:

the set or sets of person identification data provided to natural and legal persons under the electronic identification scheme;

a description of the set or sets of person identification data for which the Member State ensures uniqueness;

a description of the supervisory regime in accordance with Article 46a of Regulation (EU) No 910/2014 as regards to:

the providers of person identification data, including identification of the supervisory body;

the wallet provider, including identification of the supervisory body;

a description of the liability regime in accordance with Article 5a(19) of Regulation (EU) No 910/2014, as regards to:

the provider or providers of person identification data;

the wallet provider;

a description of the enrolment process, including descriptions of:

applying for wallet units and person identification data;

the registration of wallet users;

where applicable, the identity proofing and verification of natural persons;

where applicable, the identity proofing and verification of legal persons;

any policies that apply to the authority or authorities responsible for the electronic identification scheme including arrangements for suspension or revocation of:

the electronic identification schemes;

wallet unit attestations issued by the wallet provider;

any other compromised parts of the wallets;

(c)

the certificate and certification assessment report in compliance with Article 5c of Regulation (EU) No 910/2014.

ELI: http://data.europa.eu/eli/reg_impl/2025/849/oj

ISSN 1977-0677 (electronic edition)

Top