For Trust Providers
Article 19 of the eIDAS Regulation
The regulation for electronic identification and trust services (Regulation (EU) No 910/2014, referred to as eIDAS), contains Article 19 which requires, among other requirements, that providers of trust services 1) assess risks, 2) take appropriate security measures to mitigate the risks, and 3) notify the supervisory body about significant incidents/breaches.
In 2014, after eIDAS was adopted, ENISA initiated contacts with experts from ministries agencies, supervisory bodies, authorities, et cetera, who are (or might become) involved with the application of Article 19. The goal of these contacts has been to discuss and agree the technical application of Article 19 by Member States. ENISA formed an expert group, to work together with experts from competent authorities on the application of Article 19 and, more generally, security incidents in the trust services.
You can follow the activities of the article 19 expert group under this section.
For more information please contact: incidents [at] enisa [dot] europa [dot] eu
-
Telecom Security Incidents 2022The present report provides anonymised and aggregated information about major telecom security incidents that happened in 2022.
-
Trust Services Security Incidents 2022This report, the Annual Report Trust Services Security Incidents 2022, provides an aggregated overview of the notified breaches for 2022, analysing...