Article 19 of the eIDAS Regulation

The new regulation for electronic identification and trust services (Regulation (EU) No 910/2014, referred to as eIDAS), contains Article 19 which requires, among other requirements, that providers of trust services 1) assess risks, 2) take appropriate security measures to mitigate the risks, and 3) notify the supervisory body about significant incidents/breaches.

In 2014, after eIDAS was adopted, ENISA initiated contacts with experts from ministries agencies, supervisory bodies, authorities, et cetera, who are (or might become) involved with the application of Article 19. The goal of these contacts has been to discuss and agree the technical application of Article 19 by Member States. ENISA formed an expert group, to work together with experts from competent authorities on the application of Article 19 and, more generally, security incidents in the trust services.

You can follow the activities of the article 19 expert group under this section.


For more information please contact: incidents [at] enisa [dot] europa [dot] eu.

We use cookies to ensure we give you the best browsing experience on our website. Find out more on how we use cookies and how you can change your settings.

Ok, I understand No, tell me more