UPDATE ......Confluence has now been updated to version 9.2.6. Please see following page for details and feedback about changes:
Updates
...
A key element of the regulation is thescope of certification. It requires that not only the wallet application itself but also its critical cryptographic components, the Wallet Secure Cryptographic Application (WSCA) and Wallet Secure Cryptographic Device (WSCD),are included in the evaluation. Certification covers software, hardware, risk management, data protection, vulnerability handling, and lifecycle management (updates, patching, recertification). Wallet providers must maintain a risk register that addresses threats like identity theft, data loss, fake credentials, or service disruption, and demonstrate how their design mitigates them.
If you want to take a look on would like to review the original text of the regulation with highlight of important partthe key sections highlighted, please check see this file.
Key Provisions of the Regulation
...
[3] european-accreditation.org