Commission Regulation (EU) No 383/2012 of 4 May 2012 laying down technical requir... (32012R0383)
EU - Rechtsakte: 07 Transport policy

COMMISSION REGULATION (EU) No 383/2012

of 4 May 2012

laying down technical requirements with regard to driving licences which include a storage medium (microchip)

(Text with EEA relevance)

THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Directive 2006/126/EC of the European Parliament and of the Council of 20 December 2006 on driving licences(1), and in particular Article 1(2) thereof,
Whereas:
(1) Directive 2006/126/EC provides for a common model for driving licences to be issued by Member States, including an optional storage medium (microchip).
(2) The introduction of such a microchip in the driving licence should enable the Member States to further improve the level of anti-fraud protection. Such processing of personal data needs to be carried out in accordance with the rules of the Union, as set out, inter alia, in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data(2).
(3) To ensure interoperability and adequate resistance against fraud the technical implementation of the microchip should fulfil certain requirements and standards, if Member States choose to introduce it in the driving licence.
(4) Driving licences which include a microchip should be subject to an appropriate EU type-approval procedure to verify that they comply with those requirements. The EU type-approval procedure should not apply to driving licences which do not include a microchip.
(5) The technical requirements applicable to driving licences which include a microchip should be based on internationally agreed technical standards, in particular the International Standardisation Organisation/International Electrotechnical Commission (ISO/IEC) 18013 standard, which establishes a framework for the design format and data content of an ISO-compliant driving licence.
(6) The measures provided for in this Regulation are in accordance with the opinion of the Committee on driving licences,
HAS ADOPTED THIS REGULATION:

Article 1

Scope

This Regulation applies to driving licences which include a microchip issued in conformity with Directive 2006/126/EC.

Article 2

General requirements

1.   The microchip and the data contained in the microchip, including any optional or additional information, shall comply with the provisions of Annex I to this Regulation.
2.   The microchip shall store the harmonised driving licence data referred to in Annex I, Paragraph I.2.1.
3.   Member States shall consult the Commission before storing on the microchip of a driving licence any of the additional data referred to in Annex I, Paragraph I.2.2.

Article 3

Applicable standards

The list of applicable standards for driving licences which include a microchip is set out in Annex II to this Regulation.

Article 4

Procedure for EU type-approval

Driving licences which include a microchip shall be subject to an EU type-approval procedure in accordance with the provisions laid down in Annex III to this Regulation.

Article 5

EU type-approval certificate

1.   When all relevant provisions of the EU type-approval have been met with respect to a driving licence which includes a microchip in accordance with Articles 2, 3 and 4 of this Regulation, Member States shall issue an EU type-approval certificate to the manufacturer or its representative.
2.   Where necessary, in particular to ensure that the provisions of this Regulation are complied with, a Member State may withdraw an EU type-approval that it has issued.
3.   EU type-approval certificates and their notification of their withdrawal shall comply with the model set out in Annex IV to this Regulation.
4.   The Commission shall be informed of all issued or withdrawn EU type-approval certificates. In case of a withdrawal a detailed reason shall be provided.
The Commission shall inform the Member States of any withdrawal of an EU-type approval.
5.   EU type-approval certificates issued by Member States shall be mutually recognised.

Article 6

Single contact points

1.   Each Member State shall designate an authority or body acting as a single contact point for information relating to driving licences which include a microchip. The single contact point shall take adequate measures regarding data protection.
2.   Member States shall indicate to the Commission within three months of the entry into force of this Regulation, the name and the contact details of the single contact point designated pursuant to paragraph 1. Member States shall inform the Commission without delay of any changes thereto.
3.   The Commission shall make available to Member States a list of designated single points of contacts and maintain the list.

Article 7

Safeguard clause

1.   Where a Member State ascertains that a significant number of driving licences which include a microchip are repeatedly found not to be in conformity with this Regulation, it shall communicate this to all single contact points, to the Supervisory Authority as referred to in Directive 95/46/EC and to the Commission. The relevant EU type-approval certificate number connected to those driving licences as well as a description of the non-compliance shall be indicated.
2.   The Member State which issued these driving licences shall investigate the problem without delay and take appropriate corrective action, including withdrawal of the EU type-approval certificate where necessary.

Article 8

Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the
Official Journal of the European Union
.
This Regulation shall be binding in its entirety and directly applicable in all Member States.
Done at Brussels, 4 May 2012.
For the Commission
The President
José Manuel BARROSO
(1)  
OJ L 403, 30.12.2006, p. 18
.
(2)  
OJ L 281, 23.11.1995, p. 31
.

ANNEX I

General requirements for driving licences which include a microchip

The general requirements for driving licences including a microchip described in this Annex are based on international standards, in particular the ISO/IEC 18013-series standards. They cover:
— the specifications for the microchip and the logical data structure on the microchip,
— the specifications for harmonised and additional data to be stored, and
— the specifications relating to data protection mechanisms for the digitally stored data on the microchip.

I.1   ABBREVIATIONS

Abbreviation

Meaning

AID

Application Identifier

BAP

Basic Access Protection

DG

Data Group

EAL 4+

Evaluation Assurance Level 4 Augmented

EF

Elementary File

EFID

Elementary File Identifier

eMRTD

Machine Readable Travel Documents

ICC

Integrated Circuit Card

ISO

International Standard Organisation

LDS

Logical Data Structure

PICC

Proximity Integrated Circuit Card

PIX

Proprietary Application Identifier Extension

RID

Registered Application Identifier

SOd

Document Security Object

I.2   DATA STORED ON THE MICROCHIP

I.2.1   

Harmonised mandatory and optional driving licence data

The microchip shall store the harmonised driving licence data specified in Annex I, Paragraph 3, to Directive 2006/126/EC. If a Member State decides to include in the driving licence data items marked as optional in Annex I, Paragraph 3, of Directive 2006/126/EC, these items shall be stored in the microchip.

I.2.2   

Additional data

After consulting the Commission, Member States may store additional data, provided that it does not interfere in anyway with the implementation of Directive 2006/126/EC.
Member States intending to introduce additional data shall provide the Commission with detailed information on the type of additional data and the reasons for storing such data on the microchip. The Commission shall examine this information and, where appropriate, deliver an opinion in the light of the requirements laid down in this Annex and after consultation of the Working Party established under Article 29 of Directive 95/46/EC. The Commission shall also indicate in its opinion, where appropriate, whether the additional data is to be stored in the EU driving licence application or in another application.

I.3   MICROCHIP

I.3.1   

Storage medium type

The storage medium for driving licence data shall be a microchip with a contact, contactless, or combined contact and contactless (dual) interface, as specified in Annex II, item 1 of this Regulation.

I.3.2   

Applications

All data on a microchip shall be stored in applications. All applications on the microchip shall be identified by a unique code called Application Identifier (AID) as specified in Annex II, item 2.

I.3.2.1   

EU Driving Licence Application

Mandatory and optional driving licence data shall be stored in the dedicated EU Driving Licence application. The AID for the EU Driving Licence application shall be:
A0 00 00 04 56 45 44 4C 2D 30 31
’,
consisting of:
— the Registered Application Identifier (RID) for the European Commission: ‘
A0 00 00 04 56
’,
— the Proprietary Application Identifier Extension (PIX) for the EU Driving Licence application: ‘
45 44 4C 2D 30 31
’ (EDL-01).
Data shall be grouped in Data Groups (DGs) as part of a Logical Data Structure (LDS).
DGs shall be stored as Elementary Files (EFs) in the EU Driving Licence application, and shall be protected in accordance with Annex II, item 3.

I.3.2.2   

Other Applications

Other additional data shall be stored in one or more dedicated applications apart from the EU Driving Licence Application. Each such application shall be identified by a unique AID.

I.4   LOGICAL DATA STRUCTURE OF THE EU DRIVING LICENCE APPLICATION

I.4.1   

Logical Data Structure

Driving Licence Data shall be stored on the microchip in a Logical Data Structure (LDS) specified in Annex II, item 4. This paragraph specifies additional requirements for the mandatory, optional and additional DGs.
Each DG shall be stored in one EF. The EFs to be used for the EU Driving Licence Application shall be identified with the Elementary File Identifiers (EFIDs) and Short EF identifiers as specified in Annex II, item 5.

I.4.2   

Mandatory Data Groups

The mandatory and optional data elements shall be stored in the following DGs:
— DG 1: all mandatory and optional data elements as printed on the document, except face image and signature image,
— DG 5: image of the licence holder’s signature,
— DG 6: image of the licence holder’s face.
DG 1 data shall be structured as specified in paragraph I.6 of this Annex and as specified in Annex II, item 6. Data contained in other DGs shall be stored according to the specifications of Annex II as specified in Annex II, item 7.

I.4.3   

Additional Data Groups

The additional data elements shall be stored in the following DGs:
— DG 2: details on the licence holder, except for biometric data,
— DG 3: details on issuing authority,
— DG 4: portrait image,
— DG 7: biometric data regarding fingerprint of the licence holder,
— DG 8: biometric data regarding iris of the licence holder,
— DG 11: other details, such as the full name of the holder in national characters.
Data contained in these DGs shall be stored according to the specifications of Annex II, item 8.

I.5   DATA PROTECTION MECHANISMS

Appropriate mechanisms shall be used for the validation of authenticity and integrity of the microchip and data contained in it and for restricting access to driving licence data.
Data on the microchip shall be protected according the specifications laid down in Annex II, item 3. This paragraph specifies additional requirements to be complied with.

I.5.1   

Authenticity Verification

I.5.1.1   

Mandatory Passive Authentication

All DGs stored in the EU Driving Licence application shall be protected with passive authentication.
Data related to passive authentication shall conform to the requirements specified in Annex II, item 9.

I.5.1.2   

Optional Active Authentication

Optional Active Authentication mechanisms shall be applied to ensure that the original microchip has not been replaced.

I.5.2   

Access Restriction

I.5.2.1   

Mandatory Basic Access Protection

The Basic Access Protection mechanism (BAP) shall be applied for all data in the EU Driving Licence application. In the interest of interoperability with existing systems such as that using Machine Readable Travel Documents (eMRTD) it is mandatory to use the one-line Machine Readable Zone (MRZ), as specified in Annex II, item 10.
The K
doc
document key used to access the chip is generated from the one-line MRZ, which can be entered either manually or using an Optical Character Recognition (OCR) reader. The BAP 1 configuration defined for a one-line MRZ as specified in Annex II, item 10 shall be applied.

I.5.2.2   

Conditional Extended Access Control

When more sensitive data are stored on the microchip, access to such data shall be restricted with additional measures.
The Extended Access Control mechanisms shall comply with the specifications of Annex II, item 11.

I.5.3   

Public Key Infrastructure (PKI) for driving licences including a microchip

The single contact point defined in Article 6 shall establish the necessary national arrangements for Public Key management, in accordance with Annex A of ISO standard 18013_3.

I.6   DATA PRESENTATION

I.6.1   

Formatting of data in DG 1

Tag

L

Value

Encoding

M/O

61

V

DG1 Data elements (nested)

 

 

 

 

Tag

L

Value

 

 

 

 

5F 01

V

Type approval number

ans

M

 

 

5F 02

V

Constructed data object of demographic data elements

 

M

 

 

 

 

Tag

L

Value

 

 

 

 

 

 

5F 03

3

Issuing Member State

a3

M

 

 

 

 

5F 04

V

Surname(s) of the holder

as

M

 

 

 

 

5F 05

V

Other name(s) of the holder

as

M

 

 

 

 

5F 06

4

Date of birth (ddmmyyyy)

n8

M

 

 

 

 

5F 07

V

Place of birth

ans

M

 

 

 

 

5F 08

3

Nationality

a3

O

 

 

 

 

5F 09

1

Gender

M/F/U

O

 

 

 

 

5F 0A

4

Date of issue of the licence (ddmmyyyy)

n8

M

 

 

 

 

5F 0B

4

Date of expiry of the licence (ddmmyyyy)

n8

M

 

 

 

 

5F 0C

V

Issuing authority

ans

M

 

 

 

 

5F 0D

V

Administrative number (other than document number)

ans

O

 

 

 

 

5F 0E

V

Document number

an

M

 

 

 

 

5F 0F

V

Permanent place of residence, or postal address

ans

O

 

 

7F 63

V

Constructed data object of categories of vehicles/restrictions/conditions

 

M

 

 

 

 

Tag

L

Value (coded as defined below)

 

 

 

 

 

 

02

1

Number of categories/restrictions/conditions

N

M

 

 

 

 

87

V

Category/restriction/condition

ans

M

 

 

 

 

87

V

Category/restriction/condition

ans

O

 

 

 

 

 

 

 

 

87

V

Category/restriction/condition

ans

O

I.6.2   

Logical record format

The categories regarding vehicles, restrictions or conditions shall be compiled in a data object following the structure specified in the following table:

Vehicle category code

Date of issue

Date of expiry

Code

Sign

Value

where:
— vehicle category codes shall be presented as defined in Article 4 of Directive 2006/126/EC (such as AM, A1, A2, A, B1, B, etc.),
— date of issue shall be presented in the format DDMMYYYY (day in two digits followed by month in two digits followed by year in four digits) for the vehicle category,
— date of expiry shall be presented in the format DDMMYYYY (day in two digits followed by month in two digits followed by year in four digits) for the vehicle category,
— code, sign and value refer to additional information or restrictions relating to the vehicle category or the driver.

ANNEX II

List of applicable standards for driving licences which include a storage medium

Item

Subject

Requirement

Applicable to

1

Storage medium interface, organisation and commands

ISO/IEC 7816 series (contact), ISO/IEC 14443 series (contactless) as referred to in ISO/IEC 18013-2:2008, Annex C

Annex I, paragraph I.3.1

2

Application identifier

ISO/IEC 7816-5:2004

Annex I, paragraph I.3.2

3

Data protection mechanisms

ISO/IEC 18013-3:2009

Annex I, paragraph I.3.2.1

Annex I, paragraph I.5

4

Logical data structure

ISO/IEC 18013-2:2008

Annex I, paragraph I.4.1

5

Elementary file identifiers

ISO/IEC 18013-2:2008 Table C.2

Annex I, paragraph I.4.1

6

Data presentation for DG 1

ISO 18013-2:2008, Annex C.3.8

Annex I, paragraph I.4.2

Annex I, paragraph I.6.1

7

Mandatory data presentation for DG 5 and DG 6

ISO/IEC 18013-2:2008, Annex C.6.6 and Annex C.6.7, face image and signature image to be stored in JPEG or JPEG2000 format

Annex I, paragraph I.4.2

8

Optional and additional data presentation

ISO/IEC 18013-2:2008, Annex C

Annex I, paragraph I.4.3

9

Passive authentication

ISO/IEC 18013-3:2009, paragraph 8.1, data shall be stored in EF.SOd (Document Security Object) in the LDS

Annex I, paragraph I.5.1.1

10

Basic access restriction

ISO/IEC 18013-3:2009 and its Amendment 1

Annex I, paragraph I.5.2.1

Basic access restriction configuration

ISO/IEC 18013-3:2009, Annex B.8

11

Extended access restriction

Technical Guideline TR-03110, Advanced Security Mechanisms for Machine Readable Travel Documents – Extended Access Control (EAC), Version 1.11

Annex I, paragraph I.5.2.2

12

Test methods

ISO 18013-4:2011

Annex III, Paragraph III.1

13

Security certificate

Evaluation Assurance Level 4 augmented (EAL 4+) or equivalent

Annex III, paragraph III.2

14

Functional certificate

Smart card testing according to ISO 10373 series

Annex III, paragraph III.3

ANNEX III

Procedure for EU type-approval of driving licences which include a microchip

III.1   GENERAL PROVISIONS

Manufacturers applying for an EU type-approval of driving licences including a microchip shall present a security certificate and a functional certificate.
Any intended modification to the production process, including software, shall be subject to a prior notification to the authority which granted type-approval. The authority may require further information and tests before accepting the modification.
Tests shall follow the methods laid down in item 12 of Annex II to this Regulation.

III.2   SECURITY CERTIFICATE

For the security evaluation, driving licence microchips shall be evaluated according to the criteria specified in Annex II, item 13.
A security certificate shall only be delivered upon successful evaluation of the ability of the microchip to resist attempts to tamper with or alter data.

III.3   FUNCTIONAL CERTIFICATE

A functional evaluation of driving licences including a microchip shall be laboratory- tested in accordance with the criteria specified in Annex II, item 14.
Member States implementing a microchip on driving licences shall ensure that the relevant functional standards and the requirements of Annex I are complied with.
A functional certificate shall be delivered to the manufacturer once:
— there is a valid security certificate for the microchip,
— compliance with requirements of Annex II has been demonstrated, and
— functional tests have been passed successfully.
The relevant Member State authority is responsible for issuing the functional certificate. The functional certificate shall indicate the identity of the issuing authority, the identity of the applicant, the identification of the microchip and a detailed list of the tests and their results.

III.4   EU TYPE-APPROVAL CERTIFICATE

III.4.1   

Model certificate

Member States shall deliver the EU type-approval certificate on the presentation of security and functional certificates as provided in this Annex. EU type-approval certificates shall comply with the model in Annex IV.

III.4.2   

Numbering system

The EU type-approval numbering system shall consist of:
(a) The letter ‘e’ followed by a distinguishing number for the Member State which has granted the EU type-approval
— 1
for Germany
— 2
for France
— 3
for Italy
— 4
for the Netherlands
— 5
for Sweden
— 6
for Belgium
— 7
for Hungary
— 8
for the Czech Republic
— 9
for Spain
— 11
for the United Kingdom
— 12
for Austria
— 13
for Luxembourg
— 17
for Finland
— 18
for Denmark
— 19
for Romania
— 20
for Poland
— 21
for Portugal
— 23
for Greece
— 24
for Ireland
— 26
for Slovenia
— 27
for Slovakia
— 29
for Estonia
— 32
for Latvia
— 34
for Bulgaria
— 36
for Lithuania
— 49
for Cyprus
— 50
for Malta.
(b) The letters DL preceded by a hyphen and followed by the two figures indicating the sequence number assigned to this Regulation or latest major technical amendment to this Regulation. The sequence number for this Regulation is 00.
(c) A unique identification number of the EU type-approval attributed by the issuing Member State.
Example of the EU type-approval numbering system: e50-DL00 12345
The approval number shall be stored on the microchip in DG 1 for each driving licence carrying such microchip.

ANNEX IV

Model for the EU type-approval certificate concerning driving licences which include a microchip

Name of the competent authority: …
Notification concerning(1):
— approval 
— withdrawal of approval 
of an EU Driving Licence including a microchip
Approval No: …
1.
Manufacturing brand or trademark: …
2.
Name of model: …
3.
Name of manufacturer or of its representative, where applicable: …
4.
Address of manufacturer or of its representative, where applicable: …
5.
Laboratory test reports:
5.1
Security Certificate No: … Date: …
Issued by: …
5.2
Functional Certificate No: … Date: …
Issued by: …
6.
Date of approval: …
7.
Date of withdrawal of approval: …
8.
Place: …
9.
Date: …
10.
Descriptive documents in Annex: …
11.
Signature: …
(1)  Tick the relevant box.
Markierungen
Leseansicht