EBA publishes opinion on eIDAS certificates under PSD2

The EBA has published its Opinion on how eIDAS certificates and be used under the SCA and CSC RTS under PSD2. The Opinion:

  • clarifies that it is the ASPSPs that should choose whether a Qualified certificate for electronic seals (QSealC) or a qualified certificate for web authentication (QWAC) should be used for identification purposes;
  • suggests that QSealCs and QWACs should be used in parallel, while also describing other potential alternative approaches for use of eIDAS certificates (use of QWACs only, and use of QSealCs with an additional element to ensure secure communication). Using both in parallel will both allow AISPs, PISPs and CBPIIs to identify themselves towards the ASPSPs and ensure the communication is secure and that the data submitted originates from the PSP identified in the certificate;
  • sets out which payment services correspond to each role set out in the RTS and the roles that must be assigned in the certificates to payment, e-money and credit institutions; and
  • sets out certain measures that supervisors might use which will help PSPs to be able to rely on eIDAS certificates, while acknowledging that the validity of the information in the certificates is within the responsibility of the certificate issuers and the PSPs