Implementing decision 2015/1984 - Commission Implementing Decision 2015/1984 defining the circumstances, formats and procedures of notification pursuant to Article 9(5) of Regulation 910/2014 on electronic identification and trust services for electronic transactions in the internal market (notified under document C(2015) 7369)

1.

Legislative text

5.11.2015   

EN

Official Journal of the European Union

L 289/18

 

COMMISSION IMPLEMENTING DECISION (EU) 2015/1984

of 3 November 2015

defining the circumstances, formats and procedures of notification pursuant to Article 9(5) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market

(notified under document C(2015) 7369)

(Text with EEA relevance)

THE EUROPEAN COMMISSION,

Having regard to the Treaty on the Functioning of the European Union,

Having regard to Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (1), and in particular Article 9(5) thereof,

Whereas:

 

(1)

Notification of electronic identification schemes by Member States is a prerequisite of mutual recognition of electronic identification means.

 

(2)

Cooperation on interoperability and security of electronic identification schemes requires simplified procedures. Since the cooperation between Member States referred to in Article 12(6) of Regulation (EU) No 910/2014 and regulated in detail in Commission Implementing Decision (EU) 2015/296 (2) already requires the use of the English language, the same solution for the purposes of the notification of electronic identification schemes should facilitate reaching interoperability and security of the schemes. However, translation of already existing documentation should not cause unreasonable burden.

 

(3)

Schemes may involve multiple parties issuing the electronic identification means and/or multiple levels of assurance. For the sake of clarity and legal certainty, the notification of such schemes should however be a single process, with separate notification forms for each party issuing the electronic identification means and/or for each level of assurance.

 

(4)

The organisation of electronic identification schemes varies among Member States involving public and private sector entities. Although the purpose of the notification form should be to give as precise information as possible, among others, on the various authorities or entities involved in the electronic identification process, it should not aim at listing e.g. all local municipalities when those are involved. In that case, the respective field of the notification form should identify the level of the authority or entity involved.

 

(5)

Providing a description of electronic identification schemes prior to notification to other Member States as set out in Article 7(g) of Regulation (EU) No 910/2014 is a prerequisite of mutual recognition of electronic identification means. The notification form set out in this implementing act should be used in the context of providing a description of the scheme to other Member States, in order to enable peer review as set out in Article 10(2) of Implementing Decision (EU) 2015/296.

 

(6)

The deadline for the Commission to publish a notification, as provided for in Article 9(3) of Regulation (EU) No 910/2014, should be counted from the day when the complete form is submitted. The notification form should not be considered complete if the Commission needs to request additional information or clarification.

 

(7)

In order to ensure uniform use of the notification form, it is appropriate for the Commission to provide guidance to the Member States in particular with regard to whether changes to the notification form may lead to re-notification.

 

(8)

The measures provided for in this Decision are in accordance with the opinion of the Committee referred to in Article 48 of Regulation (EU) No 910/2014,

HAS ADOPTED THIS DECISION:

Article 1

Objective

Pursuant to Article 9(5) of Regulation (EU) No 910/2014, this Decision lays down the circumstances, formats and procedures of notifications of electronic identification schemes to the Commission.

Article 2

Language of notification

  • 1. 
    The language of notification shall be English. The notification form referred to in Article 3(1) shall be completed in English.
  • 2. 
    Without prejudice to paragraph 1, Member States shall not be obliged to translate supporting documents referred to in point 4.4 of the Annex where this would create an unreasonable burden.

Article 3

Notification procedure and formats

  • 1. 
    Notification shall be made electronically in the format compliant with the form set out in the Annex.
  • 2. 
    Where a scheme involves multiple responsible parties issuing the electronic identification means and/or covers multiple levels of assurance, points 3.2 and/or where appropriate 4.2 of the notification form set out in the Annex shall be completed separately for each party issuing the electronic identification means and/or for each level of assurance.
  • 3. 
    Where the authorities, parties, entities or bodies to be notified in the form set out in the Annex, in particular the parties managing the registration process of the unique person identification data or the parties issuing the electronic identification means, are acting under the same set of rules and using the exact same procedures, in particular where they are regional or local authorities, the following specific rules shall apply:
 

(a)

the notification form may be filled in once in respect of all such parties;

 

(b)

the notification form may be filled with information necessary to identify the respective functional or territorial organisation level.

  • 4. 
    The Commission shall confirm receipt of the notification by electronic means.
  • 5. 
    The Commission may request additional information or clarification in the following circumstances:
 

(a)

the notification form is not properly filled in;

 

(b)

there is a manifest error in the form or in the supporting documents;

 

(c)

a description of the electronic identification scheme prior to notification was not provided to other Member States pursuant to Article 7(g) of Regulation (EU) No 910/2014.

  • 6. 
    Where additional information or clarification referred to in paragraph 5 is requested, the notification shall only be considered complete when such additional information or clarification is submitted to the Commission.

Article 4

Addressees

This Decision is addressed to the Member States.

Done at Brussels, 3 November 2015.

For the Commission

Günther OETTINGER

Member of the Commission

 

  • (2) 
    Commission Implementing Decision (EU) 2015/296 of 24 February 2015 establishing procedural arrangements for cooperation between Member States on electronic identification pursuant to Article 12(7) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market (OJ L 53, 25.2.2015, p. 14).
 

ANNEX

NOTIFICATION FORM FOR ELECTRONIC IDENTITY SCHEME UNDER ARTICLE 9(5) OF REGULATION (EU) No 910/2014

(Insert the name of the Member State) hereby notifies the European Commission of an electronic identification scheme to be published in the list referred to in Article 9(3) of Regulation (EU) No 910/2014 and confirms the following:

 

the information communicated in this notification is consistent with the information which has been communicated to the Cooperation Network in accordance with Article 7(g) of Regulation (EU) No 910/2014, and

 

the electronic identification scheme can be used to access at least one service provided by a public sector body in (insert the name of the Member State).

Date

[signed electronically]

  • 1. 
    General information
 

Title of scheme (if any)

Level(s) of assurance (low, substantial or high)

   
  • 2. 
    Authority(ies) responsible for the scheme
 

Name(s) of authority(ies)

Postal address(es)

E-mail address(es)

Telephone No

       
  • 3. 
    Information on relevant parties, entities and bodies (where there are multiple parties, entities or bodies, please list them all, in accordance with Article 3(2) and (3)

3.1.   Entity which manages the registration process of the unique person identification data

Name of entity which manages the registration process of the unique person identification data

3.2.   Party issuing the electronic identification means

 

Name of the party issuing the electronic identity means and indication of whether the party is referred to in Article 7(a)(i), (ii) or (iii) of Regulation (EU) No 910/2014

 

Article 7(a)(i) ☐

Article 7(a)(ii) ☐

Article 7(a)(iii) ☐

3.3.   Party operating the authentication procedure

Name of party operating the authentication procedure

3.4.   Supervisory body

Name of the supervisory body

(provide the name(s) where applicable)

  • 4. 
    Description of the electronic identification scheme

Document(s) may be enclosed for each of the following descriptions.

 

(a)

Briefly describe the scheme including the context within which it operates and its scope

 

(b)

Where applicable, list the additional attributes which may be provided for natural persons under the scheme if requested by a relying party

 

(c)

Where applicable, list the additional attributes which may be provided for legal persons under the scheme if requested by a relying party

4.1.   Applicable supervisory, liability and management regime

4.1.1.   Applicable supervisory regime

Describe the supervisory regime of the scheme with respect to the following:

(where applicable, information shall include the roles, responsibilities and powers of the supervising body referred to in point 3.4, and the entity to which it reports. If the supervising body does not report to the authority responsible for the scheme, full details of the entity to which it reports shall be provided)

 

(a)

supervisory regime applicable to the party issuing the electronic identification means

 

(b)

supervisory regime applicable to the party operating the authentication procedure

4.1.2.   Applicable liability regime

Describe briefly the applicable national liability regime for the following scenarios:

 

(a)

liability of the Member State under Article 11(1) of Regulation (EU) No 910/2014

 

(b)

liability of the party issuing the electronic identification means under Article 11(2) of Regulation (EU) No 910/2014

 

(c)

liability of the party operating the authentication procedure under Article 11(3) of Regulation (EU) No 910/2014

4.1.3.   Applicable management arrangements

Describe the arrangements for suspending or revoking of either the entire identification scheme or authentication, or their compromised parts

4.2.   Description of the scheme components

Describe how the following elements of Commission Implementing Regulation (EU) 2015/1502 (1) have been met in order to reach a level of assurance of an electronic identification means under the scheme the Commission is being notified of:

(include any standards adopted)

4.2.1.   Enrolment

 

(a)

Application and registration

 

(b)

Identity proofing and verification (natural person)

 

(c)

Identity proofing and verification (legal person)

 

(d)

Binding between the electronic identification means of natural and legal persons

4.2.2.   Electronic identification means management

 

(a)

Electronic identification means characteristics and design (including, where appropriate, information on security certification)

 

(b)

Issuance, delivery and activation

 

(c)

Suspension, revocation and reactivation

 

(d)

Renewal and replacement

4.2.3.   Authentication

Describe the authentication mechanism including terms of access to authentication by relying parties other than public sector bodies

4.2.4.   Management and organisation

Describe the management and organisation of the following aspects:

 

(a)

General provisions on management and organisation

 

(b)

Published notices and user information

 

(c)

Information security management

 

(d)

Record keeping

 

(e)

Facilities and staff

 

(f)

Technical controls

 

(g)

Compliance and audit

4.3.   Interoperability requirements

Describe how the interoperability and minimum technical and operational security requirements under Commission Implementing Regulation (EU) 2015/1501 (2) are met. List and attach any document that may give further information on compliance, such as the opinion of the Cooperation Network, external audits, etc.

4.4.   Supporting documents

List here all supporting documentation submitted and state to which of the elements above they relate. Include any domestic legislation which relates to the electronic identification provision relevant to this notification. Submit an English version or English translation whenever available.

 

  • (1) 
    Commission Implementing Regulation (EU) 2015/1502 of 8 September 2015 on setting out minimum technical specifications and procedures for assurance levels for electronic identification means pursuant to Article 8(3) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market (OJ L 235, 9.9.2015, p. 7).
  • (2) 
    Commission Implementing Regulation (EU) 2015/1501 of 8 September 2015 on the interoperability framework pursuant to Article 12(8) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market (OJ L 235, 9.9.2015, p. 1).
 

This summary has been adopted from EUR-Lex.