iTeh Standards logo
EURUSD
Your shopping cart is empty.
CEN

FprCEN/TS 18098

(Main)

Guidelines for the onboarding of user personal identification data within European Digital Identity Wallets

Guidelines for the onboarding of user personal identification data within European Digital Identity Wallets

This document defines and describes the concept of on-boarding of person identification data (PID) within a Wallet. The scope of this document includes cases where a natural person is the User in control of a Wallet. This includes a natural person who is in control of their own information, as well as natural persons who control information to represent another natural person or a legal person. This document considers a single set of PID attributes linked to a single Wallet Unit. This does not exclude the issuance of multiple PIDs representing the same set of PID attributes, e.g. batch issuance.
It also provides the general workflow, the roles and responsibilities at stake, and links the on-boarding with the Level of Assurance concept underpinning eIDAS [1];
The scope of this document includes cases where a natural person is the User in control of a wallet. This includes a natural person who is in control of their own data as well as natural persons who control data to represent another natural person or legal person.
EXAMPLE   If a natural person represents a legal person, the PID provider can issue a "representation PID" in an own Wallet Unit for representation purposes controlled by the natural person Wallet User. The "representation PID" is a kind of attestation which contains PID about the natural person (representative) and about the legal person (representee).
This document is limited to the on-boarding of an unique set of person identification data, complying with the legal provisions of eIDAS [1], in particular (1) issued in accordance with Union or National laws, and (2) conformant with the relevant implementing act [5].
The following aspects are out of scope of this document:
-   the on-boarding of person identification data within a Wallet where the User is a legal person;
-   other types of on-boarding, such as:
-   provisioning of person identification data after revocation, expiration or deletion;
-   addition of other Attributes (under the shape of attestations) in accordance with the requirement of Level of Assurance “High” which are not part of the set of person identification data but are part of the legal identity under National’s laws;
-   management of person identification data (deletion, update, etc.);
-   provisioning of person identification data which is not compliant with the relevant implementing act [5];
-   provisioning of a partial set of person identification data;
-   provisioning of supplemental set(s) of person identification data (multiple PIDs);

Leitlinien für das Onboarding von persönlichen Identifikationsdaten der Nutzer in europäischen digitalen Identity Wallets

Dieses Dokument definiert und beschreibt das Konzept des Onboardings von Personenidentifizierungs-daten (PID) in einer Wallet. Der Anwendungsbereich dieses Dokuments umfasst Fälle, in denen eine natürliche Person der Nutzer ist, der die Kontrolle über eine Wallet ausübt. Dies umfasst eine natürliche Person, die die Kontrolle über ihre eigenen Angaben hat, sowie natürliche Personen, die Angaben kontrollieren, um eine andere natürliche Person oder eine juristische Person zu vertreten. Dieses Dokument befasst sich mit einem einzelnen Satz von PID Attributen, der mit einer Einzel-Wallet für einen einzelnen Nutzer verknüpft ist. Dies schließt die Ausstellung mehrerer PID, die denselben Satz von PID Attributen darstellen, nicht aus, z. B. die Stapelausgabe.
Es enthält außerdem den allgemeinen Arbeitsablauf, die betreffenden Rollen und Verantwortlichkeiten und verknüpft das Onboarding mit dem Konzept der Sicherheitsniveaus, das eIDAS [1] zugrunde liegt.
Der Anwendungsbereich dieses Dokuments umfasst Fälle, in denen eine natürliche Person der Nutzer ist, der die Kontrolle über eine Wallet ausübt. Dies umfasst natürliche Personen, die die Kontrolle über ihre eigenen Daten haben, sowie natürliche Personen, die Daten kontrollieren, um eine andere natürliche Person oder juristische Person zu vertreten.
BEISPIEL   Vertritt eine natürliche Person eine juristische Person, kann der PID Anbieter „Vertretungs-PID“ in einer eigenen Einzel-Wallet zu Vertretungszwecken ausstellen, die vom Wallet-Nutzer der natürlichen Person kontrolliert werden. Die „Vertretungs-PID“ sind eine Art Bescheinigung, die die PID der natürlichen Person (Vertreter) und der juristischen Person (Vertretener) enthält.
Dieses Dokument beschränkt sich auf das Onboarding eines eindeutigen Satzes von Personenidentifizierungsdaten, der den gesetzlichen Bestimmungen der eIDAS-Verordnung [1] entspricht, insbesondere (1) in Übereinstimmung mit Unionsrecht oder nationalem Recht ausgestellt ist und (2) mit dem einschlägigen Durchführungsrechtsakt [5] konform ist.
Die folgenden Aspekte fallen nicht in den Anwendungsbereich dieses Dokuments:
   das Onboarding von Personenidentifizierungsdaten in einer Wallet, bei der der Nutzer eine juristische Person ist;
   andere Arten des Onboardings, z. B.:
   Bereitstellung von Personenidentifizierungsdaten nach Widerruf, Ablauf oder Löschung;
   Hinzufügung weiterer Attribute (in Form von Bescheinigungen) in Einklang mit den Anforderungen des Sicherheitsniveaus „hoch“, die nicht Teil des Satzes von Personenidentifizierungsdaten sind, aber nach nationalem Recht Teil der rechtlichen Identität;
   Management von Personenidentifizierungsdaten (Löschung, Aktualisierung usw.);
   Bereitstellung von Personenidentifizierungsdaten, die nicht konform mit dem einschlägigen Durchführungsrechtsakt [5] sind;
   Bereitstellung eines Teilsatzes von Personenidentifizierungsdaten;
   Bereitstellung zusätzlicher Sätze von Personenidentifizierungsdaten (mehrere PID).

Lignes directrices pour l'intégration des données d'identification personnelle des utilisateurs dans les portefeuilles d'identité numérique européens

Smernice za vnašanje osebnih identifikacijskih podatkov uporabnikov v evropske denarnice za digitalno identiteto

General Information

Status
Not Published
Publication Date
03-Dec-2025
Technical Committee
CEN/TC 224 - Machine-readable cards, related device interfaces and operations
Drafting Committee
CEN/TC 224/WG 20 - Ad Hoc Group on European Digital Identity Wallets
Current Stage
5060 - Closure of Vote - Formal Approval
Start Date
09-Oct-2025
Due Date
23-Jun-2024
Completion Date
09-Oct-2025
Directive
910/2014 - Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing directive 1999/93/EC
Ref Project
kSIST-TS FprCEN/TS 18098:2025 - Guidelines for the onboarding of user personal identification data within European Digital Identity Wallets
kTS FprCEN/TS 18098:2025 - BARVEkTS FprCEN/TS 18098:2025 - BARVE
PreviousNext
Draft
kTS FprCEN/TS 18098:2025 - BARVE
English language
167 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-september-2025
Smernice za vnašanje osebnih identifikacijskih podatkov uporabnikov v evropske
denarnice za digitalno identiteto
Guidelines for the onboarding of user personal identification data within European Digital
Identity Wallets
Leitlinien für das Onboarding von persönlichen Identifikationsdaten der Nutzer in
europäischen digitalen Identity Wallets
Lignes directrices pour l'intégration des données d'identification personnelle des
utilisateurs dans les portefeuilles d'identité numérique européens
Ta slovenski standard je istoveten z: FprCEN/TS 18098
ICS:
35.240.15 Identifikacijske kartice. Čipne Identification cards. Chip
kartice. Biometrija cards. Biometrics
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

FINAL DRAFT
TECHNICAL SPECIFICATION
SPÉCIFICATION TECHNIQUE
TECHNISCHE SPEZIFIKATION
July 2025
ICS
English Version
Guidelines for the onboarding of user personal
identification data within European Digital Identity
Wallets
Lignes directrices pour l'intégration des données Leitlinien für das Onboarding von persönlichen
d'identification personnelle des utilisateurs dans les Identifikationsdaten der Nutzer in europäischen
portefeuilles d'identité numérique européens digitalen Identity Wallets

This draft Technical Specification is submitted to CEN members for Vote. It has been drawn up by the Technical Committee
CEN/TC 224.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and
United Kingdom.
Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are
aware and to provide supporting documentation.

Warning : This document is not a Technical Specification. It is distributed for review and comments. It is subject to change
without notice and shall not be referred to as a Technical Specification.

EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2025 CEN All rights of exploitation in any form and by any means reserved Ref. No. FprCEN/TS 18098:2025 E
worldwide for CEN national Members.

Contents Page
European foreword . 6
Introduction . 7
1 Scope . 9
2 Normative references . 9
3 Terms and definitions . 10
4 Abbreviated terms . 21
5 Conformance claim . 23
6 Data storage location & on-boarding . 23
6.1 Architecture of the Wallet . 24
6.2 Storage of PID(s) and Electronic Attestation(s) of Attribute . 25
6.3 Storage of cryptographic keys . 25
7 Guidelines for on-boarding workflow . 26
7.1 General . 26
7.2 On-boarding . 26
7.2.1 Overview . 26
7.2.2 User vs Subject . 29
7.2.3 Wallet installation and activation . 29
7.2.4 Identity proofing & Wallet Unit credentials binding . 36
7.2.5 PID issuance . 38
7.3 Possible on-boarding workflows . 40
7.3.1 Regular workflow . 40
7.3.2 Alternative workflow . 40
7.4 Mapping of on-boarding with ISO/IEC 23220 series . 41
7.4.1 Mapping with ISO/IEC 23220-1:2023[14] . 41
7.4.2 Mapping with ISO/IEC TS WD7 23220-5:2025[21] . 43
7.5 Data to be provisioned during on-boarding . 44
7.5.1 Overview . 44
7.5.2 Wallet Unit Validity Attestation . 44
7.5.3 Wallet Unit Trust Attestation . 45
7.5.4 Cryptographic keys . 46
7.5.5 Other Wallet data . 52
7.5.6 PID . 53
7.5.7 PID metadata . 55
7.5.8 Impact of delegation of representation . 56
7.6 Considerations regarding the Wallet Provider . 58
7.6.1 Responsibilities of the Wallet Provider . 58
7.6.2 Wallet Provider vs supplier and subcontractor . 58
7.6.3 Privacy and data protection aspects . 58
7.7 Cryptographic binding of credentials to a Wallet Unit . 59
7.7.1 Overview . 59
7.7.2 Process to cryptographically bind a credential to the Wallet Unit . 59
7.7.3 Proof of Association (PoA) . 59
7.7.4 Proof of Possession (PoP) . 60
8 Requirements to meet the Level of Assurance 'High" . 61
8.1 General . 61
8.2 Wallet installation and activation . 62
8.2.1 User eligibility checks and User Account creation . 62
8.2.2 Client application loading and installation . 62
8.2.3 Binding between the User, the User's device and the Wallet Unit . 62
8.2.4 Configuration of the Wallet Unit . 65
8.2.5 Initialisation of the Wallet Unit . 66
8.2.6 Finalisation . 67
8.3 Identity proofing & Wallet Unit credentials binding . 67
8.3.1 Requirements applicable to the whole process . 67
8.3.2 Identification of the Subject . 67
8.3.3 Identity verification of the User . 68
8.3.4 Identification and authentication of the Wallet Unit . 80
8.3.5 Verification of binding between the identified User and the Wallet Unit . 80
8.3.6 Verification of the relationship between the identified User and the Subject . 80
8.3.7 Collection of information needed to issue credentials . 80
8.4 PID issuance . 82
8.4.1 Requirements applicable to the whole process . 82
8.4.2 Eligibility checks of the Wallet and issuance of PID . 82
8.4.3 Identification and authentication of the Wallet Unit . 82
8.4.4 Provisioning of credentials . 82
8.4.5 Finalisation of PID issuance . 83
8.5 Case of alternative workflows for on-boarding . 83
8.5.1 C-REQ . 83
8.6 Requirements common to all processes . 83
8.6.1 REQ . 83
8.6.2 C-REQ . 84
8.6.3 C-REQ . 84
8.6.4 REQ . 84
8.7 Requirements regarding the Wallet Unit . 85
8.7.1 REQ . 85
8.7.2 REQ . 85
8.7.3 REQ . 85
8.7.4 REQ . 85
8.7.5 RECO . 86
8.7.6 C-REQ . 86
8.7.7 REQ . 86
8.7.8 RECO . 86
8.7.9 REQ . 86
8.7.10 REQ . 86
8.7.11 C-REQ . 87
8.7.12 REQ . 87
8.7.13 POS . 87
8.8 Requirements regarding authentication factors . 87
8.8.1 REQ . 87
8.8.2 REQ . 87
8.8.3 REQ . 87
8.8.4 REQ . 88
8.8.5 C-REQ . 88
8.8.6 C-REQ . 88
8.8.7 C-REQ . 89
8.8.8 C-REQ . 89
8.8.9 C-REQ . 89
8.8.10 C-REQ . 89
8.8.11 C-REQ . 90
8.8.12 C-RECO . 90
8.8.13 C-REQ . 90
8.8.14 C-REQ . 91
Annex A (informative) Use cases for on-boarding . 92
A.1 General . 92
A.2 On-boarding using an External Token as a local proxy of the PID Provider . 92
A.2.1 Overview . 92
A.2.2 Detailed description . 92
A.2.3 Coverage of the on-boarding processes . 94
A.2.4 Example of implementation . 95
A.2.5 Pros and cons . 96
A.3 On-boarding using a Qualified Signature Creation Device (QSCD) . 97
A.3.1 Overview . 97
A.3.2 Detailed description . 97
A.3.3 Coverage of the on-boarding processes . 98
A.3.4 Pros and Cons . 99
A.4 On-boarding with a Wallet Unit using an External Token as WSCD/WSCA . 100
A.4.1 Overview . 100
A.4.2 Detailed description . 100
A.4.3 Coverage of the on-boarding . 107
A.4.4 Examples of implementation . 108
A.4.5 Risk assessment and mitigation measures . 110
A.4.6 Pros and cons . 111
A.5 On-boarding using OID4VCI . 111
A.5.1 Overview . 111
A.5.2 Detailed description (OID4CVCI protocol supplemented by the work of POTENTIAL
Large Scale Pilot [55]) . 111
A.5.3 Detailed description (OID4CVCI protocol supplemented by HAIP [56]) . 117
A.5.4 Coverage of the on-boarding (OID4CVCI protocol supplemented by the work of
POTENTIAL Large Scale Pilot [55]) . 117
A.5.5 Example of implementation (OID4CVCI protocol supplemented by the work of
POTENTIAL Large Scale Pilot [55]) . 118
A.5.6 Pros and cons . 123
A.6 On-boarding using REST API (based on HPKE SA protocol) . 123
A.6.1 Overview . 123
A.6.2 Detailed description . 123
A.6.3 Coverage of the on-boarding . 124
A.6.4 Pros and cons . 125
Annex B (informative) Requirements to meet the Level of Assurance 'High" in the context
of the use cases for on-boarding . 126
B.1 General . 126
B.2 On-boarding using OID4VCI . 126
B.2.1 REQ-OIDVCI . 126
B.2.2 REQ-OIDVCI . 126
B.2.3 REQ-OIDVCI . 127
B.2.4 REQ-OIDVCI . 127
B.2.5 REQ-OIDVCI . 127
B.3 On-boarding using REST API (based on HPKE SA protocol) . 127
B.3.1 REQ-RESTAPI . 127
B.3.2 REQ-RESTAPI . 128
B.3.3 REQ-RESTAPI . 128
B.3.4 REQ-RESTAPI . 128
B.3.5 REQ-RESTAPI . 128
B.3.6 REQ-RESTAPI . 129
Annex C (informative) Example of use cases of Electronic Attestation of Attribute(s) from
the PID set . 130
C.1 General . 130
C.2 Support of data minimization and control of the level of trust . 130
C.2.1 Overview . 130
C.2.2 Benefits of Electronic Attestation of Attribute(s) from the PID set . 131
C.2.3 Mapping of Electronic Attestation of Attribute(s) from the PID set and PID to the
various contexts . 132
C.3 Creation of a single bundle combining one or several Attribute(s) and the
Attribute(s) of the PID set to which they relate . 133
C.3.1 Overview . 133
C.3.2 Benefits of Electronic Attestation of Attribute(s) . 133
C.4 Comparison with PID . 134
Annex D (informative) Overview of the ephemeral keys a Wallet Unit can use . 135
Annex E (informative) On-boarding and Electronic Attestations of Attributes . 137
E.1 Overview . 137
E.2 Format of credentials . 137
E.3 Electronic Attestation of Attribute(s) from the PID set . 138
Annex F (informative) Other possible credential formats . 139
Annex G (informative) Eligibility checks . 142
G.1 Overview . 142
G.2 Eligibility checks of the User . 142
G.3 Eligibility checks of the User's device . 142
G.4 Eligibility checks of the Wallet Provider and Wallet Unit . 143
Annex H (informative) On-boarding policies . 144
Annex I (informative) Mapping of the criteria for LoA "High" with the requirements for
on-boarding . 145
Annex J (informative) Mapping of on-boarding with the criteria for Level of Assurance . 156
J.1 Overview . 156
J.2 Enrolment . 156
J.3 Electronic identification means management . 156
J.4 Management and organisation . 158
J.5 Coverage of the LoA criteria . 159
Annex K (informative) Coverage of the provisions of eIDAS [1] by this document . 162
Bibliography . 164
European foreword
This document (FprCEN/TS 18098:2025) has been prepared by Technical Committee CEN/TC 224
“Personal idéntification and related personal devices with secure element, systems, operations and
privacy in a multi sectorial environment”, the secretariat of which is held by AFNOR.
This document is currently submitted to the Vote on TS.
Introduction
The amended eIDAS [1] regulation introduces the concept of on-boarding of person idéntification data
of natural or legal persons within a Wallet. In addition, the amended eIDAS [1] clarifiés that on-boarding
is also subject to conformity with the Level of Assurance “High”.
This entails first to définé (1) the concept of on-boarding and (2) how to implement it.
In addition, despite the requirements for the Level of Assurance “High” pursuant to eIDAS [1] are définéd
in the annex of implementing act 2015/1502 [2] (legally binding) and further réfinéd in a supporting
guidance prepared by the eIDAS cooperation group [3] (non-binding), they remain difficult to interpret
as they are fuzzy, which leads to diverging interpretations between Member States.
This document aims at solving these two shortcomings by providing harmonized définition, procedures
and technical framework for the on-boarding of person idéntification data of natural or legal person
within a Wallet, in line with the requirements of Level of Assurance “High” pursuant to eIDAS [1].
This document will sustain:
a) a shared understanding of trust, security and quality of person idéntification data obtained from
Wallet by third parties;
b) harmonized procedures and technical framework applied for the on-boarding within the Wallet,
taking into account all the best practices;
c) convergence of existing procedures and technical framework supporting the on-boarding within
the Wallet;
NOTE 1 While eIDAS [1] talks of "on-boarding of users", this document talks of “on-boarding of person
idéntification data” as it is more accurate to describe the process at stake.
NOTE 2 Many of the concepts and principles introduced by the first version of eIDAS are not modifiéd by the
amended version of eIDAS [1] and thus remain valid, e.g. Level of Assurance.
This document idéntifiés:
— the data to be sent and stored in the wallet as part of the on-boarding as well as their format;
— the main scenarios for the on-boarding of person idéntification data within European Digital
Identity Wallets;
— the requirements to achieve on-boarding reaching the Level of Assurance “High” pursuant to the
annex of CIR 2015/1502 [2];
— for each of the scenario aforementioned the additional requirements to be met to achieve on-
boarding reaching the Level of Assurance “High” pursuant to the annex of CIR 2015/1502 [2];
— the qualifications, expertise, skills and potentially accreditations needed for the conformity
assessment by a Conformity Assessment Body (CAB) of the on-boarding of person idéntification
data within a Wallet;
— the services and resources that could be used – if available – for the successful on-boarding which
can only be provided by Member States;
In addition, this document définés the metadata, scenarios, and particular requirements which are
relevant during the on-boarding phase such that the Wallet can support after the on-boarding the
spécific privacy requirements explicitly envisioned in eIDAS [1], i.e.
— “[…] enable the user in a manner that is user-friendly, transparent, and traceable by the user […]”
in eIDAS [1] article 5a(4);
— “Users shall have full control of the use of and of the data in their European Digital Identity
Wallet“ in eIDAS [1] article 5a(14);
— “[…] Personal data relating to the provision of the European Digital Identity Wallet shall be kept
logically separate from any other data held by the provider of the European Digital Identity Wallet
[…]” in eIDAS[1] article 5a(14);
— transparency of digital transactions, by making available to the User the descriptions of past
transactions as well as data that were exchanged.
This document covers the various ways to carry out on-boarding of person idéntification data:
— in the course of a face to face interaction;
— remotely, including the use of either electronic idéntification means conforming to Level of
Assurance “High” or electronic idéntification means conforming to Level of Assurance “Substantial”
in conjunction with additional remote on-boarding procedures that together meet the
requirements of Level of Assurance “High” as envisioned by eIDAS [1] article 5a(5) (a)(v) and article
5a(24).
This document is neutral with regard to the location of the storage of person idéntification data: they
can be stored locally and/or remotely, and this document covers both cases. Local and remote storage
are définéd in the Architecture and Reference Framework [4]. Local storage of person idéntification
data means storage of person idéntification data in the client side of the Wallet and/or in an External
Token controlled by the User of the Wallet (e.g. electronic identity document, electronic idéntification
means,…) and remote storage of person idéntification data means storage of person idéntification data
in the server side of the Wallet (a cloud or remote server) endowed with Hardware Security Module(s)
(HSM).
This document is neutral with regard to the Wallet architecture. It applies to (1) Wallets comprising
only a client application (e.g. application on a mobile device), (2) Wallets entirely based on a server
without a client application (e.g. server Wallet accessed through a web browser), or (3) combination
thereof.
NOTE 3 This document will be further improved and réfinéd in subsequent versions.
1 Scope
This document définés and describes the concept of on-boarding of person idéntification data (PID)
within a Wallet. The scope of this document includes cases where a natural person is the User in control
of a Wallet. This includes a natural person who is in control of their own information, as well as natural
persons who control information to represent another natural person or a legal person. This document
considers a single set of PID attributes linked to a single Wallet Unit. This does not exclude the issuance
of multiple PIDs representing the same set of PID attributes, e.g. batch issuance.
It also provides the general workflow, the roles and responsibilities at stake, and links the on-boarding
with the Level of Assurance concept underpinning eIDAS [1];
The scope of this document includes cases where a natural person is the User in control of a wallet. This
includes a natural person who is in control of their own data as well as natural persons who control
data to represent another natural person or legal person.
EXAMPLE If a natural person represents a legal person, the PID provider can issue a "representation PID" in
an own Wallet Unit for representation purposes controlled by the natural person Wallet User. The "representation
PID" is a kind of attestation which contains PID about the natural person (representative) and about the legal
person (representee).
This document is limited to the on-boarding of an unique set of person idéntification data, complying
with the legal provisions of eIDAS [1], in particular (1) issued in accordance with Union or National
laws, and (2) conformant with the relevant implementing act [5].
The following aspects are out of scope of this document:
— the on-boarding of person idéntification data within a Wallet where the User is a legal person;
— other types of on-boarding, such as:
— provisioning of person idéntification data after revocation, expiration or deletion;
— addition of other Attributes (under the shape of attestations) in accordance with the
requirement of Level of Assurance “High” which are not part of the set of person idéntification
data but are part of the legal identity under National’s laws;
— management of person idéntification data (deletion, update, etc.);
— provisioning of person idéntification data which is not compliant with the relevant
implementing act [5];
— provisioning of a partial set of person idéntification data;
— provisioning of supplemental set(s) of person idéntification data (multiple PIDs);
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 18013-5:2021, Personal identification — ISO-compliant driving licence — Part 5: Mobile driving
licence (mDL) application
ISO/IEC 19989-3, Information security — Criteria and methodology for security evaluation of biometric
systems — Part 3: Presentation attack detection
ISO/IEC 23220-1:2023, Cards and security devices for personal identification — Building blocks for
identity management via mobile devices — Part 1: Generic system architectures of mobile eID systems
ISO/IEC DTS 23220-4, Cards and security devices for personal identification — Building blocks for identity
management via mobile devices — Part 4: Protocols and services for operational phase
CEN/TS 18099, Biometric data injection attack detection
Common Methodology for Information Technology Security Evaluation - Evaluation methodology -
November 2022 - Revision 1 (https://www.commoncriteriaportal.org/filés/ccfilés/CEM2022R1.pdf)
ETSI TS 119 461, Electronic Signatures and Infrastructures (ESI); Policy and security requirements for
trust service components providing identity proofing of trust service subjects v2.1.1
RFC 7905, ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS)
RFC 8422, Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions
1.2 and Earlier
3 Terms and definitions
For the purposes of this document, the following terms and définitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— IEC Electropedia: available at http://www.electropedia.org/
— ISO Online browsing platform: available at http://www.iso.org/obp
3.1
action key
key used by an mdoc App to endorse one of its actions, such as credential holder vérification
[SOURCE: ISO/IEC DTS 23220-4[6] §7.2.5.5 and §A.1.5]
3.2
Attribute
characteristic, quality, right or permission of a natural or legal person or of an object
Note 1 to entry: A Credential is an evidence supporting a claim of Attribute of any type (including identity
Attribute). Credential may contain none, one or several Attributes. The following items are Credentials:
— PID;
— Electronic attestation of Attributes (EAA);
— Electronic attestation of Attributes issued by or on behalf of a public sector body responsible for an authentic
source;
— Qualifiéd Electronic Attestation of Attributes (QEAA);
— Wallet Unit trust attestation;
— Wallet Unit Validity Attestation.
Note 2 to entry: This définition is drawn from eIDAS [1] article 3.
3.3
binding
act or process of securing, attaching, or tying something together
Note 1 to entry: It can also describe as a state of being committed or obligated.
Note 2 to entry: Binding is the logical link established between two or more items. These items may be data, person
or entity. This binding can be for instance between data and issuer, data and person, data and device or person
and device.
3.4
biographical data
personalized details of the bearer of the document appearing as text in the visual and machine readable
zones on the MRTD, or on the chip if present.
Note 1 to entry: The document is an identity document compliant with ICAO doc 9303 Ed8[7] which may be a
passport, a travel document or an identity card.
[SOURCE: ICAO doc 9303 Ed8[7] part 1]
3.5
conformity assessment
demonstration that spécifiéd requirements are fulfilléd
[SOURCE: EN ISO/IEC 17000:2020[8]]
3.6
conformity assessment body
CAB
body that performs conformity assessment activities including calibration, testing, cértification and
inspection
Note 1 to entry: This définition is drawn from [9]
3.7
Credential
evidence or testimonials that support a claim of identity or assertion of an Attribute and usually are
intended to be used more than once
Note 1 to entry: A Credential is an evidence supporting a claim of Attribute of any type (including identity
Attribute). A Credential may take various encoding formats. For instance a Credential may contain or not the
Attribute, or may be signed by an authority or not. The following items are Credentials:
— PID;
— Electronic attestation of Attributes (EAA);
— Electronic attestation of Attributes issued by or on behalf of a public sector body responsible for an authentic
source;
— Qualifiéd Electronic Attestation of Attributes (QEAA);
— Wallet Unit Trust Attestation;
— Wallet Unit Validity Attestation.
Note 2 to entry: This meaning of Credentials is much larger than the one considered in the recital of eIDAS [1].
[SOURCE: Committee on National Security Systems, CNSSI No. 4009, Committee on National Security
Systems (CNSS) Glossary, April 6, 2015. Unclassifiéd.]
3.8
cryptographic binding
association of two or more related elements of information using cryptographic techniques
[SOURCE: NIST (https://csrc.nist.gov/glossary/term/cryptographic_binding)]
3.9
device attestation
evidence demonstrating that the device manufacturer vouches for the security and trustworthiness of
the
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

Loading comments...

This May Also Interest You

CEN
EN 13245-1:2025(Main)
Plastics - Unplasticized poly(vinyl chloride) (PVC-U) profiles for building applications - Part 1: Designation of PVC-U profiles
SIST EN 13245-1:2026

This document establishes a system of designation for profiles made of unplasticized poly(vinyl chloride) (PVC-U) intended to be used for building applications. This system is intended to be used in product specification after the application is specified.
NOTE   It is intended to use this system for the designation of PVC-U profiles for information related to technical literature of the manufacturer, not for the marking of the products.
This part is applicable to PVC-U profiles of any colour, obtained by a mono-extrusion or a co-extrusion process, with or without surface finishing (e.g. foil, paint or print).
This document defines minimum requirements for the surface finishing of PVC-U profiles.
Profiles for the management of electrical power cables, communication cables and power track systems used for the distribution of electrical power, profiles for windows or doors and profiles for guttering are not covered by this document.

  • Draft
    24 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 4855-02:2025(Main)
Aerospace series - ECO efficiency of catering equipment - Part 02: Oven equipment
SIST EN 4855-02:2026

This document specifies a test procedure to identify performance characteristics and a weight rating of convection and steam ovens used on aircraft. Furthermore, it specifies the calculation procedure to determine an energy consumption index and a performance index. There is no direct correlation between the ECO efficiency and cooking performance in terms of food quality and appearance. The two index values represent the ECO efficiency.

  • Draft
    11 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 12081:2025(Main)
Railway applications - Axleboxes - Lubricating greases
SIST EN 12081:2026

This document is a part of a package of standards: EN 12080, EN 12081, EN 12082-1 and EN 12082-2. This document specifies the quality requirements of greases intended for the lubrication of axlebox rolling bearings according to EN 12080, required for reliable operation of trains on European networks. It covers the requirements for conformity assessment of new greases, as well as requirements for quality batch control and change management.

  • Draft
    17 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 18227:2025(Main)
Environmental solid matrices - Determination of elemental composition by X-ray fluorescence spectrometry (ISO 18227:2025)
kSIST FprEN ISO 18227:2025

This document specifies the procedure for a quantitative determination of major and trace element concentrations in homogeneous solid waste, soil, soil-like material and sludge by energy dispersive X-ray fluorescence (EDXRF) spectrometry or wavelength dispersive X-ray fluorescence (WDXRF) spectrometry using a calibration with matrix-matched standards.
This document is applicable for the following elements: Na, Mg, Al, Si, P, S, Cl, K, Ca, Ti, V, Cr, Mn, Fe, Co, Ni, Cu, Zn, As, Se, Br, Rb, Sr, Y, Zr, Nb, Mo, Ag, Cd, Sn, Sb, Te, I, Cs, Ba, Ta, W, Hg, Tl, Pb, Bi, Th and U. Concentration levels between a mass fraction of approximately 0,000 1 % and 100 % can be determined depending on the element and the instrument used.
An optional XRF screening method for solid and liquid material as waste, sludge and soil is added in Annex A which provides a total element characterization at a semi-quantitative level, where the calibration is based on matrix-independent calibration curves, previously set up by the manufacturer.

  • Draft
    42 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 12186:2025(Main)
Gas infrastructure - Gas pressure control stations for transmission and distribution - Functional requirements
kSIST FprEN 12186:2025

This document specifies the functional requirements relevant for design, materials, construction, testing, operation and maintenance of gas pressure control stations to ensure their reliability in terms of safety of the station itself and the downstream system and continuity of service.
This document is applicable for gas pressure control stations which are part of gas transmission or distribution systems for hydrogen, and hydrogen rich, and methane rich gases. Additional requirements in the case of gases heavier than air and/or toxic or corrosive gases are not covered by this document.
This document does not apply to gas pressure control stations in operation prior to the publication of this document. However, Annex D of this document can be used as guidance for the evaluation of stations in operation prior to the publication of this document, regarding the change of the type of gas, e.g. repurposing for the use with hydrogen.
The stations covered by this document have a maximum upstream operating pressure, which does not exceed 100 bar. For higher maximum upstream operating pressures, this document can be used as a guideline.
If the inlet pipework of the station is a service line and the maximum upstream operating pressure does not exceed 16 bar and the design flow rate is equal to 2000 kW based on the gross calorific value or less, EN 12279 applies.
This document contains the basic system requirements for gas pressure control stations. Requirements for individual components (valves, regulators, safety devices, pipes, etc.) or installation of the components are contained in the appropriate European Standards.
NOTE   For combined control and measuring stations, the additional requirements of EN 1776 can apply.
The requirements in this document do not apply to the design and construction of auxiliary facilities such as sampling, calorimetering, odorization systems and density measuring. These facilities are covered by the appropriate European Standards, where existing, or applicable national standards.
The requirements of this document are based on good gas engineering practice under conditions normally encountered in the gas industry. Requirements for unusual conditions cannot be specifically provided for, nor are all engineering and construction details prescribed.
The objective of this document is to ensure the safe operation of such stations. This does not, however, relieve all concerned of the responsibility for taking the necessary care and applying effective quality and safety management during the design, construction, operation and maintenance.

  • Draft
    49 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TS 18209:2025(Main)
LPG equipment and accessories - Cylinders transportation racks controls
kSIST-TS FprCEN/TS 18209:2025

This document specifies the operational procedures and best practices when checking transportation racks for LPG cylinders before and during loading and unloading prior to the vehicles going on the road and at any break during the journey.
This document applies to racks containing transportable refillable LPG cylinders of water capacity from 0,5 l up to and including 150 l.
This document applies to the following equipment:
-   rack frame/structure;
-   rack closures;
-   rack fixing equipment or accessories on to the vehicle.
This document applies to checks performed:
-   at cylinder filling plants and depots;
-   or at cylinder manufacturing and/or refurbishment facilities;
-   or at any place where racks are used or moved.
This document also provides guidance and examples for rack maintenance and repair procedures, including rejection criteria and for establishing operational procedures. Transportation racks are also called stillages, pallets or racks (see Clause 3).
This document does not cover the design and the manufacturing of racks.
This document does not apply to presentation display racks at points of sale.

  • Draft
    23 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 10284:2025(Main)
Malleable cast iron fittings with compression ends for polyethylene (PE) piping systems
SIST EN 10284:2026

This document specifies the requirements for the design, performance and testing of fittings made of malleable cast iron (see also Clause 5 "Materials") with compression ends for polyethylene piping systems.
This document applies to piping systems in polyethylene (PE) materials for different application fields, such as supply and distribution of gas, water for general purposes (irrigation, etc.) as well as for human consumption, aqueous liquids and pressurized air.
NOTE   Products complying with this document used for water applications intended for human consumption are expected to comply with the relevant national, regional or local regulatory provisions applicable in the place of use. Due to the variety and dynamic of the requirements, it is advisable to check the compliance.
The malleable cast iron fittings specified in this document are of compression end type for the connection of PE pipes or of transition type with combined compression ends for pipes in different materials or with combined compression and threaded ends in conformance with EN 10226 1. Their range of sizes covers nominal outside diameters of PE pipes dn 16 mm to dn 110 mm (DN 10 to DN 100) and pipe thread sizes 3/8 to 4.

  • Draft
    28 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 4700-003:2025(Main)
Aerospace series - Steel and heat-resisting alloys for wrought products - Technical specification - Part 003: Tubes
SIST EN 4700-003:2026

This document specifies the requirements for the ordering, manufacture, testing, inspection and delivery of steel and heat-resisting alloy tubes. It is presupposed to be applied when referred to and in conjunction with the EN material standard unless otherwise specified on the drawing, order or inspection schedule.

  • Draft
    32 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 4700-004:2025(Main)
Aerospace series - Steel and heat-resisting alloys for wrought products for technical specification - Part 004: Wires
SIST EN 4700-004:2026

This document specifies the requirements for the ordering, manufacture, testing, inspection and delivery of steel and heat-resisting alloy wires. It is presupposed to be applied when referred to and in conjunction with the EN material standard unless otherwise specified on the drawing, order or inspection schedule.

  • Draft
    31 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TS 17011-4:2025(Main)
Electronic Public Procurement - Architecture - Part 4: Technical architecture
SIST-TS CEN/TS 17011-4:2026

The purpose of this deliverable is to specify and describe the reference architecture applied as the basis for the development of Business Interoperability Interface specifications in the eProcurement domain by the TC 440 technical committee.

  • Draft
    37 pages
    English language
    sale 10% off
    e-Library read for
    1 day