Member States will work on the Czech Presidency’s compromise proposal for the future Digital Identity Wallet (eID) (see EUROPE 12969/13) at the next two meetings of the EU Council’s Telecommunications Working Party on 5 and 8 September.
In addition to relatively minor changes to definitions, such as ‘digital identification’, ‘user’ and ‘trust services’, the text also redefines the role of Member States and the obligations of trust service providers.
Thus, the document states, the regulation “should not prevent Member States from laying down rules on penalties applicable to infringements of this Regulation, such as direct or indirect practices creating confusion between unqualified and qualified trust services” as well as in the case of misuse of “the EU trust mark by unqualified trust service providers”.
Qualified trust service providers who decide to outsource one or more of their operations outside the EU should provide guarantees that oversight activities and audits can be applied in the same way as if these operations were carried out within the EU.
In cases where full compliance with the regulation cannot be ensured, the Czech Presidency of the EU Council proposes that supervisory bodies should have the ability to adopt proportionate and justified measures, “including the withdrawal of the qualified status of the trusted service”.
Furthermore, the compromise document states that trust services that would be provided by trust service providers established in a third country - or by an international organisation - would be recognised as “legally equivalent” to qualified trust services established in the EU, provided that there is an agreement between the EU and the third country concerned or an implementing act.
In addition, a number of additions have been made to the Commission’s original proposal to clarify the interconnection of the text with the Digital Markets Act (DMA) (see EUROPE 12986/3) and the ‘NIS2’ Directive (see EUROPE 12974/13).
On this point, the Czech Presidency would like to give the supervisory authorities under the ‘NIS2’ Directive two months to provide the supervisory authorities with information on compliance with the ‘NIS2’ rules. Any delay should be “duly justified”, the text adds.
Finally, the Czech Presidency document leaves the door open for discussions on a number of points, such as the period of implementation of the text or the provision of additional functionalities to electronic wallets. The issues of interoperability with existing national means of electronic identification and the deadlines for trust service providers to notify supervisory authorities of breaches or disruptions in the provision of their services will also need to be discussed.
See the compromise document: https://aeur.eu/f/2uw (Original version in French by Thomas Mangin)