Security

Over the past years, the EU-ETS has been confronted with fraud and theft of emission units. Several measures have been taken in order to prevent future theft or fraud from happening in the registry. Thus the IT-security of the Union Registry has been increased over the past years, international emission trading is closely watched by law enforcement and tax authorities and the requirements to open a user account have been strengthened a lot.

Like any other similar IT system (ex. banking application), the users of the system need to take several measures and precautions as well when accessing the registry...

Install regularly and immediately any security updates for your operating system, browser and the applications you use. Always enable anti-virus software with the most recent definitions.

When logging in and entering data into the registry, always ensure that the address of the Union Registry is shown in the address bar of your browser. The domain of the European Commission (europa.eu) will be highlighted (unless this function has been disabled in the browser settings)

https://ets-registry.webgate.ec.europa.eu/euregistry/BE/index.xhtml

If you are not absolutely sure that you are on the correct website or anything else seems strange (unusual messages, display of blank pages, unusually long loading times,...), you should immediately terminate the connection, try to log in again and contact the registry helpdesk.

You can be sure that you are on the Union Registry website by verifying the security certificate. You can verify the authenticity of the page with this certificate e.g. by clicking on the lock icon in the status bar in Internet Explorer/Firefox/Chrome/...

The certificate should contain the data exactly as shown in the following image:

This figure shows the certificate of the Union Registry website pages

The EU login pages also have a specific security certificate:

This figure shows the certificate of the EU login website pages

You can initiate your own password when setting up your EU login login (see also creating an EU login login). You can change this password at any time later, provided you still have access to your EU login email.

Never share your EU login personal password with third parties! Keep your password secret!

In order to access the Union Registry, a user needs to have:

  • EU login username/email
  • EU login personal password
  • EU login mobile phone number that has been activated by the Registry Administrator

In order to log onto the registry, you will need to enter your EU login username/email, your EU login personal password and your EU login mobile phone number. Upon confirming these credentials, a nine character string (a so-called "EU login challenge"; X X X - X X X - X X X) is sent by EU login via SMS to your mobile phone number. After entering this challenge correctly into EU login, you will be redirected to the registry and if you did use a mobile phone number activated by the Registry Administrator, you will be successfully logged onto the registry.

If you did log onto the registry using a mobile phone number that has not been activated by the Registry Administrator yet, you will be able to initiate a request to change your mobile phone number to the new one. After initiating this request, the registry will send you a form to be signed and to be sent to the Registry Administrator via fax (or registered mail).

Although you can have multiple mobile numbers within EU login, you can only login with the one that has been activated by the Registry Administrator!
Do not use the same device to log onto the registry and to receive the SMS! (ex. smartphone). When using two different devices, such as a computer and a mobile phone, EU login provides better security.
Do not save your EU login username/email and EU login personal password on the mobile phone that you use for your login to EU login. Otherwise, if your phone gets lost or stolen, a finder or fraudster would have everything required to log onto the Union Registry and would be able to conduct transactions in your name.

Transactions in the registry need to be confirmed by an EU login challenge as well. For transactions, EU login sends a sixteen character challenge XXXX-XXXX-XXXX-XXXX after entering the EU login credentials. With the challenge, EU login also transmits information about the transaction to be confirmed such as the amount to be transfered, the unit type and the destination account. Always make sure that the stated purpose in the SMS text exactly matches what you have actually initiated! If the text does not match, cancel the operation without entering the EU login challenge.

Always leave the protected area by logging out from the registry by clicking the "Logout" link in the upper right within the open browser window. If you close the browser window directly or turn off the computer without first logging out of the Union Registry, preventing access by unauthorised persons to your account cannot be guaranteed.