Biometric Authentication: Biometric Authentication

Biometric authentication is a security method that verifies a person's identity by measuring unique biological characteristics that are inherent to the individual. In the EUDI Wallet ecosystem, biometric authentication serves as the primary "something you are" factor in the two-factor authentication (2FA) scheme required for wallet access. When a user needs to present a credential from their EUDI Wallet, they authenticate using their fingerprint, face, or other biometric, combined with device possession, to prove they are the legitimate wallet holder. This provides both strong security and excellent usability, as biometric verification takes only a fraction of a second.

The biometric authentication process in EUDI Wallets uses the smartphone's built-in biometric hardware and secure processing capabilities. When the user enrolls a biometric (such as registering their fingerprint), the biometric template is created and stored exclusively within the device's secure hardware -- the Secure Enclave on Apple devices or the Trusted Execution Environment (TEE) on Android devices. This template never leaves the secure hardware and is not accessible to the EUDI Wallet app or any other software.

When the EUDI Wallet needs to authenticate the user (for example, before presenting a credential), it requests biometric verification from the operating system. The OS delegates the check to the secure hardware, which captures a new biometric sample, compares it against the stored template, and returns only a success or failure result to the wallet app. The wallet never has access to the raw biometric data, the stored template, or the comparison process.

This architecture provides defense in depth: even if the EUDI Wallet app were compromised by malware, the attacker could not extract biometric data because it exists only within the tamper-resistant secure hardware. This is a critical security property for a system that handles sensitive identity credentials for hundreds of millions of EU citizens.

Biometric data is classified as a special category of personal data under GDPR Article 9, requiring enhanced protection. The EUDI Wallet architecture respects this classification through strict data localization: biometric data is processed and stored exclusively on the user's device, never transmitted over networks, and never shared with credential issuers, verifiers, or any third party. This on-device-only approach ensures GDPR compliance by design.

The biometric templates stored in the secure hardware are not raw biometric images (fingerprint images or facial photographs) but rather mathematical representations that cannot be reverse-engineered back into the original biometric. Even if a device's secure hardware were physically compromised, the extracted template could not be used to reconstruct the user's fingerprint or face.

It is important to distinguish between biometric authentication (used locally to unlock the wallet) and biometric matching for identity proofing (used during wallet activation to verify the user against their eID card photo). The latter may involve temporary processing of facial images for comparison but follows strict data minimization principles, with the biometric data deleted immediately after the matching process completes.

The eIDAS 2.0 regulation requires that EUDI Wallets be accessible to all citizens, including those who cannot use biometric authentication due to physical disabilities, medical conditions, or personal preference. For this reason, all EUDI Wallet implementations must support PIN-based authentication as a fallback. The PIN serves as a knowledge factor that, combined with device possession, provides equivalent 2FA security.

Some citizens may have conditions that affect biometric reliability, such as worn fingerprints from manual labor, facial changes due to aging or medical treatment, or accessibility needs that make certain biometric methods impractical. The wallet must gracefully handle biometric failures by offering the PIN alternative without compromising security or creating a frustrating user experience.

The choice of authentication method (biometric or PIN) is always under the user's control. Users can configure their EUDI Wallet to require a specific method or allow either. For high-security operations such as signing legal documents, some implementations may require both biometric and PIN authentication simultaneously, providing three-factor authentication (something you know, something you have, and something you are).

• •Face ID / Face unlock for quick credential presentation
• •Fingerprint scan before sharing identity attributes
• •Iris scan on supported devices for high-assurance scenarios