1、Supervising Trust Services:Balancing Diversity and Harmonisation in EuropeeIDAS 2,NIS 2 and the Future of Digital TrustUlrich LatzenhoferSplit,24 September 2025The role of supervisorsSupervising Trust Services Split,24 September 20252In the narrower sense:to ensure that trust service providers meet
2、legal requirements National transpositions of NIS 2 Directive:general cybersecurity requirements(e.g.,cybersecurity risk management measures)competent authorities Amended eIDAS Regulation:specific requirements for TSPs supervisory bodies GDPR,CER Directive etc.:other related requirements other autho
3、rities Ex-post supervision for all TSPs(e.g.,after security breaches),ex-ante supervision for qualified TSPs(eIDAS)and essential entities(NIS 2)In the broader sense:supervisors as enablers No(cross-border)recognition of qualified TSPs without(harmonised)supervision Supervision as silent backbone of
4、digital trust:If supervision fails,trust is lostAchievements of eIDAS 2Supervising Trust Services Split,24 September 20253A major breakthrough Bridging of electronic identification and trust services through EUDI Wallet Inclusion of related services in notion of trust services(e.g.,electronic attest
5、ation of attributes)Specification of requirements for trust services through implementing acts:long-standing desideratum of supervisory bodies Alignment of eIDAS with NIS 2(e.g.,conformity assessment,incident reporting)Restoring what would have been lost by NIS 2(e.g.,requirements for non-qualified
6、TSPs)However,there are still challenges Challenges(1)Supervising Trust Services Split,24 September 20254Long transition period for“other”identification methods(requiring confirmation by conformity assessment body)Old confirmations usually not assuring high level of confidence National requirements f