EUDI-Wallet and eIDAS 2.0 - What You Need to Know

Show overview
EUDI-Wallet and eIDAS 2.0 - What You Need to Know

What you need to know about the new EU digital identity - and why it affects you

Introduction

Digital identity is no longer just an IT topic. With the new eIDAS regulation and the European Digital Identity Wallet (EUDI-Wallet), a real game-changer for digital business is on the horizon. From 2027, you as a company in many regulated industries must accept the EUDI-Wallet - and not just as a "Very Large Online Platform," but everywhere where KYC, SCA, or similar identity verification is required. This affects banks, insurance companies, telecommunications, energy suppliers, healthcare, payments - and many more. Even if you're not a regulated business or a large online platform, there are business opportunities for you.

What does this mean for you?
You can onboard customers across Europe lightning-fast, securely, and in compliance, offer new services, and modernize your processes. But: Those who wait risk fines and competitive disadvantages.

What is eIDAS 2.0 and the EUDI-Wallet?

eIDAS 2.0 ("European Digital Identity Framework") expands the rules for digital identities and trust services in the EU. What's new is primarily the wallet: a certified app where users store their digital IDs, certificates, and attributes - from national ID cards to age verification to customer cards or memberships.

Your advantages:

  • You receive verified, highly secure data directly from the wallet.
  • The customer decides what they share - this increases trust and conversion.
  • The wallet is usable in all EU/EEA states.

Legal Obligations - Who is affected by the wallet requirement?

From November 21, 2027 applies:
If you as a company are legally required to perform strong customer authentication (SCA), KYC, or comparable identity checks, you must accept the EUDI-Wallet as proof of identity. This explicitly affects:

  • Banks and financial service providers (e.g. PSD2, AML5/KYC)
  • Insurance companies
  • Payment service providers
  • Telecommunications providers (e.g. SIM registration, contract conclusion)
  • Energy and utility companies
  • Health services/Healthcare
  • Transport/Travel
  • Other regulated services (e.g. notaries, lawyers, certain public services)
  • "Very Large Online Platforms" (VLOPs) under DSA (e.g. large marketplaces, social networks)

Important:
Even if you're not a VLOP, you're affected as a regulated provider under sector law! The specific obligations and fines will be regulated by member states, but they must be "effective, proportionate, and dissuasive" - comparable to GDPR penalties. Additionally, the EUDI-Wallet also offers interesting opportunities for other companies to improve user experience. You'll learn more below.

What do you need to do as a company specifically?

  • Technical wallet integration: Integrate an interface (API) that maps common protocols like Verifiable Credentials, Decentralized Identifiers (DID), OpenID4VP and works together with your existing IAM/CIAM systems. Much of this is currently still in development and may not yet be ready. We will keep you updated in this regard.
  • Credential verification: Set up procedures to receive and verify digital identity data (name, date of birth, nationality, possibly additional attributes).
  • Compliance: Register as a "relying party," conduct data protection impact assessments, document verification processes, and establish a 24/7 reporting procedure for security incidents.
  • Adapt processes: Plan onboarding, user experience, and reporting so that wallet flows function seamlessly.

Practical Impact and Opportunities

Your Advantages

  • Onboarding in seconds: Automated adoption of verified data increases conversion and reduces abandonment rates.
  • Lower KYC costs: Fewer manual checks, simple compliance.
  • Faster processes: Efficient customer acquisition, lower costs - also for marketing and branches.
  • Fraud protection: Strong cryptography prevents identity and ticket fraud.
  • EU-wide uniformity: Cross-border business without media breaks.
  • New business models: Attributes like "over 18 of age" can be shared selectively - perfect for data protection and conversion.

Challenges

  • Technical integration: You must support multiple wallet standards (Android/Chrome, iOS) and adapt existing login flows.
  • Liability issues: Who pays for faulty attributes? A new EU framework is being developed here.
  • Change management: Your team and your customers must actively use and understand the wallet.
  • Timing: The deadline is November 21, 2027 - plan in time! But you can of course start earlier - the wallet apps of EU member states will be ready from November 2026.

Example: Large Scale Pilot "POTENTIAL"

To test the EUDI-Wallet in practice, the EU Commission has launched four so-called Large Scale Pilots (LSPs). One of the best known is the "POTENTIAL" consortium, involving 19 European member states as well as Ukraine and over 140 public and private partners. Within POTENTIAL, real use cases for the EUDI-Wallet are being tested, including bank account opening, SIM card registration, issuing mobile driver's licenses, qualified electronic signatures, e-prescriptions, and digital government services. The goal is to validate the interoperability, security, and user-friendliness of the wallet under real conditions and thus prepare for Europe-wide implementation. The insights from POTENTIAL flow directly into the further development of technical specifications and the reference implementation of the EUDI-Wallet. You can find more information and details about the application scenarios on the official project page: https://www.digital-identity-wallet.eu/

Another Practical Example: Google Wallet & Sparkasse

In 2025, a pilot project starts in Germany: The Sparkassen Financial Group (over 50 million customers) is testing a digital age verification with Google Wallet. Google and Sparkasse don't explicitly mention EUDI yet, but it's already a precursor.
How does it work?
Sparkassen issue an age credential, Google Wallet stores it. Customers can prove they're over 18 online and in-person - without revealing their birth date (Zero-Knowledge-Proof).

Your learnings:

  • Privacy-friendly UX increases acceptance and conversion.
  • Cooperations between banks and tech providers create reach.
  • Digital identity becomes the new touchpoint for brands - including yours.

Common Use Cases

Use CaseParticipantsBenefit
Customer Onboarding (KYC)Bank, Telco, InsurTech - New CustomerAutomated KYC data, higher conversion
Age VerificationID Authority, Sparkasse - Buyer, MerchantLegally secure control, faster checkout
Travel DocumentsAuthority/Airline - Traveler, HotelPaperless travel, faster check-in
Digital TicketingOrganizer - VisitorForgery-proof tickets, less fraud
Memberships (EAA)Studio, Club - MemberConvenient access, loyalty, management

New with eIDAS 2.0:
You can also issue simple electronic attributes (EEA/EAA), such as memberships, customer cards, or gym passes, as digital attributes to the wallet in the future - ideal for customer retention and loyalty!

Brief Technical Overview

Essentially, there are three roles:

  • Issuer: Issues credentials (e.g. states, bank, fitness studio)
  • Holder: User with the Wallet on their phone
  • Verifier/Relying Party: Verifies the credential (e.g. bank, online shop)
  • Intermediaries/Resellers: Platforms that simplify creating EUDI credentials, like Passcreator will in the future.

The whole thing runs on standards like W3C Verifiable Credentials, DID, OpenID4VP, and ISO 18013-5 (mdoc). The wallet stores the credentials encrypted on the device; the user controls which attributes they share.

What should you do now?

  • Gap analysis: Check where you currently use SCA/KYC and how wallet flows can be integrated.
  • Pilot projects: Start with simple use cases (e.g. age verification, KYC refresh).
  • Find partners: Network with trust service providers and tech vendors to test attributes and interfaces early.

Medium-term

  • Integrate wallet API into your systems (especially CIAM and mobile apps)
  • Build compliance board (legal, data protection, IT)
  • UX tests: Wallet flows must be simple and self-explanatory.
  • Automated reporting for audits and incident response

Passcreator as a Bridge

With Passcreator, you can already issue digital cards, tickets, and coupons for Apple and Google Wallets today. In the future, this will also be possible with EUDI-Wallets. Your existing workflows can be seamlessly adapted to push EAA/QEAA directly into your customers' wallets in the future.

Conclusion

The EUDI-Wallet is no longer a future topic - it's mandatory from 2027 for almost all regulated industries. Those who start now benefit from faster onboarding, less compliance effort, more security, and new wallet-based services. The regulatory direction is clear, the technology is ready to go.

Let's talk:
If you're interested in accompanying EUDI-Wallet at Passcreator as a partner, contact us! We'll be happy to keep you updated and involve you as soon as there's something to test.

Passcreator Joins Leikbreytir Group: Accelerating Digital Wallet Innovation