Identity at European scale
Regulatory framework
The legal foundation is Regulation (EU) No 910/2014 (eIDAS) as amended by Regulation (EU) 2024/1183, which introduced the European Digital Identity Wallet framework and mandatory recognition obligations for wallet credentials across member states. Semansys tracks implementing acts and ARF releases as they are published and implements against the current stable specification.
Semansys is a relying party in this framework, not a trust service provider. The distinction matters: Semansys is not listed on any EU Trusted List and does not issue credentials that carry legal effect under eIDAS 2.0. What Semansys does is implement the relying-party side of the standards stack correctly, so that credentials issued by authorised parties are accepted and verified in accordance with the framework.


What the standards layer covers
The European Digital Identity framework defines open, interoperable standards for three distinct functions: how credentials are issued from an authorised trust service provider into a wallet, how credentials are stored and managed in a conformant wallet, and how credentials are presented from a wallet to a relying party for verification.
Semansys implements the third function: the presentation and verification layer. This covers the protocols by which a counterparty’s wallet responds to a verification request, the credential formats in which attributes are disclosed, and the data model that defines what a valid credential looks like. The specific protocol names in this layer are defined by the ARF and its implementing acts, and are evolving as the framework matures. Semansys tracks those releases and updates its implementation accordingly.
The first two functions, issuance and wallet operation, are the domain of authorised trust service providers and wallet providers. Semansys does not operate in those layers.
Trust list consumption
Semansys consumes publicly available EU Trusted Lists to resolve issuer public keys and confirm that the claimed issuing authority is a recognised trust service provider. This is a standard relying-party operation: the Trusted Lists are public infrastructure maintained by member states, and consuming them does not require QTSP status.
Where a presented credential’s issuer cannot be resolved against a recognised Trusted List entry, Semansys returns a verification failure. We do not accept credentials from unresolvable issuers.
This is distinct from operating as a trust service provider. Semansys does not publish entries on any Trusted List, does not issue credentials backed by Trusted List status, and does not provide qualified trust services in the eIDAS sense.


Interoperability with Semansys’s existing standards participation
Semansys is accredited as a Peppol Access Point and participates in Peppol standards development. Peppol is moving toward deeper integration with eIDAS 2.0 trust services, including potential use of wallet-based credentials in four-corner delivery flows. Semansys participates in the EBW Technical Work Sub-Group of the European Digital Identity Cooperation Group, tracking how these standards converge and positioning clients to adopt integrated flows as they become available.
Our certifications
Certified
ready
Point Certified
Provider
TYPE II
9001:2015
27001:2022
20000-1:2018
22301
42001:2023