Under Article 24 of the eIDAS Regulation[1], it requires that a qualified trust service provider (‘QTSP’) verifies the identity, and where applicable the special attributes, of the person to whom a qualified certificate is being issued. The purpose of the proposed regulations is to regulate the use of remote identification procedures by QTSPs, ensuring that the procedures used are duly certified by a Conformity Assessment Body (CAB) as following the safeguards and equivalent assurance obligations provided for in the said proposed regulations.

Under the proposed regulation, the QTSP, before making use of a remote identification procedure, has a requirement to submit to the Malta Communications Authority (‘MCA’) a conformity assessment report (‘CAR’) issued by a CAB, which report must indicate that the QTSP provides equivalent assurance in terms of physical presence and meeting all of the requirements indicated in the draft regulations. The draft regulations would also require the QTSP to undertake various measures before adopting a remote identification procedure, which include carrying out a risk analysis, tests of the effectiveness and safety and an internal assessment of the adequacy of the method to be used to mitigate any risks identified in the risk analysis.

They also provide for a number of technical and organisation requirements that the QTSP must abide with, while also providing the necessary tools that enable the MCA to inspect and require any information about any remote identification procedures carried out in compliance with the draft regulations. It also provides the MCA the necessary enforcement tools to enable the MCA to inspect and require any information about any remote identification procedures carried out in compliance with the draft regulations. Moreover, the MCA is also empowered to require any person to desist from the continued use of any remote identification procedure if there is non-compliance with the applicable norms.

The consultation period shall run from the 16th October 2020 till the 20th November 2020.


[1] EU Regulation 910/2014 on electronic identification and trust services for electronic communications in the internal market

News update by Legal Trainee Mr Steve Vella.

For more information or assistance please contact  Dr Ian Gauci and Dr Terence Cassar.

Disclaimer: This article is not intended to impart legal advice and readers are asked to seek verification of statements made before acting on them.

Disclaimer This article is not intended to impart legal advice and readers are asked to seek verification of statements made before acting on them.
Skip to content