| # | Statement | Scope | Primary Consideration | Other Considerations | Link | Status | Tasks |
|---|
| 1_B_CC | The Issuer must ensure the existence of functionality allowing selective data release. | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| Allow selective data release | | - Type your task here, using "@" to assign to a user and "//" to select a due date
|
| 2_ABC_IS | All identifying data shall be transacted through encrypted channels. | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| Encrypted channels | | - Type your task here, using "@" to assign to a user and "//" to select a due date
|
| 3_C_OT | Transparency to Holder at mobile credential presentment | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| Transparency at presentment | | - Type your task here, using "@" to assign to a user and "//" to select a due date
|
| 4_A_DM | Verifiers shall not request more than the strictly necessary PII for the provision of their services, such as a proof of age. | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
|
| | - Requirement using template to be created
-
|
| 5_A_CC | Verifiers shall request user consent prior the transmission of their PII. User consent shall be requested in a clear and comprehensible way. If PII are disclosed for different purposes, the specific PII and respective purposes shall be displayed to the user. | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
|
| | - Requirement using template to be created
-
|
| 6_A_UR | Verifiers shall state a retention period for PII in their consent request. | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
|
| | - Requirement using template to be created
-
|
| 7_A_UR | Verifiers shall not store any PII when it is not required for the provision of their services. | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
|
| | - Requirement using template to be created
-
|
| 8_A_PL | Verifiers shall not fall into collusive practices with Issuing Authorities or other Verifiers for user re-identification. | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
|
| | - Requirement using template to be created
-
|
| 9_A_IS | Verifiers shall adopt appropriate measures to ensure the security of stored PII. | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
|
| | - Requirement using template to be created
-
|
| 10_A_OT | Verifiers shall guarantee appropriate means to ensure that user can access and request the erasure of their PII. | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
|
| | - Requirement using template to be created
-
|
| 11_A_AC | Verifiers shall maintain appropriate registries and ensure access to Law Enforcement Authorities for accountability purposes. | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
|
| | - Requirement using template to be created
-
|
| 12_A_DM | Verifiers shall not combine any PII for the purpose of re-identifying the data subject, unless specifically informed and justified. | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
|
| | - Requirement using template to be created
-
|
| 13 | - Type your task here, using "@" to assign to a user and "//" to select a due date
Verifiers must only request the minimum data required for their transaction | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| Verifiers must only request the minimum data required for their transaction | | - Type your task here, using "@" to assign to a user and "//" to select a due date
|
| 14 | Providers must communicate to users any attestations associated with a verifier | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| Providers must communicate to users any attestations associated with a verifier | |
|
| 15 | Verifiers must attest their use-cases - which in turn defines the data they will need to collect and its retention policy | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| Verifiers must attest their use-cases - which in turn defines the data they will need to collect and its retention policy | |
|
| 16 | Verifiers must identify themselves | - Part A: Verifiers
- Part B: Issuers
- Part C: Providers
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| - CC (Consent and Choice)
- PL (Purpose legitimacy and specification)
- CL (Collection limitation)
- DM (Data minimization)
- UR (Use, retention, and disclosure limitation)
- AQ (Accuracy and quality)
- OT (Openness, transparency, and access)
- IA (Individual access & participation)
- AC (Accountability)
- IS (Information Security)
- PS (Privacy compliance)
| Verifiers must identify themselves | |
|