Thales EUCC certification - Civil identity

Tachograph cards

A digital tachograph records speed, distance, driving periods, breaks, some events like over speeding, driving without the card, and fraud attempts. These data are mainly used to make sure drivers follow the rules on drivers’ driving and resting times, ensuring companies can follow these rules and enforcers able to perform effective roadside checks.

This application is ruled by European regulation: Regulation (EU) 2016/799 and Amendment (EU) 2018/502.

Tachograph card products certified under the European Cybersecurity Certification (EUCC) Scheme:

General security guidance applicable to Thales Tachograph certified products:

• Tachograph cards validity are set according to the (EU) regulation (2016/799 and amendments). Validity is 5 years for Driver and Company cards, 2 years for Control cards and 1 year for Workshop cards.
• Card issuer must personalize the tachograph cards  in a secure environment. A special attention must be paid to secret and private keys that must be handled maintaining confidentiality and integrity when manipulated. A proper management of corresponding public keys and certificates, with their possible revocation must be set in place.
• Cardholder shall take appropriate measures to protect his card against theft. If the card is lost or stolen, the owner shall warn the Card Issuing Authority who will invalidate the corresponding certificate.
• For workshop cards, the PIN must be handled in a secure way, it shall not be disclosed to anyone. PIN must not be written anywhere.
• Thales customers are invited to contact their Thales representative to get further secure usage recommendations and guidelines.