1、Eric Vetillard,Ph.D.Lead Certification Expert,CCU,ENISAChair,EUDIW AHWG24092025CERTIFICATION OF THE EUDI WALLETA QUICK STATUS2Certification of the EUDI Wallet Trust Services Forum,September 2025Go for the low-hanging fruitsPrivilege topics reusable in national schemesCollaborate with all stakeholder
2、sOperating principles3INITIAL FOCUS ON FOUR TOPICSStandardisation gapsWe are looking at the ongoing standardisation efforts and analysing the gaps related to the security.Gap analysis is available,now deep-diving into the security requirements to refine the gaps.Object of certificationThe object of
3、certification“EUDI Wallet and the eID scheme under which it is provided”is very wide,so we worked on thatSecure apps,mobile and Web aps,IT systems,ISMS,processes,etc.Assessment of componentsEvery component of the object of certification needs to be assessed.EUCC,FitCEM,FR MIE,MASA,ISO 27001,etc.Main
4、 scheme and moreThis includes the key questions about a scheme,as well as the global evaluation activities.Certification lfecycle,monitoring and compliance,etc.Vulnerability assessment,risk assessment,evidence assessment,etc.Certification of the EUDI Wallet Trust Services Forum,September 20254NEXT R
5、OUND OF QUESTIONSConcepts and terminologyOur first work identified some items to be clarified,where interpretations sometimes differ:What is a WSCA around a remote HSM?Wallet instance vs.Wallet mobile app.Certifying key componentsThis is mostly about putting together evaluation methods and security
6、requirements,and seeing what happensCertifying the EUDI Wallet maintenance processesCertifying the security of a mobile applicationKey open questionsThere remain some essential questions on scoping or which no clear response has emergedDealing with components