ENISA to establish cybersecurity certification scheme for EU’s digital ID wallets

The European Commission has requested that the European Union Agency for Cybersecurity, ENISA, develop a candidate scheme for cybersecurity certification for EU Digital Identity (EUDI) Wallets.

The request is part of a broader one to provide support for certification of the digital identity wallets.

ENISA will provide harmonized requirements for certification to support the establishment of national certification schemes by EU Member States. The agency will participate in the formulation of implementing acts that establish a list of reference standards, along with specifications and procedures for protecting security and privacy, where necessary. The EC has also asked ENISA to launch the process for standing up a cybersecurity scheme for EUDI Wallets and the digital IDs they carry, with reference to the Cybersecurity Act.

The European Digital Identity Framework took force in May, and mandates EU Member States to start providing EUDI Wallets within 2 years of adopting their implementing acts.

“Certification scheme for the EU Digital Identity Wallets is key for a successful functioning of the Wallets concept,” says European Commission Acting Director for Digital Society, Trust and Cybersecurity, Christiane Kirketerp de Viron. “The certification ensures that EUDI wallets are secure and protect the privacy of users and their personal data. Moreover, it would also guarantee that the citizens can use their national digital wallets across the EU.”

The EU wrapped up its collection of input on the cybersecurity certification scheme earlier this month. The feedback received makes clear that the certification criteria will be carefully watched, in part for how it limits the oversharing of consumer data.

Existing and incoming certification schemes will be taken into account by ENISA, according to the announcement, such as the European Cybersecurity Certification Scheme on Common Criteria and the draft European Certification Scheme for Cloud Services.

ENISA Executive Director Juhan Lepassaar says that with the EUDI Wallet cybersecurity certification scheme, “ENISA will support the Commission and the Member States to set out cybersecurity controls in the digital identification field allowing its timely uptake across the EU. Digital Wallets contribute to the maturity of EU’s digitalization and enhance citizens’ cybersecurity and privacy.”

ENISA has already been supporting the eIDAS Expert Group and the Certification Subgroup, and will work with member states and stakeholders on the certification project. An ad-hoc working group will be set up and work with the European Cybersecurity Certification Group.

Clues to what the certification scheme proposal will look like may be found in the recommendations ENISA made for EUDI Wallets in its Digital Identity Standards report last July. Meanwhile, EUDI Wallet pilots are ongoing, and will surely also effect the development of the certification scheme.

Article Topics

certification  |  cybersecurity  |  digital ID  |  digital wallets  |  ENISA  |  EU Digital Identity Wallet  |  European Digital Identity Framework