Digital #4 Legislative focus

Romania has an official National Register for Qualified and Non-Qualified Trust Service Providers, in line with EU eIDAS rules and national Law 214/2024, according to the latest Digitalization Authority (ADR) decision. The register will include providers issuing qualified services, advanced electronic signature certificates, audited non-qualified providers, and other trust service operators. It will be published online by ADR in a structured, searchable, and standardized format, and must be continuously updated based on market changes.

The decision was already published in the Official Gazette.

Digital and telecom companies offering electronic signature, authentication, or trust services in Romania will be subject to stricter transparency and reporting rules. Providers must ensure their data is correctly registered and kept up to date, and their status (qualified or non-qualified) will be publicly visible. This increases regulatory visibility and compliance obligations for trust service operators.

Verify registration status with ADR, ensure all service and certification data is accurate and regularly updated, and implement internal processes to meet the 30-day notification requirement for any changes. Companies should also check compliance with eIDAS technical and interoperability standards.

The state aid scheme for SMEs’ digitalization through European Digital Innovation Hubs (EDIHs) was updated last week by the European Projects Ministry (MIPE). The update limits eligibility to mid-cap SMEs only and increases the total budget from about €12.87 million to €33.79 million. The scheme continues to provide grants for innovation consulting and digital transformation services.

The order was already published in the Official Gazette.

Fewer companies can access the funding, as small SMEs are excluded. However, mid-cap SMEs gain access to a larger funding pool for digitalisation projects, improving opportunities for adopting new technologies and upgrading business processes.

Confirm eligibility under the new rules, reassess access to EDIH funding, and prepare digital transformation project proposals. Mid-cap companies should move quickly to benefit from the increased budget.

The Romanian Senate (first chamber) has updated and approved a draft bill creating the Unified Digital Design System (SUDD), a national framework that sets common rules for how public digital services are designed and delivered. It applies to all public authorities and requires new and significantly updated digital services to follow these standards. Existing services must be updated within two years. The system will be managed by the Authority for the Digitalization of Romania (ADR), which will also publish it as an open-source platform.

Now, the bill has already reached the Chamber of Deputies for a final debate. Here, the MPs could modify the actual form of the bill through amendment. Even so, the bill has pretty high chances of passing this vote too and becoming law.

Digital and telecom companies working with public authorities will need to follow new mandatory design and usability standards. This mainly affects vendors in public procurement for e-government platforms, as all new or updated services must comply with SUDD rules. It may increase compliance work but also creates a single, clear standard for future projects

Review current solutions used in the public sector, prepare to align products with SUDD requirements, and include these standards in future bids for government projects.

A new legislative proposal registered in the Romanian Senate by USR MPs aims to prohibit public authorities from requesting or retaining copies of citizens’ identity cards in administrative procedures. Instead, authorities will verify identity and address data directly through the National Register of Persons (RNEP). The proposal introduces fines for non-compliance and sets a transition period before implementation.

Despite its low support (only from USR), the proposal does have medium chances of passing the Senate, especially if the MPs from the rest of the governing parties amend it to suit their legislative priorities.

Digital and telecom companies providing e-government or identity verification solutions may see increased demand for systems that integrate with the RNEP. Public authorities will reduce reliance on scanned ID documents, shifting toward secure digital verification methods, which supports broader digital identity and interoperability services.

Review existing identity verification solutions, ensure compatibility with RNEP-based access where relevant, and prepare for increased demand for secure, API-based identity validation tools in public sector projects.