.png)
The European Union’s eIDAS 2.0 regulation is updating how citizens prove their identity digitally, both online and in-person. By December 2026, every EU Member State will launch a digital identity wallet. By December 2027, banks, public services, and major online platforms must accept these EUDI Wallets for identity verification and strong authentication. For organisations operating in Europe, this represents both a compliance requirement and an opportunity to modernise how they verify identity.
This guide explains what eIDAS 2.0 is, why it matters, and what organisations need to know about implementation.
eIDAS 2.0 is the amended EU Regulation on electronic identification and trust services (EU 2024/1183). It introduces the European Digital Identity Wallet and extends identity verification obligations to public and private sector organisations. The regulation prioritises interoperability and seeks to safeguard electronic transactions across EU Member States for both public and private services.
Citizens can choose to store verified credentials in a government-issued digital wallet on their mobile device. Public adoption is voluntary, but organisations covered by the regulation must accept wallet credentials when users choose to present them. When a service requires identity verification, users who have wallets can present credentials directly. The requesting organisation verifies these credentials cryptographically without contacting the issuing authority or storing unnecessary personal data.
This differs from traditional identity verification, where organisations collect documents, verify them through third parties, and store copies. Under eIDAS 2.0, verification happens in real time using cryptographically signed credentials, with users controlling what information they share and ultimately enhancing privacy and security. The framework ensures that the wallets work across all 27 countries, and the credential standards are interoperable. However, we are likely to see some irregularities with credentials issued in different Member States because of issues around acceptance.
The original eIDAS regulation (910/2014) aimed to enable cross-border recognition of national electronic identification schemes. A German citizen using their national eID should be able to access Italian government services online. While this worked for many public services, adoption remained limited, and private sector participation was voluntary.
Several factors drove the need for revision:
The amended regulation addresses these issues by mandating that Member States provide free digital identity wallets to all citizens and residents. These wallets must be interoperable across borders and usable with both public and private services. The regulation also extends acceptance obligations to the private sector, creating the ecosystem effects needed for widespread adoption.
Each Member State will issue at least one certified wallet implementation meeting security standards and technical specifications. These digital identity wallets allow citizens to securely store various types of identity credentials, including:
.png)
Wallets must support both in-person and remote presentation of credentials. For in-person scenarios, think of showing a digital driver's license during bank onboarding or when checking into a hotel. For remote scenarios, think of proving your age to an online retailer without revealing your birth date.
Any organisation that wants to request credentials from EUDI Wallets must register as a relying party in at least one Member State. Registration requires providing business details and declaring what attributes the organisation intends to request from wallets. Once registered, organisations receive access certificates that allow them to securely authenticate and request information from EUDI Wallets. This registry system creates transparency about who is requesting what information and enables supervision of data minimisation practices.
The registration process will vary by Member State as each develops its own implementation. Organisations operating across multiple countries may need to register in multiple jurisdictions depending on their business model and customer base.
The regulation requires banks and major online platforms to accept EUDI Wallet credentials when users request strong user authentication. Strong user authentication means using at least two independent factors from different categories to create layers of security: something you know (knowledge), something you have (possession), or something you are (inherence).
For banks, this means that when a customer wants to authenticate using their wallet instead of a password and SMS code, the bank must support this. The same applies to Very Large Online Platforms, or VLOPs, that require user authentication.
eIDAS 2.0 relies on several technical standards to ensure interoperability:
These standards enable wallets from different Member States to work with relying parties across Europe using common protocols and formats. Organisations building verification infrastructure can implement these standards once rather than integrating with 27 different wallet systems.
eIDAS 2.0 empowers EU citizens to gain control over their digital identity with smoother service access and greater data privacy and security.
Reusable digital identities cut the difficulty of multiple logins. Instead of creating accounts with usernames and passwords for every service, citizens can authenticate using government-issued credentials. They choose what information to share for each transaction and can revoke access without depending on the service provider.
Privacy improves through selective disclosure. When proving you're over 18, you can share just that fact rather than your full date of birth and address. When proving your qualifications, you can share only the relevant credential rather than a complete educational history.
For organisations, eIDAS 2.0 can reduce identity verification costs and improve security. Real-time verification of signed credentials is faster and more reliable than document collection and manual review. Because credentials are cryptographically signed by trusted issuers, the risk of fraud decreases significantly.
Compliance becomes simpler. Organisations can demonstrate they've verified user identity using government-issued credentials and collected only the necessary data. Complete audit trails show exactly what information was requested, what was shared, and when.
Customer experience improves. Instead of lengthy onboarding processes requiring document uploads and verification delays, users can prove their identity instantly through their wallet. This reduces abandonment and accelerates time to conversion.
eIDAS 2.0 can help governments and public service providers reduce administrative burden through digital wallets by enabling citizens to handle many interactions electronically without in-person visits. Cross-border service delivery improves as credentials issued by one Member State become usable across the EU.
The framework also creates economic opportunity. Europe develops domestic capability in digital identity technology rather than depending on solutions from other regions. Standards-based implementation enables competition and innovation while maintaining interoperability.
Each Member State must make at least one EUDI Wallet implementation available to citizens and residents by December 2026. This deadline has already driven significant activity as governments finalise technical specifications, develop wallet applications, and establish credential issuance processes.
Organisations should monitor developments in their markets to understand when wallets will be available and what credentials will be supported at launch. Early engagement with national digital identity programmes can help shape implementation to support business requirements.
Banks and major online platforms must accept wallet credentials for strong user authentication when users request this. This deadline creates urgency for financial institutions and VLOPs to build or integrate verification infrastructure supporting EUDI Wallets.
eIDAS 2.0 requires every EU country to set penalties for anyone who breaks the rules. These penalties must be serious enough to hurt and deter bad behaviour. However, the key point for businesses to note, is that only “trust service providers” face specific, high minimum fines.
These are companies that issue qualified digital certificates, electronic signatures, seals, timestamps, etc. (think of companies like DocuSign or Adobe if they offer qualified services in the EU, or specialist Certificate Authorities).
For these trust service providers (both qualified and non-qualified ones):
This framework is similar to how GDPR fines work for serious breaches. Everyone else in the ecosystem does not have these specific high fine levels written in the regulation. This includes:
For these other actors, EU countries must still create penalties that are “effective, proportionate, and dissuasive,” but the regulation does not set a minimum €5 million or percentage-of-turnover level. In practice, many countries are likely to align these with GDPR-style fines (up to 4% of global turnover for serious cases), but it’s left to each country to decide.
The bottom line for executives:
In short, the biggest explicit financial hammer is aimed at traditional trust service providers. The rest of the ecosystem gets a “make it hurt” requirement, but without the same guaranteed multimillion-euro minimums.
Registration systems for wallet relying parties will become available as Member States implement the regulation. Organisations planning to use EUDI Wallets should prepare by:
Banks can use wallet credentials for customer onboarding, transaction authentication, and regulatory compliance. When opening an account, a customer presents verified identity and address credentials from their wallet. The bank verifies these credentials cryptographically without needing to collect documents or perform manual checks.
For payment authentication, users can approve transactions by presenting a credential from their wallet meeting strong authentication requirements. This provides security without depending on SMS codes or proprietary authentication apps. The wallet also enables simplified payment flows through Attestation to Pay, or A2P, where users authorise merchant payments directly from their bank account with a single wallet approval, refining the checkout experience while maintaining security.
Retailers selling alcohol, tobacco, or other age-restricted products can verify customer age without collecting date of birth. The wallet generates a disclosure proving the user meets the minimum age requirement without revealing additional information. This satisfies regulatory requirements while respecting privacy.
Physical venues can implement the same verification for entry control. A nightclub can verify a patron's age by scanning a QR code from their wallet, receiving cryptographic proof of age eligibility without recording personal details.
Professional credentials stored in wallets enable instant verification of qualifications. A hospital can verify a locum doctor's medical license by requesting the relevant credential from their wallet. The credential, issued by the medical licensing authority, proves current licensure status without requiring the hospital to contact the authority directly.
This extends to cross-border recognition of professional qualifications, making it easier for professionals to work in different Member States while enabling employers to verify credentials at speed.
Government agencies can use wallets both to issue and verify credentials. A tax authority might issue a credential confirming tax residency status. Other government agencies can then verify this status when needed without contacting the tax authority. This reduces inter-agency coordination requirements while giving citizens portable proof of status.
Hotels can refine check-in by accepting EUDI Wallet credentials, cryptographically verifying identity without photocopying passports or storing unnecessary personal data. Car rental companies can verify both identity and driving license credentials directly from the wallet, confirming license validity instantly without examining physical documents or maintaining copies.
Cross-border travel becomes simplified as EUDI Wallets are mutually recognised across Member States. Travelers use the same wallet credentials for hotel check-in, car rentals, and age-restricted services like duty-free purchases across different countries, without repeatedly presenting physical documents or creating multiple accounts.
While eIDAS 2.0 is an EU regulation, its influence extends globally. The technical standards adopted for EUDI Wallets (OpenID4VP, W3C VCs, ISO mDL) are international specifications. Organisations implementing these standards can support not just EUDI Wallets but similar initiatives in other regions.
Several countries outside Europe are developing digital identity frameworks based on compatible standards. This creates potential for international interoperability over time as bilateral and multilateral recognition agreements emerge.
The real impact of eIDAS 2.0 will depend on ecosystem development beyond the minimum requirements. As more credential types become available and more organisations integrate wallet support, network effects increase the value to users.
Third-party credential issuers will emerge, offering specialised credentials for specific industries or use cases. Privacy-enhancing technologies like zero-knowledge proofs will enable new verification patterns. Integration with other digital services will make wallets central to digital life rather than just identity verification tools.
Technical specifications will continue evolving based on implementation experience. The Architecture Reference Framework (ARF) defining EUDI Wallet requirements will see updates addressing edge cases and new requirements. Organisations should plan for ongoing standards maintenance rather than one-time implementation.
Organisations affected by eIDAS 2.0 should take concrete steps toward readiness:
.png)
Organisations facing the December 2027 compliance deadline need partners who understand both technical requirements and regulatory context. Vidos provides the infrastructure and expertise to prepare for EUDI Wallet acceptance efficiently.
Building verification infrastructure from scratch typically takes 12-18 months. Vidos provides pre-certified components that integrate in 2-4 weeks. We hold ISO 27001 certification for information security, UK Cyber Essentials certification, and are on the UK DVS Register, certified under the UK Digital Identity and Attributes Trust Framework (DIATF) as an Orchestration Service Provider and a Component Service Provider. Organisations integrating Vidos benefit from these foundational certifications and experience, to reduce compliance burden and while accelerating production timelines.
EUDI Wallets present credentials in multiple formats, including SD-JWT, ISO/IEC 18013-5 mobile driving licenses, and W3C Verifiable Credentials. Vidos verifies all credential types through a single API, handling cryptographic validation, revocation checking, schema compliance, and temporal constraints automatically. Organisations define business rules while we handle the technical verification layer.
Technical implementation is only part of eIDAS 2.0 readiness. Vidos offers expert-led eIDAS 2.0 training and enablement programmes that cover regulatory compliance requirements, implementation patterns, and verification policy design for executives, compliance teams, and technical staff. The customisable training combines regulatory expertise with hands-on learning to help teams turn regulatory mandates into competitive advantage. We also provide quarterly briefings on Member State implementation updates, regulatory clarifications, and emerging best practices, along with template libraries including RFP responses, compliance checklists, and architecture diagrams.
Our verification infrastructure serves financial institutions meeting December 2027 acceptance obligations, government agencies accepting cross-border credentials, retailers implementing age verification, healthcare providers verifying professional credentials, and IAM vendors extending platforms to support verifiable credentials. Organisations that would spend over a year building and certifying infrastructure reach production in a quarter using Vidos.
eIDAS 2.0 represents a fundamental shift in digital identity for Europe. Rather than organisations managing identity through proprietary systems and third-party checks, citizens will carry government-issued credentials they control and present on demand.
For organisations, this means rethinking identity architecture around verifiable credentials rather than stored personal data. The technical changes are significant but manageable through standards-based implementation. The compliance requirements create deadlines that drive action, while the user experience benefits create a competitive advantage for early adopters.
The transition to wallet-based identity will happen gradually as wallets launch, credentials become available, and use cases mature. Organisations that understand the framework, prepare infrastructure, and engage with the ecosystem will be positioned to benefit to benefit for years ahead rather than scrambling to meet compliance deadlines.
Contact the Vidos team to discuss your verification requirements and explore how to integrate wallet support efficiently.
