digeorgi
commented
6 days ago Thank you for your input. Registration of Wallet Providers in a Trusted List is required by the Regulation to ensure that PID Providers and Attestation Providers can trust that they issue their attestations only to certified Wallet Instances managed by trusted Wallet Providers.
However, this is not a technical limitation, but a limitation of the Regulation. There should be a solution to allow third countries to be part of the trust infrastructure, like was done for qualified electronic signatures.
Description
Name: Heather Dahl, Ken Ebert, Indicio
ARF Chapter: 6.2.2 Wallet Provider registration and notification “shows that a Wallet Provider registers itself and its Wallet Solution with a Wallet Provider Registrar in its Member State. Subsequently, the Member State notifies the Wallet Provider to the European Commission.” and 6.2.3 Wallet Provider suspension or withdrawal: “As a result of de-registration, PID Providers, Attestation Providers and Relying Parties will no longer trust the trust anchors of the Wallet Provider and will therefore refuse to interact with any Wallet Instance provided by that Wallet Provider.”
Recommendation: This limits participation to only wallets developed within the EU and its member states, since any organization outside the EU does not have a mechanism to register a wallet solution. Since all interactions between the wallet and PID Provider or the Attestation Provider or Relying Party are limited to currently registered wallets, no PID or attestations can originate outside of the EU for verification within the EU and no EU data can be shared with a non-EU wallet for use in international travel, for example. Highlight the ‘authorization’ of the wallet and allow participants to decide.