What is the EU Digital Identity Wallet (EUDI Wallet)?

The EU Digital Identity Wallet is a free, secure digital wallet that every EU citizen and resident will be able to use to prove their identity, store official documents (driving licences, diplomas, medical prescriptions), and sign documents electronically. Member States must issue at least one wallet by late 2026.

Who must accept the EU Digital Identity Wallet?

Under Article 6a of eIDAS 2.0, online services in regulated sectors (banking, telecoms, utilities, transport, healthcare, education) and any service requiring strong user authentication by EU or Member State law must accept the EUDI Wallet free of charge, within 24 months of the implementing acts being adopted.

What does "relying party registration" mean under eIDAS 2.0?

Article 5b requires relying parties (services that use the EUDI Wallet to authenticate users) to register with the Member State where they are established. Registration includes the intended use, requested attributes, and compliance with the data-minimisation principle. Unregistered parties cannot lawfully request attributes from a wallet.

eIDAS 2.0

Electronic Identification, Authentication & Trust Services Regulation

The law that turns your phone into an EU passport — and makes banks, airlines, and telcos accept it

eIDAS 2.0 (Regulation (EU) 2024/1183) updates the 2014 eIDAS framework and introduces the European Digital Identity Wallet (EUDI Wallet) — a universal, cross-border identity wallet every EU citizen and resident will be entitled to. It modernises qualified electronic signatures, introduces relying party registration, and makes accepting the wallet mandatory in specific sectors. Think of it as GDPR's younger sibling who's obsessed with making identity work across borders without anyone losing their mind at the airport.

Geltungsbereich

Any organisation providing online services in the EU that uses strong user authentication or electronic signatures — plus trust service providers (QTSPs), wallet providers, and the 'mandatory acceptance' sectors: banking, telecoms, utilities, transport, healthcare, education.

Geografische Reichweite

EU/EEA-wide, with cross-border interoperability via the EUDI Wallet ecosystem. Every Member State must issue at least one compliant wallet.

Gültig seit

20 May 2024 (entered into force); EUDI Wallet rollout by late 2026; mandatory acceptance 24 months after implementing acts

Zweck

To give every EU citizen a secure, privacy-respecting way to prove their identity online — without Meta, Google, or Apple acting as gatekeepers. It also modernises the 2014 eIDAS framework, tightens trust-service obligations, and introduces mandatory acceptance so digital identity isn't a luxury but a universal right. Approximate number of acronyms introduced: 14 (and counting).

Zu Ihrer Rolle springen:

Relying Party

You operate an online service that authenticates users or requests attributes from the EU Digital Identity Wallet. If your users log in with the wallet, share an age attestation, or sign a document through your platform, you're a relying party — and eIDAS 2.0 has some very specific opinions about how you do that.

Ihre Pflichten

Register as a relying party with the Member State where you are established (Art. 5b) — unregistered parties cannot lawfully request wallet attributes
Declare the intended use of each attribute request and what legal basis you rely on (Art. 5b(2)) — no fishing expeditions
Apply data minimisation: only request attributes strictly necessary for the service (Art. 5b(2)(b)) — 'date of birth' should not mean 'full address plus tax ID'
Do not combine attributes from the wallet with data from other sources to profile users (Art. 5b(3)) — cross-referencing is explicitly prohibited
If you operate in an obligated sector (Art. 6a), accept the EUDI Wallet free of charge for user authentication once implementing acts are in force
Display a clear, recognisable trust-mark when requesting wallet attributes (Art. 5b(5)) — users must know they are interacting with a registered party
Log and retain the minimum information needed to prove your registration and legal basis (Art. 5b(4)) — audit trails, but with data minimisation

Wichtige Artikel

Art. 5b — Relying party registrationArt. 6a — Mandatory acceptance sectorsArt. 5a — EUDI Wallet functional requirementsArt. 11a — Electronic attestations of attributesArt. 45 — Website authentication certificatesArt. 46b — Qualified certificates for electronic signatures

Profi-Tipp

Start with an attribute inventory. List every user-facing flow in your product (signup, KYC, age check, document signing, payment) and map which wallet attributes it actually needs. Most teams discover they're asking for 3x more than they can justify — fix that before a supervisor does.

EU Digital Identity Wallet Provider

You build or operate a European Digital Identity Wallet on behalf of a Member State (or under notification from one). That's a short list — typically national eID authorities or designated public/private providers — but the obligations are intense, because you're operating the single most sensitive piece of identity infrastructure in the EU.

Ihre Pflichten

Meet the functional requirements of Art. 5a — secure storage of attributes, selective disclosure, pseudonymous authentication, zero-knowledge proofs where applicable
Obtain formal certification against the EUDI Toolbox ARF (Architecture and Reference Framework) — EU Commission Implementing Regulation 2024/2977 et seq.
Ensure interoperability with wallets from other Member States (Art. 5a(5)) — your users must be able to authenticate cross-border
Provide the wallet free of charge to all natural persons and, where appropriate, legal persons (Art. 5a(2))
Do not retain transactional data or profile users (Art. 5a(4)) — the wallet provider must not see which relying parties a user interacts with
Publish trust-marks, logos, and cryptographic verification data so relying parties can verify wallet presentations (Art. 5a(8))
Report security incidents and fraud attempts to the supervisory authority (Art. 5e) — notification timelines set by implementing acts

Wichtige Artikel

Art. 5a — European Digital Identity WalletsArt. 5e — Security incident reportingArt. 5f — Liability of wallet providersArt. 6 — Cross-border recognitionArt. 24 — Requirements for qualified trust service providers

Profi-Tipp

If you're not already on the EUDI Toolbox working groups, you're too late. The Architecture and Reference Framework (ARF) is the single source of truth — conformance testing will be mapped directly to it. Monitor eu-digital-identity-wallet.github.io weekly.

Trust Service Provider (QTSP / TSP)

You provide qualified or non-qualified trust services under eIDAS — electronic signatures, electronic seals, time stamps, electronic registered delivery, website authentication certificates, or electronic attestations of attributes. Qualified TSPs are on the EU Trusted List and their services carry a legal presumption of validity across the EU.

Ihre Pflichten

Obtain and maintain qualified status via an annual conformity assessment by an accredited conformity assessment body (Art. 20–21)
Implement technical and organisational measures proportionate to the risks (Art. 24.2) — including secure cryptographic key management
Report security breaches and loss of integrity to the supervisory authority within 24 hours (Art. 19.2) — tighter than GDPR
Maintain a recoverable record of issued certificates and their validity status (Art. 24.2(h)) — lifetime retention for qualified signatures
Ensure certificates meet the technical standards in Annex I (signatures), III (seals), IV (website auth), V (attestations of attributes)
Be listed on the national Trusted List of your Member State (Art. 22) — unlisted TSPs cannot claim qualified status
Offer cross-border interoperable services — qualified signatures issued in one Member State are valid in all (Art. 25.3)

Wichtige Artikel

Art. 19 — Security requirements and breach notificationArt. 20–21 — Supervision of qualified trust service providersArt. 22 — Trusted listsArt. 24 — Requirements for qualified TSPsArt. 26 — Requirements for advanced electronic signaturesArt. 28 — Qualified certificates for electronic signaturesArt. 45 — Requirements for qualified website authentication certificatesArt. 46 — Requirements for qualified electronic seals

Profi-Tipp

The 24-hour breach notification in Art. 19.2 catches most TSPs by surprise — it's shorter than GDPR's 72 hours. Wire your SOC into the notification flow directly, and rehearse the call to the supervisory authority. You don't want your first run-through to be during a real incident.

EU Citizen / Wallet User

You're an EU citizen, resident, or legal person entitled to a free European Digital Identity Wallet. You can use it to log in to public and private online services, prove attributes about yourself (age, profession, driving licence), store official documents, and sign electronically — all with strong privacy guarantees.

Your Rights

You have the right to a free EUDI Wallet issued by your Member State (Art. 5a(2))
You control which attributes you share with each relying party — the wallet enforces selective disclosure (Art. 5a(4))
You have the right to use the wallet to authenticate with any mandatory-acceptance service (Art. 6a) — banks, telcos, healthcare, etc.
You have the right to pseudonymous authentication where the service does not legally require a real identity (Art. 5a(4)(h))
Your wallet provider and relying parties cannot profile or track you (Art. 5a(4), Art. 5b(3))
You can download your data and transfer to another wallet (interoperability, Art. 5a(5))
You can lodge a complaint with your national supervisory authority if a relying party over-collects or a wallet misbehaves

Wichtige Artikel

Art. 5a — Wallet functional requirements and user rightsArt. 6 — Cross-border recognitionArt. 6a — Mandatory acceptance of the walletArt. 11a — Electronic attestations of attributesArt. 45f — Dispute resolution

Profi-Tipp

The wallet is rolled out gradually — some Member States will be first, others will follow by late 2026. When your country opens enrolment, try it with a low-stakes service first (e.g. a government portal) before switching to banking. It's free, and the less you use other logins, the less data gets leaked elsewhere.

Wie Euregas Ihnen helfen kann

Verfügbare Tools

Relying party registration tracker — record your Art. 5b registration, attributes requested, and legal basis per flow
Mandatory acceptance checker (Art. 6a) — sector classifier + deadline calculator based on implementing acts
Attribute minimisation matrix — per-flow justification of each attribute request
Wallet integration readiness — checklist covering ARF conformance, trust-mark placement, selective disclosure
QTSP register — track your qualified trust services, conformity assessments, and Trusted List status
Electronic signature policy templates — advanced vs qualified signatures (Art. 26 / 46 matrix)
Breach notification playbook — 24-hour TSP notification flow (Art. 19.2), shorter than GDPR

KI-gestützte Funktionen

AI Relying Party Assessment — 6-step wizard covering Art. 5b compliance, attribute minimisation, Art. 6a sector, and Art. 5b(3) no-combination policy
AI Trust Service Provider Assessment — 5-step wizard covering Art. 19/24 obligations and Art. 26/46 signature gap analysis
AI Attribute Minimisation Review — reviews your actual wallet requests and flags over-collection
Semantic search across eIDAS 2.0 articles and implementing acts

Hinweis

eIDAS 2.0 is a fast-moving target: implementing acts are still being adopted. Euregas's staleness detector watches EUR-Lex and the Commission's EUDI Wallet ARF repository and flags when your assessments need a refresh.

Alle Beispiele sind fiktiv und dienen lediglich der Veranschaulichung.