Considerations on COM(2024)671 -

Please note

This page contains a limited version of this dossier in the EU Monitor.

 
dossier COM(2024)671 - .
document COM(2024)671
date October  8, 2024
 
(1) Pursuant to Directive 2004/38/EC of the European Parliament and of the Council12 physical identity cards and passports are the documents enabling Union citizens to exercise their right to free movement and residence.

(2) In order to increase the reliability and acceptance of identity cards issued by Member States to their nationals and of residence documents issued by Member States to Union citizens and their family members and, therefore, facilitate the exercise of the right to free movement, Council Regulation (EU) XXXX/XXXX13 [COM(2024) 316 final] strengthens the security standards applicable to those identity cards and residence documents. For identity cards, that Regulation sets out the security standards, format and specifications with which such physical documents are to comply with.

(3) To facilitate the exercise of the right to free movement and residence, rules at Union level should be laid down for the creation of identity card-based digital travel credentials, that is, a digital representation of the person’s identity that is derived from the information stored in the storage medium of an identity card and that can be validated using the public key infrastructure of the authority issuing the identity card. Doing so also serves to avoid the emergence of incompatible standards within the Union, and makes sure that all Union citizens holding an identity card can obtain digital travel credentials if they so wish.

(4) When the exercise of the right to free movement involves travel to another Member State, the use of identity card-based digital travel credentials could speed up any applicable checks. Accordingly, Union citizens should be entitled to receive and use digital travel credentials based on their identity cards. At the same time, they should not be obliged to hold a digital travel credential or to continue using it once obtained.

(5) To make it easy for Union citizens to obtain a digital travel credential, Member States should, when issuing an identity card and upon request of the applicant, also issue Union citizens with a corresponding digital travel credential based on harmonised Union specifications.

(6) In addition, given that a Union citizen may not have chosen to receive a digital travel credential when being issued an identity card, Member States should offer holders of identity cards issued by them in a format that complies with the requirements of Regulation (EU) XXXX/XXXX [COM(2024) 316 final] the possibility to create a corresponding digital travel credential at a later stage, including remotely by using devices such as mobile phones capable of reading the storage medium of the identity card together with a mobile phone application.

(7) When a digital travel credential is created remotely, Member States should ensure, by configuring the necessary software solution accordingly, that the authenticity and integrity of the storage medium of the physical identity card are verified and that the facial image of the person seeking to create the digital travel credential is matched against the facial image stored on the storage medium before the credential is created. This is to ensure that digital travel credentials are only created by the person to whom the identity card was issued.

(8) Given that the ‘EU Digital Travel application’, provisions for which are laid down in Regulation (EU) XXXX/XXXX of the European Parliament and of the Council14 [COM(2024) 670 final], will allow for the creation of digital travel credentials based on identity cards that meet the requirements of Regulation (EU) XXXX/XXXX [COM(2024) 316 final], Union citizens holding such identity cards should be able to use that application when remotely creating corresponding digital travel credentials.

(9) The digital travel credential should support being stored in European Digital Identity Wallets issued in accordance with Regulation (EU) No 910/2014 of the European Parliament and of the Council15.

(10) Given that they are derived from an identity card, digital travel credentials should contain the same personal data, including a facial image. The inclusion of biometric data, namely the facial image, in the digital travel credential should enable the holder of that credential to be reliably identified by comparing their facial image to that in the digital travel credential when the digital travel credential is presented, and thus to combat document fraud. As the Court of Justice confirmed, combating document fraud, which includes, among other things, combating the production of false documents and combating the use of genuine documents by people other than the true owners of those genuine documents, constitutes an objective of general interest recognised by the Union.

(11) However, digital travel credentials should not include the fingerprints of the holder, which are present in the storage medium of identity cards to combat document fraud. There are currently no standards for their inclusion in digital travel credentials, and due to their cryptographic protection, it is in any event not possible to extract fingerprints from the storage medium of identity cards. The absence of fingerprints in digital travel credentials does not undermine the protection against the fraudulent use of identity cards, as digital travel credentials are used in combination with physical identity cards rather than replacing them. If competent authorities have doubts as to the authenticity of the digital travel credential or the identity of the holder, they retain the possibility to use the fingerprints stored in the storage medium of the identity card.

(12) To boost the uptake of digital travel credentials, and without prejudice to the competence of Member States to determine the fees for the issuance of identity cards, digital travel credentials should be issued free of charge.

(13) Member States should exchange with each other the information necessary to allow for the verification of the authenticity and validity of digital travel credentials.

(14) Given that a digital travel credential issued pursuant to this Regulation consists of the information in the storage medium of the holder’s identity card, its issuance should facilitate the exercise of free movement and residence for persons holding such a document, including in the context of entry into the territory of a Member State.

(15) Regulation (EU) 2016/679 of the European Parliament and of the Council16 applies with regard to the personal data to be processed in the context of the application of this Regulation. Given that the digital travel credentials established by this Regulation contain the same personal data as identity cards, except for the fingerprints of the holder, and are used for the same purposes, the specific rules in Regulation (EU) XXXX/XXXX [COM(2024) 316 final] on the protection of personal data should also apply to digital travel credentials covered by this Regulation.

(16) In order to ensure uniform conditions for the issuance and creation of identity card-based digital travel credentials, implementing powers should be conferred on the Commission to adopt technical specifications, procedures and requirements, including regarding their issuance process, validity, authentication, validation and revocation. When drawing up the technical specifications for the digital travel credential, the Commission should, as far as possible, base itself on the relevant international standards and practices agreed upon through the International Civil Aviation Organization to ensure both a consistent approach at international level and the global interoperability of digital travel credentials. The Commission should also seek to ensure accessibility for persons with disabilities in accordance with accessibility requirements under Union law. In addition, implementing powers should be conferred on the Commission to confirm that it is technically possible to create identity card-based digital travel credentials using the ‘EU Digital Travel application’, provisions for which are laid down in Regulation (EU) XXXX/XXXX [COM(2024) 670 final] and, on that basis, to establish the date as of which Member States should enable the creation of identity card-based digital travel credentials using that application at the latest. Those implementing powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council17.

(17) Since the objectives of this Regulation, namely to facilitate the exercise of the right of free movement by establishing identity card-based digital travel credentials, cannot be sufficiently achieved by the Member States but can rather, by reason of the scale and effects of the action, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve those objectives.

(18) In accordance with paragraphs 22 and 23 of the Interinstitutional Agreement of 13 April 2016 on Better Law-Making18, the Commission should carry out an evaluation of this Regulation in order to assess its actual effects and the need for any further action.

(19) In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Denmark is not taking part in the adoption of this Regulation and is not bound by it or subject to its application.

(20) [In accordance with Article 3 of the Protocol No 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the Treaty on European Union and the Treaty on the Functioning of the European Union, Ireland has notified its wish to take part in the adoption and application of this Regulation.] OR [In accordance with Articles 1 and 2 of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, and without prejudice to Article 4 of that Protocol, Ireland is not taking part in the adoption of this Regulation and is not bound by it or subject to its application.]

(21) This Regulation respects fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union (the Charter) including the right of free movement and the right to the protection of personal data. Member States should comply with the Charter when implementing this Regulation.

(22) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council19 and delivered an opinion on XXXX20.