Ayer, 2 de diciembre de 2025, se publicó en la plataforma «Have your say» de la Unión Europea una nueva consulta, abierta hasta el 30 de diciembre, sobre un nuevo borrador relativo a la Cartera IDUE.

Se trata del Registro de usuario de la Cartera.

COMMISSION IMPLEMENTING REGULATION (EU) …/… of XXX laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards onboarding of users to the European Digital Identity Wallets by electronic identification means conforming to assurance level high or by electronic identification means conforming to assurance level substantial in conjunction with additional remote onboarding procedures where the combination meets the requirements of assurance level high

REGLAMENTO DE EJECUCIÓN DE LA COMISIÓN (UE) …/… de XXX por el que se establecen normas de aplicación del Reglamento (UE) n.º 910/2014 del Parlamento Europeo y del Consejo en lo que respecta a la incorporación de usuarios a las Carteras de Identidad Digital Europea mediante medios de identificación electrónica que cumplan el nivel de aseguramiento alto o mediante medios de identificación electrónica que cumplan el nivel de aseguramiento sustancial, junto con procedimientos adicionales de registro a distancia, cuando la combinación cumpla los requisitos del nivel de aseguramiento alto.

Este es el Anexo:

List of reference standards and specifications

The standard ETSI TS 119 461 V2.1.1 (2025-02), clause 9.1 with title ‘Introduction, compliance with the present document, general requirements for all use cases’ and clause 9.5 with title ‘Use cases for additional identity proofing to enhance an identity proven by use of an eID from Baseline LoIP to Extended LoIP’ applies, with the following adaptations: 

• 5 Operational risk assessment 
  • OVR-5-01: The requirements specified in ETSI EN 319 401 [1], clause 5 shall apply.  
  • NOTE 1: When the identity proofing is done by the provider of person identification data itself, the provider of person identification data’s risk assessment can cover the identity proofing. 
• 7.10 Collection of evidence 
  • OVR-7.10-01: The requirements specified in ETSI EN 319 401 [1], clause 7.10 shall apply.  
  • NOTE 1: Long-term requirements for retention of evidence can be fulfilled by the provider of person identification data requesting the identity proofing instead of by the IPSP when the two are different entities.  
  • NOTE 2: The requirements of clause 8.5.2 of the present document apply. 
• 7.11 Business continuity management
  • OVR-7.11-02: Processes for crisis management according to ETSI EN 319 401 [1], REQ-7.11.3-01X shall be as required by the identity proofing context and the obligations of the provider of person identification data relying on the IPSP’s service.
• 7.12 Termination and termination plans 
  • OVR-7.12-01: The requirements specified in ETSI EN 319 401 [1], clause 7.12, excluding REQ-7.12-11, shall apply. 
  • NOTE: When the IPSP and the provider of person identification data requesting the identity proofing are different entities, they can agree mutual or unilateral assistance in establishing termination plans. 
• 9.2.3.4 Use case for automated operation
  • USE-9.2.3.4-04: The IPSP shall establish target values for the FAR and FRR, based on a risk analysis and its threats intelligence procedure, by following the methodology established in the ENISA report ‘Methodology for sectoral cybersecurity assessments’ [i.28] or an equivalent methodology, in fully automated identity proofing processes. These target values shall be equal to or lower than those set for hybrid use cases, when they exist. The IPSP shall maintain these target values for FAR and FRR consistently, supported by a risk analysis and its threats intelligence procedure.   (6) 8.3.3 Validation of physical identity document  
• VAL-8.3.3-21: The effectiveness of the measures for complying with the requirements VAL-8.3.3-05X, VAL-8.3.3-05A, VAL-8.3.3-05B, VAL-8.3.305C, VAL-8.3.3-07A and VAL-8.3.3-07X, shall be tested by an accredited laboratory or a national competent authority, whenever they are designated, at the latest by 19 August 2027 and then be repeated every second year. 
• 9.5.3 Use case for enhancing identity proofing to Extended LoIP by use of a previously captured reference face image
  • USE-9.5.3-01: An identity proofing process fulfilling the requirements for Extended LoIP from one of the use cases described in clauses 9.2.1, 9.2.2, or 9.2.3 of the present document, or it has been previously been peer reviewed or certified by an accredited conformity assessment body to comply with assurance level high in accordance with Regulation (EU) No 910/2014 [i.25] shall be used to capture a reference face image and to bind the necessary identity attributes to this reference face image. 
• 8.2.4 Use of existing eID means as evidence
  • [CONDITIONAL] COL-8.2.4-02X: If the Baseline LoIP is targeted, the eID means shall have been notified at least at eIDAS LoA substantial or shall have been assessed by an independent conformity assessment body to fulfil the requirements for an eIDAS substantial eID or eIDAS high eID. The independent conformity assessment body shall be accredited as per Article 3 (18) of Regulation (EU) No 910/2014 [i.25], and, if all applicable requirements are fulfilled, the assessment shall result in a certificate of compliance based on a certification audit. This formal certification process shall be based on a security evaluation process that refers to the levels of assurance defined for notified electronic identification means or for certified European Digital Identity Wallets under Regulation (EU) No 910/2014 [i.25] and shall include rigorous testing to evaluate resistance against potential security threats. These evaluations shall employ pertinent technical standards to demonstrate robustness against such attacks.