The delegated regulation published for feedback today moves the European Disability Card and the European Parking Card for persons with disabilities closer to cross-border operability, introducing mandatory technical specifications designed to tackle a longstanding fraud problem.
The European Commission is asking for feedback for a proposed draft Delegated Regulation supplementing Directive (EU) 2024/2841, which established the European Disability Card and the European Parking Card for persons with disabilities last November. The draft, registered under reference Ares(2026)3913592, is currently open for feedback on the Commission’s Have Your Say portal.
The core problem the regulation addresses is fraud. The existing EU parking card for persons with disabilities, introduced by a 1998 Council Recommendation, was never updated to reflect modern security standards, and Member States have reported persistent problems with forgery and falsification. The new European Parking Card replaces that legacy instrument entirely, and this delegated regulation sets the technical architecture meant to make it significantly harder to counterfeit.
This Content Is For Members Only
What the regulation actually requires
For both cards, the regulation mandates the inclusion of a QR code on every physical card. The code’s data must carry a qualified electronic seal, a high-assurance cryptographic signature under the EU’s eIDAS framework, so that any verifier can confirm the card is genuine and has not been revoked. Critically, the QR code confirms authenticity and validity only, so it does not attest to a person’s disability status or entitlement to specific services, a distinction the recitals make explicit.
For the European Parking Card specifically, the regulation goes further, establishing mandatory physical security features: the card must be made of a delamination-resistant material, must carry a diffractive optically variable image device (the hologram-like element that changes appearance when tilted) and must include an anti-scan pattern that reveals a hidden “COPY” or “VOID” marker when photocopied or scanned. These features respond directly to the fraud and duplication methods that undermined the predecessor card.
Member States also have a defined menu of optional security features they may choose to add, including an RFID chip for electronic verification, optically variable ink, and laser-engraving of cardholder data into the card material. The list of permissible optional features is exhaustive: Member States cannot add their own.
Interoperability is the harder problem
Physical security features address forgery, but cross-border recognition requires something more: a shared infrastructure that allows a verifier in one Member State to confirm that a card issued in another is still valid. The regulation builds this through two mechanisms. First, each Member State must notify the Commission of its card-issuing authorities and the technical information needed to verify their electronic seals, and the Commission must make that information publicly accessible. Second, card issuers must maintain and publish revocation lists, updated within 24 hours of any revocation, so that expired or cancelled cards can be identified across borders. The revocation lists themselves may contain only the card’s unique revocation identifier, with no personal data.
Data protection constraints are built into the design. Verification applications may read and display the personal data encoded in a QR code for the purpose of cross-checking it against the card’s printed fields, but they must not retain that data after verification is complete. The issuing authority also must not receive any notification that a card has been checked which is a deliberate design choice to prevent tracking of cardholders’ movements.
Where this fits in the legislative timeline
The parent Directive entered into force in November 2024. This delegated regulation handles the physical card layer only. A separate set of implementing acts, empowered under Article 9 of the Directive, will later set the specifications for accessible digital versions of both cards. The Commission explicitly notes that nothing in this regulation should prejudge or create barriers to those future digital instruments.
The draft is available for feedback via the Commission’s Have Your Say portal under reference Ares(2026)3913592. Persons with disabilities, their representative organisations, and any stakeholder with a view on the technical specifications are encouraged to submit their feedback before the consultation closes.
