COMMISSION IMPLEMENTING REGULATION (EU) …/...

of XXX

laying down rules on certification schemes, certification bodies, and audits under Regulation (EU) 2024/3012 of the European Parliament and of the Council

THE EUROPEAN COMMISSION,

Having regard to the Treaty on the Functioning of the European Union,

Having regard to Regulation (EU) 2024/3012 of the European Parliament and of the Council of 27 November 2024 establishing a certification framework for permanent carbon removals, carbon farming and carbon storage in products 1 , and in particular Article 9(5), Article 11(5), Article 12(3), third subparagraph, Article 13(4) and Article 14(2) thereof,

Whereas:

(1)To promote comparable information, it is appropriate to set out standardised templates for the key certification documents, including the activity and monitoring plans, and the certification and recertification audit reports.

(2)To ensure a robust and transparent certification process, it is necessary to set out high standards in terms of certification scheme’s governance, internal monitoring, handling and assessment of complaints, and documentation management, including manuals, internal policies or definition of responsibilities. Farmer, forester or other relevant trade associations, environmental non-governmental organisations, academia, and industry should by way of example be included in the governance structure of the certification schemes, where appropriate to ensure a reasonable representation of the key socio-economic groups and actors with an interest in the scope of the certification scheme. Certification schemes should be required to have the necessary technical capacity to provide technical advice to operators on the implementation of the certification methodologies, including the validation of models for the quantification of carbon removals and soil emission reductions from carbon farming.

(3)Certification schemes should set up a system of internal monitoring in order to verify compliance of operators with the scheme’s rules and procedures and to ensure the robustness and credibility of the certification work carried out by certification bodies.

(4)It is appropriate to distinguish three categories of non-conformities: critical, major and minor. Each non-conformity should be treated in an adequate way with proportionate consequences, including remediation measures and sanctions, where relevant.

(5)Operators have the possibility to participate in a different certification scheme at any time. However, rules are needed to prevent the risk of ‘scheme hopping’ whereby an operator who has failed an audit under one scheme immediately applies for certification under another scheme. Such rules should also apply to situations where the operator changed legal personality but remains the same in substance, so that minor or purely formal modifications, namely changes in the governance structure or the scope of activities, do not exempt the operator with a new identity from such rules.

(6)To ensure full transparency of the certification process, key information on the governance and functioning of the certification schemes should be made publicly available on their websites and, when established, on the Union registry.

(7)To ensure a robust certification scheme, reasonable level of assurance should be required for the certification bodies to conclude that the activity is free from material errors and omissions of misstatements, following the verification of the data submitted by operators or groups of operators. Applications for certification of compliance should be thoroughly checked on a reasonable assurance basis before the activity can start.  Re-certification audits should also be conducted at a reasonable assurance level.

(8)Carbon farming is typically carried out by small operators for which the administrative burden and costs associated to third-party verification requirements could be a major barrier to join the certification process. With the view to simplify, while still ensuring overall robust verification, group auditing should be allowed for carbon farming operators according to a set of harmonised risk-based rules. These rules should be designed to be accessible and user-friendly for small operators, leveraging existing technologies, in order to simplify compliance control.

(9)Certification bodies are key actors in the certification process. Therefore, it is necessary for certification schemes to appoint only certification bodies accredited under relevant European technical standards and ensure that the certification body’s auditors have all the necessary technical skills and auditing experience. It is also appropriate for Member States and the Commission to monitor, if needed, the activities of certification bodies and access all relevant certification information, including certification, re-certification and surveillance audits.

(10)Until the Union registry is established in 2028, certification schemes should ensure that their registries meet a set of minimum requirements, to avoid double counting and effectively handle cases of incorrect or fraudulent issuance of certified units. To facilitate the smooth transition towards the Union registry, the Commission may issue technical guidelines on the exchange of data amongst certification registries and the linking with the Union registry.

(11)It is appropriate to lay out the procedure for the Commission’s recognition of certification schemes, which could apply for recognition against one or more certification methodologies. The recognition process should be based on a thorough assessment of the scheme’s compliance with the rules set out in the relevant certification methodologies and in this Regulation.

(12)The measures provided for in this Regulation are in accordance with the opinion of the Climate Change Committee,

HAS ADOPTED THIS REGULATION:

CHAPTER I

SUBJECT MATTER, DEFINITIONS AND ACTIVITY AND MONITORING PLANS

Article 1

Subject matter

This Regulation lays down rules for implementing Regulation (EU) 2024/3012 as regards the following:

(a)the structure, format and technical details of the activity plan and of the monitoring plan to be submitted by an operator or a group of operators to a certification body and of the certification, re-certification and surveillance audit reports to be issued by a certification body, pursuant to Article 9 of Regulation (EU) 2024/3012;

(b)the structure, format, technical details and process required for the operation of certification schemes, verification of information on independent auditing and the publication of information on appointed certification bodies pursuant to Article 11 of Regulation (EU) 2024/3012;

(c)the structure, format and technical details of the certification registries and of the recording, holding or use of certified units pursuant to Article 12(3), paragraph 3, of Regulation (EU) 2024/3012;

(d)the structure, format and technical details of the recognition and notification processes of certification schemes pursuant to Article 13 of Regulation (EU) 2024/3012;

(e)the structure, format and technical details of the reports to be submitted to the Commission by the certification schemes pursuant to Article 14 of Regulation (EU) 2024/3012.

Article 2

Definitions

For the purposes of this Regulation, the following definitions apply:

(a)‘surveillance audit’ means an audit carried out by a certification body during the monitoring period;

(b)‘terminated certificate’ means a certificate that has been voluntarily cancelled while it is still valid;

(c)‘withdrawn certificate’ means a certificate that has been permanently cancelled by the certification body or the certification scheme;

(d)‘expired certificate’ means a certificate that is no longer valid;

(e)‘group auditing’ means a process in which the approach to auditing activities can be defined at group level;

(f)‘non-conformity’ means a failure by an economic operator to comply with the rules and procedures, established by the certification scheme, of which they are members.

Article 3

Activity plan, monitoring plan, and certification audit and re-certification audit reports

1.The activity plan to be submitted by an operator or a group of operators pursuant to Article 9(1) of Regulation (EU) 2024/3012 shall include the elements as set out in Annex I to this Regulation.

2.The monitoring plan to be submitted by an operator or a group of operators pursuant to Article 9(1) of Regulation (EU) 2024/3012 shall include the elements as set out in Annex II to this Regulation.

3.The certification audit report and the re-certification audit report to be issued by the certification body pursuant to Article 9(2) and (3) of Regulation (EU) 2024/3012 shall include the elements as set out in Annex III to this Regulation.

CHAPTER II

OPERATION OF CERTIFICATION SCHEMES, AUDITING AND CERTIFICATION BODIES

Section 1

Operation of certification schemes

Article 4

Governance structure

1.Certification schemes shall set up a governance structure that ensures that the scheme has the necessary legal and technical capacity, impartiality and independence to perform its duties. The governance structure shall include either a technical committee, or an equivalent system of technical expert support, to provide advice the scheme management on technical issues, including on models for the quantification of carbon removals or soil emission reductions of carbon farming activities.

2.Certification schemes shall include in the governance structure representatives from relevant stakeholder groups. Individual stakeholders or a stakeholder group shall not dominant role in the decision-making process. Certification schemes shall set up rules and procedures to avoid conflicts of interest in decision-making. Decisions on the design and operation of the scheme shall only be taken where a quorum of the majority of stakeholders is reached.

Article 5

Internal monitoring, complaints procedure and documentation management system

1.Certification schemes shall set up a system of internal monitoring. and shall carry it out at least once a year and reflect the certification scope of the scheme, as well as the level of risk of the activities carried out by the operators. As part of the internal monitoring, certification schemes shall require certification bodies to provide them with certification, re-certification, or surveillance audit reports (“audit reports”). The internal monitoring shall cover a random and risk-based sample of those audit reports by each certification body.

2.Certification schemes shall establish procedures for the lodging and handling of complaints against operators or certification bodies. Those procedures shall allow complaints to be sent electronically, and shall ensure the protection of natural or legal persons who report infringements or lodge complaints in good faith in accordance with Directive (EU) 2019/1937 of the European Parliament and of the Council 2 .

3.Certification schemes shall keep a register of all complaints. Upon request by the Commission or the Member State where the complaint has been lodged, certification schemes shall provide the requester with all documents related to a complaint and its handling.

4.Certification schemes shall ensure effective follow-up of the results of the internal monitoring and the handling of complaints and, where necessary, apply the relevant remediation actions and sanctions for non-conformity by operators pursuant to the rules and procedures established in accordance with Article 6(1). Where necessary, certification schemes shall take corrective measures on their governance structure or on their internal monitoring process.

5.Certification schemes shall establish a documentation management system that addresses each of the following elements:

(a)general scheme’s documents, e.g. manuals, policies, definition of responsibilities; 

(b)internal control system of certification documents and records;

(c)review of the documentation management system;

(d)internal auditing and monitoring;

(e)procedures for prevention, identification and management of non-conformities.

6.Documentation listed in paragraph 5 shall be kept at least for 5 years after the end of the monitoring period. 

Article 6

Non-conformities by operators

1.Certification schemes shall set up a comprehensive system to deal with non-conformities by operators. That system shall include a clear classification of non-conformities, based on their degree of severity in accordance with the requirements set out in paragraphs 2 to 5. For each type of non-conformity, certification schemes shall set up a transparent set of rules and procedures to ensure timely enforcement of the remediation measures and sanctions listed in Article 7.

2.Certification schemes shall classify non-conformities identified during an audit certification or re-certification audit as critical, major or minor.

3.A critical non-conformity shall consist in an irreversible violation of certification scheme’s rules or procedures that jeopardises the integrity of the certification scheme.

Critical non-conformities shall include at least the following:

(a)non-compliance with the quality criteria set out in Articles 4 to 7 of Regulation (EU) 2024/3012 and with the certification methodologies referred to in Article 8 of that Regulation;

(b)deliberate misstatement of activity description;

(c)falsification of greenhouse gas (GHG) data.

4.A major non-conformity shall consist in a repeated and reversible violation of certification scheme’s rules or procedures that alone, or in combination with further non-conformities, may result in a fundamental systemic failure.

Major non-conformities shall include at least the following:

(a)repeated problems with GHG data reported, such as incorrect documentation identified in more than 10 % of the claims included in the representative sample;

(b)omission of an operator or a group of operators to declare its participation in other certification schemes during the certification process;

(c)failure to provide relevant information to the certification body.

5.A minor non-conformity shall have a limited impact, constitute an isolated or temporary lapse, and shall not result in a fundamental systemic failure if not corrected.

Article 7

Remediation measures and sanctions for non-conformities

1.In the event of non-conformities, the remediation measures and sanctions as laid down in paragraphs 2, 3 and 4 shall apply to operators or groups of operators.

2.In the case of critical non-conformities, operators applying for certification shall not be issued a certificate. 

Operators which were not issued a certificate in accordance with the first subparagraph may re-apply for certification after a set period of time, determined by the certification scheme according to the characteristics of the activity.

Critical non-conformities identified during re-certification or surveillance audits, or through a certification scheme’s internal monitoring or complaints process, shall lead to the immediate withdrawal of the certificate and no further issuance of certified units.

3.In the case of major non-conformities, operators applying for certification shall not be issued a certificate.

Operators which were not issued a certificate in accordance with the first subparagraph may re-apply for certification after a set period of time, determined by the certification scheme according to the characteristics of the activity.

Major non-conformities identified during re-certification or surveillance audits, or through a certification scheme’s internal monitoring or complaints process, shall lead to the immediate suspension of the certificate. Where operators do not implement the remediation action within 90 days from the notification of the suspension, the certificate shall be withdrawn.

4.In the case of minor non-conformities, certification schemes may define the period for the implementation of the remediation measures, that shall not exceed 12 months from their notification.

Article 8

Change of certification scheme by operators or groups of operators

1.Certification schemes shall require an operator or a group of operators to disclose the following information in their application for certification:

(a)whether they or their legal predecessor are currently participating in another certification scheme or have participated in another certification scheme in the last 5 years;

(b)the auditing reports of the last 2 re-certification audits in another certification scheme, including, where applicable, any decision to suspend or withdraw their certificates;

(c)whether they withdrew from a previous certification scheme before the first re-certification audit.

2.Certification schemes shall reject the application for certification of operators or groups of operators in the following cases:

(a)where the information listed in paragraph 1 has not been disclosed;

(b)where operators or group of operators or their legal predecessors failed the certification audit under another scheme;

(c)where operators or group of operators or their legal predecessors withdrew from another scheme before the first re-certification audit.

Point (b) shall not apply where certification audit under another scheme took place more than 5 years before the application for certification or if in the meantime the other scheme ceased its certification activities, and that prevented the operator or group of operators from re-applying to the scheme. In that case the scope of the certification audit shall be adjusted to cover all relevant issues and shall focus on the shortcomings identified in the certification audit that operators or group of operators or their legal predecessors failed in the other scheme.

Point (c) shall not apply where the operator or group of operators prove that it had a valid reason for withdrawing from another scheme before the first re-certification audit. In that case the scope of the certification audit shall be adjusted to cover all relevant issues of the re-certification audit

Article 9

Publication of information by certification schemes and minimum content of their annual operation report

1.Certification schemes shall make publicly and freely available on their website at least the information listed in Annex IV. The Commission shall make that information publicly available on the Union registry.

2.Certification schemes shall list on their registries those operators with a withdrawn certificate, terminated certificate or expired certificate, for at least 24 months after the date of withdrawal, termination or expiry of the certificate. Certification schemes shall make public without delay any changes in the certification status of operators.

3.The annual operation report referred to in Article 14(1), first subparagraph of Regulation (EU) 2024/3012 shall cover the preceding calendar year and shall follow the structure and shall have the content as set out in Annex V to this Regulation.

Section 2

Auditing

Article 10

Audit process and levels of assurance

1.Certification schemes shall require that operators or group of operators successfully pass a certification audit by a certification body selected from a list of certification bodies approved by the certification scheme, before allowing them to participate in the scheme. The audit shall as a minimum provide reasonable assurance of the conformity of the activity, including its activity plan and monitoring plan, with the requirements laid down in Articles 4 to 7 of Regulation (EU) 2024/3012 and in the relevant certification methodology.

2.Certified operators or group of operators shall be subject to regular recertification and surveillance audits, whose frequency is set out in the relevant certification methodologies, adopted pursuant to Article 8 of the Regulation (EU) 2024/3012. The certification audit and the first recertification audit may take place at the same time, upon request by operators or group of operators. In the case of group audits, the certification, re-certification or surveillance audit may cover a sample of the group members in accordance with Article 12 of this Regulation. The technical reviewer of the certification body shall be responsible for validating the results of the certification and recertification audits.

3.Certification schemes shall establish detailed guidance setting out how certification, re-certification and surveillance audits are planned and carried out, to ensure that they are conducted in accordance with EN ISO/IEC 17065, including EN ISO/IEC 17029 and EN ISO/IEC 17021-2. Certification schemes shall ensure an efficient and timely exchange of audit information between them to support the effective preparation and conduct of the audit.

4.Certification and re-certification audits shall cover at least the following elements:

(a)identification of the activity undertaken by the operator which is relevant to the certification scheme’s rules;

(b)identification of the relevant control systems of the operator and its overall organisation with respect to the certification scheme’s rules and checks of the effective implementation of relevant control systems;

(c)analysis of the risks which could lead to a material misstatement, based on the auditor’s professional knowledge and the information submitted by the operator; 

(d)a verification plan which corresponds to the risk analysis and the scope and complexity of the operator’s activity, and which defines the sampling methods to be used with respect to that operator’s activity;

(e)implementation of the verification plan by gathering evidence in accordance with the defined sampling methods, plus all relevant additional evidence, upon which the auditor’s conclusion will be based;

(f)a request by the certification body to the operator to provide any missing elements of audit trails, an explanation of variations, or the revision of claims or calculations, before reaching a final audit conclusions;

(g)verification of the accuracy of data recorded by the operator;

For the purposes of point (c), the analysis of risks shall take into consideration the overall risk profile of the activity, depending on the level of risk of the operator. The audit intensity or scope, or both, shall be adapted to the level of overall risk items.

5.Certification bodies shall only certify operators where they comply with all the following requirements:

(a)have a documentation management system;

(b)have an auditable system for safekeeping and reviewing all evidence related to the claims they make or rely on;

(c)keep all evidence necessary to comply with this Regulation and Regulation (EU) 2024/3012 for a minimum of 5 years after the end of the monitoring period, or longer if requested by national legislation;

(d)accept responsibility for preparing any information related to the auditing of such evidence.

Article 11

Auditing of carbon removal and soil emission calculations

1.Certification schemes shall require operators to provide the certification bodies with the activity plan and monitoring plan in advance of the certification audit, and with the monitoring report in advance of the re-certification audits or surveillance audits.

2.For the purposes of the re-certification audits, the monitoring report shall include the necessary information relating to the calculation of the net carbon removal benefit or the net soil emission reduction benefit, in accordance with the relevant certification methodology, and any relevant information on the compliance of the activity with the liability and sustainability criteria, as set out in the relevant certification methodology.

3. For the purposes of the surveillance audits, the monitoring report shall include the necessary information relating to the monitoring of the stored carbon, and any case of reversals, including remediation measures.

4.Upon request, certification schemes shall provide the Commission and the national authorities responsible for supervision of the certification bodies with access to the respective audit reports and the certificates of compliance.

Article 12

Group auditing for carbon farming

1.Certification schemes shall allow for group auditing upon request of groups of operators for carbon farming activities only in the following cases:

(a)the areas where the activities to be certified take place are in geographical proximity to each other and have similar pedoclimatic characteristics, such as climatic or soil conditions;

(b)for the purpose of calculating carbon removals and soil and marine sediments emission reductions, the activities have similar processes and procedures;

(c)all group members apply the same relevant certification methodology adopted pursuant to Article 8(2) of Regulation (EU) 2024/3012;

(d)the group of operators has established a system for internal controls comprising a documented set of risk-based control activities and procedures in accordance with which an identified person or body is responsible for verifying compliance of each member of the group with the applicable certification methodology.

2.A group of operators applying for a group audit shall designate a group manager, who shall legally represent the group of operators and shall be responsible for ensuring that each operator complies with the applicable certification methodology.

3.Certification bodies carrying out group auditing may verify all activities concerned on the basis of a sample of group members. Certification schemes shall set out guidelines on the implementation of group auditing, including at least the following elements:

(a)role of the group manager, including with regard to the internal management system and internal group inspection procedures and their frequency;

(b)size of the sample of the activities concerned, determined in accordance with paragraph 5.

4.A sample consisting of a number of group members equivalent to the square root of the total number of group members shall be audited individually at a frequency set out in the applicable certification methodology. That number shall be increased in the event of a higher level of risk.

5.For group auditing, if a critical or major non-conformity is identified in one operator of the initial group sample of group members, an additional sample of group members of the same size shall be audited. Systemic non-conformity of the majority of group members across the whole sample shall lead to the suspension or withdrawal of the whole group certification, as applicable.

6.Certification schemes shall establish criteria for determining the general level of risk in the areas covered by the activities of the group and the consequences of that level of risk for the auditing approach. The sample shall be representative of the whole group and determined using a combination of risk and random selection. Random selection shall represent at least 25 % of the members of the sample, which also represent at least 25% of the total area covered by the activities of the group. The members selected for the group audit shall vary from year to year.

7.Audits of the group manager shall always be conducted on-site. Audits of group members may be desk-based, provided that desk audits are able to provide a comparable level of assurance as an on-site audit. Certification schemes shall determine what evidence is required to allow for desk audits. Self-declarations from operators shall not be considered to be sufficient evidence.

Section 3

Certification bodies

Article 13

Appointment of certification bodies

1.Certification schemes shall ensure that each certification body appointed to carry out the verification activities, including certification, re-certification and surveillance audits, and to issue and update certificates of compliance on behalf of the certification scheme comply with the rules laid down in this Article.

2.Certification bodies shall be accredited in accordance with EN ISO/IEC 17065. When a certification body conducts verification activities, either with its internal resources or with other resources under its direct control, it shall also meet the applicable requirements of EN ISO/IEC 17029 and EN ISO 14065. The certification body shall only use other resources for verification activities from accredited bodies that meet the applicable requirements of EN ISO/IEC 17029 and EN ISO 14065.

3.Certification bodies shall select and appoint the audit team in accordance with EN ISO/IEC 19011, taking into account the competence needed to achieve the objectives of the audit. The audit team shall have the competence, experience and the skills necessary for conducting the audit. Where there is only one auditor, the auditor shall also have the competence to perform the duties of an audit team leader applicable for that audit.

4.Auditors chosen by certification bodies shall meet the following requirements:

(a)be independent of the activity being audited;

(b)be free from conflict of interest, for instance not being involved simultaneously in consultancy and audit with the same operator over the past three years previous to the audit];

(c)have the knowledge, experience and skills necessary for conducting the audit related to the certification scheme’s scope, including:

(1) a minimum of 2 years’ experience in fuel life-cycle assessment; 

(2)specific experience in auditing GHG emission calculations in accordance with the relevant certification methodology; 

(3)depending on the specific types of activity audited, additional experience in agriculture, agronomy, ecology, forestry, natural science, silviculture, engineering, energy management or a related field.

(4)where the scope of the audit includes verifying soil organic carbon levels, technical knowledge on soil science;

(d)for group auditing, they shall have experience in conducting group audits.

5.Certification bodies shall rotate the auditors at least every 3 years. Certification bodies may apply other equivalent best practices that ensure the independency of auditors.

6.Certification bodies that are no longer entitled to conduct auditing under a certification scheme shall be listed for at least 12 months on the scheme’s website after the last audit with an indication to that effect.

7.The requirements set out in paragraphs 2 and 3 of this Article shall not apply to certification bodies that are accredited for verification activities for the purposes of Commission Implementing Regulation (EU) 2022/996 3 or Commission Implementing Regulation (EU) 2018/2066 4 .

Article 14

Training of certification bodies

1.Certification schemes shall set up training courses for auditors of the certification bodies appointed by the scheme, covering all aspects relevant to the scope of the scheme. The courses shall include an examination to demonstrate the participants’ compliance with the training requirements in the technical area or areas in which they are active. Auditors shall participate in the training courses before performing audits on behalf of the certification scheme.

2.Certification schemes shall implement a system to monitor the training status of auditors and ensure that auditors undertake training on a regular basis. Certification schemes shall also provide necessary guidance to certification bodies on aspects that are relevant to the certification process, including updates on the regulatory framework or relevant findings from the certification scheme’s internal monitoring process.

Article 15

Supervision of certification bodies by the Member States and the Commission

1.Certification schemes shall require certification bodies conducting audits under the scheme, as well operators participating in the scheme, to cooperate with the Commission and the national competent authorities of the Member States, including granting access to the premises of operators where requested, as well as making available to the Commission and the national competent authorities of the Member States all information needed to fulfil their tasks under Regulation (EU) 2024/3012.  Certification bodies shall:

(a)provide the information needed by Member States to supervise the operation of certification bodies pursuant to Article 10 of Regulation (EU) 2024/3012;

(b)provide the information required by the Commission to comply with Article 13 of Regulation (EU) 2024/3012;

(c)verify the accuracy of information entered into the relevant certification registry and the Union Registry pursuant to Article 12 of Regulation (EU) 2024/3012.

Member States may delegate the supervision of certification bodies to the national accreditation bodies pursuant to Regulation (EC) No 765/2008.   

2.In the context of the supervision provided for in Article 10(4) of Regulation (EU) 2024/3012, Member States may establish procedures allowing certification bodies, regardless of whether their head office is located in their Member State, to register for supervision and for carrying out the supervision.

3.Member States shall exchange information and share best practices on how to supervise the operation of the certification bodies in the context of a formal cooperation framework. Where certification bodies carry out the certification of activities related to carbon removals, carbon farming and carbon storage in products in more than one Member State, the Member States concerned shall set up a common framework to supervise such certification bodies, including appointing one Member State as lead audit supervisor.

4.The lead audit supervisor shall be responsible, in cooperation with the other Member States concerned, for consolidating and sharing information with other Member States about the outcome of the supervision of the certification bodies.

5.Where a Member State has reasonable doubts about the ability of a specific certification body to carry out its audit work, it shall share that information with the other Member States, the Commission and the certification scheme under which the certification body operates. The certification scheme concerned shall immediately investigate the case. Upon completion of its investigation, the certification scheme shall inform the Member States and the Commission of the outcome of the investigation and of any corrective actions taken.

6.Operators and certification bodies failing or unwilling to comply with the requirements set out in paragraphs 1 to 5 shall be respectively excluded from participating in and conducting audits on behalf of certification schemes.

CHAPTER III

CERTIFICATION REGISTRIES

Article 16

Certification registries

1.Certification schemes shall ensure their certification registries fulfil the following requirements:

(a)register and track the identity of certified operators and the relevant certificates of compliance;

(b)prevent the registration of any activity that is registered under another carbon removal or soil emission reduction certification scheme;

(c)prevent the issuance of certified units for a given activity where another certification scheme has issued certified units for the same activity and has not cancelled those certified units;

(d)prevent certified units to be accounted by or on behalf of a beneficiary (retired) or definitively deleted from a registry without accounting (cancelled) once they have already been retired or cancelled;

(e)require the identification of the beneficiary referred to in point (d) and the purpose for which the unit was retired or cancelled;

(f)address erroneous or fraudulent issuance of certified units through remediation measures.

The remediation measures referred to in point (f) shall at least include the suspension of the operator’s account and, where relevant, the subsequent compensation for excess issuance of certified units. Such compensation shall take place through either the cancellation by the certification schemes of the corresponding number of issued certified units in the operator’s account, or through the replacement by the operator of an equivalent number of certified units, followed by their immediate cancellation.

2.The IT security system underpinning the certification registries shall fulfil the following requirements:

(a)be based on the principles of legality, transparency, proportionality and accountability;

(b)be considered during the whole process of the life cycle development of the system;

(c)ensure the appropriate levels of authenticity, availability, confidentiality, integrity, non-repudiation, protection of personal data and professional secrecy;

(d)be based on a risk management process;

(e)clearly define roles and responsibilities of the different users;

(f)enumerate the security requirements and the system dependencies of any other IT system or IT service;

(g)be summarised in an IT security plan and an IT security implementation plan;

(h)have an IT security implementation plan defining the required projects and processes to reduce risks to an appropriate level and at a proportionate cost, and be compliant with a well-recognised IT security standard.

CHAPTER IV

RECOGNITION OF CERTIFICATION SCHEMES

Article 17

Recognition of certification schemes

1.Only certification schemes that comply with the rules laid down in Regulation (EU) 2024/3012, the relevant certification methodologies and the requirements set out in this Regulation shall be eligible for recognition by the Commission.

2.A certification scheme shall include the following information in its application for recognition:

(a)name, address and contact information;

(b)an overview of the intended scope and activities of the certification scheme;

(c)the reference to the certification methodology or methodologies for which the certification scheme is applying for recognition;

(d)the rules and procedures demonstrating compliance with the relevant certification methodology or methodologies for which the scheme is applying for recognition;

(e)the rules and procedures demonstrating compliance with the requirements set out in this Regulation.

3.Only complete applications shall be assessed by the Commission. Where needed, the Commission shall request further information from the relevant certification scheme. The findings of the assessment shall be documented in a technical assessment report.

4.As part of the general assessment of certification schemes, the Commission shall also assess, after consulting the European cooperation for Accreditation, if the rules and protocols of the certification schemes are suitable for accreditation of certification bodies as laid down in Article 13(2)? of this Regulation. The conclusion of this assessment shall be included in the technical assessment report, referred to in paragraph 3 of this Article.

5.The Commission may decide to extend the validity of the recognition decision adopted pursuant to Article 13(1) of Regulation 2024/3012, upon request by the certification scheme.

6.Certification schemes shall notify the Commission without delay of any substantial modifications of the scheme that might affect the outcome of the assessment underpinning the recognition decision. Substantial modifications shall include, but shall not be limited to, the following:

(a)modifications of the relevant certification methodologies covered by the certification scheme;

(b)extension of the scope of the certification scheme beyond what is described in the recognition decision;

(c)modifications compared to the requirements set out in this Regulation.

CHAPTER V

FINAL PROVISIONS

Article 18

Entry into force and application

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

This Regulation shall be binding in its entirety and directly applicable in all Member States.

Done at Brussels,