UPDATE ......Confluence has now been updated to version 9.2.6. Please see following page for details and feedback about changes:
Updates
The main goal of EU Implementing Regulation 2024/2981 is to establish the detailed rules for how European Digital Identity Wallets (introduced under the revised eIDAS Regulation, “eIDAS 2.0”) are certified. The regulation ensures that wallets (applications that allow citizens to securely store and use digital credentials such as ID cards, diplomas, or licenses) achieve the highest level of trust and security (“assurance level high”). This certification framework provides a uniform approach across the EU, so that wallets can be recognized and trusted in every member state.
A key element of the regulation is thescope of certification. It requires that not only the wallet application itself but also its critical cryptographic components, the Wallet Secure Cryptographic Application (WSCA) and Wallet Secure Cryptographic Device (WSCD),are included in the evaluation. Certification covers software, hardware, risk management, data protection, vulnerability handling, and lifecycle management (updates, patching, recertification). Wallet providers must maintain a risk register that addresses threats like identity theft, data loss, fake credentials, or service disruption, and demonstrate how their design mitigates them.
If you want to take a look on original text of regulation with highlight of important part, please check this file.
Key Provisions of the Regulation
...