Article 19 of the eIDAS Regulation
The new regulation for electronic identification and trust services (Regulation (EU) No 910/2014, referred to as eIDAS), contains Article 19 which requires, among other requirements, that providers of trust services 1) assess risks, 2) take appropriate security measures to mitigate the risks, and 3) notify the supervisory body about significant incidents/breaches.
In 2014, after eIDAS was adopted, ENISA initiated contacts with experts from ministries agencies, supervisory bodies, authorities, et cetera, who are (or might become) involved with the application of Article 19. The goal of these contacts has been to discuss and agree the technical application of Article 19 by Member States. ENISA formed an expert group, to work together with experts from competent authorities on the application of Article 19 and, more generally, security incidents in the trust services.
You can follow the activities of the article 19 expert group under this section.