Digital Identity
Standards and Interoperability

Identity at European scale

Identity at European scale only works if every participant speaks the same protocols. Semansys implements the open standards that make relying-party integration a technical fact rather than a bilateral agreement.

Regulatory framework

The legal foundation is Regulation (EU) No 910/2014 (eIDAS) as amended by Regulation (EU) 2024/1183, which introduced the European Digital Identity Wallet framework and mandatory recognition obligations for wallet credentials across member states. Semansys tracks implementing acts and ARF releases as they are published and implements against the current stable specification.

Semansys is a relying party in this framework, not a trust service provider. The distinction matters: Semansys is not listed on any EU Trusted List and does not issue credentials that carry legal effect under eIDAS 2.0. What Semansys does is implement the relying-party side of the standards stack correctly, so that credentials issued by authorised parties are accepted and verified in accordance with the framework.

What the standards layer covers

The European Digital Identity framework defines open, interoperable standards for three distinct functions: how credentials are issued from an authorised trust service provider into a wallet, how credentials are stored and managed in a conformant wallet, and how credentials are presented from a wallet to a relying party for verification.

Semansys implements the third function: the presentation and verification layer. This covers the protocols by which a counterparty’s wallet responds to a verification request, the credential formats in which attributes are disclosed, and the data model that defines what a valid credential looks like. The specific protocol names in this layer are defined by the ARF and its implementing acts, and are evolving as the framework matures. Semansys tracks those releases and updates its implementation accordingly.

The first two functions, issuance and wallet operation, are the domain of authorised trust service providers and wallet providers. Semansys does not operate in those layers.

Trust list consumption

Semansys consumes publicly available EU Trusted Lists to resolve issuer public keys and confirm that the claimed issuing authority is a recognised trust service provider. This is a standard relying-party operation: the Trusted Lists are public infrastructure maintained by member states, and consuming them does not require QTSP status.

Where a presented credential’s issuer cannot be resolved against a recognised Trusted List entry, Semansys returns a verification failure. We do not accept credentials from unresolvable issuers.

This is distinct from operating as a trust service provider. Semansys does not publish entries on any Trusted List, does not issue credentials backed by Trusted List status, and does not provide qualified trust services in the eIDAS sense.

Interoperability with Semansys’s existing standards participation

Semansys is accredited as a Peppol Access Point and participates in Peppol standards development. Peppol is moving toward deeper integration with eIDAS 2.0 trust services, including potential use of wallet-based credentials in four-corner delivery flows. Semansys participates in the EBW Technical Work Sub-Group of the European Digital Identity Cooperation Group, tracking how these standards converge and positioning clients to adopt integrated flows as they become available.

Our certifications

XBRL
Certified
GDPR
ready
Peppol Access
Point Certified
Provider
SOC2
TYPE II
ISO
9001:2015
ISO
27001:2022
ISO
20000-1:2018
ISO
22301
ISO
42001:2023
Visit our trust page and security center to view all cerfitications.
Learn more