• Remote ID Proofing - Good practices

    Through this report, ENISA aims to enhance stakeholder awareness, facilitate risk analysis in evolving threat landscapes, and bolster trustworthiness in remote identity proofing methods.

    Published on March 12, 2024

  • Digital Identity: Leveraging the SSI Concept to Build Trust

    The maintenance of continuity in social life, businesses and administration has accelerated the reflection on the possibility of a need for such decentralised electronic identity. This report explores the potential of self-sovereign identity (SSI...

    Published on January 20, 2022

  • Remote Identity Proofing - Attacks & Countermeasures

    Remote identity proofing is a crucial element in creating trust for digital services. The present study analyses the collection and validation of evidence provided by the applicant to complete the verification of his or her identity. More...

    Published on January 20, 2022

  • Conformity Assessment of Qualified Trust Service Providers

    This document provides an overview of the conformity assessment framework for QTSPs as set out in the eIDAS Regulation, i.e. aiming to confirm that the assessed QTSP/QTS fulfils its requirements. This report discusses the typical process flow and...

    Published on March 11, 2021

  • Recommendations for Qualified Trust Service Providers based on Standards

    This document provides recommendations to help qualified trust service providers and auditors understand the expected mapping between these requirements/obligations and reference numbers of standards, as well as practical recommendations for their...

    Published on March 11, 2021

  • Security Framework for Qualified Trust Service Providers

    This document proposes a security framework to achieve compliance with Article 19 of the eIDAS Regulation, to which both non-QTSP and QTSP are subject. Nevertheless, Article 19.1 states that the security measures “shall ensure that the level of...

    Published on March 11, 2021

  • Security Framework for Trust Service Providers

    This document proposes a security framework to achieve compliance with Article 19 of the eIDAS Regulation. As illustrated below, this security framework includes specific guidelines for TSP on: 1) Risk management related to the security of the eIDAS...

    Published on March 11, 2021

  • Remote ID Proofing

    This report provides an overview of the most common methods for identity proofing with some examples received by stakeholders, presents the current legal / regulatory landscape and supporting standards at the international and EU level and provides...

    Published on March 11, 2021

  • Encrypted Traffic Analysis

    This report explores the current state of affairs in Encrypted Traffic Analysis and in particular discusses research and methods in 6 key use cases; viz. application identification, network analytics, user information identification, detection of...

    Published on April 23, 2020

  • Advancing Software Security in the EU

    This study discusses some key elements of software security and provides a concise overview of the most relevant existing approaches and standards while identifying shortcomings associated with the secure software development landscape, related to...

    Published on April 15, 2020

  • eIDAS compliant eID Solutions

    This report provides an overview of the legislative framework under eIDAS for electronic identification, presents the landscape of notified and pre-notified eID schemes and identifies key trends in the electronic identification field. Moreover, it...

    Published on March 15, 2020

  • Overview of standards related to eIDAS

    The scope of this document is to assess the suitability of the recently published ENs to fulfil the eIDAS Regulation requirements, and to describe the differences with the previous TSs, in view of a possible update of the list of standards...

    Published on December 18, 2019

  • Recommendations for technical implementation of the eIDAS Regulation

    The present report aims to propose ways in which the eIDAS assessment regime can be strengthened based on the current regime of the eIDAS Regulation, the stakeholders’ concerns and the legitimate need to move towards a more harmonised approach with...

    Published on December 17, 2019

  • Assessment of ETSI TS 119 403-3 related to eIDAS

    This document assesses the eligibility of [ETSI TS 119 403-3], and the standards it builds upon, to be referenced in an implementing act adopted pursuant to Art.20(4) of the eIDAS Regulation. The findings suggest that if certain revisions take...

    Published on November 15, 2019

  • Towards global acceptance of eIDAS audits

    The goal of the study is to explore the eIDAS Conformity Assessment Report (CAR), the corresponding audit requirements, gaps arising from comparison with competing audit schemes, and the emergent issues at the core of the global conversation between...

    Published on January 15, 2019

  • Assessment of Standards related to eIDAS

    In this report, ENISA presents aspects of QSCD certification and QTSP supervision to identify the way to combine respective elements therein, in line with the eIDAS requirements. In this context, this report seeks to support standards CEN EN 419...

    Published on December 14, 2018

  • eIDAS: Overview on the implementation and uptake of Trust Services

    In the context of the eIDAS Regulation, ENISA conducted a study to present an overview of the implementation and uptake of Trust Services defined in the eIDAS Regulation one year after adoption to the new regime, and analyse the new opportunities...

    Published on January 15, 2018

  • Guidelines on Termination of Qualified Trust Services

    This document proposes guidelines to SB and (Q)TSP aimed at facilitating the implementation of the provisions related to trust services of the eIDAS Regulation in the area of termination of trust services. Termination of QTS is addressed here in a...

    Published on December 19, 2017

  • Recommendations for QTSPs based on Standards - Technical guidelines on trust services

    Following the publication of the eIDAS Regulation, a set of secondary and co-regulatory acts had to be published in order to provide technical guidance on how to implement the specific requirements of the eIDAS Regulation (in the TSP part of eIDAS...

    Published on December 19, 2017

  • Guidelines on Supervision of Qualified Trust Services - Technical guidelines on trust services

    This document is one deliverable out of a series whose objective is to propose guidelines aimed at facilitating the implementation of the provisions related to trust services of the eIDAS Regulation in the area of qualified trust services. It...

    Published on December 19, 2017

  • Guidelines on Initiation of Qualified Trust Services - Technical guidelines on trust services

    This document is one deliverable out of a series whose objective is to propose guidelines aimed at facilitating the implementation of the provisions related to trust services of the eIDAS Regulation in the area of qualified trust services. It...

    Published on December 19, 2017

  • Security framework for Trust Service Providers - Technical guidelines on trust services

    Article 19, which is the main focus of this document, of the eIDAS Regulation, states that Trust Service Providers have to demonstrate due diligence, in relation to the identification of risks and adoption of appropriate security practices, and...

    Published on December 19, 2017

  • Conformity assessment of Trust Service Providers - Technical guidelines on trust services

    Through this document, ENISA is supporting both Trust Service Providers and Conformity Assessment Bodies in the audit activities by presenting the auditing framework. It aims at helping Trust Service Providers fulfil the requirements defined by...

    Published on December 19, 2017

  • Security guidelines on the appropriate use of qualified website authentication certificates

    This document addresses qualified certificates for website authentication and is one out of a series of five documents which aim to assist parties wishing to use qualified electronic signatures, seals, time stamps, eDelivery or website...

    Published on June 29, 2017

  • Security guidelines on the appropriate use of qualified electronic registered delivery services

    This document addresses qualified electronic registered delivery services and is one out of a series of five documents which aim to assist parties wishing to use qualified electronic signatures, seals, time stamps, eDelivery or website...

    Published on June 29, 2017

  • Security guidelines on the appropriate use of qualified electronic time stamps

    This document addresses qualified electronic time stamps and is one out of a series of five documents which target to assist parties aiming to use qualified electronic signatures, seals, time stamps, eDelivery or website authentication certificates...

    Published on June 29, 2017

  • Security guidelines on the appropriate use of qualified electronic seals

    This document addresses qualified electronic seals and is one out of a series of five documents which target to assist parties aiming to use qualified electronic signatures, seals, time stamps, eDelivery and website authentication certificates to...

    Published on June 29, 2017

  • Security guidelines on the appropriate use of qualified electronic signatures

    This document addresses qualified electronic signatures and is one out of a series of five documents which target to assist parties aiming to use qualified electronic signatures, seals, time stamps, eDelivery or website authentication certificates...

    Published on June 29, 2017

  • Recommendations on aligning research programme with policy

    The scope of this report is to review existing analysis reports on EU funded Trust and Security Projects, summarize achievements that have significantly promoted specific pillars of NIS, identify and summarize specific outcomes that can promote and...

    Published on May 08, 2017

  • Managing multiple identities

    Nowadays each person has the opportunity of living multiple lives in parallel, in the real as well as in the virtual world. A trend observed over the last years, first in the research community, but now also in commercial offerings is the increase...

    Published on April 20, 2011

  • Mapping security services to authentication levels

    This report reviews the authentication levels and their mapping to public electronic services in the eGovernment programme framework, which require an authentication of the user (security services). It gives a general overview of European efforts...

    Published on March 08, 2011

  • Mobile Identity Management

    This paper reports on information security risks and best-practice in the area of Mobile Identity Management (Mobile IDM). It also provides recommendations of systems, protocols and/or approaches to address these challenges.

    Published on April 13, 2010

  • Security Issues in Cross-border Electronic Authentication

    Improving the interoperability of electronic identification and authentication systems is a European task and a task for all Member States. Considerable efforts have been made in several projects to face the challenges of pan-European...

    Published on February 03, 2010

  • National eIDs in pan-European e-Government Services

    Since the beginning of the 21st century, European Member States have been planning, developing and implementing new solutions to offer electronic services to citizens and businesses on a digital platform in order to improve administrative...

    Published on January 24, 2010

  • Privacy and Security Risks when Authenticating on the Internet with European eID Cards

    Whenever we use internet services, the first steps we take are usually identification (we input our names) and authentication (we prove that it is us). How we actually identify and authenticate ourselves depends on the security level of the...

    Published on November 26, 2009

  • Privacy Features of European eID Card Specifications

    A national eID card is a gateway to personal information. Any unwanted disclosure of personal information constitutes a violation of the citizen’s privacy rights. Apart from considerations of fundamental rights, this is also a serious obstacle to...

    Published on January 27, 2009

  • Security Issues in the Context of Authentication Using Mobile Devices (Mobile eID)

    Mobile devices, like smart phones and PDAs, will play an increasingly important role in the digital environment. However, the pervasive use of mobile devices also brings new security and privacy risks. Persons who make extensive use of mobile...

    Published on November 11, 2008

Didn't find what you were looking for?

Browse the Topics

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies