BETA

Activities of Patrick BREYER related to 2021/0136(COD)

Shadow opinions (2)

2022/10/11
Committee: LIBE
Dossiers: 2021/0136(COD)
Documents: PDF(234 KB) DOC(182 KB)
Authors: [{'name': 'Cristian TERHEŞ', 'mepid': 197655}]

2022/11/07
Committee: JURI
Dossiers: 2021/0136(COD)
Documents: PDF(285 KB) DOC(207 KB)
Authors: [{'name': 'Pascal ARIMONT', 'mepid': 24922}]

Amendments (183)

Proposal for a regulation
Recital 6

(6) Regulation (EU) No 2016/67919 applies to the processing of personal data in the implementation of this Regulation. Therefore, this Regulation should lay down specific safeguards to prevent providers of electronic identification means and electronic attestation of attributes from combining personal data from other services with the personal data relating to the services falling within the scope of this Regulation. This Regulation should also further specify the principles of purpose limitation, data minimisation, and data protection by design and by default, for the specific use-cases set out in this Regulation. These specifications should be without prejudice to the other principles, rules and obligations stemming from Regulation (EU) No 2016/679. _________________ 19 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L 119, 4.5.2016, p. 1

2022/06/13
Committee: LIBE

Proposal for a regulation
Recital 8

(8) In order to ensure compliance within Union law or national law compliant with Union law, service providers should communicate their intent to rely on the European Digital Identity Wallets to Member States. That will allow Member States to protect users from fraud and prevent the unlawful use of identity data and electronic attestations of attributes ~~as well as to ensure that the processing of sensitive data, like health data, can be verified by relying parties in accordance with Union law or national law~~.

2022/06/13
Committee: LIBE

(11) European Digital Identity Wallets should ensure the highest level of security for the personal data used for authentication ~~irrespective of whether such data is stored locally or on cloud- based solutions, taking into account the different levels of risk~~. Using biometrics to authenticate is one of the identifications methods ~~providing a high level of confidence~~, in particular when used in combination with other elements of authentication. Since biometrics represents a unique characteristic of a person, the use of biometric~~s requires~~ data is limited to specific scenarios pursuant to Article 9 of Regulation (EU) 2016/679, and requires technical and organisational ~~and~~ security measures, commensurate to the risk that such processing may entail to the rights and freedoms of natural persons and in accordance with Regulation (EU) 2016/679.

2022/06/13
Committee: LIBE

Proposal for a regulation
Recital 12

(12) To ensure that the European Digital Identity framework is open to innovation, technological development and future- proof, Member States should be encouraged to set-up jointly sandboxes to test innovative solutions in a controlled and secure environment in particular to improve the functionality, protection of personal data, security and interoperability of the solutions and to inform future updates of technical references and legal requirements. This environment should foster the inclusion of European Small and Medium Enterprises, start-ups and individual innovators and researchers, while improving compliance and preventing the placing on the market of solutions not in line with Union legislation on data protection and IT security.

2022/06/13
Committee: LIBE

Proposal for a regulation
Recital 17

(17) Service providers use the identity data provided by the set of person identification data available from electronic identification schemes pursuant to Regulation (EU) No 910/2014 in order to match users from another Member State with the legal identity of that user. However, despite the use of the eIDAS data set, in many cases ensuring an accurate match requires additional information about the user and specific unique identification procedures at national level. To further support the usability of electronic identification means, this Regulation should require Member States to take specific measures to ensure a correct identity match in the process of electronic identification. For the same purpose, this Regulation should also extend the mandatory minimum data set and require the use of a unique and persistent electronic identifier in conformity with Union law in those cases where it is necessary to legally identify the user upon his/her request in a unique and persistent way.deleted (linked to deletion of Article 11a)

2022/06/13
Committee: LIBE

Proposal for a regulation
Recital 28

(28) Wide availability and usability of the European Digital Identity Wallets require ~~their~~ acceptance and trust by both users and by private service providers. Private relying parties providing services in the areas of transport, energy, banking and financial services, social security, health, drinking water, postal services, digital infrastructure, education or telecommunications should accept the use of European Digital Identity Wallets for the provision of services where strong user authentication for online identification is required by national or Union law or by contractual obligation. Where very large online platforms as defined in Article 25.1. of Regulation [reference DSA Regulation] require users to authenticate to access online services, those platforms should be mandated to accept the use of European Digital Identity Wallets upon voluntary request of the u. The data requested should be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processerd. Users should be under no obligation to use the wallet to access private services, but if ~~they wish to do so, large~~ online platforms ~~should~~ accept the European Digital Identity Wallet for this purpose ~~while~~, they should respect~~ing~~ the principles of data minimisation. Given the importance of very large online platforms, due to their reach, in particular as expressed in number of recipients of the service and economic transactions this is necessary to increase the protection of users from fraud and secure a high level of data protection and purpose limitation, and other legal safeguards. Self-regulatory codes of conduct at Union level (‘codes of conduct’) should be developed in order to contribute to wide availability and usability of electronic identification means including European Digital Identity Wallets within the scope of this Regulation. The codes of conduct should facilitate wide acceptance of electronic identification means including European Digital Identity Wallets by those service providers which do not qualify as very large platforms and which rely on third party electronic identification services for user authentication. They should be developed within 12 months of the adoption of this Regulation. The Commission should assess the effectiveness of these provisions for the availability and usability for the user of the European Digital Identity Wallets after 18 months of their deployment and revise the provisions to ensure their acceptance by means of delegated acts in the light of this assessment.

2022/06/13
Committee: LIBE

Proposal for a regulation
Recital 29

(29) The European Digital Identity Wallet should technically enable the selective disclosure of attributes to relying parties. This feature should become a basic design feature thereby reinforcing convenience and personal data protection including minimisation of processing of personal data. In addition, the decentralised nature of the wallet should enable self-signing and revocability of attributes and identifiers.

2022/06/13
Committee: LIBE

Proposal for a regulation
Recital 32

(32) Website authentication services provide users with assurance that there is a genuine and legitimate entity standing behind the website. Those services contribute to the building of trust and confidence in conducting business online, as users will have confidence in a website that has been authenticated. The use of website authentication services by websites is voluntary. However, in order for website authentication to become a means to increasing trust, providing a better experience for the user and furthering growth in the internal market, this Regulation lays down minimal security and liability obligations for the providers of website authentication services and their services. To that end, web-browsers should ensure support and interoperability with Qualified certificates for website authentication pursuant to Regulation (EU) No 910/2014. They should recognise and display Qualified certificates for website authentication to provide a high level of assurance, allowing website owners to assert their identity as owners of a website and users to identify the website owners with a high degree of certainty. To further promote their usage, public authorities in Member States should consider incorporating Qualified certificates for website authentication in their websites.deleted (linked to deletion of amendment to Article 45)

2022/06/13
Committee: LIBE

Proposal for a regulation
Recital 33

(33) Many Member States have introduced national requirements for services providing secure and trustworthy digital archiving in order to allow for the long term preservation of electronic documents and associated trust services. To ensure legal certainty and trust, it is essential to provide a legal framework to facilitate the cross border recognition of qualified electronic archiving services. That framework could also open new market opportunities for Union trust servdeleted (linked to deletion of Article ~~providers.~~45g)

2022/06/13
Committee: LIBE

Proposal for a regulation
Recital 4

(4) A more harmonised approach to digital identification should reduce the risks and costs of the current fragmentation due to the use of divergent national solutions and will strengthen the Single Market by allowing citizens, other residents as defined by national law and businesses to identify online in a convenient and uniform way across the Union. Everyone should be able to securely access public and private services relying on an improved ecosystem for trust services and on verified proofs of identity and attestations of attributes, such as a university degree legally recognised and accepted everywhere in the Union. The framework for a European Digital Identity aims to achieve a shift from the reliance on national digital identity solutions only, to the provision of electronic attestations of attributes valid at European level. Providers of electronic attestations of attributes should benefit from a clear and uniform set of rules and public administrations should be able to rely on electronic documents in a given format. Given the variable impact that such digitalisation of administrative procedures can have on the public budget in different Member States, a harmonised framework should aim at streamlining the economic aspects applicable to the provision of electronic attestations of attributes by Member States authorities, and thereby further reduce discrepancies among Member States.

2022/06/21
Committee: JURI

Proposal for a regulation
Recital 34

(34) Qualified electronic ledgers record data in a manner that ensures the uniqueness, authenticity and correct sequencing of data entries in a tamper proof manner. An electronic ledger combines the effect of time stamping of data with certainty about the data originator similar to e-signing and has the additional benefit of enabling more decentralised governance models that are suitable for multi-party co-operations. For example, it creates a reliable audit trail for the provenance of commodities in cross-border trade, supports the protection of intellectual property rights, enables flexibility markets in electricity, provides the basis for advanced solutions for self- sovereign identity and supports more efficient and transformative public services. To prevent fragmentation of the internal market, it is important to define a pan-European legal framework that allows for the cross-border recognition of trust services for the recording of data in electronic ledgers.deleted (Linked to deletion of Articles 45h and 45i.)

2022/06/13
Committee: LIBE

Proposal for a regulation
Recital 35

(35) The certification as qualified trust service providers should provide legal certainty for use cases that build on electronic ledgers. This trust service for electronic ledgers and qualified electronic ledgers and the certification as qualified trust service provider for electronic ledgers should be notwithstanding the need for use cases to comply with Union law or national law in compliance with Union law. Use cases that involve the processing of personal data must comply with Regulation (EU) 2016/679. Use cases that involve crypto assets should be compatible with all applicable financial rules for example with the Markets in Financial Instruments Directive23 , the Payment Services Directive24 and the future Markets in Crypto Assets Regulation25 . _________________ 23 Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU Text with EEA relevance, OJ L 173, 12.6.2014, p. 349– 496. 24 Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC, OJ L 337, 23.12.2015, p. 35– 127. 25 Proposal for a Regulation of the European Parliament and of the Council on Markets in Crypto-assets, and amending Directive (EU) 2019/1937, COM/2020/593 final.

2022/06/13
Committee: LIBE

Proposal for a regulation
Recital 36

(36) In order to avoid fragmentation and barriers, due to diverging standards and technical restrictions, and to ensure a coordinated process to avoid endangering the implementation of the future European Digital Identity framework, a process for close and structured cooperation between the Commission, Member States and the private sector is needed. To achieve this objective, Member States should cooperate within the framework set out in the Commission Recommendation XXX/XXXX [Toolbox for a coordinated approach towards a European Digital Identity Framework]26 to identify a Toolbox for a European Digital Identity framework. The Toolbox should include a comprehensive technical architecture and reference framework for the decentralised self sovereign architecture of the European Digital Identity Wallet, a set of common standards and technical references and a set of guidelines and descriptions of best practices covering at least all aspects of the functionalities and interoperability of the European Digital Identity Wallets including eSignatures and of the qualified trust service for attestation of attributes as laid out in this regulation. In this context, Member States should also reach agreement on common elements of a business model and fee structure of the European Digital Identity Wallets, to facilitate take up, in particular by small and medium sized companies in a cross-border context. The content of the toolbox should evolve in parallel with and reflect the outcome of the discussion and process of adoption of the European Digital Identity Framework. _________________ 26 [insert reference once adopted]

2022/06/13
Committee: LIBE

Proposal for a regulation
Recital 37

(37) The European Data Protection Supervisor has been consulted pursuant to Article 42 (1) of Regulation (EU) 2018/1525 of the European Parliament and of the Council27 , and has provided his comments on 28 July 2021. _________________ 27 Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 1

Regulation (EU) 910/2014
Article 1 – point c

(c) establishes a legal framework for electronic signatures, electronic seals, electronic time stamps, electronic documents, electronic registered delivery services, ~~certificate services for website authentication, electronic archiving and~~ electronic attestation of attributes, the management of remote electronic signature and seal creation devices~~, and electron~~; (linked to deletion of Artic le~~dgers;~~s 45(new), 45g, 45h, 45i)

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 3 – point d

Regulation (EU) 910/2014
Article 3 – point 16 (d)

~~(d) the electronic archiving of electronic documents;~~deleted

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 3 – point d

Regulation (EU) 910/2014
Article 3 – point 16

~~(f) the recording of electronic data into an electronic ledger.;~~deleted

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 3 – point g

Regulation (EU) 910/2014
Article 3(29)

(29) ‘certificate for electronic seal’ means an electronic attestation or set of attestations that links electronic seal validation data to a legal person and confirms ~~the name~~at least the name or the pseudonym of that person;;

2022/06/13
Committee: LIBE

Proposal for a regulation
Recital 12

(12) To ensure that the European Digital Identity framework is open to innovation, technological development and future- proof, Member States should be encouraged to set-up jointly sandboxes to test innovative solutions in a controlled and secure environment in particular to improve the functionality, protection of personal data, security and interoperability of the solutions and to inform future updates of technical references and legal requirements. This environment should foster the inclusion of European Small and Medium Enterprises, start-ups and individual innovators and researchers, while improving compliance and preventing the placing on the market of solutions not in line with Union legislation on data protection and IT security.

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 3 – point i

Regulation (EU) 910/2014
Article 3(42)

(42) ‘European Digital Identity Wallet’ ~~is a product and service that allows the user~~means a software product that allows the user, on a device under their control, to store identity data, credentials and attributes linked to her/his identity, to provide them to relying parties on request and to use them for authentication, online and offline, for a service in accordance with Article 6a; and to create ~~qualified~~ electronic signatures and seals;

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 3 – point i

Regulation (EU) 910/2014
Article 3(43)

(43) ‘attribute’ ismeans an electronic representation of a feature, characteristic or quality of a natural or legal person or of an entity, in electronic form;

2022/06/13
Committee: LIBE

Proposal for a regulation
Recital 17

(17) Service providers use the identity data provided by the set of person identification data available from electronic identification schemes pursuant to Regulation (EU) No 910/2014 in order to match users from another Member State with the legal identity of that user. However, despite the use of the eIDAS data set, in many cases ensuring an accurate match requires additional information about the user and specific unique identification procedures at national level. To further support the usability of electronic identification means, this Regulation should require Member States to take specific measures to ensure a correct identity match in the process of electronic identification. For the same purpose, this Regulation should also extend the mandatory minimum data set and require the use of a unique and persistent electronic identifier in conformity with Union law in those cases where it is necessary to legally identify the user upon his/her request in a unique and persistent way.deleted

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 3 – point i

Regulation (EU) 910/2014
Article 3(46)

(46) ‘authentic source’ is a repository or system, held under the responsibility of a public sector body or private entity, that contains attributes about a natural or legal person and is considered to be the primary source of that information or recognised as authentic in ~~national~~Union and Member State law;

2022/06/13
Committee: LIBE

Proposal for a regulation
Recital 18

(18) In line with Directive (EU) 2019/88222 , persons with disabilities should be able to use the European digital identity wallets, trust services and end-user products used in the provision of those services on an equal basis with other users. These persons should be able to have a trusted third party in charge of using their European digital identity wallets on their behalf, upon designation by a judicial authority. The modalities of use of European digital identity wallets by the trusted third parties should be determined by Member States. _________________ 22 Directive (EU) 2019/882 of the European Parliament and of the Council of 17 April 2019 on the accessibility requirements for products and services (OJ L 151, 7.6.2019, p. 70).

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 3 – point i Regulation (EU) 910/2014

(47) ‘electronic archiving’ means a service ensuring the receipt, storage, deletion and transmission of electronic data or documents in order to guarantee their integrity, the accuracy of their origin and legal features throughout the conservation period;deleted

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 3 – point i

~~(48) ‘qualified electronic archiving service’ means a service that meets the requirements laid down in Article 45g;~~deleted

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 3 – point i

Regulation (EU) 910/2014
Article 3(52)

(52) ‘credential’ means a proof of a person’s a~~bilities, experienc~~ttribute, right or permission;

2022/06/13
Committee: LIBE

Proposal for a regulation
Recital 27

(27) Any entity that collects, creates and issues attested attributes such as diplomas, licences, certificates of birth should be able to become a provider of electronic attestation of attributes, but also to revoke these attributes in case of falsification, identity theft, or any delivery based on an abusive request. Relying parties should use the electronic attestations of attributes as equivalent to attestations in paper format. Therefore, an electronic attestation of attributes should not be denied legal effect on the grounds that it is in an electronic form or that it does not meet the requirements of the qualified electronic attestation of attributes. To that effect, general requirements should be laid down to ensure that a qualified electronic attestation of attributes has the equivalent legal effect of lawfully issued attestations in paper form. However, those requirements should apply without prejudice to Union or national law defining additional sector specific requirements as regards form with underlying legal effects and, in particular, the cross-border recognition of qualified electronic attestation of attributes, where appropriate. The Commission and the competent authorities should associate the relevant professional organisations when defining the concerned attributes and the related technical standards.

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 3 – point i

Regulation (EU) 910/2014
Article 3(53)

(53) ‘electronic ledger’ means a tamper proof electronic record of data, providing authenticity and integrity of the data it contains, accuracy of their date and time, and of their chronological ordering; deleted Or. en (linked to deletion of Articles 45h, 45i)

2022/06/13
Committee: LIBE

Proposal for a regulation
Recital 28

(28) Wide availability and usability of the European Digital Identity Wallets require ~~their~~ acceptance and trust by both users and by private service providers. Private relying parties providing services in the areas of transport, energy, banking and financial services, social security, health, drinking water, postal services, digital infrastructure, education or telecommunications should accept the use of European Digital Identity Wallets for the provision of services where strong user authentication for online identification is required by national or Union law or by contractual obligation. Where very large online platforms as defined in Article 25.1. of Regulation [reference DSA Regulation] require users to authenticate to access online services, those platforms should be mandated to accept the use of European Digital Identity Wallets upon voluntary request of the u. The data requested should be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processerd. Users should be under no obligation to use the wallet to access private services, but if ~~they wish to do so, large~~ online platforms ~~should~~ accept the European Digital Identity Wallet for this purpose ~~while~~, they should respect~~ing~~ the principles of data minimisation. Given the importance of very large online platforms, due to their reach, in particular as expressed in number of recipients of the service and economic transactions this is necessary to increase the protection of users from fraud and secure a high level of data protection and purpose limitation, and other legal safeguards. Self-regulatory codes of conduct at Union level (‘codes of conduct’) should be developed in order to contribute to wide availability and usability of electronic identification means including European Digital Identity Wallets within the scope of this Regulation. The codes of conduct should facilitate wide acceptance of electronic identification means including European Digital Identity Wallets by those service providers which do not qualify as very large platforms and which rely on third party electronic identification services for user authentication. They should be developed within 12 months of the adoption of this Regulation. The Commission should assess the effectiveness of these provisions for the availability and usability for the user of the European Digital Identity Wallets after 18 months of their deployment and revise the provisions to ensure their acceptance by means of delegated acts in the light of this assessment.

2022/06/21
Committee: JURI

Proposal for a regulation
Recital 32

(32) Website authentication services provide users with assurance that there is a genuine and legitimate entity standing behind the website. Those services contribute to the building of trust and confidence in conducting business online, as users will have confidence in a website that has been authenticated. The use of website authentication services by websites is voluntary. However, in order for website authentication to become a means to increasing trust, providing a better experience for the user and furthering growth in the internal market, this Regulation lays down minimal security and liability obligations for the providers of website authentication services and their services. To that end, web-browsers should ensure support and interoperability with Qualified certificates for website authentication pursuant to Regulation (EU) No 910/2014. They should recognise and display Qualified certificates for website authentication to provide a high level of assurance, allowing website owners to assert their identity as owners of a website and users to identify the website owners with a high degree of certainty. To further promote their usage, public authorities in Member States should consider incorporating Qualified certificates for website authentication in their websites.deleted

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 3 – point i

Regulation (EU) 910/2014
Article 3(55)

~~(55) ‘unique identification’ means a process where person identification data or person identification means are matched with or linked to an existing account belonging to the same person.’;~~deleted

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 4

Regulation (EU) 910/2014
Article 5

Personal data protection and pseudonyms in electronic transactions

2022/06/13
Committee: LIBE

Proposal for a regulation
Recital 33

(33) Many Member States have introduced national requirements for services providing secure and trustworthy digital archiving in order to allow for the long term preservation of electronic documents and associated trust services. To ensure legal certainty and trust, it is essential to provide a legal framework to facilitate the cross border recognition of qualified electronic archiving services. That framework could also open new market opportunities for Union trust service providers.deleted

2022/06/21
Committee: JURI

Proposal for a regulation
Recital 34

(34) Qualified electronic ledgers record data in a manner that ensures the uniqueness, authenticity and correct sequencing of data entries in a tamper proof manner. An electronic ledger combines the effect of time stamping of data with certainty about the data originator similar to e-signing and has the additional benefit of enabling more decentralised governance models that are suitable for multi-party co-operations. For example, it creates a reliable audit trail for the provenance of commodities in cross-border trade, supports the protection of intellectual property rights, enables flexibility markets in electricity, provides the basis for advanced solutions for self- sovereign identity and supports more efficient and transformative public services. To prevent fragmentation of the internal market, it is important to define a pan-European legal framework that allows for the cross-border recognition of trust services for the recording of data in electronic ledgers.deleted

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 4

Regulation (EU) 910/2014
Article 5(2)

2. Without prejudice to the legal effect given to pseudonyms under national law, the use of pseudonyms in electronic transactions shall ~~not be prohibited.;~~always be an option to substitute a unique identifier.

2022/06/13
Committee: LIBE

Proposal for a regulation
Recital 35

(35) The certification as qualified trust service providers should provide legal certainty for use cases that build on electronic ledgers. This trust service for electronic ledgers and qualified electronic ledgers and the certification as qualified trust service provider for electronic ledgers should be notwithstanding the need for use cases to comply with Union law or national law in compliance with Union law. Use cases that involve the processing of personal data must comply with Regulation (EU) 2016/679. Use cases that involve crypto assets should be compatible with all applicable financial rules for example with the Markets in Financial Instruments Directive23 , the Payment Services Directive24 and the future Markets in Crypto Assets Regulation25 . _________________ 23 Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU Text with EEA relevance, OJ L 173, 12.6.2014, p. 349– 496. 24 Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC, OJ L 337, 23.12.2015, p. 35– 127. 25 Proposal for a Regulation of the European Parliament and of the Council on Markets in Crypto-assets, and amending Directive (EU) 2019/1937, COM/2020/593 final.

2022/06/21
Committee: JURI

Proposal for a regulation
Recital 36

(36) In order to avoid fragmentation and barriers, due to diverging standards and technical restrictions, and to ensure a coordinated process to avoid endangering the implementation of the future European Digital Identity framework, a process for close and structured cooperation between the Commission, Member States and the private sector is needed. To achieve this objective, Member States should cooperate within the framework set out in the Commission Recommendation XXX/XXXX [Toolbox for a coordinated approach towards a European Digital Identity Framework]26 to identify a Toolbox for a European Digital Identity framework. The Toolbox should include a comprehensive technical architecture and reference framework for the decentralised self sovereign architecture of the European Digital Identity Wallet, a set of common standards and technical references and a set of guidelines and descriptions of best practices covering at least all aspects of the functionalities and interoperability of the European Digital Identity Wallets including eSignatures and of the qualified trust service for attestation of attributes as laid out in this regulation. In this context, Member States should also reach agreement on common elements of a business model and fee structure of the European Digital Identity Wallets, to facilitate take up, in particular by small and medium sized companies in a cross-border context. The content of the toolbox should evolve in parallel with and reflect the outcome of the discussion and process of adoption of the European Digital Identity Framework. _________________ 26 [insert reference once adopted]

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 4

Regulation (EU) 910/2014
Article 5(1)(new)

1. The processing of personal data shall be carried out in accordance with Regulation (EU) 2016/679, in particular by implementing the principles of data minimisation, purpose limitation, and data protection by design and by default.

2022/06/13
Committee: LIBE

Proposal for a regulation
Recital 37

(37) The European Data Protection Supervisor has been consulted pursuant to Article 42 (1) of Regulation (EU) 2018/1525 of the European Parliament and of the Council27 , and has provided his comments on 28 July 2021. _________________ 27 Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 7

Regulation (EU) 910/2014
Article 6a(3)(a)

(a) securely request and obtain, store, select, combine and share, in a manner that is controlled by, transparent to and traceable by the user, the necessary legal person identification data and electronic attestation of attributes to authenticate online and offline in order to use online public and private services;

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 1

Regulation (EU) No 910/2014
Article 1 – point c

(c) establishes a legal framework for electronic signatures, electronic seals, electronic time stamps, electronic documents, electronic registered delivery services, ~~certificate services for website authentication, electronic archiving and~~ electronic attestation of attributes, the management of remote electronic signature and seal creation devices~~, and electronic ledgers~~;

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 7

Regulation (EU) 910/2014
Article 6a(3)(b)

(b) sign by means of ~~qualified~~ electronic signatures.

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 7

Regulation (EU) 910/2014
Article 6a(3)(b a)(new)

(b a) make an informed decision about the sharing of personal information with relying parties. This includes identification of the relying party, the possibility for the user to completely or partially refuse information requests from relying parties, and a full transaction history stored locally on the device holding the wallet.

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 3 – point d

Regulation (EU) No 910/2014
Article 3 – point 16 – point d

~~(d) the electronic archiving of electronic documents;~~deleted

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 3 – point d

Regulation (EU) 910/2014
Article 3 – point 16 – point f

~~(f) the recording of electronic data into an electronic ledger.;~~deleted

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 3 – point g

Regulation (EU) No 910/2014
Article 3 – point 29

(29) ‘certificate for electronic seal’ means an electronic attestation or set of attestations that links electronic seal validation data to a legal person and confirms at least the name or the pseudonym of that person;;

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 3 – point i

Regulation (EU) No 910/2014
Article 3 – point 42

(42) ‘European Digital Identity Wallet’ ~~is a~~means a software product and service that allows the user, on a device under her/his control, to store identity data, credentials and attributes linked to her/his identity, to provide them to relying parties on request and to use them for authentication, online and offline, for a service in accordance with Article 6a; and to create qualified electronic signatures and seals;

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 3 – point i

Regulation (EU) No 910/2014
Article 3 – point 43

(43) ‘attribute’ ismeans an electronic representation of a feature, characteristic or quality of a natural or legal person or of an entity, in electronic form;

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 7

Regulation (EU) 910/2014
Article 6a(4) point (a) subpoint (4a) (new)

(4 a) for relying parties to be uniquely identified and limited to requesting information based on their approval by a Member State in accordance with Article 6b(1);

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 3 – point i

Regulation (EU) No 910/2014
Article 3 – point 46

(46) ‘authentic source’ is a repository or system, held under the responsibility of a public sector body or private entity, that contains attributes about a natural or legal person and is considered to be the primary source of that information or recognised as authentic in Union and national law;

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 3 – point i

Regulation (EU) No 910/2014
Article 3 – point 47

(47) ‘electronic archiving’ means a service ensuring the receipt, storage, deletion and transmission of electronic data or documents in order to guarantee their integrity, the accuracy of their origin and legal features throughout the conservation period;deleted

2022/06/21
Committee: JURI

(52) ‘credential’ means a proof of a person’s a~~bilities, experienc~~ttribute, right or permission;

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 3 – point i

Regulation (EU) No 910/2014
Article 3 – point 53

(53) ‘electronic ledger’ means a tamper proof electronic record of data, providing authenticity and integrity of the data it contains, accuracy of their date and time, and of their chronological ordering;deleted

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 7

Regulation (EU) 910/2014
Article 6a(4)(b)

(b) ensure ~~that trust service providers of~~ providers of qualified and non-qualified attestations of attributes cannot receive any information about the use of these attributes;

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 3 – point i

Regulation (EU) No 910/2014
Article 3 – point 55

~~(55) ‘unique identification’ means a process where person identification data or person identification means are matched with or linked to an existing account belonging to the same person.’;~~deleted

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 3 – point i

Regulation (EU) No 910/2014
Article 3 – point 55 a (new)

(55 a) "trusted third party" means a physical person designated by a judicial authority within the framework of a legal protection regime of vulnerable persons; the trusted third party shall be able to use the European digital identity wallets on behalf of their holders.

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 7 Regulation (EU) 910/2014

(d) provide a mechanism to ensure that the relying party is able to authenticate the user and to receive electronic attestations of attributes in the form of selective disclosures that are unlinkable to the user and minimise the processing of personal data. Where attestations of attributes are sufficient for the purposes of the relying party, no prior electronic authentication or identification shall take place;

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 4

Regulation (EU) No 910/2014
Article 5 – title

Personal data protection and pseudonyms in electronic transactions

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 7

Regulation (EU) 910/2014
Article 6a(4)(e)

(e) ensure that the person identification data referred to in Articles 12(4), point (d) uniquely and persistently representing the natural or legal person is ~~associated with it~~only shared pseudonymously so that it is different for the different relying parties in order to prevent the association or tracking of the user across relying parties and to make it impossible for the issuer of the European Digital Identity Wallet, third parties, or the Member State to receive any information about the use of the European Digital Identity Wallet or to combine use data from different contexts;.

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 4

Regulation (EU) No 910/2014
Article 5 – pargraph 1 a (new)

Processing of personal data shall be carried out in accordance with Regulation (EU) 2016/679, in particular by implementing the principles of data minimisation, purpose limitation, and data protection by design and by default.

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 4

Regulation (EU) 910/2014
Article 5

Without prejudice to the legal effect given to pseudonyms under national law, the use of pseudonyms in electronic transactions shall ~~not be prohibited.;~~always be an option to substitute a unique identifier.

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 7

Regulation (EU) 910/2014
Article 6a(6)

6. The European Digital Identity Wallets shall be issued under a notified electronic identification scheme of level of assurance ‘high’. The source code used for providing European Digital Identity Wallets shall be published (open source). The use of the European Digital Identity Wallets shall be voluntary and free of charge to natural persons. Access to government or other products and services, to online platforms in the meaning of the Digital Services Act or to the labour market by natural persons shall not be made conditional on using the European Digital Identity Wallet, nor should natural persons suffer other disadvantages for not using the European Digital Identity Wallet.

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 7

Regulation (EU) No 910/2014
Article 6a – pragraph 3 – point a

(a) securely request and obtain, store, select, combine and share, in a manner that is transparent to, controlled and traceable by the user, the necessary legal person identification data and electronic attestation of attributes to authenticate online and offline in order to use online public and private services;

2022/06/21
Committee: JURI

(b) sign by means of ~~qualified~~ electronic signatures.

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 7

Regulation (EU) 910/2014
Article 6a(7)

7. The ~~user shall be in full control of~~technical framework for the European Digital Identity Wallet~~. The issuer of the European Digital Identity Wallet shall not collect information about the use of the wallet which are not necessary for the provision of the wallet services, nor shall it combine~~ shall be subject to the following principles: (a) It shall use a decentralised identity architecture, including decentralised identifiers, and store electronic identification means, attributes and certificates securely and exclusively on devices controlled by the user, unless the user optionally consents to storage on third-party devices for the purpose of data recovery; (b) It shall provide cryptographically verifiable, specific parts of the wallet and personal identi~~fication data and any other personal data stored or relating~~ty; (c) It shall allow creation of unique, private and secure peer-to-peer connections between two ~~the use of the European Digital Identity Wallet with personal data from any~~parties; (d) The user shall be in full control of the European Digital Identity Wallet and their data, including revocability and self certification as well as the ability to create copies of their data on other ~~ser~~devices ~~offer~~controlled by th~~is issu~~e user for ~~from third-party services which are not necessary for the provision of the wallet services, unless the user has expressly requested it.~~the purpose of data recovery; (e) The technical architecture shall make it impossible for the issuer of the European Digital Identity Wallet or other parties to collect or obtain electronic identification means, attributes, electronic documents and information about the use of the wallet by the user. The exchange of information via the European Digital Identity Wallet shall not allow providers of electronic attestation of attributes or other parties to track, link, correlate or otherwise obtain knowledge of transactions or user behaviour; (f) Personal data relating to the provision of European Digital Identity Wallets shall be kept physically and logically separate from any other data held.; (g) If the European Digital Identity Wallet is provided by private parties in accordance to paragraph 1 (b) and (c), the provisions of article 45f paragraph 4 shall apply mutatis mutandis.

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 7

Regulation (EU) No 910/2014
Article 6a – paragraph 4 – point a – point 4 a (new)

(a a) for relying parties to be uniquely identified and limited to requesting information based on their approval by a Member State in accordance with Article 6b(1);

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 7

Regulation (EU) 910/2014
Article 6a(7a)(new)

7 a. The issuer of the European Digital Identity Wallet shall be the controller pursuant to Regulation (EU) 2016/679 regarding the processing of personal data in the European Digital Identity Wallet.

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 7

Regulation (EU) No 910/2014
Article 6a – paragraph 4 – point e

(e) ensure that the person identification data referred to in Articles 12(4), point (d) uniquely and persistently representing the natural or legal person is ~~associated with it.~~only shared pseudonymously so that it is different for the different relying parties in order to prevent the association or tracking of the user across relying parties and to make it impossible for the issuer of the European Digital Identity Wallet, third parties, or the Member State to receive any information about the use of the European Digital Identity Wallet or to combine use data from different contexts;

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 7

Regulation (EU) No 910/2014
Article 6a – paragraph 6

6. The European Digital Identity Wallets shall be issued under a notified electronic identification scheme of level of assurance ‘high’. The source code used for providing European Digital Identity Wallets shall be published (open source). The use of the European Digital Identity Wallets shall be voluntary and free of charge to natural persons. Access to government or other products and services, to online platforms in the meaning of [Digital Services Act] or to the labour market by natural persons shall not be made conditional on using the European Digital Identity Wallet, nor shall natural persons suffer other disadvantages for not using the European Digital Identity Wallet.

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 7

Regulation (EU) 910/2014
Article 6a(10 a)(new)

10 a. Within 6 months of the entering into force of this Regulation, the Commission shall adopt delegated acts in accordance with Article 47 in order to supplement this Regulation by establishing technical and operational specifications for the requirements referred to in paragraphs 3, 4 and 5.

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 7

Regulation (EU) 910/2014
Article 6a(11)

11. Within 6 months of the entering into force of this Regulation, the Commission shall ~~establish technical~~ , by meands o~~perational specifications and~~f implementing acts, establish reference standards for the requirements referred to in paragraphs 3, 4 and 5 ~~by means of an implementing act on the implementation of the European Digital Identity Wallet~~. Thisose implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 7

Regulation (EU) No 910/2014
Article 6a – paragraph 10 a (new)

10 a. Within 6 months of the entering into force of this Regulation, the Commission shall adopt delegated acts in accordance with Article 47 in order to supplement this Regulation by establishing technical and operational specifications for the requirements referred to in paragraphs 3, 4 and 5 of this Article.

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 7

Regulation (EU) 910/2014
Article 6b(1)

1. Where relying parties intend to rely upon European Digital Identity Wallets issued in accordance with this Regulation, they shall ~~communicate it to~~request approval from the Member State where the relying party is established to ensure compliance of their intended use and the information they intend to request with requirements set out in Union law or national law for the provision of specific services. When ~~communicating~~deciding about approval, Member States shall scrutinize their inten~~tion to rely on~~ded use cases of the European Digital Identity ~~wallets, they shall also inform about the intended use of the European Digital Identity Wallet.~~to assess proportionality in light of the potential security and data protection implications of the data exchanged and the purpose of the processing of personal information, with particular attention to distinguishing between: (a) anonymous use for selective disclosures; (b) pseudonymous use for authentication; (c) unique identification use; (d) attribute attestation of special categories of personal data in accordance with Article 9 of Regulation (EU) 2016/679;

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 7

Regulation (EU) No 910/2014
Article 6a – paragraph 11

11. Within 6 months of the entering into force of this Regulation, the Commission shall ~~establish technical~~ , by meands o~~perational specifications and~~f implementing acts, establish reference standards for the requirements referred to in paragraphs 3, 4 and 5 ~~by means of an implementing act on the implementation of the European Digital Identity Wal~~of this Articlet. Thisose implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 7

Regulation (EU) 910/2014
Article 6b(2)

2. 2. Member States shall implement a common mechanism for the authentication ~~of relying parties~~and identification of relying parties. Member States shall revoke the authorisation of relying parties in case of illegal or fraudulent use of the European Digital Identity Wallet in their country.

2022/06/13
Committee: LIBE

3. Relying parties shall be responsible for communicating their identifier in every interaction with the European Digital Identity Wallet and carrying out the procedure for authenticating person identification data and electronic attestation of attributes originating from European Digital Identity Wallets.

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 7

Regulation (EU) No 910/2014
Article 6b – paragraph 2

2. Member States shall implement a common mechanism for the authentication ~~of relying parties~~and identification of relying parties. Member States shall revoke the authorisation of relying parties in case of illegal or fraudulent use of the European Digital Identity Wallet in their country.

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 7

Regulation (EU) 910/2014
Article 6b(3a)(new)

3 a. Relying parties shall not collect or store information about the use of the wallet beyond what is strictly necessary for access to the services provided by the respective party, nor shall they combine person identification data and any other personal data stored or relating to the use of the European Digital Identity Wallet with personal data from any other services which are not necessary for the provision of the wallet services, unless the user has explicitly requested it.

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 7

Regulation (EU) 910/2014
Article 6b – paragraph 3

3. Relying parties shall be responsible for communicating their identifier in every interaction with the European Digital Identity Wallet and carrying out the procedure for authenticating person identification data and electronic attestation of attributes originating from European Digital Identity Wallets.

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 7

Regulation (EU) 910/2014
Article 6b(3b)(new)

3 b. Providers of information society services as defined in Directive (EU) 2015/1535 of the European Parliament and of the Council shall make reasonable efforts to enable the use of and payment for that service without collecting personal data of the recipient.

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 7

Regulation (EU) No 910/2014
Article 6b – paragraph 4

4. Within 6 months of the entering into force of this Regulation, the Commission shall adopt delegated acts in accordance with Article 47 in order to supplement this Regulation by establishing technical and operational specifications for the requirements referred to in paragraphs 1 and 2 ~~by means of an implementing act on the implementation of the European Digital Identity Wallets as referred to in Article 6a(10)~~of this Article.

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 7

Regulation (EU) 910/2014
Article 6b(4)

4. Within 6 months of the entering into force of this Regulation, the Commission shall adopt delegated acts in accordance with Article 47 in order to supplement this Regulation by establishing technical and operational specifications for the requirements referred to in paragraphs 1 and 2 ~~by means of an implementing act on the implementation of the European Digital Identity Wallets as referred to in Article 6a(10)~~.

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 7

Regulation (EU) No 910/2014
Article 6c – paragraph 4

4. Within 6 months of the entering into force of this Regulation, the Commission shall, by means of implementing acts, establish a list of standards for the certification of the European Digital Identity Wallets referred to in paragraph 3 of this Article. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 7

Regulation (EU) 910/2014
Article 6c(3)

3. The conformity of European Digital Identity Wallets with the requirements laid down in article 6a ~~paragraphs 3, 4 and 5~~ shall be certified by accredited public or private bodies designated by Member States.

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 7

Regulation (EU) 910/2014
Article 6c(4)

4. Within 6 months of the entering into force of this Regulation, the Commission shall, by means of implementing acts, establish a list of standards for the certification of the European Digital Identity Wallets referred to in paragraph 3. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 7

Regulation (EU) No 910/2014
Article 6d – paragraph 3

3. Within 6 months of the entering into force of this Regulation, the Commission shall, by means of implementing acts, define formats and procedures applicable for the purposes of paragraph 1~~. by means of an implementing act on the implementation of the European Digital Identity Wallets as~~ of this Article. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article ~~6a(10~~48(2).

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 7

Regulation (EU) 910/2014
Article 6d(3)

3. Within 6 months of the entering into force of this Regulation, the Commission shall, by means of implementing acts, define formats and procedures applicable for the purposes of paragraph 1. ~~by means of an~~Those implementing act ~~on the implementation of the European Digital Identity Wallets as~~s shall be adopted in accordance with the examination procedure referred to in Article ~~6a(10~~48(2).

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 9 a (new)

Regulation (EU) No 910/2014
Article 7 a (new)

(9 a) the following Article is inserted: Article 7a Succession aspects At the death of the user, the authority responsible for settling the succession shall ensure the proper extinction of the European Digital Identity Wallet and the transmission to the heirs and rights holders of all heritage elements.

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 11

Regulation (EU) No 910/2014
Article 10a – paragraph 5

5. Within 6 months of the entering into force of this Regulation, the Commission shall ~~further specify the measures referred to in paragraphs 1 and 3 by means of an implementing act on the implementation of the European Digital Identity Wallets as referred to in Article 6a(10)~~adopt delegated acts in accordance with Article 47 in order to supplement this Regulation by further specifying the measures referred to in paragraphs 1 and 3 of this Article.

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 11

Regulation (EU) 910/2014
Article 10a(5)

5. Within 6 months of the entering into force of this Regulation, the Commission shall ~~further specify the measures referred to in paragraphs 1 and 3 by means of an implementing act on the implementation of the European Digital Identity Wallets as referred to in Article 6a(10)~~adopt delegated acts in accordance with Article 47 in order to supplement this Regulation by further specifying the measures referred to in paragraphs 1 and 3.

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 12

Regulation (EU) 910/2014
Article 11a

(12) the following Article 11a is inserted: ‘Article 11a Unique Identification 1. When notified electronic identification means and the European Digital Identity Wallets are used for authentication, Member States shall ensure unique identification. 2. Member States shall, for the purposes of this Regulation, include in the minimum set of person identification data referred to in Article 12.4.(d), a unique and persistent identifier in conformity with Union law, to identify the user upon their request in those cases where identification of the user is required by law. 3. Within 6 months of the entering into force of this Regulation, the Commission shall further specify the measures referred to in paragraph 1 and 2 by means of an implementing act on the implementation of the European Digital Identity Wallets as referred to in Article 6a(10).’deleted

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 12

Regulation (EU) No 910/2014
Article 11a

(12) the following Article 11a is inserted: ‘Article 11a Unique Identification 1. When notified electronic identification means and the European Digital Identity Wallets are used for authentication, Member States shall ensure unique identification. 2. Member States shall, for the purposes of this Regulation, include in the minimum set of person identification data referred to in Article 12.4.(d), a unique and persistent identifier in conformity with Union law, to identify the user upon their request in those cases where identification of the user is required by law. 3. Within 6 months of the entering into force of this Regulation, the Commission shall further specify the measures referred to in paragraph 1 and 2 by means of an implementing act on the implementation of the European Digital Identity Wallets as referred to in Article 6a(10).’deleted

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 13 – point b

Regulation (EU) No 910/2014
Article 12 – paragraph 4 – point d

(b) in paragraph 4, point (d) is replaced by the following: ‘(d) a reference to a minimum set of person identification data necessary to uniquely and persistently represent a natural or legal person;;’deleted

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 13 – point c

(c) in paragraph 6, point (a) of is replaced by the following: ‘(a) the exchange of information, experience and good practice as regards electronic identification schemes and in particular technical requirements related to interoperability, unique identification and assurance levels;;’deleted

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 13 – point a

Regulation (EU) 910/2014
Article 12(3)(c) and (d)

(a) in paragraph 3, point~~s (c) and (d) are deleted;~~ (c) is replaced with the following: '(c) it facilitates the implementation of the principle of data protection by design; and' in paragraph 3, point (d) is replaced with the following: '(d) it ensures that personal data is processed in accordance with Regulation (EU) 2016/679.'

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 13 – point b

Regulation (EU) 910/2014
Article 12(4)(d)

(b) in paragraph 4, point (d) is replaced by the following: ‘(d) a reference to a minimum set of person identification data necessary to uniquely and persistently represent a natural or legal person;;’deleted

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 16

Regulation (EU) No 910/2014
Article 12b – paragraph 2

2. Where private relying parties providing services are required by national or Union law, to use strong user authentication for online identification, or where strong user authentication is required by contractual obligation, including in the areas of transport, energy, banking and financial services, social security, health, drinking water, postal services, digital infrastructure, education or telecommunications, ,private relying parties shall also accept the use of European Digital Identity Wallets issued in accordance with Article 6a.

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 13 – point c

Regulation (EU) 910/2014
Article 12(6)(a)

(c) in paragraph 6, point (a) of is replaced by the following: ‘(a) the exchange of information, experience and good practice as regards electronic identification schemes and in particular technical requirements related to interoperability, unique identification and assurance levels;;’deleted

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 16

Regulation (EU) 910/2014
Article 12b(2)

2. Where private relying parties providing services are required by national or Union law, to use strong user authentication for online identification, or where strong user authentication is required by contractual obligation, including in the areas of transport, energy, banking and financial services, social security, health, drinking water, postal services, digital infrastructure, education or telecommunications, private relying parties shall also accept the use of European Digital Identity Wallets issued in accordance with Article 6a.

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 16

Regulation (EU) No 910/2014
Article 12b – paragraph 5

5. The Commission shall make an assessment within 18 months after deployment of the European Digital Identity Wallets whether on the basis of evidence showing availability and usability of the European Digital Identity Wallet, additional private online service providers shall be mandated to accept the use of the European Digital identity Wallet strictly upon voluntary request of the user. Criteria of assessment may include extent of user base, cross-border presence of service providers, technological development, evolution in usage patterns. The Commission shall be empowered to adopt delegated acts based on this assessment, regarding a revision of the requirements for recognition of the European Digital Identity wallet under points 1 to 4 of this article.deleted

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 16

Regulation (EU) 910/2014
Article 12b(3)

3. Where ~~very large~~ online platforms as defined in Regulation [reference DSA Regulation] ~~Article 25.1. require users to authenticate to access online services, they shall also~~ accept the use of European Digital Identity Wallets issued in accordance with Article 6a, they shall do so only strictly upon voluntary request of the user and in respect of the minimum attributes necessary for the specific online service for which authentication is requested, such as proof of age. In this case, revocable pseudonyms shall be generated and used in connection to an identifiable European Digital Identity Wallet. The combination of person identification data and any other personal data and identifiers linked to the European Digital Identity Wallets with personal or non-personal data from any other services which are not necessary for the provision of the authentication or use of core services, is prohibited unless the user has expressly requested it.

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 20 – point c

Regulation (EU) No 910/2014
Article 17 – paragraph 8

8. Within 12 months of the entering into force of this Regulation, the Commission shall~~, by means of implementing acts,~~ adopt delegated acts in accordance with Article 47 in order to supplement this Regulation by further specifying the tasks of the Ssupervisory ~~Authorit~~bodies referred to in paragraph 4 ~~and define the formats and procedures for the report referred to in paragraph 6. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).;~~of this Article.

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 20 – point c

Regulation (EU) 910/2014
Article 17 – paragraph 8 a (new)

8 a. Within 12 months of the entering into force of this Regulation, the Commission shall, by means of implementing acts, define the formats and procedures for the report referred to in paragraph 6 of this Article. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 16

Regulation (EU) 910/2014
Article 12b(5)

5. The Commission shall make an assessment within 18 months after deployment of the European Digital Identity Wallets whether on the basis of evidence showing availability and usability of the European Digital Identity Wallet, additional private online service providers shall be mandated to accept the use of the European Digital identity Wallet strictly upon voluntary request of the user. Criteria of assessment may include extent of user base, cross-border presence of service providers, technological development, evolution in usage patterns. The Commission shall be empowered to adopt delegated acts based on this assessment, regarding a revision of the requirements for recognition of the European Digital Identity wallet under points 1 to 4 of this article.deleted

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 21 – point c

Regulation (EU) No 910/2014
Article 18 – paragraph 5

5. Within 12 months of the entering into force of this Regulation, the Commission shall, by means of implementing acts, establish the necessary procedural arrangements to facilitate the cooperation between the Ssupervisory ~~Authorit~~bodies referred to in paragraph 1 of this Article. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).;

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 22 – point b

Regulation (UE) No 910/2014
Article 20 – paragraph 2 – last sentence

Where personal data protection rules appear to have been breached, the supervisory body shall inform the supervisory authorities under Regulation (EU) 2016/679 and the issuer of the European Digital Identity Wallet of the results of its audits.;

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 25 – point a

Regulation (UE) No 910/2014
Article 24 – paragraph 1 a (new)

1 a. the following paragraph 1a is inserted: ‘1a. Within 12 months of the entering into force of this Regulation, the Commission shall adopt delegated acts in accordance with Article 47 in order to supplement this Regulation by laying down minimum technical specifications with respect to the verification of identity and attributes in accordance with paragraph 1, point (c), of this Article.’;

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 25 – point b – introductory part

Regulation (UE) No 910/2014
Article 24 – paragraph 1 – point b

(b) the following paragraph 1ab is inserted:

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 25 – point b

Regulation (UE) No 910/2014
Article 24 – paragraph 1a

1a. Within 12 months after the entry into force of this Regulation, the Commission shall by means of implementing acts, set out ~~minimum technical specifications,~~ standards and procedures with respect to the verification of identity and attributes in accordance with paragraph 1, point c. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).;

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 25 – point f

Regulation (UE) No 910/2014
Article 24 – paragaph 6

6. The Commission shall be empowered to adopt delegated acts in accordance with Article 47 supplementing this Regulation regarding the ~~additional~~ measures referred to in paragraph 2, point (fa).;

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 27

Regulation (UE) No 910/2014
Article 29 – paragraph 1 a

1a. Generating, managing and duplicating qualified electronic signature creation data on behalf of the signatory may only be done by a qualified trust service provider providing a qualified trust service for the management of a remote electronic qualified signature creation device.;

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 28

Regulation (UE) No 910/2014
Article 29a – pargraph 1 a (new)

1 a. Within 12 months of the entering into force of this Regulation, the Commission shall adopt delegated acts in accordance with Article 47 in order to supplement this Regulation by establishing technical specifications for the purposes of paragraph 1 of this Article.

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 28

Regulation (UE) No 910/2014
Article 29a – paragraph 2

2. Within 12 months of the entering into force of this Regulation, the Commission shall, by means of implementing acts, establish technical specifications and reference numbers of standards for the purposes of paragraph 1.; of this Article. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 20 – point c

8. Within 12 months of the entering into force of this Regulation, the Commission shall, by means of implementing acts, further specify the tasks of the Supervisory Authorities referred to in paragraph 4 and define the formats and procedures for the report referred to in paragraph 6. Those implementing acts shall be adopted in accordance with the examination procedure adopt delegated acts in accordance with Article 47 in order to supplement this Regulation by further specifying the tasks of the supervisory bodies referred to in ~~Article 48(2).;~~paragraph 4.

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 20 – point c

Regulation (EU) 910/2014
Article 17(8a)(new)

8 a. Within 12 months of the entering into force of this Regulation, the Commission shall, by means of implementing acts, define the formats and procedures for the report referred to in paragraph 6. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 38

Regulation (UE) No 910/2014
Article 45

(38) Article 45 is replaced by the following: ‘Article 45 Requirements for qualified certificates for website authentication 1. Qualified certificates for website authentication shall meet the requirements laid down in Annex IV. Qualified certificates for website authentication shall be deemed compliant with the requirements laid down in Annex IV where they meet the standards referred to in paragraph 3. 2. Qualified certificates for website authentication referred to in paragraph 1 shall be recognised by web-browsers. For those purposes web-browsers shall ensure that the identity data provided using any of the methods is displayed in a user friendly manner. Web-browsers shall ensure support and interoperability with qualified certificates for website authentication referred to in paragraph 1, with the exception of enterprises, considered to be microenterprises and small enterprises in accordance with Commission Recommendation 2003/361/EC in the first 5 years of operating as providers of web-browsing services. 3. Within 12 months of the entering into force of this Regulation, the Commission shall, by means of implementing acts, provide the specifications and reference numbers of standards for qualified certificates for website authentication referred to in paragraph 1. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).;’deleted

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 21 – point c

Regulation (EU) 910/2014
Article 18(5)

5. Within 12 months of the entering into force of this Regulation, the Commission shall, by means of implementing acts, establish the necessary procedural arrangements to facilitate the cooperation between the Ssupervisory ~~Authorit~~bodies referred to in paragraph 1.; Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 22 – point b

Regulation (EU) 910/2014
Article 20(2)

Where personal data protection rules appear to have been breached, the supervisory body shall inform the supervisory authorities under Regulation (EU) 2016/679 and the issuer of the European Digital Identity Wallet of the results of its audits.;

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (UE) No 910/2014
Article 45a – paragraph 1

1. An electronic attestation of attributes shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in electronic form, or that it does not meet the requirements for qualified electronic attestations of attributes.

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 25 – point a a (new)

Regulation (EU) 910/2014
Article 24(1a)(new)

(a a) the following paragraph 1a is inserted: ‘1a. Within 12 months of the entering into force of this Regulation, the Commission shall adopt delegated acts in accordance with Article 47 in order to supplement this Regulation by laying down minimum technical specifications with respect to the verification of identity and attributes in accordance with paragraph 1, point (c).’;

2022/06/13
Committee: LIBE

(b) the following paragraph 1ab is inserted: Or. en (Article 24(1a) in the Commission proposal)

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 25 – point b

Regulation (EU) 910/2014
Article 24(1b)

1a. Within 12 months after the entry into force of this Regulation, the Commission shall by means of implementing acts, set out ~~minimum technical specifications,~~ standards and procedures with respect to the verification of identity and attributes in accordance with paragraph 1, point c. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).; Or. en (Article 24(1a) in the Commission proposal)

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (UE) No 910/2014
Article 45a – paragraph 3 a (new)

3 a. Lawfully issued attestations in paper form shall be accepted by relying parties as an alternative to electronic attestation of attributes.

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 25 – point f

Regulation (EU) 910/2014
Article 24(6)

6. The Commission shall be empowered to adopt delegated acts in accordance with Article 47 supplementing this Regulation regarding the ~~additional~~ measures referred to in paragraph 2, point (fa).;

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (UE) No 910/2014
Article 45c – paragraph 3

3. Where a qualified electronic attestation of attributes has been revoked after initial issuance, it shall lose its validity from the moment of its revocation, and its status shall not in any circumstances be reverted. Only relying parties the user has shared this attribute with shall be able to link the revocation to those attributes, based on cryptographic functions.

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 27 Regulation (EU) 910/2014

1a. Generating, managing and duplicating qualified electronic signature creation data on behalf of the signatory may only be done by a qualified trust service provider providing a qualified trust service for the management of a remote electronic qualified signature creation device.;

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (UE) No 910/2014
Article 45c – paragraph 4

4. Within 6 months of the entering into force of this Regulation, the Commission shall, by means of implementing acts, establish reference numbers of standards for qualified electronic attestations of attributes ~~by means of an~~. Those implementing act ~~on the implementation of the European Digital Identity Wallets as~~s shall be adopted in accordance with the examination procedure referred to in Article ~~6a(10~~48(2).

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 28

Regulation (EU) 910/2014
Article 29a(1a)(new)

1 a. Within 12 months of the entering into force of this Regulation, the Commission shall adopt delegated acts in accordance with Article 47 in order to supplement this Regulation by establishing technical specifications for the purposes of paragraph 1.

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (UE) No 910/2014
Article 45d – paragraph 1a (new)

1 a. Within 6 months of the entering into force of this Regulation, taking into account relevant international standards, the Commission shall adopt delegated acts in accordance with Article 47 in order to supplement this Regulation by laying down minimum technical specifications with reference to the catalogue of attributes and schemes for the attestation of attributes and verification procedures for qualified electronic attestations of attributes.

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 28

Regulation (EU) 910/2014
Article 29a(2)

2. Within 12 months of the entering into force of this Regulation, the Commission shall, by means of implementing acts, establish technical specifications and reference numbers of standards for the purposes of paragraph 1.; Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (UE) No 910/2014
Article 45d – paragraph 2

2. Within 6 months of the entering into force of this Regulation, taking into account relevant international standards, the Commission shall ~~set out the minimum technical specifications,~~by means of implementing acts, set out the standards and procedures with reference to the catalogue of attributes and schemes for the attestation of attributes and verification procedures for qualified electronic attestations of attributes ~~by means of an~~. Those implementing act ~~on the implementation of the European Digital Identity Wallets as~~s shall be adopted in accordance with the examination procedure referred to in Article ~~6a(10~~48(2).

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (UE) No 910/2014
Section 10 – numbering of section

~~SECTION 10~~deleted

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 38

Regulation (EU) 910/2014
Article 45

(38) Article 45 is replaced by the following: ‘Article 45 Requirements for qualified certificates for website authentication 1. Qualified certificates for website authentication shall meet the requirements laid down in Annex IV. Qualified certificates for website authentication shall be deemed compliant with the requirements laid down in Annex IV where they meet the standards referred to in paragraph 3. 2. Qualified certificates for website authentication referred to in paragraph 1 shall be recognised by web-browsers. For those purposes web-browsers shall ensure that the identity data provided using any of the methods is displayed in a user friendly manner. Web-browsers shall ensure support and interoperability with qualified certificates for website authentication referred to in paragraph 1, with the exception of enterprises, considered to be microenterprises and small enterprises in accordance with Commission Recommendation 2003/361/EC in the first 5 years of operating as providers of web-browsing services. 3. Within 12 months of the entering into force of this Regulation, the Commission shall, by means of implementing acts, provide the specifications and reference numbers of standards for qualified certificates for website authentication referred to in paragraph 1. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).;’deleted

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (UE) No 910/2014
Section 10 – title

~~QUALIFIED ELECTRONIC ARCHIVING SERVICES~~deleted

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 38

Regulation (EU) 910/2014
Article 47

(39a) Article 47 is amended as follows: (a) the following paragraph 2a is inserted: ‘2a. The power to adopt delegated acts referred to in Article 6a(10a), Article 6b(4), Article 6c(6), Article 10a(5), Article 11a(3), Article12b(5), Article 17(8), Article 24 (1a), Article 24(6), Article 29a(1a), Article 45(2a) and Article 45d(1a) shall be conferred on the Commission for an indeterminate period of time from ... [date of entry into force of this Regulation].’; (b) paragraph 3 is replaced by the following: ‘3. The delegation of power referred to in Article 6a(10a), Article 6b(4), Article 6c(6), Article 10a(5), Article 11a(3), Article12b(5), Article 17(8), Article 24 (1a), Article 24(6), Article 29a(1a), Article 30(4), Article 45(2a) and Article 45d(1a) may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision. It shall take effect the day following the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.’ (c) paragraph 5 is replaced by the following: ‘5. A delegated act adopted pursuant to Article 6a(10a), Article 6b(4), Article 6c(6), Article 10a(5), Article 11a(3), Article12b(5), Article 17(8), Article 24 (1a), Article 24(6), Article 29a(1a), Article 30(4), Article 45(2a) or Article 45d(1a) shall enter into force only if no objection has been expressed either by the European Parliament or the Council within a period of two months of notification of that act to the European Parliament and the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by two months at the initiative of the European Parliament or of the Council.’;

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (UE) No 910/2014
Section 10 – numering of article

~~Article 45g~~deleted

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (EU) 910/2014
Article 45a(1)

1. An electronic attestation of attributes shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in electronic form, or that it does not meet the requirements for qualified electronic attestations of attributes.

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (UE) No 910/2014
Article 45g – title

~~Qualified electronic archiving services~~deleted

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 39

A qualified electronic archiving service for electronic documents may only be provided by a qualified trust service provider that uses procedures and technologies capable of extending the trustworthiness of the electronic document beyond the technological validity period.deleted

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (UE) No 910/2014
Article 45g – paragraph 1 – subparagraph 2

Within 12 months after the entry into force of this Regulation, the Commission shall, by means of implementing acts, establish reference numbers of standards for electronic archiving services. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).deleted

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (EU) 910/2014
Article 45a(3 a)(new)

3 a. Lawfully issued attestations in paper form shall be accepted by relying parties as an alternative to electronic attestation of attributes.

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (EU) 910/2014
Article 45c(3)

3. Where a qualified electronic attestation of attributes has been revoked after initial issuance, it shall lose its validity from the moment of its revocation, and its status shall not in any circumstances be reverted. Only relying parties the user has shared this attribute with shall be able to link the revocation to those attributes, based on cryptographic functions.

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (EU) 910/2014
Article 45c(4)

4. Within 6 months of the entering into force of this Regulation, the Commission shall, by means of implementing acts, establish reference numbers of standards for qualified electronic attestations of attributes ~~by means of an~~. Those implementing act ~~on the implementation of the European Digital Identity Wallets as~~s shall be adopted in accordance with the examination procedure referred to in Article ~~6a(10~~48(2).

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (UE) No 910/2014
Section 11 – title of section

~~ELECTRONIC LEDGERS~~deleted

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (EU) 910/2014
Article 45d(1a)(new)

1 a. Within 6 months of the entering into force of this Regulation, taking into account relevant international standards, the Commission shall adopt delegated acts in accordance with Article 47 in order to supplement this Regulation by laying down minimum technical specifications with reference to the catalogue of attributes and schemes for the attestation of attributes and verification procedures for qualified electronic attestations of attributes.

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 39

~~Article 45h~~deleted

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (EU) 910/2014
Article 45d(2)

2. Within 6 months of the entering 2. into force of this Regulation, taking into account relevant international standards, the Commission shall ~~set out the minimum technical specifications,~~by means of implementing acts, set out the standards and procedures with reference to the catalogue of attributes and schemes for the attestation of attributes and verification procedures for qualified electronic attestations of attributes ~~by means of an~~. Those implementing act ~~on the implementation of the European Digital Identity Wallets as~~s shall be adopted in accordance with the examination procedure referred to in Article ~~6a(10~~48(2).

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (UE) No 910/2014
Article 45h – title of the article

~~Legal effects of electronic ledgers~~deleted

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 39

~~SECTION 10~~deleted

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (UE) No 910/2014
Article 45h – paragraph 1

1. An electronic ledger shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic ledgers.deleted

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 39

~~QUALIFIED ELECTRONIC ARCHIVING SERVICES~~deleted

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (EU) 910/2014
Article 45g

~~Article 45g~~deleted

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (UE) No 910/2014
Article 45h – paragraph 2

2. A qualified electronic ledger shall enjoy the presumption of the uniqueness and authenticity of the data it contains, of the accuracy of their date and time, and of their sequential chronological ordering within the ledger.deleted

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (EU) 910/2014
Article 45g

~~Qualified electronic archiving services~~deleted

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 39

A qualified electronic archiving service for electronic documents may only be provided by a qualified trust service provider that uses procedures and technologies capable of extending the trustworthiness of the electronic document beyond the technological validity period.deleted

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (UE) No 910/2014
Article 45i – numbering of the article

~~Article 45i~~deleted

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (EU) 910/2014
Article 45g

Within 12 months after the entry into force of this Regulation, the Commission shall, by means of implementing acts, establish reference numbers of standards for electronic archiving services. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).deleted

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (UE) No 910/2014
Article 45i – title

~~Requirements for qualified electronic ledgers~~deleted

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 39

~~ELECTRONIC LEDGERS~~deleted

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (EU) 910/2014
Article 45h

~~Article 45h~~deleted

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (UE) No 910/2014
Article 45i – paragraph 1

1. Qualified electronic ledgers shall meet the following requirements: (a) they are created by one or more qualified trust service provider or providers; (b) they ensure the uniqueness, authenticity and correct sequencing of data entries recorded in the ledger; (c) they ensure the correct sequential chronological ordering of data in the ledger and the accuracy of the date and time of the data entry; (d) they record data in such a way that any subsequent change to the data is immediately detectable.deleted

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (UE) No 910/2014
Article 45i – paragraph 2

~~2. Compliance with the requirements laid down in paragraph 1 shall be presumed where an electronic ledger meets the standards referred to in paragraph 3.~~deleted

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (EU) 910/2014
Article 45h

~~Legal effects of electronic ledgers~~deleted

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (UE) No 910/2014
Article 45i – paragraph 3

3. The Commission may, by means of implementing acts, establish reference numbers of standards for the processes of execution and registration of a set of data into, and the creation, of a qualified electronic ledger. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).;deleted

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (EU) 910/2014
Article 45h

1. An electronic ledger shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic ledgers.deleted

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (UE) No 910/2014
Article 47

3 a. Article 47 is amended as follows: (a) the following paragraph is inserted: ‘2a.The power to adopt delegated acts referred to in Article 6a(10a), Article 6b(4), Article 6c(6), Article 10a(5), Article 11a(3), Article12b(5), Article 17(8), Article 24 (1a), Article 24(6), Article 29a(1a), Article 45(2a) and Article 45d(1a) shall be conferred on the Commission for an indeterminate period of time from ... [date of entry into force of this Regulation].’; (b) paragraph 3 is replaced by the following: ‘3.The delegation of power referred to in Article 6a(10a), Article 6b(4), Article 6c(6), Article 10a(5), Article 11a(3), Article12b(5), Article 17(8), Article 24 (1a), Article 24(6), Article 29a(1a), Article 30(4), Article 45(2a) and Article 45d(1a) may be revoked at any time by the European Parliament or by the Council.A decision to revoke shall put an end to the delegation of the power specified in that decision.It shall take effect the day following the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.’ (c) paragraph 5 is replaced by the following: ‘5. A delegated act adopted pursuant to Article 6a(10a), Article 6b(4), Article 6c(6), Article 10a(5), Article 11a(3), Article12b(5), Article 17(8), Article 24 (1a), Article 24(6), Article 29a(1a), Article 30(4), Article 45(2a) or Article 45d(1a) shall enter into force only if no objection has been expressed either by the European Parliament or the Council within a period of two months of notification of that act to the European Parliament and the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by two months at the initiative of the European Parliament or of the Council.’;

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (EU) 910/2014
Article 45h

2. A qualified electronic ledger shall enjoy the presumption of the uniqueness and authenticity of the data it contains, of the accuracy of their date and time, and of their sequential chronological ordering within the ledger.deleted

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 40

Regulation (EU) 910/2014
Article 48a – paragraph 2 – point b

(b) the type and number of services accepting the use of the European Digital Wallet, including the type and number of rejected applications of relying parties and the reasons for that;

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (EU) 910/2014
Article 45i

~~Article 45i~~deleted

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 40

Regulation (UE) No 910/2014
Article 48a – paragraph 2 – point c a (new)

(c a) the type and number of security incidents, suspected data breaches and affected users;

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (EU) 910/2014
Article 45i

~~Requirements for qualified electronic ledgers~~deleted

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 40

Regulation (UE) No 910/2014
Article 48a – paragraph 2 – point c b (new)

(c b) the number of user complaints and suspected consumer protection or data protection incidents relating to relying parties.

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (EU) 910/2014
Article 45i

1. Qualified electronic ledgers shall meet the following requirements: (a) they are created by one or more qualified trust service provider or providers; (b) they ensure the uniqueness, authenticity and correct sequencing of data entries recorded in the ledger; (c) they ensure the correct sequential chronological ordering of data in the ledger and the accuracy of the date and time of the data entry; (d) they record data in such a way that any subsequent change to the data is immediately detectable.deleted

2022/06/13
Committee: LIBE

Proposal for a regulation
Annex VI – paragraph 1 – point 3

~~3. Gender;~~deleted

2022/06/21
Committee: JURI

Proposal for a regulation
Annex VI – paragraph 1 – point 4

~~4. Civil status;~~deleted

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (EU) 910/2014
Article 45i

~~2. Compliance with the requirements laid down in paragraph 1 shall be presumed where an electronic ledger meets the standards referred to in paragraph 3.~~deleted

2022/06/13
Committee: LIBE

Proposal for a regulation
Annex VI – paragraph 1 – point 5

~~5. Family composition;~~deleted

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 39

Regulation (EU) 910/2014
Article 45i

3. The Commission may, by means of implementing acts, establish reference numbers of standards for the processes of execution and registration of a set of data into, and the creation, of a qualified electronic ledger. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).;deleted

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 40

Regulation (EU) 910/2014
Article 48a(2)(b)

(b) the type and number of services accepting the use of the European Digital Wallet, including the type and number of rejected applications of relying parties and the reasons for that;

2022/06/13
Committee: LIBE

Proposal for a regulation
Annex VI – paragraph 1 – point 10 a (new)

10 a. Activation of a legal protection regime and name of the trusted third party.

2022/06/21
Committee: JURI

Proposal for a regulation
Article 1 – paragraph 1 – point 40

Regulation (EU) 910/2014
Article 48a(2)(c a)(new)

(c a) the type and number of security incidents, suspected data breaches and affected users;

2022/06/13
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1 – point 40

Regulation (EU) 910/2014
Article 48a paragraph cb (new)

(c b) the number of user complaints and suspected consumer protection or data protection incidents relating to relying parties.

2022/06/13
Committee: LIBE