Commission Implementing Regulation (EU) 2025/2531 of 16 December 2025 laying down rules for the application of Regulation (EU) No 910/2014 of the European Parliament and of the Council as regards reference standards and specifications for qualified electronic ledgers

THE EUROPEAN COMMISSION,

Having regard to the Treaty on the Functioning of the European Union,

Having regard to Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (1), and in particular Article 45l(3) thereof,

Whereas:

(1) By Regulation (EU) 2024/1183 of the European Parliament and of the Council (2), a list of new trust services and qualified trust services, including the recording of electronic data in a qualified electronic ledger, was introduced in Regulation (EU) No 910/2014. The Commission is to establish a list of reference standards and, where necessary, establish specifications for such services.

(2) An electronic ledger is a sequence of electronic data records which is to ensure the integrity of those data records and the accuracy of the chronological ordering of those records. In order to ensure that the recording of data in a qualified electronic ledger is chronologically ordered, consistent and reliable, it is necessary to establish a common set of specifications for the recording of electronic data in a qualified electronic ledger.

(3) The presumption of compliance laid down in Article 45l(2) of Regulation (EU) No 910/2014 should only apply where qualified trust services for the recording of electronic data in a qualified electronic ledger comply with the standards set out in this Regulation. These standards should reflect established practices and be widely recognised within the relevant sectors. They should be adapted to include additional controls ensuring the security and trustworthiness of the qualified trust service.

(4) If a trust service provider adheres to the requirements set out in the Annex to this Regulation, supervisory bodies should presume compliance with the relevant requirements of Regulation (EU) No 910/2014 and duly consider such presumption for granting or confirming the qualified status of the trust service. However, a qualified trust services provider may still rely on other practices to demonstrate compliance with the requirements of Regulation (EU) No 910/2014.

(5) The Commission regularly assesses new technologies, practices, standards or technical specifications. In accordance with Recital 75 of Regulation (EU) 2024/1183, the Commission should review and, if necessary, update this Regulation, to keep it in line with global developments, new technologies, practices, standards or technical specifications and to follow the best practices on the internal market.

(6) Regulation (EU) 2016/679 of the European Parliament and of the Council (3) and, where relevant, Directive 2002/58/EC of the European Parliament and of the Council (4) apply to the personal data processing activities under this Regulation, taking also into consideration the European Data Protection Board ‘Guidelines 02/2025 on processing of personal data through blockchain technologies’ (5).

(7) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council (6) and delivered its opinion on 21 October 2025 (7).

(8) The measures provided for in this Regulation are in accordance with the opinion of the committee established by Article 48 of Regulation (EU) No 910/2014,

HAS ADOPTED THIS REGULATION:

Article 1

Reference standards and specifications

The reference standards and specifications referred to in Article 45l(3) of Regulation (EU) No 910/2014 are set out, for qualified electronic ledgers, in the Annex to this Regulation.

Article 2

Entry into force

This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.

This Regulation shall be binding in its entirety and directly applicable in all Member States.

Done at Brussels, 16 December 2025.

For the Commission The President Ursula VON DER LEYEN

(1) OJ L 257, 28.8.2014, p. 73, ELI: http://data.europa.eu/eli/reg/2014/910/oj.

(2) Regulation (EU) 2024/1183 of the European Parliament and of the Council of 11 April 2024 amending Regulation (EU) No 910/2014 as regards establishing the European Digital Identity Framework (OJ L, 2024/1183, 30.4.2024, ELI: http://data.europa.eu/eli/reg/2024/1183/oj).

(3) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1, ELI: http://data.europa.eu/eli/reg/2016/679/oj).

(4) Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) (OJ L 201, 31.7.2002, p. 37, ELI: http://data.europa.eu/eli/dir/2002/58/oj).

(5) edpb_guidelines_202502_blockchain_en.pdf.

(6) Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39, ELI: http://data.europa.eu/eli/reg/2018/1725/oj).

(7) EDPS Formal comments on the draft Implementing Regulation laying down rules for the application of Regulation (EU) No 910/2014 as regards reference standards and specifications for qualified electronic ledgers.