
Article 1 
This Regulation lays down technical and operational requirements of the interoperability framework in order to ensure the interoperability of the electronic identification schemes which Member States notify to the Commission.
Those requirements include in particular:

((a)) minimum technical requirements related to the assurance levels and the mapping of national assurance levels of notified electronic identification means issued under notified electronic identification schemes under Article 8 of Regulation (EU) No 910/2014 as set out in Articles 3 and 4;
((b)) minimum technical requirements for interoperability, as set out in Articles 5 and 8;
((c)) the minimum set of person identification data uniquely representing a natural or legal person as set out in Article 11 and in the Annex;
((d)) common operational security standards as set out in Articles 6, 7, 9 and 10;
((e)) arrangements for dispute resolution as set out in Article 13.
Article 2 
For the purposes of this Regulation, the following definitions shall apply:

((1)) ‘node’ means a connection point which is part of the electronic identification interoperability architecture and is involved in cross-border authentication of persons and which has the capability to recognise and process or forward transmissions to other nodes by enabling the national electronic identification infrastructure of one Member State to interface with national electronic identification infrastructures of other Member States;
((2)) ‘node operator’ means the entity responsible for ensuring that the node performs correctly and reliably its functions as a connection point.
Article 3 
Minimum technical requirements related to the assurance levels shall be as set out in Commission Implementing Regulation (EU) 2015/1502.
Article 4 
The mapping of national assurance levels of the notified electronic identification schemes shall follow the requirements laid down in Implementing Regulation (EU) 2015/1502. The results of the mapping shall be notified to the Commission using the notification template laid down in Commission Implementing Decision (EU) 2015/1984.
Article 5 

1. A node in one Member State shall be able to connect with nodes of other Member States.
2. The nodes shall be able to distinguish between public sector bodies and other relying parties through technical means.
3. A Member State implementation of the technical requirements set out in this Regulation shall not impose disproportionate technical requirements and costs on other Member States in order for them to interoperate with the implementation adopted by the first Member State.
Article 6 

1. Protection of privacy and confidentiality of the data exchanged and the maintenance of data integrity between the nodes shall be ensured by using best available technical solutions and protection practices.
2. The nodes shall not store any personal data, except for the purpose set out in Article 9(3).
Article 7 
Communication between the nodes shall ensure data integrity and authenticity to make certain that all requests and responses are authentic and have not been tampered with. For this purpose, nodes shall use solutions which have been successfully employed in cross-border operational use.
Article 8 
The nodes shall use for syntax common message formats based on standards that have already been deployed more than once between Member States and proven to work in an operational environment. The syntax shall allow:

((a)) proper processing of the minimum set of person identification data uniquely representing a natural or legal person;
((b)) proper processing of the assurance level of the electronic identification means;
((c)) distinction between public sector bodies and other relying parties;
((d)) flexibility to meet the needs of additional attributes relating to identification.
Article 9 

1. The node operator shall communicate the metadata of the node management in a standardised machine processable manner and in a secure and trustworthy way.
2. At least the parameters relevant to security shall be retrieved automatically.
3. The node operator shall store data which, in the event of an incident, enable reconstruction of the sequence of the message exchange for establishing the place and the nature of the incident. The data shall be stored for a period of time in accordance with national requirements and, as a minimum, shall consist of the following elements:
(a) node's identification;
(b) message identification.
(c) message date and time.
Article 10 

1. Node operators of nodes providing authentication shall prove that, in respect of the nodes participating in the interoperability framework, the node fulfils the requirements of standard ISO/IEC 27001 by certification, or by equivalent methods of assessment, or by complying with national legislation.
2. Node operators shall deploy security critical updates without undue delay.
Article 11 

1. A minimum set of person identification data uniquely representing a natural or a legal person shall meet the requirements set out in the Annex when used in a cross-border context.
2. A minimum data set for a natural person representing a legal person shall contain the combination of the attributes listed in the Annex for natural persons and legal persons when used in a cross-border context.
3. Data shall be transmitted based on original characters and, where appropriate, also transliterated into Latin characters.
Article 12 

1. Where it is justified by the process of implementation of the interoperability framework, the Cooperation Network established by Implementing Decision (EU) 2015/296 may adopt opinions pursuant to Article 14(d) thereof on the need to develop technical specifications. Such technical specifications shall provide further details on technical requirements as set out in this Regulation.
2. Pursuant to the opinion referred to in paragraph 1 the Commission in cooperation with Member States shall develop the technical specifications as part of the digital service infrastructures of Regulation (EU) No 1316/2013.
3. The Cooperation Network shall adopt an opinion pursuant to Article 14(d) of Implementing Decision (EU) 2015/296 in which it evaluates whether and to what extent the technical specifications developed under paragraph 2 correspond to the need identified in the opinion referred to in paragraph 1 or the requirements set in this Regulation. It may recommend that Member States take the technical specifications into account when implementing the interoperability framework.
4. The Commission shall provide a reference implementation as an example interpretation of the technical specifications. Member States may apply this reference implementation or use it as a sample when testing other implementations of the technical specifications.
Article 13 

1. Where possible, any dispute concerning the interoperability framework shall be resolved by the concerned Member States through negotiation.
2. If no solution is reached in accordance with paragraph 1, the Cooperation Network established in accordance with Article 12 of Implementing Decision (EU) 2015/296 shall have competence in the dispute in accordance with its rules of procedure.
Article 14 
This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.
This Regulation shall be binding in its entirety and directly applicable in all Member States
ANNEX
1. 
The minimum data set for a natural person shall contain all of the following mandatory attributes:


((a)) current family name(s);
((b)) current first name(s);
((c)) date of birth;
((d)) a unique identifier constructed by the sending Member State in accordance with the technical specifications for the purposes of cross-border identification and which is as persistent as possible in time.

The minimum data set for a natural person may contain one or more of the following additional attributes:


((a)) first name(s) and family name(s) at birth;
((b)) place of birth;
((c)) current address;
((d)) gender.

2. 
The minimum data set for a legal person shall contain all of the following mandatory attributes:


((a)) current legal name;
((b)) a unique identifier constructed by the sending Member State in accordance with the technical specifications for the purposes of cross-border identification and which is as persistent as possible in time.

The minimum data set for a legal person may contain one or more of the following additional attributes:


((a)) current address;
((b)) VAT registration number;
((c)) tax reference number;
((d)) the identifier related to Article 3(1) of Directive 2009/101/EC of the European Parliament and of the Council;
((e)) Legal Entity Identifier (LEI) referred to in Commission Implementing Regulation (EU) No 1247/2012;
((f)) Economic Operator Registration and Identification (EORI) referred to in Commission Implementing Regulation (EU) No 1352/2013;
((g)) excise number provided in Article 2(12) of Council Regulation (EC) No 389/2012.
