Commission Implementing Regulation (EU) 2025/2243 of 6 November 2025 laying down detailed specifications regarding the functional requirements for eFTI platforms in accordance with Regulation (EU) 2020/1056 of the European Parliament and of the Council

THE EUROPEAN COMMISSION,

Having regard to the Treaty on the Functioning of the European Union,

Having regard to Regulation (EU) 2020/1056 of the European Parliament and of the Council of 15 July 2020 on electronic freight transport information (1), and in particular Article 9(2) thereof,

Whereas:

(1) Regulation (EU) 2020/1056 requires competent authorities in the Member States to accept regulatory information when made available electronically by the economic operators concerned in compliance with the requirements laid down in that Regulation and, more specifically, by means of electronic freight transport information (eFTI) platforms that are certified to comply with the requirements laid down in that Regulation.

(2) Economic operators concerned, as well as ICT solution providers, should be able to flexibly re-use ICT solutions that are currently used in the transport and logistics sector, such as for managing internal business process flows and communications with business partners in the supply chain, in order to develop eFTI platforms. The possibility to build on existing solutions would enable the faster and cost-efficient development of eFTI platforms and facilitate faster and wider uptake of eFTI by economic operators concerned without significant technological investment or business process burden.

(3) Pursuant to Article 12 of Regulation (EU) 2020/1056, a certification process of eFTI platforms should be put in place, whereby compliance with the requirements laid down in Article 9(1) of that Regulation is to be assessed. Once certification has been issued by a conformity assessment body accredited in one of the Member States in accordance with Regulation (EC) No 765/2008 of the European Parliament and of the Council (2), it will be valid in all Member States. The detailed common functional and technical specifications for the functioning of the eFTI platforms laid down in this Regulation should therefore allow the Commission to define at a later stage, pursuant to Article 12 of Regulation (EU) 2020/1056, the detailed rules necessary to ensure uniform assessment of the compliance of eFTI platforms in view of their certification.

(4) Commercial data sensitivity remains an important factor influencing the willingness of economic operators to share data electronically. In order to build the confidence of economic operators concerned, the requirements for eFTI platforms should ensure that the data stored by economic operators on eFTI platforms is made available to competent authorities only based on secure and authenticated connections with the systems used by competent authorities. Furthermore, the data made available to competent authorities should be limited to information requirements specified in the requests for access to eFTI data, and only when these requests are transmitted by competent authorities in accordance with the functional and technical specifications laid down in Commission Implementing Regulation (EU) 2024/1942 (3). For the same reason, economic operators concerned should receive information, including through real time notifications, on all requests for access by competent authorities to the data they made available on the eFTI platform, including, when lodged, of the corresponding follow-up communications.

(5) Implementing Regulation (EU) 2024/1942 lays down common procedures and detailed rules for the accessing and processing by competent authorities of information made available by economic operators concerned on eFTI platforms. This includes specific functional and technical requirements for communication between the ICT systems used by the competent authorities and the eFTI platforms. To ensure interoperability and seamless communication between the systems used by the competent authorities and the eFTI platforms, the common functional and technical requirements for eFTI platforms should be compatible with those laid down for the systems used by the competent authorities.

(6) Access by economic operators to eFTI platforms should also be ensured through secure and transparent access management mechanisms. Only authorised users should be able to access and process eFTI data on behalf of economic operators. Authorisations should be based on processing rights that are clearly identified and are issued under the control of the economic operators that hold rights or obligations in relation to that data, pursuant to applicable EU or national law or specific commercial agreements. At the same time, authorisations should be granted only to users that have been reliably identified and authenticated using electronic identification means compliant with the requirements laid down in Regulation (EU) No 910/2014 of the European Parliament and of the Council (4). Such access management mechanisms should build trust among economic operators to share their eFTI data at source and would therefore eliminate the need for multiple data storage points and reduce associated costs and complexities in data management and synchronisation, among others.

(7) The provisions referred to in Article 2(1) of Regulation (EU) 2020/1056 allow economic operators concerned, in most cases, to re-use business-to-business documents to provide the required freight transport information. The detailed specifications laid down in this Regulation should follow the same spirit, by focusing on how freight transport information should be shared electronically with the competent authorities. They should not lay down requirements for the electronic format and use of business documents, in order not to impact freight transport information beyond the scope of Regulation (EU) 2020/1056 or the flexibility of economic operators in preparing and exchanging information in business-to-business contexts. It is therefore appropriate that this Regulation lays down specifications for the composition of the eFTI data set that enable economic operators concerned to prove, by sharing the same data only once, compliance with the applicable Union and national regulatory information requirements referred to in Article 2(1) of Regulation (EU) 2020/1056. The eFTI data set should be composed in accordance with the specifications for the eFTI common data set and eFTI data subsets laid down in the Annex to Commission Delegated Regulation (EU) 2024/2024 (5). When providing the information for the eFTI data set, economic operators should be able to re-use, to the largest extent possible, information available in their internal electronic data management systems, such as enterprise resource planning or transportation management systems, which they use to manage commercial transport documents such as consignment notes or transport orders.

(8) Pursuant to Article 4 of Regulation (EU) 2020/1056, the economic operators concerned are not obliged to make data available electronically to the competent authorities, as they continue to retain the right to present the regulatory information on freight transport in the form of paper documents. eFTI platform operators should therefore ensure that the economic operators concerned are informed that, by processing data on the eFTI platform, they agree that the regulatory information on freight transport recorded and otherwise processed as eFTI data on an eFTI platform is made available by that platform to the competent authorities, on behalf of the respective operator concerned, whenever the platform receives requests for access to eFTI data by the competent authorities transmitted in accordance with the requirements of Implementing Regulation (EU) 2024/1942. The eFTI platform operators should also ensure that operators are informed that, by processing data on the eFTI platform, they agree that the eFTI platform makes the corresponding data processing logging records available for auditing in accordance with applicable EU or national law.

(9) Article 27(3) of Regulation (EU) 2024/1157 of the European Parliament and of the Council (6) provides for interoperability with the eFTI exchange environment of the central system for the electronic submission and exchanges of waste shipments information and documents between economic operators concerned and competent authorities, also referred to as the digital waste shipment system (DIWASS), established in accordance with that Regulation. Furthermore, Article 5(2) of Commission Implementing Regulation (EU) 2025/1290 (7) specifies that users representing economic operators concerned acting as carriers for the shipment of waste may connect to DIWASS by means of an eFTI platform interconnected with that system through an application programming interface. To ensure interoperability between the eFTI platforms and DIWASS, it is necessary to lay down specifications for exchanging waste information falling under the scope of Regulation (EU) 2020/1056, as referred to in Article 2(1), point (a)(iv) of that Regulation. This interoperability will make it easier for carriers that perform waste transport operations to prove compliance, by electronic means, both with requirements for availability of regulatory information during the transport operation, as provided for in the provisions referred to in Article 2(1) of Regulation (EU) 2020/1056, and with the requirements on the provision of waste shipments information laid down in Regulation (EU) 2024/1157.

(10) The data that economic operators record on eFTI platforms will have substantial commercial value, both to allow economic operators concerned to prove compliance with administrative requirements and as a basis for commercial transactions, provision of services, and business monitoring and planning. It is therefore essential that, in addition to rigorous access management policies, eFTI platform operators put in place measures that ensure the continuous accessibility, preservation and security of that data, whether it is stored on physical storage devices under the control of the eFTI platform operator or in data clouds purchased as part of data storage services. To that end, and without affecting applicable EU or national cybersecurity requirements, eFTI platform operators should adhere to the latest international best practices and standards on data privacy and data security, such as ISO 27001, ISO 27017 and ISO 27701. When personal data are processed in the context of the application of this implementing regulation, Regulation (EU) 2016/679 of the European Parliament and of the Council (8) applies.

(11) To enable eFTI platform operators to take account of continuously evolving technical developments and standards, the detailed specifications laid down in this Regulation should not go beyond necessary requirements to ensure functional and minimum technical interoperability with other components within the eFTI exchange environment, as provided for in Implementing Regulation (EU) 2024/1942. At the same time, seamless interoperability between these different ICT components cannot be achieved without a set of common and detailed technical specifications that can be easily updated and shared among all stakeholders. Technical guidance documents should therefore be developed to support the implementation of this Regulation, involving stakeholders from both the public and the private sector, and in particular the working group of experts appointed by the Member States to act as a network of operational support in accordance with Article 13 of Implementing Regulation (EU) 2024/1942, and relevant working groups or sub-groups of the Digital Transport and Logistics Forum Expert Group (9).

(12) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council (10) and delivered an opinion on 8 July 2025.

(13) The measures provided for in this Regulation are in accordance with the opinion of the committee established by Article 15(1) of Regulation (EU) 2020/1056,

HAS ADOPTED THIS REGULATION:

CHAPTER I

GENERAL PROVISIONS

Article 1

Definitions

For the purposes of this Regulation, the following definitions apply:

(1) ‘ICT system’ means an organised assembly of information and communications technologies (ICT) including hardware, software and networks united and regulated by interaction or interdependence to accomplish a set of specific functions;

(2) ‘tributary ICT system’ means an identifiable ICT system external to an eFTI platform, including another eFTI platform, by means of which business users connect to an eFTI platform to access and process eFTI data;

(3) ‘eFTI data’ means data corresponding to regulatory information as defined in Article 3(1) of Regulation (EU) 2020/1056;

(4) ‘eFTI platform operator’ means a natural or legal person who is deemed legally responsible for the appropriate functioning of an eFTI platform;

(5) ‘eFTI Gate’ means an ICT component or a set of ICT components performing the functionalities set out in Article 6 of Implementing Regulation (EU) 2024/1942;

(6) ‘business user’ means a natural or legal person who constitutes or is authorised to represent an economic operator concerned in accordance with Regulation (EU) 2020/1056, or another economic operator who constitutes a data holder in accordance with paragraph 23, and who processes data on an eFTI platform on behalf of that economic operator concerned or other data holder;

(7) ‘login session’ means a restricted period of time during which a business user is given access to an eFTI platform;

(8) ‘consignment movement’ means the transport of a collection of goods by a single own-powered means of transport, with or without transport equipment such as trailer, pallet or container, from the same place of loading or taking over to the same place of unloading or handover, under the terms of a single transport contract;

(9) ‘eFTI consignment movement data set’ or ‘eFTI CMDS’ means a uniquely identified eFTI data set composed of the eFTI data that, together, constitute the regulatory information on freight transport related to a specific consignment movement;

(10) ‘applicable regulatory information requirements’ means the regulatory information requirements referred to in Article 2(1) of Regulation (EU) 2020/1056 that apply to a specific consignment movement;

(11) ‘identifiers of the eFTI data subsets’ means the identifiers in the format ‘EUyy’ or ‘XXyy’ of the eFTI data subsets established in Sections 3 and 4 of the Annex to Delegated Regulation (EU) 2024/2024;

(12) ‘UUID of the eFTI CMDS’ means the unique number, as referred to Article 11(2), point (c) of Implementing Regulation (EU) 2024/1942, which is allocated automatically by an eFTI platform to an eFTI data set constituting an eFTI CMDS;

(13) ‘unique identification number of the request’ means the unique number of a request for access to eFTI data lodged by a competent authority officer, issued and allocated to the request in accordance with Article 3(2), point (c) of Implementing Regulation (EU) 2024/1942;

(14) ‘follow-up communication’ means the communication between competent authorities and the economic operators concerned as defined in Article 1, point (6) of Implementing Regulation (EU) 2024/1942;

(15) ‘human-to-machine user interface’ means a web or application based graphical user interface that allows natural persons to perform data processing operations on an eFTI platform;

(16) ‘electronic identification means’ means a material or immaterial unit containing person identification data and which is used for authentication purposes to access an online service or, where appropriate, an offline service;

(17) ‘electronic identification scheme’ means a system for electronic identification under which electronic identification means are issued to natural or legal persons or natural persons representing other natural persons or legal persons;

(18) ‘authentication’ means an electronic process that enables the confirmation of the electronic identification of a natural or legal person or the confirmation of the origin and integrity of data in electronic form;

(19) ‘advanced electronic signature’ means an electronic signature that meets the requirements laid down in Article 26 of Regulation (EU) No 910/2014;

(20) ‘advanced electronic seal’ means an electronic seal that meets the requirements laid down in Article 36 of Regulation (EU) No 910/2014;

(21) ‘onboarded user’ means a business user for whom the identification, authentication and authorisation has been done in accordance with the requirements established in Article 4(2), point (a);

(22) ‘non-onboarded user’ means a business user that is allowed to access an eFTI platform based only on temporary access and processing rights, issued in accordance with the requirements established in Article 5(1) point (b);

(23) ‘data holder’ means a natural or legal person that has the right or obligation, in accordance with applicable Union law, national legislation, or private contractual agreements to use and make available data that also constitute regulatory information in accordance with the requirements referred to in Article 2(1) of Regulation (EU) 2020/1056;

(24) ‘primary authoriser’ means an onboarded business user who is allowed to modify the information recorded in an onboarded user profile, including the setting up or deletion of a user profile;

(25) ‘temporary authoriser’ means an onboarded business user who is allowed to issue temporary data processing rights to non-onboarded users;

(26) ‘two-factor authentication’ means an identity and access management security method that requires two forms of identification to access an eFTI platform;

(27) ‘certification mark’ means a coded reference to the eFTI platform attesting the validity of its certification status, which should accompany all information made available to competent authorities by means of a certified eFTI platform, in accordance with Article 12(3) of Regulation (EU) 2020/1056;

(28) ‘digital waste shipment system’ (DIWASS) means the central system referred to in Article 27(3) of Regulation (EU) 2024/1157;

(29) ‘waste shipments operator’ means an operator as defined in Article 2(2), point (13) of Implementing Regulation (EU) 2025/1290;

(30) ‘waste shipment documents’ means the documents referred to in Article 9(2), Article 16(1) and Article 18(4) of Regulation (EU) 2024/1157;

(31) ‘combined transport details’ means the regulatory information referred to in Article 3 of Council Directive 92/106/EEC (11);

(32) ‘qualified electronic time stamp’ means an electronic time stamp that meets the requirements laid down in Article 42 of Regulation (EU) No 910/2014.

Article 2

eFTI platforms system architecture

The system architecture of eFTI platforms shall consist of any combination of ICT components or systems that comply with the requirements laid down in this Regulation.

CHAPTER II

ACCESS TO eFTI PLATFORMS

Article 3

Access to eFTI platforms by competent authorities