eIDAS - List of certificates

Commission Implementing **Regulation (EU) 2025/849** establishes detailed rules under Regulation (EU) No 910/2014. This regulation aims to ensure consistent standards across EU Member States, enhancing trust and interoperability within the European Digital Identity ecosystem.

An electronic edition of the same is available here.

Article 1: Subject matter

This Regulation lays down the formats and procedures as regards the submission of information by Member States to the Commission and the Cooperation Group for the list of certified wallets pursuant to Article 5d of Regulation (EU) No 910/2014, to be updated on a regular basis to keep in line with technology and standards developments and with the work carried out on the basis of Commission Recommendation (EU) 2021/946 (5), and in particular the Architecture and Reference Framework.

Article 2: Definitions

For the purposes of this Regulation, the following definitions apply:

1. 'wallet solution' means a combination of software, hardware, services, settings, and configurations, including wallet instances, one or more wallet secure cryptographic applications and one or more wallet secure cryptographic devices;

2. 'wallet instance' means the application installed and configured on a wallet user's device or environment, which is part of a wallet unit, and that the wallet user uses to interact with the wallet unit;

3. 'wallet unit' means a unique configuration of a wallet solution that includes wallet instances, wallet secure cryptographic applications and wallet secure cryptographic devices provided by a wallet provider to an individual wallet user;

4. 'wallet provider' means a natural or legal person who provides wallet solutions;

5. 'wallet user' means a user who is in control of the wallet unit;

6. 'wallet secure cryptographic application' means an application that manages critical assets by being linked to and using the cryptographic and non-cryptographic functions provided by the wallet secure cryptographic device;

7. 'wallet secure cryptographic device' means a tamper-resistant device that provides an environment that is linked to and used by the wallet secure cryptographic application to protect critical assets and provide cryptographic functions for the secure execution of critical operations;

8. 'critical assets' means assets within or in relation to a wallet unit of such extraordinary importance that where their availability, confidentiality or integrity are compromised, this would have a very serious, debilitating effect on the ability to rely on the wallet unit;

9. 'provider of person identification data' means a natural or legal person responsible for issuing and revoking the person identification data and ensuring that the person identification data of a user is cryptographically bound to a wallet unit.

Article 3: Format, procedure for submissions and information to be submitted by Member States to the Commission

1. Member States shall submit the information set out in the Annex to the Commission and to the Cooperation Group through a secure electronic channel made available by the Commission.

2. Member States shall submit the information required under paragraph 1 at least in English.

3. Where there are any changes to the submitted information, including changes to the certification status of the wallets, Member States shall submit the updated information through the channel referred to in paragraph 1.

Article 4: Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

This Regulation shall be binding in its entirety and directly applicable in all Member States.

Done at Brussels, 6 May 2025.

For the Commission

The President

Ursula VON DER LEYEN

ANNEX

Information to be submitted by Member States

1. The purpose of the submission, indicated as one of the following:

   • (a) a provided and certified wallet
   • (b) a change is made to any previously submitted information regarding a wallet
   • (c) a request to remove a wallet from the list of provided and certified wallets.

2. Information to be submitted about a provided and certified wallet:

   • (a) a description of the wallet solution, including:
   • the name of the wallet solution
   • a unique reference identifier of the wallet solution
   • the name, the trade name where applicable, address, and, where relevant, additional information on the wallet provider
   • a description of the management of the wallet solution, including:
   • characteristics and design
   • issuance, delivery, and activation
   • suspension, revocation, and reactivation
   • recovery and backup, where applicable
   • renewal and replacement
   • management practices for wallet transaction logs
   • (b) a description of the electronic identification scheme under which the wallet solution is provided and certified, including:
   • the title of the electronic identification scheme
   • a unique identifier for the electronic identification scheme
   • the name of the authority or names of the authorities responsible for the electronic identification scheme
   • a description of the management and organisation of the electronic identification scheme
   • the name, trade name where applicable, address, and, where relevant, additional information on the provider or providers of person identification data
   • for each provider of person identification data:
   • the set or sets of person identification data provided to natural and legal persons under the electronic identification scheme
   • a description of the set or sets of person identification data for which the Member State ensures uniqueness
   • a description of the supervisory regime in accordance with Article 46a of Regulation (EU) No 910/2014 as regards to:
   • the providers of person identification data, including identification of the supervisory body
   • the wallet provider, including identification of the supervisory body
   • a description of the liability regime in accordance with Article 5a(19) of Regulation (EU) No 910/2014, as regards to:
   • the provider or providers of person identification data
   • the wallet provider
   • a description of the enrolment process, including descriptions of:
   • applying for wallet units and person identification data
   • the registration of wallet users
   • where applicable, the identity proofing and verification of natural persons
   • where applicable, the identity proofing and verification of legal persons
   • any policies that apply to the authority or authorities responsible for the electronic identification scheme including arrangements for suspension or revocation of:
   • the electronic identification schemes
   • wallet unit attestations issued by the wallet provider
   • any other compromised parts of the wallets
   • (c) the certificate and certification assessment report in compliance with Article 5c of Regulation (EU) No 910/2014.