eIDAS 2.0 and the European Digital Identity Wallet: Redefining Trust in the Digital Single Market

Introduction: Identity as the Backbone of the Digital Economy

In the digital age, identity is infrastructure. Access to banking, healthcare, education, public services, and online platforms increasingly depends on reliable digital identification. Yet across the EU, digital identity systems have long been fragmented, nationally siloed, and inconsistently trusted.

To address this, the EU adopted the eIDAS Regulation (EU) No 910/2014, which created a framework for electronic identification and trust services. While groundbreaking, eIDAS 1.0 fell short: cross-border uptake was limited, private-sector usage was weak, and citizens lacked control over their data.

Enter eIDAS 2.0 — a sweeping reform centered on the European Digital Identity Wallet (EUDI Wallet). Proposed in 2021 and reaching final adoption in 2024–2025, eIDAS 2.0 aims to make secure, user-controlled digital identity a universal reality across Europe.

---

1. What Is eIDAS 2.0? From Optional Recognition to Mandatory Infrastructure

eIDAS 2.0 transforms digital identity from a voluntary interoperability framework into a core digital public service.

Key Shift

Under eIDAS 1.0, Member States could notify national eID schemes.

Under eIDAS 2.0, all Member States must offer at least one European Digital Identity Wallet.

The reform:

Updates the legal framework for electronic identification (eID),

Expands and modernizes trust services,

Introduces binding obligations for both public authorities and large private platforms.

The objective is clear:

Every EU citizen and resident should be able to prove who they are — digitally, securely, and across borders — under EU law.

---

2. The European Digital Identity Wallet (EUDI Wallet)

A. What the Wallet Is

The EUDI Wallet is a secure digital application (mobile or equivalent) that allows users to:

store identity credentials (ID card, passport),

present attributes (age, qualifications, address),

sign documents electronically,

authenticate to public and private services,

control what data is shared, with whom, and when.

Crucially, the Wallet is:

Issued or certified by Member States,

Recognized across the EU,

Free for users,

Designed with privacy-by-design and user control principles.

---

B. What Can Be Stored in the Wallet

The Wallet can contain:

Legal identity data (name, date of birth, nationality),

Driving licenses and vehicle registration,

Academic diplomas and professional qualifications,

Bank account attestations,

Health insurance credentials,

Tax and social security identifiers.

Future extensions may include:

Travel credentials,

Residence permits,

Business authorizations.

---

C. Selective Disclosure and Privacy

A key innovation is selective disclosure:

Users can prove facts without revealing full identity

(e.g., “over 18” without sharing date of birth).

Data sharing must be explicitly consented.

No central EU identity database is created.

This aligns eIDAS 2.0 closely with GDPR principles, especially data minimization and purpose limitation.

---

3. Mandatory Acceptance: Who Must Use the Wallet

One of the most radical elements of eIDAS 2.0 is mandatory acceptance.

A. Public Sector

All public authorities must:

accept EUDI Wallets for authentication,

recognize credentials issued by other Member States.

This includes:

tax authorities,

social security bodies,

universities,

courts and registries.

---

B. Large Private Platforms

Certain private actors must also accept the Wallet, including:

banks and financial institutions,

telecom operators,

energy providers,

transport services,

Very Large Online Platforms (VLOPs) under the DSA.

This ensures the Wallet becomes economically relevant, not just administratively useful.

---

4. Trust Services 2.0: Beyond Identification

eIDAS 2.0 also modernizes trust services, which underpin legal certainty in digital transactions.

A. Electronic Signatures and Seals

Qualified electronic signatures remain legally equivalent to handwritten signatures.

Wallet-based signatures simplify access and usability.

B. Electronic Attestations of Attributes (EAAs)

A new legal category allowing trusted providers to certify facts such as:

professional status,

educational degrees,

business roles.

These attestations can be reused across borders and sectors.

C. Website Authentication and Archiving

Enhanced rules for:

trust marks,

timestamping,

electronic archiving.

This strengthens digital evidence in litigation, procurement, and compliance.

---

5. Governance and Technical Architecture

A. National Responsibility, EU Coordination

Member States:

issue or certify Wallets,

designate supervisory bodies,

ensure security and interoperability.

The Commission:

sets technical standards,

coordinates interoperability,

maintains reference architectures.

B. Open Standards and Interoperability

The Wallet ecosystem relies on:

open-source components,

common EU technical specifications,

mutual recognition mechanisms.

This prevents vendor lock-in and supports innovation.

---

6. Security and Liability

A. Security Requirements

Wallets must meet:

high assurance levels,

strong authentication,

secure hardware/software environments,

regular security audits.

B. Liability Framework

Clear liability rules apply to:

Wallet providers,

credential issuers,

relying parties.

If identity misuse occurs due to a system failure, users must have effective remedies.

---

7. Economic and Strategic Impact

A. For Citizens

Easier access to cross-border services,

Reduced bureaucracy,

Greater control over personal data.

B. For Businesses

Simplified onboarding (KYC, contracts),

Reduced fraud risks,

Lower compliance costs over time,

New markets for digital trust services.

C. For the EU

Reduced dependency on non-EU identity providers,

Strengthened digital sovereignty,

A foundational layer for AI, fintech, and digital public services.

---

8. Challenges and Criticism

Despite its ambition, eIDAS 2.0 faces challenges:

Implementation complexity across 27 Member States,

Public trust concerns about surveillance,

Usability risks if wallets are poorly designed,

Private-sector resistance to mandatory acceptance,

Tight coordination needed with GDPR, AML, and AI laws.

Civil society emphasizes the need for:

strong open-source oversight,

independent security audits,

strict limits on function creep.

---

Conclusion: Digital Identity as a Public Good

eIDAS 2.0 represents a fundamental rethinking of digital identity — not as a commercial byproduct, but as a public digital utility grounded in EU law.

Just as the euro unified monetary systems and GDPR reshaped data protection, the European Digital Identity Wallet has the potential to:

unify digital access across borders,

empower citizens,

strengthen trust in the digital economy,

and position Europe as a global standard-setter in digital identity governance.

If implemented correctly, eIDAS 2.0 will make one thing clear:

In Europe, digital identity belongs to the citizen — not the platform.