Article 19, which is the main focus of this document, of the eIDAS Regulation, states that Trust Service Providers have to demonstrate due diligence, in relation to the identification of risks and adoption of appropriate security practices, and…
Trust Services-Secure move to the cloud of the eIDAS ecosystem
This report includes a detailed analysis on the different technical requirements that must be addressed considering the relevant standards. It also gives an overview of practical experiences on the move of trust services to the cloud, based on the…
Security guidelines on the appropriate use of qualified website authentication certificates
This document addresses qualified certificates for website authentication and is one out of a series of five documents which aim to assist parties wishing to use qualified electronic signatures, seals, time stamps, eDelivery or website…
Stock taking of security requirements set by different legal frameworks on OES and DSPs
In order to support organisations in their process of identifying appropriate security measures, based on the provisions of both NISD and GDPR, this report uses as basis the pre-existing ENISA guidance and presents a mapping of already identified…
Security guidelines on the appropriate use of qualified electronic registered delivery services
This document addresses qualified electronic registered delivery services and is one out of a series of five documents which aim to assist parties wishing to use qualified electronic signatures, seals, time stamps, eDelivery or website…
Towards a framework for policy development in cybersecurity - Security and privacy considerations in autonomous agents
One of the key aspects in autonomous systems is the data collected, mainly for supporting the demanding functionality in a qualitative and timely manner. The current study highlights a number of relevant security and privacy considerations, such as…
DNS Identity
This report provides a view of authentication and verification of domain name owners in the context of domain name registration. It identifies the security challenges, good practices, security controls and associated risks in the domain name…
Crypto Assets: Introduction to Digital Currencies and Distributed Ledger Technologies
This report aims to increase the understanding
of blockchain technologies. It aims to explain the underlying technical concepts and how they relate to each other. The goal is to explain the components,
and illustrate their use by pointing to…
Privacy and data protection in mobile applications
The scope of the report is to provide a meta-study on privacy and data protection in mobile apps by analysing the features of the app development environment that impact privacy and security, as well as defining relevant best-practices, open issues…
Recommendations on shaping technology according to GDPR provisions - An overview on data pseudonymisation
The scope of this report is to explore the concept of pseudonymisation alongside different pseusonymisation techniques and their possible implementation. The report is part of ENISA's work in the area of privacy and data protection, which focuses on…