Versions Compared

Old Version 3

changes.mady.by.user Amineh Akhavan Saraf

Saved on

compared with

New Version Current

changes.mady.by.user Amineh Akhavan Saraf

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

A key element of the regulation is thescope of certification. It requires that not only the wallet application itself but also its critical cryptographic components, the Wallet Secure Cryptographic Application (WSCA) and Wallet Secure Cryptographic Device (WSCD),are included in the evaluation. Certification covers software, hardware, risk management, data protection, vulnerability handling, and lifecycle management (updates, patching, recertification). Wallet providers must maintain a risk register that addresses threats like identity theft, data loss, fake credentials, or service disruption, and demonstrate how their design mitigates them.

If you want to take a look on would like to review the original text of the regulation with highlight of important partthe key sections highlighted, please check see this file.

Key Provisions of the Regulation

...

  1. Stronger Security and Trust
    Wallets holding academic degrees, research access credentials, or institutional identifiers would be certified under a high-assurance standard—boosting trust among education institutions and researchers.
  2. Cross-Border Interoperability
    Certification harmonisation across EU countries allows students, researchers, and academic staff to use their credentials seamlessly across different Member States' institutions and services.
  3. Data Protection and Privacy Safeguards
    These wallets must adhere to data protection rules (e.g., GDPR), offering users better control over sharing personal data like student IDs or research affiliations.
  4. Secure Cryptographic Infrastructure
    Research-sensitive credentials—like access to labs or e-signatories—will be protected by certified cryptographic technologies, including WSCDs, promoting both security and compliance.
  5. Risk Management and Lifecycle Oversight
    Certification schemes will require robust incident handling and updates for educational wallets—important for vulnerability-prone tools used in academia and research.
  6. Future European Standards Alignment
    In time, education and research wallets will benefit from the upcoming EU-wide certification scheme and peer collaboration with ENISA, supporting scalability and mutual recognition across sectors.

Related Standards

  • EN ISO/IEC 15408-3:2022 (AVA_VAN.5)
    Mentioned in Annex IV for vulnerability assessment of the Wallet Secure Cryptographic Device (WSCD), requiring evaluation at this specific level. [1]
  • EN ISO/IEC 30111:2019
    Referred to in the context of vulnerability management processes that certificate holders must establish.
  • Regulation (EU) 2015/1502
    Cited as the implementing regulation defining the "high" assurance level requirements applicable to wallet solutions. [1]
  • Regulation (EU) 2019/881 (EUCC – European Common Criteria Certification Scheme)
    Mentioned as the voluntary cybersecurity certification scheme to be referred to when available and relevant. [1]

...