Netherlands Publishes NL-wallet Code on GitHub - Full Transparency

Dutch government publishes NL-wallet source code on public GitHub repository, setting transparency standard.

The GitHub Repository: MinBZK/nl-wallet

The Dutch Ministry of the Interior and Kingdom Relations (Ministerie van Binnenlandse Zaken en Koninkrijksrelaties, abbreviated BZK) took the pioneering step of publishing the complete NL-wallet source code on GitHub under the MinBZK organization. This decision sets the Netherlands apart from most other EU member states, which have opted for either private development or publication on government-specific platforms with more limited visibility. By choosing GitHub, the world's largest source code hosting platform with over 100 million developers, the Netherlands ensures that its EUDI Wallet code is accessible to the widest possible audience of security researchers, developers, and interested citizens.

The repository contains multiple components of the NL-wallet ecosystem, including the mobile wallet application (built for both iOS and Android), the backend verification services, the credential issuance infrastructure, and complete technical documentation. The codebase is actively maintained, with regular commits, pull requests, and issue discussions visible to the public. This level of openness allows anyone to track the development progress, understand the architectural decisions being made, and identify potential security or privacy concerns before the wallet reaches production.

Beyond the source code, the Netherlands has also published the wallet's user interface designs on Figma, the popular collaborative design platform. These public design files show the complete user experience flow, from initial wallet setup and credential enrollment to credential presentation and privacy settings. This dual transparency - both code and design - is unprecedented in government digital identity development and reflects a deep commitment to the principle that citizens should be able to understand and verify how their identity data is handled.

DigiD: Two Decades of Digital Identity Experience

The NL-wallet builds on the foundation of DigiD (Digitale Identiteit), the Netherlands' existing digital authentication system that has been operational since 2003. DigiD is one of the oldest continuously operating national digital identity systems in Europe, and with over 13 million registered users (out of a population of approximately 17.5 million), it achieves one of the highest penetration rates of any government digital service worldwide. For most Dutch citizens, DigiD is the gateway to virtually all online government services, from filing tax returns to accessing healthcare records.

DigiD operates at multiple assurance levels. The basic level uses a username and password with SMS-based two-factor authentication. The higher assurance level, DigiD Substantieel, uses the DigiD app with face recognition or fingerprint authentication on the smartphone. The highest level, DigiD Hoog, requires the citizen to use their identity card or driving licence's NFC chip for cryptographic authentication. This tiered approach has proven effective in balancing accessibility with security, and the NL-wallet is designed to complement and eventually extend this framework with verifiable credential capabilities.

The integration between the NL-wallet and DigiD is a critical architectural decision. Rather than replacing DigiD entirely, the NL-wallet is being positioned as the next evolution that adds credential storage and presentation capabilities on top of the proven DigiD authentication layer. Citizens will be able to use their DigiD credentials to initially set up their NL-wallet, creating a smooth onboarding experience that uses an existing trusted relationship. Over time, the NL-wallet may absorb more of DigiD's functions, but the transition is designed to be gradual and non-disruptive.

RvIG and the BRP: Authoritative Identity Data

At the core of the Netherlands' identity infrastructure lies RvIG (Rijksdienst voor Identiteitsgegevens), the government agency responsible for managing the country's identity data systems. RvIG operates the BRP (Basisregistratie Personen), the fundamental personal records database that contains the official identity information of every resident of the Netherlands. The BRP includes name, date of birth, nationality, address, and family relationships for all registered residents, and it serves as the authoritative source of truth for identity across all government systems.

For the NL-wallet, RvIG's role is essential because it provides the verified identity data that underlies the digital credentials stored in the wallet. When a citizen receives a digital credential, such as a proof of age or a digital driving licence, the data in that credential ultimately traces back to the BRP records managed by RvIG. This chain of trust - from the BRP through RvIG to the credential in the wallet - ensures that digital credentials carry the same level of authority as official government documents. RvIG also manages the issuing of physical identity documents (identity cards and passports), which serve as the physical anchor for digital identity enrollment.

The BRP's complete coverage of the Dutch population provides a strong foundation for universal credential issuance. Unlike systems that require citizens to actively register, the BRP automatically includes every person who registers as a resident of the Netherlands. This means that the NL-wallet can potentially issue credentials to any registered resident without requiring a separate enrollment process, significantly reducing the barrier to adoption.

Privacy-First Architecture and PIA Requirements

The Netherlands has long been recognized as one of the most privacy-conscious nations in Europe, and this reputation is reflected in the NL-wallet's architecture. The wallet implements a local-first design philosophy where sensitive data, including identity credentials and personal attributes, are stored primarily on the user's device rather than in centralized government databases. This approach ensures that the government cannot track when and where citizens use their credentials, preserving the unlinkability property that is fundamental to privacy-respecting digital identity systems.

Before the NL-wallet development began, the Dutch government conducted a complete Privacy Impact Assessment (PIA), as required by both the GDPR and Dutch national privacy legislation. The PIA examined every aspect of the wallet's data processing, from initial credential enrollment to credential presentation and revocation. The assessment identified potential privacy risks and mandated specific technical and organizational measures to mitigate them. Critically, the PIA was not a one-time exercise - it is being updated throughout the development process as new features are added and the architecture evolves.

The Dutch approach to privacy extends beyond technical architecture to governance. The NL-wallet development team works closely with the Autoriteit Persoonsgegevens (Dutch Data Protection Authority) to ensure ongoing compliance with privacy regulations. The open-source publication of the code serves as an additional privacy safeguard, allowing independent privacy researchers to verify that the wallet's claimed privacy properties are actually implemented in the code. This combination of formal privacy assessment, regulatory engagement, and public code review creates multiple layers of privacy assurance.

NL-wallet Architecture: Local-First with Selective Disclosure

The technical architecture of the NL-wallet reflects the Dutch emphasis on user control and data minimization. At its core, the wallet stores credentials locally on the user's smartphone, encrypted and protected by the device's secure element or hardware-backed keystore. When a citizen needs to present a credential - for example, proving they are over 18 to access an age-restricted service - the wallet enables selective disclosure, sharing only the minimum information necessary (in this case, a simple yes/no age verification) without revealing the citizen's full date of birth, name, or other personal details.

The optional cloud backup feature is designed with privacy as the primary consideration. If a citizen chooses to back up their wallet to the cloud (for recovery purposes in case of device loss), the backup is encrypted with keys that only the citizen controls. The cloud storage provider, including the government infrastructure hosting the backup, cannot access the contents of the backup without the citizen's decryption key. This ensures that even in the backup scenario, the principle of user sovereignty over personal data is maintained.

The wallet's verification protocol is designed to prevent tracking and correlation. When a citizen presents a credential to a verifier, the protocol does not reveal the credential issuer's involvement, preventing the issuer from knowing when and where the credential was used. Similarly, different verifiers cannot correlate their interactions with the same citizen based on the credential presentation alone. These anti-tracking properties are central to the Dutch design philosophy and have been verified through the public code review process enabled by the GitHub publication.

Setting the Standard for Transparent Government Technology

The Netherlands' decision to publish the NL-wallet on GitHub has had an outsized influence on the broader European EUDI ecosystem. Other member states, including Germany (which publishes on OpenCoDE) and several Nordic countries, have cited the Dutch approach as an inspiration for their own transparency initiatives. The European Commission has also referenced the NL-wallet's open development model as a best practice example in its guidance documents for member state EUDI implementations.

The practical benefits of open-source development have already been demonstrated through the NL-wallet's GitHub presence. Security researchers have identified and reported vulnerabilities through the repository's issue tracker, academic institutions have conducted independent analyses of the wallet's cryptographic protocols, and developers from other countries have contributed improvements to the codebase. This collaborative development model harnesses the collective expertise of the global developer community, resulting in a more secure and strong wallet than any single team could produce in isolation.

As the Netherlands moves toward production deployment of the NL-wallet, the open-source approach continues to evolve. The development team has established clear contribution guidelines, a responsible disclosure program for security vulnerabilities, and a public roadmap that outlines planned features and milestones. This combination of transparency, community engagement, and structured governance positions the NL-wallet as a model for how democratic governments can develop sensitive technology systems in the open, building trust through visibility rather than secrecy.