EUDI Wallet Glossary

A mobile app that allows EU citizens to store and share verified digital identity credentials across all 27 member states. Required by eIDAS 2.0 regulation, every EU country must provide at least one EUDI Wallet by December 2026.

Organization or service that accepts and verifies EUDI Wallet credentials. Examples: airlines for boarding, banks for account opening, hotels for check-in, government services for authentication.

Core identity attributes in EUDI Wallet including name, birthdate, nationality, and unique identifier. PID is the foundational credential that other documents build upon.

Physical identity card with embedded chip containing digital certificates. Used in many EU countries for activating EUDI Wallets and as basis for digital identity credentials.

Authorized organization that creates and signs verifiable credentials for EUDI Wallets. Examples: government agencies (ID, driver license), universities (diplomas), employers (professional licenses).

Fundamental eIDAS 2.0 principle: credentials issued by one EU member state must be recognized and accepted by all other member states. Enables EU-wide mobility with single digital wallet.

Specific piece of information about a person (name, birthdate, address, nationality). EUDI Wallets store attributes as verifiable credentials and allow selective disclosure.

Technical specification (currently version 2.7.3) defining interoperability standards, security requirements, and common technical approaches for EUDI Wallet implementations across all EU member states.

Cryptographically secure digital credentials that can be verified without contacting the issuer. Based on W3C standard. EUDI Wallets use verifiable credentials for storing identity documents, diplomas, licenses, and other official documents.

Electronically signed statement about specific attributes issued by qualified trust service provider. Used in EUDI Wallets for official documents like diplomas, professional licenses, or healthcare credentials.

Protocol standard used by EUDI Wallets to present credentials to relying parties. Enables interoperability across different wallet implementations and service providers.

Protocol standard for issuing verifiable credentials to EUDI Wallets. Used by government agencies, universities, and other issuers to provide credentials to users.

ISO 18013-5 standard for mobile driving licenses, extended for EUDI Wallets. Defines secure storage and presentation of identity documents on mobile devices.

Short-range wireless technology used by EUDI Wallets to read eID cards during activation and to present credentials to readers. Enables tap-to-verify functionality.

W3C standard for identifiers that don't require central registry. EUDI Wallets may use DIDs for privacy-preserving identification without revealing identity to third parties.

Digitally signed statement by authorized issuer confirming specific information is true. EUDI credentials are attestations about user attributes verified by government or qualified entities.

Single installation of EUDI Wallet on user device. A user may have multiple wallet instances (personal phone, work tablet) but typically uses one primary instance.

Storing EUDI Wallet credentials on user device rather than cloud. Provides offline access and enhanced privacy. Netherlands NL-wallet uses local-first architecture with optional cloud backup.

Storing EUDI Wallet credentials in secure cloud infrastructure. Enables multi-device access and automatic backup. France Identité uses cloud-based architecture.

Method for presenting EUDI credentials using QR code that relying party scans. Enables offline verification without internet connection. Used for driver license checks, age verification.

Ability to verify EUDI credentials without internet connection. Important for scenarios like traffic stops, airport security, or areas with poor connectivity. Uses digital signatures and QR codes.

ISO 18013-5 standard for mobile driver licenses extended to other credentials. EUDI Wallets use mDoc format for driver licenses, national IDs, and other documents. Enables offline verification via NFC and Bluetooth.

International standard for mobile driving licenses (mDL). Defines data model, security mechanisms, and presentation protocols. EUDI Wallets implement ISO 18013-5 for driver license credentials.

W3C standard for cryptographically secure digital credentials. Defines data model for verifiable credentials and presentations. EUDI Wallets support W3C VC format alongside ISO mDoc.

W3C standard for encoding linked data using JSON. Used in W3C Verifiable Credentials to provide semantic interoperability. Enables credentials to be understood across different systems.

Authorization framework enabling third-party applications to obtain limited access to services. EUDI Wallets extend OAuth 2.0 with OpenID4VP for credential presentation.

Identity layer built on OAuth 2.0 enabling user authentication. Widely used for login and identity verification. EUDI Wallets extend OIDC with verifiable credential capabilities via OpenID4VP.

XML-based standard for exchanging authentication and authorization data. Used in enterprise single sign-on systems. EUDI Wallets can integrate with SAML-based systems for enterprise authentication.

Compact URL-safe token format for transmitting claims between parties. Used for authentication tokens and credential encoding. EUDI Wallets use JWT in various protocols.

Authentication allowing one login for multiple applications. Improves user experience and security. EUDI Wallets can provide SSO for government and enterprise services.

Mechanisms for backing up and restoring wallet credentials. Critical for device loss or replacement. EUDI Wallets implement encrypted cloud backup.

Definition of credential data structure and fields. Enables semantic interoperability. EUDI credentials follow standardized schemas.

Vocabulary for annotating and validating JSON documents. Used for credential schema definitions. Ensures EUDI credential data integrity.

Entry point for API requests providing routing, authentication, rate limiting. Infrastructure component. EUDI Wallet backends use API gateways.

Architectural style structuring application as collection of small services. Enables scalability and resilience. Modern EUDI Wallet backends use microservices.

EU regulation (EU 2024/1183) establishing legal framework for digital identity in Europe. Requires all member states to provide EUDI Wallets by December 2026 and mandates acceptance by Very Large Online Platforms (VLOPs) by December 2027.

Online platforms with over 45 million monthly active users in EU. VLOPs must accept EUDI Wallet credentials by December 2027 under eIDAS 2.0 regulation. Includes Amazon, Google, Facebook, Apple services.

EU data protection regulation (2016/679). All EUDI Wallet implementations must comply with GDPR including user consent, data minimization, and right to erasure.

EU regulation requiring strong customer authentication for online payments. EUDI Wallets provide PSD2-compliant authentication for banking and payment services.

eIDAS 2.0 requirement: governments must accept EUDI Wallets by December 2026, VLOPs by December 2027, banks/financial services by December 2027. Non-compliance may result in penalties.

EU regulation for payment services requiring strong customer authentication. Impacts banking integrations. EUDI Wallets enable PSD2-compliant authentication.

Measure of confidence in user authentication. eIDAS defines three levels: Low, Substantial, High. EUDI Wallets must provide High level of assurance for government and regulated services.

Authentication using biological characteristics like fingerprint, face recognition, or iris scan. EUDI Wallets support biometric authentication for secure access to credentials.

Mechanisms for restoring EUDI Wallet credentials if device is lost, stolen, or damaged. May use cloud backup (encrypted) or recovery codes. Implementation varies by country.

Authentication standard using public key cryptography and biometrics. Enables passwordless authentication with security keys or device biometrics. EUDI Wallets may use FIDO2 for local device authentication.

W3C standard for web-based authentication using public key cryptography. Part of FIDO2 specification. Enables passwordless login to websites using biometrics or security keys.

OAuth 2.0 security extension preventing authorization code interception attacks. Required for mobile and public client applications. EUDI Wallets use PKCE in OpenID4VCI flows.

System for creating, managing, and revoking digital certificates and keys. Enables secure electronic transfer. EUDI Wallets rely on PKI for credential verification.

Trusted entity that issues digital certificates. Verifies identity before issuing certificates. EUDI ecosystem includes government CAs issuing credential certificates.

Protocol for checking certificate revocation status in real-time. Alternative to certificate revocation lists. Used in EUDI Wallet credential validity checking.

List of revoked certificates published by certificate authority. Downloaded periodically for offline revocation checking. Used alongside OCSP in EUDI Wallets.

Cryptographic protocol for secure network communication. Successor to SSL. Used for all EUDI Wallet network communications.

TLS with both client and server authentication. Provides stronger security than standard TLS. Used for EUDI Wallet backend communications.

Security policy forcing HTTPS connections. Prevents downgrade attacks and cookie hijacking. Required for EUDI Wallet web services.

Security mechanism controlling cross-domain HTTP requests. Important for EUDI Wallet web applications. Must be configured correctly to prevent security issues.

Security standard preventing cross-site scripting and injection attacks. HTTP header defining allowed content sources. Required for EUDI Wallet web applications.

Security vulnerability allowing attackers to inject malicious scripts. Major web application threat. EUDI Wallet applications must implement XSS prevention.

Attack forcing authenticated users to execute unwanted actions. Web application vulnerability. EUDI Wallet applications implement CSRF tokens for protection.

Attack inserting malicious SQL code into queries. Common database security vulnerability. EUDI Wallet backend systems must use parameterized queries.

Controlling API request frequency to prevent abuse. Security and performance measure. EUDI Wallet APIs implement rate limiting for credential issuance and verification.

Attack overwhelming systems with traffic from multiple sources. Availability threat. EUDI Wallet infrastructure implements DDoS protection.

Authorized simulated cyberattacks testing system security. Identifies vulnerabilities before attackers find them. EUDI Wallet implementations undergo regular penetration testing.

Systematic review identifying security weaknesses. Proactive security measure. EUDI Wallet systems undergo continuous vulnerability assessment.

Full evaluation of security controls and processes. Ensures compliance with security standards. EUDI Wallets require independent security audits.

PSD2 requirement for two-factor authentication in payment transactions. Requires two of: knowledge, possession, inherence. EUDI Wallets provide SCA capabilities.

Authentication using two different factors. More secure than password alone. EUDI Wallets use biometric plus PIN for 2FA.

Authentication requiring multiple verification factors. Includes 2FA and beyond. EUDI Wallets implement MFA for credential access.

Controlling user sessions after authentication. Includes timeouts, renewal, and secure storage. Critical for EUDI Wallet security.

Automatically ending inactive user sessions. Security measure preventing unauthorized access. EUDI Wallets implement configurable session timeouts.

Hardware-isolated environment for cryptographic operations. Found in modern smartphones. EUDI Wallets store private keys in secure enclaves.

Secure area in processor ensuring confidential code execution. Protects against software attacks. EUDI Wallets use TEE for credential operations.

Physical device managing cryptographic keys and operations. Tamper-resistant hardware. EUDI credential issuers use HSMs for signing keys.

Periodically replacing cryptographic keys. Security best practice limiting key compromise impact. EUDI systems implement regular key rotation.

Cryptographically binding credentials to specific device. Prevents credential theft and unauthorized transfer. EUDI Wallets use device-bound keys.

Proving cryptographic key properties and storage location. Verifies keys stored in secure hardware. Used in EUDI Wallet device binding.

Mechanisms preventing credential duplication across devices. Uses device binding and hardware attestation. Essential EUDI Wallet security feature.

Attack reusing captured credentials for unauthorized access. Security threat. EUDI Wallets use nonces and timestamps for replay prevention.

Authentication protocol where server sends challenge and client provides cryptographic response. Proves key possession. Used in EUDI Wallet protocols.

Security model requiring verification for every access request regardless of location. Never trust, always verify. EUDI Wallet infrastructure implements zero trust.

Security principle granting minimum access necessary for function. Reduces attack surface. Applied throughout EUDI Wallet systems.

Security strategy using multiple layers of defense. If one layer fails, others still protect. EUDI Wallet security uses defense in depth.

Organized approach to handling security breaches and attacks. Includes detection, containment, recovery. EUDI Wallet operators maintain incident response plans.

EUDI Wallet feature allowing users to share only specific attributes (like age or nationality) without revealing full identity document. For example, proving you are over 18 without showing your birthdate or full ID.

GDPR principle requiring collection of only necessary data. EUDI Wallets implement data minimization through selective disclosure - sharing only required attributes, not full documents.

System for managing user data sharing consent. GDPR requirement. EUDI Wallets provide explicit consent UI before credential sharing.

GDPR principle limiting data collection to what is necessary. Core privacy concept. EUDI Wallets implement selective disclosure for data minimization.

GDPR requirement that data collected for specific purposes not be reused for other purposes. Privacy protection. EUDI Wallet consent UI specifies data usage purpose.

Approach integrating privacy throughout system design. GDPR requirement. EUDI Wallet architecture built with privacy by design principles.

GDPR requirement analyzing privacy risks of data processing. Required for high-risk processing. EUDI Wallet implementations must conduct DPIA.

GDPR requirement for organizations processing sensitive data. Oversees data protection compliance. EUDI Wallet operators must appoint DPO.

GDPR right to receive personal data in machine-readable format. Enables switching providers. EUDI Wallets support credential export.

GDPR right to have personal data deleted. Privacy protection. EUDI Wallets enable credential deletion and revocation.

Processing personal data so it cannot be attributed without additional information. GDPR security measure. EUDI Wallets use pseudonymous identifiers.

Irreversibly removing personal identifiers from data. Stronger than pseudonymization. Used in EUDI Wallet analytics and research.

Privacy property preventing correlation of user actions across different contexts. Prevents tracking. EUDI Wallets use unique identifiers per interaction.

Unique identifier generated for each relying party relationship. Prevents cross-service tracking. EUDI Wallets generate pairwise DIDs.

Italy national public digital identity system with 30+ million users. IT-Wallet integrates with SPID for authentication. Operational since 2016 with multiple certified identity providers.

Netherlands digital authentication system operational since 2003. Over 13 million users. NL-wallet integrates with DigiD for identity verification and wallet activation.

France authentication system operational since 2016. France Identité EUDI Wallet builds on FranceConnect infrastructure providing smooth integration with existing government services.

Germany eID card online authentication function operational since 2010. Over 15 years of infrastructure experience. AusweisApp EUDI Wallet builds on this proven foundation.

Belgium widely-used digital identity app operated by Belgian Mobile ID consortium (banks and telecom companies). MyGov.be EUDI Wallet integrates with itsme for authentication.

Poland mobile citizen app. Version 2.0 currently live with millions of users (driver license, mDowód). Version 3.0 in development for full EUDI Wallet compliance by December 2026.

Poland mobile identity document integrated with mObywatel app. Digital equivalent to physical ID card with legal recognition for many use cases.

German Federal Office for Information Security. Provides technical guidelines (TR-03127/128/130) for Germany AusweisApp EUDI Wallet implementation and security standards.

Italian Digital Agency responsible for IT-Wallet development. Successfully launched SPID (30M users), PagoPA payment platform, and App IO government services app.

France national cybersecurity agency. Provides security oversight and standards for France Identité EUDI Wallet. French equivalent to Germany BSI.

Organization certified under eIDAS to provide trust services like qualified electronic signatures, seals, and timestamps. QTSPs can issue qualified attestations for EUDI Wallets.

Regulatory requirement for businesses to verify customer identity. EUDI Wallets enable instant KYC compliance allowing 5-minute account opening instead of days of document verification.

International standard for information security management systems. Widely recognized certification. EUDI Wallet providers should achieve ISO 27001 certification.

Systematic approach managing sensitive information security. Framework for policies, procedures, and controls. Required for ISO 27001 certification.

Audit report on security, availability, processing integrity, confidentiality, and privacy. US-based trust service criteria. Cloud providers hosting EUDI Wallet data should have SOC 2.

Security standard for organizations handling credit cards. Mandatory for payment processors. Relevant when EUDI Wallets store payment credentials.

Cryptographic method allowing one party to prove statement is true without revealing information beyond the statement itself. Enables selective disclosure in EUDI Wallets.

Standard for digitally signing JSON content. Provides integrity and authenticity verification. Used in EUDI Wallet credentials and tokens.

Standard for encrypting JSON content. Provides confidentiality for sensitive data. Used in EUDI Wallet secure communication.

Family of standards for signing and encrypting JSON data. Includes JWT, JWS, JWE, JWK, JWA. Foundation for EUDI Wallet cryptographic operations.

JSON format for representing cryptographic keys. Enables key distribution and storage in JSON. Used in EUDI Wallet key management.

ITU-T standard for public key certificates. Widely used in TLS, email, code signing. EUDI Wallets use X.509 certificates for credential verification.

Symmetric encryption algorithm adopted as US government standard. Used for encrypting data at rest and in transit. EUDI Wallets use AES-256 for credential encryption.

Public key cryptosystem used for encryption and digital signatures. Widely deployed in TLS and digital certificates. Supported in EUDI Wallet cryptographic operations.

Public key cryptography using elliptic curves. Provides stronger security with smaller key sizes than RSA. Preferred for mobile devices and EUDI Wallets due to efficiency.

Digital signature algorithm using elliptic curve cryptography. More efficient than RSA signatures. Widely used in EUDI Wallet credential signing.

Cryptographic hash function producing 256-bit digests. Used for data integrity verification and digital signatures. Standard hash algorithm in EUDI Wallets.

Mathematical function that converts data into fixed-size hash value. Used for integrity checking and digital signatures. SHA-256 commonly used in EUDI Wallets.

Random value used once in cryptographic protocols. Prevents replay attacks. EUDI Wallet presentations include nonces.

Set of rules, standards, and governance defining how digital identity credentials are issued, verified, and trusted across organizations and borders. eIDAS 2.0 establishes EU-wide trust framework.

Highest level of electronic signature under eIDAS with same legal effect as handwritten signature. EUDI Wallets may support QES for legally binding transactions.

Testing period where EUDI Wallet is available to limited user group before public launch. Allows countries to gather feedback and resolve issues. Example: Italy IT-Wallet active pilot.

Lightweight package containing application and dependencies. Enables consistent deployment. EUDI Wallet services deployed as containers.

Platform for automating deployment, scaling, and management of containerized applications. Industry standard. EUDI Wallet infrastructure runs on Kubernetes.

Distributes network traffic across multiple servers. Provides high availability and scalability. EUDI Wallet services use load balancers.

Distributed network of servers delivering content based on geographic location. Improves performance. EUDI Wallet web applications use CDN.

Strategies for recovering IT infrastructure after disasters. Ensures business continuity. Critical for EUDI Wallet availability.

System design minimizing downtime through redundancy. Target of 99.9% or higher uptime. Required for EUDI Wallet services.

Automatically switching to backup system when primary fails. Ensures continuity. EUDI Wallet infrastructure implements automatic failover.

Common EUDI Wallet use case allowing users to prove they meet age requirement without revealing exact birthdate. Uses selective disclosure to share only age threshold (e.g., over 18).