This regulation outlines a structured and verifiable process for registering relying parties. It ensures that all entities wanting to connect to the European Digital Identity Wallet (e.g., universities, banks, public authorities, service providers) are formally registered, transparent, and trustworthy across the EU.
Creation of National Registers: Each Member State must establish a national register of wallet-relying parties and make the information publicly accessible, both in human-readable and machine-readable form.
Registration Policies: Member States must publish transparent rules for the registration process, including authentication procedures, required documents, and official data sources.
Online and Automated Registration: Registration processes should be simple, digital, and (where possible) automated, with quick verification of applications.
Certificates for Access and Registration: Wallet-relying parties must obtain access certificates, and possibly registration certificates, to be recognized by wallets throughout the EU.
Suspension or Revocation of Registration: Registrations can be suspended or cancelled if the party provides false information, violates policies, or breaches EU/national law.
Record-Keeping: Member States must store registration data and updates for a legally defined period (e.g., up to 10 years).
Alignment with Existing Standards: The mechanism is designed to be compatible with standards like OpenID Connect, OAuth 2.0, and SCIM.
Unique Identification: Each relying party is assigned a globally unique identifier to prevent impersonation or duplication.
Authentication Mechanisms: Secure protocols (e.g., mutual TLS, signed tokens) are used to verify the identity of relying parties during interactions.
Credential Management: Relying parties must securely manage their credentials (e.g., client secrets, certificates) and rotate them periodically.
Policy Enforcement: Identity providers enforce access control policies and validate the trustworthiness of relying parties before granting access.
Audit & Logging: All interactions are logged to enable traceability and detect suspicious behavior.
Registration as a Wallet-Relying Party
The university or institution must be included in the National Register of its Member State to use the European Digital Identity Wallet for providing services (e.g., issuing diplomas or verifying student identity).
Prepare Required Documentation
Provide legal and institutional documents (e.g., official registration of the institution, authorization to issue academic certificates) for verification during the registration process.
Follow National Registration Policies
Comply with the Registration Policies published by the Member State (procedures for authentication, supporting documents, official sources for data verification).
Obtain Access Certificates
Acquire digital certificates that allow the institution to be recognized and authenticated by wallets across the EU.
If required, also obtain Registration Certificates indicating which attributes (e.g., degree, enrollment status) the institution is authorized to request from users.
Request Minimum Data Only
When interacting with a student’s wallet, request only the attributes strictly necessary (e.g., proof of enrollment or awarded degree). Requesting excessive data may breach the regulation.
Manage Suspension or Revocation Risks
Ensure continuous compliance with EU and national laws. Non-compliance could lead to suspension or cancellation of the institution’s registration.
Record-Keeping Obligations
Maintain records of registration information and updates for the legally required period (e.g., up to 10 years) in accordance with national and EU rules.
Related Standards
This regulation does not directly list technical standards but rather establishes the governance and legal framework for registers and certificates.