COMMISSION REGULATION (EU) No 383/2012
of 4 May 2012
laying down technical requirements with regard to driving licences which include a storage medium (microchip)
(Text with EEA relevance)
THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Directive 2006/126/EC of the European Parliament and of the Council of 20 December 2006 on driving licences(1), and in particular Article 1(2) thereof,
Whereas:
(1) Directive 2006/126/EC provides for a common model for driving licences to be issued by Member States, including an optional storage medium (microchip).
(2) The introduction of such a microchip in the driving licence should enable the Member States to further improve the level of anti-fraud protection. Such processing of personal data needs to be carried out in accordance with the rules of the Union, as set out, inter alia, in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data(2).
(3) To ensure interoperability and adequate resistance against fraud the technical implementation of the microchip should fulfil certain requirements and standards, if Member States choose to introduce it in the driving licence.
(4) Driving licences which include a microchip should be subject to an appropriate EU type-approval procedure to verify that they comply with those requirements. The EU type-approval procedure should not apply to driving licences which do not include a microchip.
(5) The technical requirements applicable to driving licences which include a microchip should be based on internationally agreed technical standards, in particular the International Standardisation Organisation/International Electrotechnical Commission (ISO/IEC) 18013 standard, which establishes a framework for the design format and data content of an ISO-compliant driving licence.
(6) The measures provided for in this Regulation are in accordance with the opinion of the Committee on driving licences,
HAS ADOPTED THIS REGULATION:
Article 1
Scope
This Regulation applies to driving licences which include a microchip issued in conformity with Directive 2006/126/EC.
Article 2
General requirements
1. The microchip and the data contained in the microchip, including any optional or additional information, shall comply with the provisions of Annex I to this Regulation.
2. The microchip shall store the harmonised driving licence data referred to in Annex I, Paragraph I.2.1.
3. Member States shall consult the Commission before storing on the microchip of a driving licence any of the additional data referred to in Annex I, Paragraph I.2.2.
Article 3
Applicable standards
The list of applicable standards for driving licences which include a microchip is set out in Annex II to this Regulation.
Article 4
Procedure for EU type-approval
Driving licences which include a microchip shall be subject to an EU type-approval procedure in accordance with the provisions laid down in Annex III to this Regulation.
Article 5
EU type-approval certificate
1. When all relevant provisions of the EU type-approval have been met with respect to a driving licence which includes a microchip in accordance with Articles 2, 3 and 4 of this Regulation, Member States shall issue an EU type-approval certificate to the manufacturer or its representative.
2. Where necessary, in particular to ensure that the provisions of this Regulation are complied with, a Member State may withdraw an EU type-approval that it has issued.
3. EU type-approval certificates and their notification of their withdrawal shall comply with the model set out in Annex IV to this Regulation.
4. The Commission shall be informed of all issued or withdrawn EU type-approval certificates. In case of a withdrawal a detailed reason shall be provided.
The Commission shall inform the Member States of any withdrawal of an EU-type approval.
5. EU type-approval certificates issued by Member States shall be mutually recognised.
Article 6
Single contact points
1. Each Member State shall designate an authority or body acting as a single contact point for information relating to driving licences which include a microchip. The single contact point shall take adequate measures regarding data protection.
2. Member States shall indicate to the Commission within three months of the entry into force of this Regulation, the name and the contact details of the single contact point designated pursuant to paragraph 1. Member States shall inform the Commission without delay of any changes thereto.
3. The Commission shall make available to Member States a list of designated single points of contacts and maintain the list.
Article 7
Safeguard clause
1. Where a Member State ascertains that a significant number of driving licences which include a microchip are repeatedly found not to be in conformity with this Regulation, it shall communicate this to all single contact points, to the Supervisory Authority as referred to in Directive 95/46/EC and to the Commission. The relevant EU type-approval certificate number connected to those driving licences as well as a description of the non-compliance shall be indicated.
2. The Member State which issued these driving licences shall investigate the problem without delay and take appropriate corrective action, including withdrawal of the EU type-approval certificate where necessary.
Article 8
Entry into force
This Regulation shall enter into force on the twentieth day following that of its publication in the
Official Journal of the European Union
.
This Regulation shall be binding in its entirety and directly applicable in all Member States.
Done at Brussels, 4 May 2012.
For the Commission
The President
José Manuel BARROSO
(1)
OJ L 403, 30.12.2006, p. 18
.
(2)
OJ L 281, 23.11.1995, p. 31
.
ANNEX I
General requirements for driving licences which include a microchip
The general requirements for driving licences including a microchip described in this Annex are based on international standards, in particular the ISO/IEC 18013-series standards. They cover:
— the specifications for the microchip and the logical data structure on the microchip,
— the specifications for harmonised and additional data to be stored, and
— the specifications relating to data protection mechanisms for the digitally stored data on the microchip.
I.1 ABBREVIATIONS
|
Abbreviation |
Meaning |
|
AID |
Application Identifier |
|
BAP |
Basic Access Protection |
|
DG |
Data Group |
|
EAL 4+ |
Evaluation Assurance Level 4 Augmented |
|
EF |
Elementary File |
|
EFID |
Elementary File Identifier |
|
eMRTD |
Machine Readable Travel Documents |
|
ICC |
Integrated Circuit Card |
|
ISO |
International Standard Organisation |
|
LDS |
Logical Data Structure |
|
PICC |
Proximity Integrated Circuit Card |
|
PIX |
Proprietary Application Identifier Extension |
|
RID |
Registered Application Identifier |
|
SOd |
Document Security Object |
I.2 DATA STORED ON THE MICROCHIP
I.2.1
Harmonised mandatory and optional driving licence data
The microchip shall store the harmonised driving licence data specified in Annex I, Paragraph 3, to Directive 2006/126/EC. If a Member State decides to include in the driving licence data items marked as optional in Annex I, Paragraph 3, of Directive 2006/126/EC, these items shall be stored in the microchip.
I.2.2
Additional data
After consulting the Commission, Member States may store additional data, provided that it does not interfere in anyway with the implementation of Directive 2006/126/EC.
Member States intending to introduce additional data shall provide the Commission with detailed information on the type of additional data and the reasons for storing such data on the microchip. The Commission shall examine this information and, where appropriate, deliver an opinion in the light of the requirements laid down in this Annex and after consultation of the Working Party established under Article 29 of Directive 95/46/EC. The Commission shall also indicate in its opinion, where appropriate, whether the additional data is to be stored in the EU driving licence application or in another application.
I.3 MICROCHIP
I.3.1
Storage medium type
The storage medium for driving licence data shall be a microchip with a contact, contactless, or combined contact and contactless (dual) interface, as specified in Annex II, item 1 of this Regulation.
I.3.2
Applications
All data on a microchip shall be stored in applications. All applications on the microchip shall be identified by a unique code called Application Identifier (AID) as specified in Annex II, item 2.
I.3.2.1
EU Driving Licence Application
Mandatory and optional driving licence data shall be stored in the dedicated EU Driving Licence application. The AID for the EU Driving Licence application shall be:
‘
A0 00 00 04 56 45 44 4C 2D 30 31
’,
consisting of:
— the Registered Application Identifier (RID) for the European Commission: ‘
A0 00 00 04 56
’,
— the Proprietary Application Identifier Extension (PIX) for the EU Driving Licence application: ‘
45 44 4C 2D 30 31
’ (EDL-01).
Data shall be grouped in Data Groups (DGs) as part of a Logical Data Structure (LDS).
DGs shall be stored as Elementary Files (EFs) in the EU Driving Licence application, and shall be protected in accordance with Annex II, item 3.
I.3.2.2
Other Applications
Other additional data shall be stored in one or more dedicated applications apart from the EU Driving Licence Application. Each such application shall be identified by a unique AID.
I.4 LOGICAL DATA STRUCTURE OF THE EU DRIVING LICENCE APPLICATION
I.4.1
Logical Data Structure
Driving Licence Data shall be stored on the microchip in a Logical Data Structure (LDS) specified in Annex II, item 4. This paragraph specifies additional requirements for the mandatory, optional and additional DGs.
Each DG shall be stored in one EF. The EFs to be used for the EU Driving Licence Application shall be identified with the Elementary File Identifiers (EFIDs) and Short EF identifiers as specified in Annex II, item 5.
I.4.2
Mandatory Data Groups
The mandatory and optional data elements shall be stored in the following DGs:
— DG 1: all mandatory and optional data elements as printed on the document, except face image and signature image,
— DG 5: image of the licence holder’s signature,
— DG 6: image of the licence holder’s face.
DG 1 data shall be structured as specified in paragraph I.6 of this Annex and as specified in Annex II, item 6. Data contained in other DGs shall be stored according to the specifications of Annex II as specified in Annex II, item 7.
I.4.3
Additional Data Groups
The additional data elements shall be stored in the following DGs:
— DG 2: details on the licence holder, except for biometric data,
— DG 3: details on issuing authority,
— DG 4: portrait image,
— DG 7: biometric data regarding fingerprint of the licence holder,
— DG 8: biometric data regarding iris of the licence holder,
— DG 11: other details, such as the full name of the holder in national characters.
Data contained in these DGs shall be stored according to the specifications of Annex II, item 8.
I.5 DATA PROTECTION MECHANISMS
Appropriate mechanisms shall be used for the validation of authenticity and integrity of the microchip and data contained in it and for restricting access to driving licence data.
Data on the microchip shall be protected according the specifications laid down in Annex II, item 3. This paragraph specifies additional requirements to be complied with.
I.5.1
Authenticity Verification
I.5.1.1
Mandatory Passive Authentication
All DGs stored in the EU Driving Licence application shall be protected with passive authentication.
Data related to passive authentication shall conform to the requirements specified in Annex II, item 9.
I.5.1.2
Optional Active Authentication
Optional Active Authentication mechanisms shall be applied to ensure that the original microchip has not been replaced.
I.5.2
Access Restriction
I.5.2.1
Mandatory Basic Access Protection
The Basic Access Protection mechanism (BAP) shall be applied for all data in the EU Driving Licence application. In the interest of interoperability with existing systems such as that using Machine Readable Travel Documents (eMRTD) it is mandatory to use the one-line Machine Readable Zone (MRZ), as specified in Annex II, item 10.
The K
doc
document key used to access the chip is generated from the one-line MRZ, which can be entered either manually or using an Optical Character Recognition (OCR) reader. The BAP 1 configuration defined for a one-line MRZ as specified in Annex II, item 10 shall be applied.
I.5.2.2
Conditional Extended Access Control
When more sensitive data are stored on the microchip, access to such data shall be restricted with additional measures.
The Extended Access Control mechanisms shall comply with the specifications of Annex II, item 11.
I.5.3
Public Key Infrastructure (PKI) for driving licences including a microchip
The single contact point defined in Article 6 shall establish the necessary national arrangements for Public Key management, in accordance with Annex A of ISO standard 18013_3.
I.6 DATA PRESENTATION
I.6.1
Formatting of data in DG 1
|
Tag |
L |
Value |
Encoding |
M/O |
||||
|
61 |
V |
DG1 Data elements (nested) |
|
|
||||
|
|
|
Tag |
L |
Value |
|
|
||
|
|
|
5F 01 |
V |
Type approval number |
ans |
M |
||
|
|
|
5F 02 |
V |
Constructed data object of demographic data elements |
|
M |
||
|
|
|
|
|
Tag |
L |
Value |
|
|
|
|
|
|
|
5F 03 |
3 |
Issuing Member State |
a3 |
M |
|
|
|
|
|
5F 04 |
V |
Surname(s) of the holder |
as |
M |
|
|
|
|
|
5F 05 |
V |
Other name(s) of the holder |
as |
M |
|
|
|
|
|
5F 06 |
4 |
Date of birth (ddmmyyyy) |
n8 |
M |
|
|
|
|
|
5F 07 |
V |
Place of birth |
ans |
M |
|
|
|
|
|
5F 08 |
3 |
Nationality |
a3 |
O |
|
|
|
|
|
5F 09 |
1 |
Gender |
M/F/U |
O |
|
|
|
|
|
5F 0A |
4 |
Date of issue of the licence (ddmmyyyy) |
n8 |
M |
|
|
|
|
|
5F 0B |
4 |
Date of expiry of the licence (ddmmyyyy) |
n8 |
M |
|
|
|
|
|
5F 0C |
V |
Issuing authority |
ans |
M |
|
|
|
|
|
5F 0D |
V |
Administrative number (other than document number) |
ans |
O |
|
|
|
|
|
5F 0E |
V |
Document number |
an |
M |
|
|
|
|
|
5F 0F |
V |
Permanent place of residence, or postal address |
ans |
O |
|
|
|
7F 63 |
V |
Constructed data object of categories of vehicles/restrictions/conditions |
|
M |
||
|
|
|
|
|
Tag |
L |
Value (coded as defined below) |
|
|
|
|
|
|
|
02 |
1 |
Number of categories/restrictions/conditions |
N |
M |
|
|
|
|
|
87 |
V |
Category/restriction/condition |
ans |
M |
|
|
|
|
|
87 |
V |
Category/restriction/condition |
ans |
O |
|
|
|
|
|
… |
… |
… |
… |
… |
|
|
|
|
|
87 |
V |
Category/restriction/condition |
ans |
O |
I.6.2
Logical record format
The categories regarding vehicles, restrictions or conditions shall be compiled in a data object following the structure specified in the following table:
|
Vehicle category code |
Date of issue |
Date of expiry |
Code |
Sign |
Value |
where:
— vehicle category codes shall be presented as defined in Article 4 of Directive 2006/126/EC (such as AM, A1, A2, A, B1, B, etc.),
— date of issue shall be presented in the format DDMMYYYY (day in two digits followed by month in two digits followed by year in four digits) for the vehicle category,
— date of expiry shall be presented in the format DDMMYYYY (day in two digits followed by month in two digits followed by year in four digits) for the vehicle category,
— code, sign and value refer to additional information or restrictions relating to the vehicle category or the driver.
ANNEX II
List of applicable standards for driving licences which include a storage medium
|
Item |
Subject |
Requirement |
Applicable to |
|
1 |
Storage medium interface, organisation and commands |
ISO/IEC 7816 series (contact), ISO/IEC 14443 series (contactless) as referred to in ISO/IEC 18013-2:2008, Annex C |
Annex I, paragraph I.3.1 |
|
2 |
Application identifier |
ISO/IEC 7816-5:2004 |
Annex I, paragraph I.3.2 |
|
3 |
Data protection mechanisms |
ISO/IEC 18013-3:2009 |
Annex I, paragraph I.3.2.1 Annex I, paragraph I.5 |
|
4 |
Logical data structure |
ISO/IEC 18013-2:2008 |
Annex I, paragraph I.4.1 |
|
5 |
Elementary file identifiers |
ISO/IEC 18013-2:2008 Table C.2 |
Annex I, paragraph I.4.1 |
|
6 |
Data presentation for DG 1 |
ISO 18013-2:2008, Annex C.3.8 |
Annex I, paragraph I.4.2 Annex I, paragraph I.6.1 |
|
7 |
Mandatory data presentation for DG 5 and DG 6 |
ISO/IEC 18013-2:2008, Annex C.6.6 and Annex C.6.7, face image and signature image to be stored in JPEG or JPEG2000 format |
Annex I, paragraph I.4.2 |
|
8 |
Optional and additional data presentation |
ISO/IEC 18013-2:2008, Annex C |
Annex I, paragraph I.4.3 |
|
9 |
Passive authentication |
ISO/IEC 18013-3:2009, paragraph 8.1, data shall be stored in EF.SOd (Document Security Object) in the LDS |
Annex I, paragraph I.5.1.1 |
|
10 |
Basic access restriction |
ISO/IEC 18013-3:2009 and its Amendment 1 |
Annex I, paragraph I.5.2.1 |
|
Basic access restriction configuration |
ISO/IEC 18013-3:2009, Annex B.8 |
||
|
11 |
Extended access restriction |
Technical Guideline TR-03110, Advanced Security Mechanisms for Machine Readable Travel Documents – Extended Access Control (EAC), Version 1.11 |
Annex I, paragraph I.5.2.2 |
|
12 |
Test methods |
ISO 18013-4:2011 |
Annex III, Paragraph III.1 |
|
13 |
Security certificate |
Evaluation Assurance Level 4 augmented (EAL 4+) or equivalent |
Annex III, paragraph III.2 |
|
14 |
Functional certificate |
Smart card testing according to ISO 10373 series |
Annex III, paragraph III.3 |
ANNEX III
Procedure for EU type-approval of driving licences which include a microchip
III.1 GENERAL PROVISIONS
Manufacturers applying for an EU type-approval of driving licences including a microchip shall present a security certificate and a functional certificate.
Any intended modification to the production process, including software, shall be subject to a prior notification to the authority which granted type-approval. The authority may require further information and tests before accepting the modification.
Tests shall follow the methods laid down in item 12 of Annex II to this Regulation.
III.2 SECURITY CERTIFICATE
For the security evaluation, driving licence microchips shall be evaluated according to the criteria specified in Annex II, item 13.
A security certificate shall only be delivered upon successful evaluation of the ability of the microchip to resist attempts to tamper with or alter data.
III.3 FUNCTIONAL CERTIFICATE
A functional evaluation of driving licences including a microchip shall be laboratory- tested in accordance with the criteria specified in Annex II, item 14.
Member States implementing a microchip on driving licences shall ensure that the relevant functional standards and the requirements of Annex I are complied with.
A functional certificate shall be delivered to the manufacturer once:
— there is a valid security certificate for the microchip,
— compliance with requirements of Annex II has been demonstrated, and
— functional tests have been passed successfully.
The relevant Member State authority is responsible for issuing the functional certificate. The functional certificate shall indicate the identity of the issuing authority, the identity of the applicant, the identification of the microchip and a detailed list of the tests and their results.
III.4 EU TYPE-APPROVAL CERTIFICATE
III.4.1
Model certificate
Member States shall deliver the EU type-approval certificate on the presentation of security and functional certificates as provided in this Annex. EU type-approval certificates shall comply with the model in Annex IV.
III.4.2
Numbering system
The EU type-approval numbering system shall consist of:
(a) The letter ‘e’ followed by a distinguishing number for the Member State which has granted the EU type-approval
— 1
for Germany
— 2
for France
— 3
for Italy
— 4
for the Netherlands
— 5
for Sweden
— 6
for Belgium
— 7
for Hungary
— 8
for the Czech Republic
— 9
for Spain
— 11
for the United Kingdom
— 12
for Austria
— 13
for Luxembourg
— 17
for Finland
— 18
for Denmark
— 19
for Romania
— 20
for Poland
— 21
for Portugal
— 23
for Greece
— 24
for Ireland
— 26
for Slovenia
— 27
for Slovakia
— 29
for Estonia
— 32
for Latvia
— 34
for Bulgaria
— 36
for Lithuania
— 49
for Cyprus
— 50
for Malta.
(b) The letters DL preceded by a hyphen and followed by the two figures indicating the sequence number assigned to this Regulation or latest major technical amendment to this Regulation. The sequence number for this Regulation is 00.
(c) A unique identification number of the EU type-approval attributed by the issuing Member State.
Example of the EU type-approval numbering system: e50-DL00 12345
The approval number shall be stored on the microchip in DG 1 for each driving licence carrying such microchip.
ANNEX IV
Model for the EU type-approval certificate concerning driving licences which include a microchip
Name of the competent authority: …
Notification concerning(1):
— approval
— withdrawal of approval
of an EU Driving Licence including a microchip
Approval No: …
1.
Manufacturing brand or trademark: …
2.
Name of model: …
3.
Name of manufacturer or of its representative, where applicable: …
…
4.
Address of manufacturer or of its representative, where applicable: …
…
5.
Laboratory test reports:
5.1
Security Certificate No: … Date: …
Issued by: …
5.2
Functional Certificate No: … Date: …
Issued by: …
6.
Date of approval: …
7.
Date of withdrawal of approval: …
8.
Place: …
9.
Date: …
10.
Descriptive documents in Annex: …
11.
Signature: …
(1) Tick the relevant box.
Feedback