- Latest available (Revised)
- Original (As adopted by EU)
Council Decision (EU) 2018/1926Show full title
Council Decision (EU) 2018/1926 of 19 November 2018 on the position to be taken, on behalf of the European Union, in the Group of Experts on the European Agreement concerning the work of crews of vehicles engaged in international road transport of the United Nations Economic Commission for Europe
You are here:
What Version
Advanced Features
- Show Geographical Extent(e.g. England, Wales, Scotland and Northern Ireland)
- Show Timeline of Changes
More Resources
This is a Decision originating from the EU
This is a legislation item that originated from the EU
After exit day there will be three versions of this legislation to consult for different purposes. The legislation.gov.uk version is the version that applies in the UK. The EU Version currently on EUR-lex is the version that currently applies in the EU i.e you may need this if you operate a business in the EU.
The web archive version is the official version of this legislation item as it stood on exit day before being published to legislation.gov.uk and any subsequent UK changes and effects applied. The web archive also captured associated case law and other language formats from EUR-Lex.
Changes over time for: Division 2.
Changes to legislation:
There are currently no known outstanding effects for the Council Decision (EU) 2018/1926, Division 2..
Changes to Legislation
Revised legislation carried on this site may not be fully up to date. At the current time any known changes or effects made by subsequent legislation have been applied to the text of the legislation you are viewing by the editorial team. Please see ‘Frequently Asked Questions’ for details regarding the timescales for which new effects are identified and recorded on this site.
2. Certificate Request Process U.K.
2.1.Roles and responsibilitiesU.K.
2.1.1.‘Organisation’ or ‘national authority’ requesting the certificateU.K.
2.1.1.1.The national authority shall request the certificates in the context of the TACHOnet project.U.K.
2.1.1.2.The national authority shall:U.K.
(a)
request the certificates from the CEF PKI service;
(b)
generate the private keys and the corresponding public keys to be included in the certificates issued by the Certification Authority;
(c)
download the certificate when approved;
(d)
sign and send back to the Registration Authority:
(i)
the contact persons and trusted couriers identification form,
(ii)
the signed individual Power of Attorney(1).
2.1.2.Trusted CourierU.K.
2.1.2.1.The national authority shall appoint a Trusted Courier.U.K.
2.1.2.2.The Trusted Courier shall:U.K.
(a)
hand over the public key to the Registration Authority during a face-to-face identification and registration process;
(b)
get the corresponding certificate from the Registration Authority.
2.1.3.Domain OwnerU.K.
2.1.3.1.DG MOVE shall be the Domain Owner.U.K.
2.1.3.2.The Domain Owner shall:U.K.
(a)
validate and coordinate the TACHOnet network and the TACHOnet trust architecture, including the validation of the procedures for the issuance of the certificates;
(b)
operate the TACHOnet central hub and coordinate the activity of the parties regarding the functioning of TACHOnet;
(c)
perform, along with national authorities, the tests of connection to TACHOnet.
2.1.4.Registration AuthorityU.K.
2.1.4.1.The Joint Research Centre (JRC) shall be the Registration Authority.U.K.
2.1.4.2.The Registration Authority shall be responsible for verifying the identity of the trusted courier, for registering and approving the requests of issuance, revocation and renewal of digital certificates.U.K.
2.1.4.3.The registration authority shall:U.K.
(a)
assign the unique identifier to the national authority;
(b)
authenticate the identity of the national authority, its contact points and trusted couriers;
(c)
communicate with the CEF Support regarding the authenticity of the national authority, its contact points and trusted couriers;
(d)
inform the national authority about the approval or rejection of certificate.
2.1.5.Certification AuthorityU.K.
2.1.5.1.The Certification Authority shall be responsible for the provision of the technical infrastructure for the request, issuing and revocation of digital certificates.U.K.
2.1.5.2.The Certification Authority shall:U.K.
(a)
provide for the technical infrastructure for certificate requests by national authorities;
(b)
validate or reject certificate request;
(c)
communicate with the Registration Authority for the identity verification of the requesting organisation, when required.
2.2.Certificate issuanceU.K.
2.2.1.The certificate issuance shall be carried out in accordance with the following sequential steps, represented in Figure 1:U.K.
(a)
Step 1: Trusted Courier identification;
(b)
Step 2: Certificate request creation;
(c)
Step 3: Registration at RA;
(d)
Step 4: Certificate generation;
(e)
Step 5: Certificate publication;
(f)
Step 6: Certificate acceptance.
2.2.2.Step 1: Trusted Courier identificationU.K.
The following process shall be carried out for the Trusted Courier identification:
(a)
The Registration Authority shall send to the national authority the contact persons and trusted couriers' identification form(2). This form shall also include a power of attorney (PoA) that the organisation (AETR Authority) shall sign.
(b)
The national authority shall send back the completed form and signed PoA to the Registration Authority.
(c)
The Registration Authority shall acknowledge the good reception and completeness of the form.
(d)
The Registration Authority shall provide an updated copy of the list of contact persons and trusted couriers to the domain owner.
2.2.3.Step 2: Certificate request creationU.K.
2.2.3.1.The request and the retrieval of the certificate shall be done on the same computer and with the same browser.U.K.
2.2.3.2.The following process shall be carried out for the certificate request creation:U.K.
(a)
The Organisation shall navigate to the user web interface to request the certificate via the URL https://sbca.telesec.de/sbca/ee/login/displayLogin.html?locale=en:, and shall enter the username ‘sbca/CEF_eDelivery.europa.eu’ and the password ‘digit.333’
(b)
The Organisation shall click on ‘request’ on the left side of the panel and shall select ‘CEF_TACHOnet’ in the dropdown list.
(c)
The Organisation shall populate the certificate request form laid down in Figure 4 with the information in Table 3, clicking on ‘Next (soft-PSE)’ to finish the process.
| Requested Fields | Description |
|---|---|
| Country | C = Country Code, location of certificate owner, verified using a public directory; Constraints: 2 characters, in accordance to ISO 3166-1, alpha-2, Case Sensitive; Examples: DE, BE, NL, Specific cases: UK (for Great-Britain), EL (for Greece) |
| Organisation/Company (O) | O = Organisation name of the certificate owner |
| Master domain (OU1) | OU = CEF_eDelivery.europa.eu |
| Area of responsibility (OU2) | OU = CEF_TACHOnet |
| Department (OU3) | Mandatory value per ‘AREA OF RESPONSIBILITY’ The content must be checked using a positive list (white list) when the certificate is requested. If the information does not correspond to the list, the request is prevented. Format: OU=<TYPE>-<GTC_NUMBER> Where ‘<TYPE>’ is replaced by AP_PROD: Access Point in Production environment. And where <GTC_NUMBER> is GTC_OID-1.3.130.0.2018.xxxxxx, where Ares(2018)xxxxxx is the GTC number for the TACHOnet project. e.g.: AP_PROD-GTC_OID-1.3.130.0.2018.xxxxxx |
| First name (CN) | Must be Empty |
| Last name (CN) | Must start with ‘GRP:’, followed by a common name. Format: CN = GRP:<AREA OF RESPONSIBILITY>_<TYPE>_<COUNTRY CODE>_<UNIQUE IDENTIFIER> e.g.: GRP:CEF_TACHOnet_AP_PROD_BE_001 |
| E = CEF-EDELIVERY-SUPPORT@ec.europa.eu | |
| Email 1 (SAN) | Must be Empty |
| Email 2 (SAN) | Must be Empty |
| Email 3 (SAN) | Must be Empty |
| Address | Must be Empty |
| Street | Must be the official address of the Organisation of the Certificate Owner. (Used for the Power of Attorney.) |
| Street no. | Must be the official address of the Organisation of the Certificate Owner. (Used for the Power of Attorney.) |
| Zip Code | Must be the official address of the Organisation of the Certificate Owner. (Used for the Power of Attorney.) Attention : if the ZIP code is NOT a 5-digit ZIP code, leave the ZIP code field empty and put the ZIP code in the City field. |
| City | Must be the official address of the Organisation of the Certificate Owner. (Used for the Power of Attorney.) Attention : if the ZIP code is NOT a 5-digit ZIP code, leave the ZIP code field empty and put the ZIP code in the City field. |
| Phone no | Must be Empty |
| Identification data | The email address must be the same as the one used for registering the Unique Identifier. + Must be the name of the person representing the organisation. (Used for the Power of Attorney) + Commercial Register No (only mandatory for private organisations) Entered at the Local Court of (only required for German and Austrian private organisations) |
| Revocation password | Mandatory field chosen by the requestor |
| Revocation password repetition | Mandatory field chosen by the requestor repeated |
Table 3. Complete details of each requested fieldU.K.
(f)
The CEF Support Team shall check for new requests of certificates and verify if the information in the certificate request is valid, i.e. that it conforms to the naming convention specified in Appendix 5.1 Certificate Naming Convention.
(g)
The CEF Support Team shall verify that the information entered in the request is in a valid format.
(h)
When either check from points 5 or 6 above fails, the CEF Support Team shall send an email to the email address provided in the ‘Identification data’ of the request form, with the Domain Owner in cc, in which the Organisation is requested to start the process again. The failed certificate request shall be cancelled.
(i)
The CEF Support Team shall send an email to the Registration Authority about the validity of the request. The email shall include:
(1)
the name of the Organisation, available in the field ‘Organisation (O)’ of the certificate request;
(2)
the certificate data including the name of the AP for which the certificate is to be issued, available in the field ‘Last Name (CN)’ of the certificate request;
(3)
the certificate reference number;
(4)
the address of the Organisation, its email and the name of the person representing it.
2.2.4.Step 3: Registration at Registration Authority (Certificate approval)U.K.
2.2.4.1.The Trusted Courier or contact point shall make an appointment with the Registration Authority via email exchange, identifying the Trusted Courier who will proceed to the face-to-face meeting.U.K.
2.2.4.2.The Organisation shall prepare the documentary package consisting in:U.K.
(a)
the filled-in and signed power of attorney;
(b)
a copy of the valid passport of the trusted courier who will perform the face-to-face. This copy must be signed by one of the step 1 identified Organisation points of contact;
(c)
the certificate request paper form signed by one of the points of contact of the Organisation.
2.2.4.3.The Registration Authority shall receive the Trusted Courier after identity screening at the building reception. The Registration Authority shall conduct the face-to-face registration of the certificate request by:U.K.
(a)
identifying and authenticating the Trusted Courier;
(b)
verifying the trusted courier physical appearance against the passport presented by the Trusted Courier;
(c)
verifying the validity of the passport presented by the Trusted Courier;
(d)
verifying the validated passport presented by the trusted courier against the copy of the valid passport of the trusted courier signed by one of the identified points of contact of the Organisation. Signature is authenticated against the original ‘trusted courier and contact points identification form’;
(e)
verifying the filled-in and signed power of attorney;
(f)
verifying certificate request paper form and its signature against the original ‘trusted courier and contact points identification form’;
(g)
calling the signatory contact point to double check the identity of the trusted courier and the content of the certificate request.
2.2.4.4.The Registration Authority shall confirm to the CEF Support Team that the national authority is indeed authorised to operate the components for which it is asking the certificates and that the corresponding face-to-face registration process was successful. The confirmation shall be sent using a ‘CommiSign’ certificate secure email, attaching a scanned copy of the authenticated face-to-face documentary package and of the signed process check list carried out by the Registration Authority.U.K.
2.2.4.5.If the Registration Authority confirms the validity of the request, the process shall carry on as set out in 2.2.4.6 and 2.2.4.7. Otherwise the certificate issuance shall be rejected and the Organisation shall be informed.U.K.
2.2.4.6.The CEF Support Team shall approve the certificate request and shall notify the Registration Authority the approval of the certificate.U.K.
2.2.4.7.The Registration Authority shall notify the Organisation that the certificate can be retrieved via the user portal.U.K.
2.2.5.Step 4: Certificate generationU.K.
Upon approval of the certificate request, the certificate shall be generated.
2.2.6.Step 5: Certificate publication and retrievalU.K.
2.2.6.1.Following approval of the certificate request, the Registration Authority shall retrieve the certificate and hand over a copy to the Trusted Courier.U.K.
2.2.6.2.The Organisation shall receive the notification from the Registration Authority that the certificates can be retrieved.U.K.
2.2.6.3.The Organisation shall navigate to the user portal at https://sbca.telesec.de/sbca/ee/login/displayLogin.html?locale=en and shall log in with the username ‘sbca/CEF_eDelivery.europa.eu’ and the password ‘digit.333’.U.K.
2.2.6.4.The Organisation shall click on the ‘fetch’ button on the left-hand side and shall provide the reference number recorded during the certificate request process;U.K.
2.2.6.5.The Organisation shall install the certificates by clicking on the install button;U.K.
2.2.6.6.The certificate shall be installed on the Access Point. As this is implementation-specific, the Organisation shall refer to its Access Point provider to obtain the description of this process.U.K.
2.2.6.7.The following steps are needed for the certificate installation on the Access Point:U.K.
(a)
export the private key and the certificate,
(b)
create the keystore and the truststore,
(c)
install the keystore and the truststore on the access point.
(1)
A power of attorney is a legal document by which the Organisation empowers and authorises the European Commission represented by the identified official responsible for the CEF PKI service the power to request the generation of a certificate on its behalf from the T-Systems International GmbH TeleSec Shared Business CA. See also point 6.
(2)
See point 5.
Options/Help
Print Options
PrintThe Whole Decision
PrintThe Whole Annex
PrintThe Whole Division
PrintThis Division only
Legislation is available in different versions:
Latest Available (revised):The latest available updated version of the legislation incorporating changes made by subsequent legislation and applied by our editorial team. Changes we have not yet applied to the text, can be found in the ‘Changes to Legislation’ area.
Original (As adopted by EU): The original version of the legislation as it stood when it was first adopted in the EU. No changes have been applied to the text.
See additional information alongside the content
Geographical Extent: Indicates the geographical area that this provision applies to. For further information see ‘Frequently Asked Questions’.
Show Timeline of Changes: See how this legislation has or could change over time. Turning this feature on will show extra navigation options to go to these specific points in time. Return to the latest available version by using the controls above in the What Version box.
Opening Options
Different options to open legislation in order to view more content on screen at once
More Resources
Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as adopted version that was used for the EU Official Journal
- lists of changes made by and/or affecting this legislation item
- all formats of all associated documents
- correction slips
- links to related legislation and further information resources
Timeline of Changes
This timeline shows the different versions taken from EUR-Lex before exit day and during the implementation period as well as any subsequent versions created after the implementation period as a result of changes made by UK legislation.
The dates for the EU versions are taken from the document dates on EUR-Lex and may not always coincide with when the changes came into force for the document.
For any versions created after the implementation period as a result of changes made by UK legislation the date will coincide with the earliest date on which the change (e.g an insertion, a repeal or a substitution) that was applied came into force. For further information see our guide to revised legislation on Understanding Legislation.
More Resources
Use this menu to access essential accompanying documents and information for this legislation item. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as adopted version that was used for the print copy
- correction slips
Click 'View More' or select 'More Resources' tab for additional information including:
- lists of changes made by and/or affecting this legislation item
- confers power and blanket amendment details
- all formats of all associated documents
- links to related legislation and further information resources
All content is available under the Open Government Licence v3.0 except where otherwise stated. This site additionally contains content derived from EUR-Lex, reused under the terms of the Commission Decision 2011/833/EU on the reuse of documents from the EU institutions. For more information see the EUR-Lex public statement on re-use.