This document defines the requirements for the secure application module (SAM) used in the secure monitoring compliance checking concept. It specifies two different configurations of a SAM: trusted recorder, for use inside an OBE; verification SAM, for use in other EFC system entities. This document describes terms and definitions used to describe the two Secure Application Module configurations; operation of the two Secure Application Modules in the secure monitoring compliance checking concept; functional requirements for the two Secure Application Modules configurations, including a classification of different security levels; the interface, by means of transactions, messages and data elements, between an OBE or front end and the trusted recorder; requirements on basic security primitives and key management procedures to support Secure Monitoring using a trusted recorder. This document is consistent with the EFC architecture as defined in EN ISO 17573-1 and the derived suite of standards and Technical Specifications, especially CEN/TS 16702-1 and CEN ISO/TS 19299. The following is outside the scope of this document: The life cycle of a Secure Application Module and the way in which this is managed; The interface commands needed to get a Secure Application Module in an operational state; The interface definition of the verification SAM; Definition of a hardware platform for the implementation of a Secure Application Module.