Architecture Reference Framework 2.7.3 (November 12, 2024) establishes technical foundation for EUDI Wallet ecosystem with device binding now recommended, nearly 200 standards tracked, and 2025 Commission Implementing Regulations integrated.
ARF 2.7.3 Release: November 12, 2024
Technical milestone: The EUDI Wallet Architecture and Reference Framework (ARF) version 2.7.3 was released on November 12, 2024, with the primary change being a fix to get all links working that refer to Annex 2. This update ensures complete accessibility to technical requirements documentation.
The ARF defines the architecture, components, and interactions of the EUDI Wallet ecosystem, providing the technical foundation for ensuring ecosystem-wide interoperability, security, and privacy across all member state implementations.
Three Primary Purposes of ARF 2.7.3
1. Explains the architecture: Details the system components and their interactions, serving as background information for the High-Level Requirements (HLRs) found in Annex 2.
2. Guides implementation: Acts as a common reference for the harmonised implementation of the European Digital Identity Regulation, guiding the development of technical specifications, standards, and operational procedures.
3. Supports development: Used to develop the Wallet Solution reference implementation and will serve as a foundation for future updates to implementing acts based on technological advancements.
Legal Status
The ARF is informative and intended to support implementation; it does not replace the legally binding European Digital Identity Regulation or its adopted implementing and delegated acts, which are the only mandatory requirements. This document applies exclusively to EUDI Wallet ecosystems compliant with the Regulation.
Device Binding: Recommended, Not Mandatory
A significant update in ARF 2.7.3: device binding is now recommended rather than mandatory, with multiple requirements in Annex 2 changed to account for this shift.
What is Device Binding?
Device binding refers to ensuring that attestations are bound to the EUDI Wallet Instance (and thus the device) to which the Issuer issued it, and Relying Parties verify this to prevent attestations from being copied and replayed.
Device-bound attestations contain a public key, with the associated private key stored in a WSCA/WSCD (Wallet Secure Cryptographic Application/Device) or keystore. This cryptographic binding ensures attestations cannot be transferred to unauthorized devices.
Pseudonyms and W3C WebAuthn Integration
A user uses a pseudonym when they wish to create an account at a Relying Party without identifying themselves. The Relying Party associates the pseudonym with the account for subsequent authentication, and the user may additionally present attributes from a PID or attestation during registration or later interactions.
W3C WebAuthn Standard
As specified in CIR 2024/2979, W3C WebAuthn defines the technical specification for pseudonyms, and passkeys are a widely used type of credential which are created and asserted using the WebAuthn API. Section 4.7 discusses how pseudonyms will be implemented and used within a Wallet Unit.
Nearly 200 Standards and Technical Specifications
The European Digital Identity Wallet relies on a complete set of standards and technical specifications (STS), with nearly 200 STS tracked across the ecosystem, a core subset identified as essential for the Wallet itself.
High-Level Requirements Categories
The ARF 2.7.3 organizes requirements into several categories:
Wallet Provider Requirements: Core functionalities, security, user interface elements, and lifecycle management of the wallet.
Relying Parties: Covers how they must register, authenticate themselves to the wallet, request user attributes, and handle User attributes.
Protocols & Interoperability: Defines common communication standards and protocols, ensuring that a Wallet Unit from one Wallet Provider can interact smoothly with a Relying Party service in another.
Commission Implementing Regulations (CIR) 2025 Integration
The current ARF version is based on the legal text adopted by the co-legislators, including several Commission Implementing Regulations (CIRs) from 2025:
CIR 2025/1569: Regarding qualified electronic attestations of attributes (QEAAs) and electronic attestations of attributes (EAAs).
CIR 2025/1929: Regarding the binding of date and time to data.
CIR 2025/1942 and 2025/1943: Regarding qualified validation services.
European Digital Identity Cooperation Group (EDICG)
To finalize the framework, the European Commission, in collaboration with the European Digital Identity Cooperation Group (EDICG), has identified 24 open topics that must be addressed by the end of 2025.
This collaborative approach ensures Member States have input into technical specifications and can coordinate implementation approaches across the EU, facilitating smooth cross-border interoperability.
Public Access and Developer Resources
Version 2.7.3 is publicly available on GitHub, ensuring transparent development and enabling developers to implement ARF specifications with full access to technical documentation.
The framework is available at:
Official documentation: https://eu-digital-identity-wallet.github.io/eudi-doc-architecture-and-reference-framework/2.7.3/architecture-and-reference-framework-main/
Developer hub: https://eudi.dev/2.7.3/architecture-and-reference-framework-main/
Discussion Topics and Ongoing Evolution
The ARF includes Discussion Topics for ongoing technical issues requiring further specification. These topics enable the technical community to collaborate on solving complex interoperability challenges before finalizing requirements.
Notable updates in version 2.7.3 include the integration of Discussion Paper for Topic O into Section 5.5, and Discussion Paper for Topic Z integrated into Sections 6.6.2.3.3 and 6.6.3.8, demonstrating continuous refinement of technical specifications.
Foundation for December 2026 Deployment
With ARF 2.7.3 released November 12, 2024, device binding now recommended (not mandatory), nearly 200 standards and technical specifications tracked, CIR 2025 regulations integrated (2025/1569, 2025/1929, 2025/1942, 2025/1943), pseudonyms via W3C WebAuthn, High-Level Requirements organized across Wallet Provider, Relying Parties, and Protocols & Interoperability categories, EDICG addressing 24 open topics by end 2025, public GitHub access for transparent development, and informative legal status supporting (not replacing) binding Regulation, ARF 2.7.3 provides the complete technical foundation for EUDI Wallet ecosystem deployment.
The combination of detailed architecture documentation (three primary purposes: explains architecture, guides implementation, supports development), flexible device binding approach (recommended, enabling varied implementation strategies), strong standards framework (200 STS tracked, core subset identified), regulatory integration (2025 CIRs incorporated), collaborative governance (EDICG coordination, 24 open topics), and transparent development (GitHub repository, discussion topics) ensures Member States can implement EUDI Wallets with confidence in technical compatibility for smooth cross-border operation from December 2026.
Tags
Stay Updated
Follow the latest EUDI Wallet developments, country launches, and industry adoption news.