EUDI Wallet Germany: AusweisApp Evolution

Overview

Germany brings 14 years of electronic identity experience to the EUDI Wallet transition. With a population of 84 million, Germany has operated the AusweisApp since 2010, providing secure online authentication through ID card eID chips. In 2021, Germany enacted legislation enabling Smart-eID, which stores identity credentials directly on smartphones, eliminating the need to carry physical ID cards for digital authentication.

The German approach prioritizes security, transparency, and regulatory compliance. The EUDI wallet implementation is fully open source on OpenCoDE GitLab, allowing public scrutiny of the code. Development is led by BMDS (Federal Ministry for Digital Affairs) with implementation by SPRIND and security certification from BSI (Federal Office for Information Security).

Key Information

• Current System: AusweisApp (since 2010)
• EUDI Wallet: Architecture C' (Signed Credential with Cloud Support)
• Launch Timeline: Early 2027 (first stage) 🟡
• Lead Organization: BMDS (Federal Ministry for Digital Affairs) 🟢
• Implementation Partner: SPRIND 🟢
• Security Certification: BSI (Federal Office for Information Security) 🟢
• Technical Partners: Bundesdruckerei, Fraunhofer AISEC, PwC, Governikus 🟢
• Open Source: Yes (OpenCoDE GitLab) 🟢
• Smart-eID: Enabled by 2021 law (smartphone storage) 🟢
• Security Standards: BSI TR-03127, TR-03128 (v1.2), TR-03130 🟢

AusweisApp: 14 Years of eID Experience

AusweisApp (Identity App) is Germany's official electronic identity software, operational since 2010. It provides secure online authentication using the eID function embedded in German ID cards (Personalausweis) and residence permits. With 14 years of real-world deployment, Germany has extensive experience with digital identity infrastructure that most EU countries are only beginning to develop.

How AusweisApp Works

When you use AusweisApp to authenticate online, the process works like this:

1. You visit a website or service requiring identity verification
2. The service redirects you to the AusweisApp authentication flow
3. You place your ID card on an NFC-enabled smartphone or USB card reader
4. AusweisApp reads the eID chip using secure NFC communication
5. You enter your 6-digit eID PIN to authorize the authentication
6. AusweisApp shares only the requested attributes (e.g., age, address) with the service
7. The service receives cryptographically signed proof of your identity

This selective disclosure approach means you never share more information than necessary. If a website only needs to verify you're over 18, AusweisApp can share age verification without revealing your exact birth date, address, or other personal details.

Current Usage

AusweisApp is accepted by over 600 government and private services in Germany:

• Government Services: Tax filing, vehicle registration, business permits, social benefits
• Banking: Account opening, loan applications, KYC verification
• Age Verification: Online gambling, age-restricted purchases
• Contracts: Rental agreements, employment contracts, insurance applications
• Healthcare: Electronic health records, prescription services

This widespread acceptance demonstrates that Germany has already solved the adoption challenge many countries face: getting both citizens and service providers to trust and use digital identity.

Smart-eID: The 2021 Innovation

In 2021, Germany enacted legislation enabling Smart-eID (Smart Electronic Identity), allowing citizens to store identity credentials directly on their smartphone without needing the physical ID card for online authentication. This was a significant step toward the mobile-first EUDI Wallet experience.

How Smart-eID Works

Smart-eID uses the smartphone's secure element—a hardware-protected chip similar to the chip in physical ID cards. The setup and authentication process works as follows:

Initial Setup

• You perform one-time authentication with your physical ID card using NFC
• Your smartphone's secure element receives cryptographic keys and identity data
• Credentials are permanently bound to that specific smartphone
• You set up biometric authentication (fingerprint or Face ID) for quick access

Daily Authentication

• Open the AusweisApp on your smartphone
• Authenticate with your fingerprint or Face ID
• The secure element performs cryptographic operations without exposing keys
• You authorize sharing specific identity attributes
• Service receives cryptographic proof of your identity

Security Architecture

Smart-eID achieves the same security level as physical ID cards through multiple layers of protection:

• Secure Element Storage: Keys never leave the hardware-protected chip
• Malware Resistance: Even if the phone is infected, malware cannot access the secure element
• Cryptographic Protocols: Same challenge-response authentication as physical cards
• Biometric Protection: Fingerprint or face recognition required to activate Smart-eID
• Device Loss Protection: Credentials can be remotely revoked if smartphone is lost/stolen
• No Cloud Storage: Identity keys remain on device, never uploaded to servers

This architecture demonstrates that smartphone-based identity can meet stringent German security requirements, validating the approach that will be used for the EUDI Wallet.

Architecture C': Signed Credentials with Cloud Support

Germany selected Architecture C' for its EUDI Wallet implementation. This architecture model balances security, privacy, and usability while maintaining compatibility with existing Personalausweis infrastructure.

How Architecture C' Works

The C' architecture provides these key features:

• Local Storage: Credentials stored on your smartphone, not in a centralized database
• Cryptographic Signing: Credentials are digitally signed by issuing authorities (government, banks, employers)
• Cloud Backup (Optional): Encrypted backup of credentials for recovery if device is lost
• User Control: You decide which credentials to share and when
• Selective Disclosure: Share only necessary attributes (e.g., "over 18" without full birth date)
• Offline Verification: Many credentials can be verified without internet connectivity

Why Germany Chose C'

The C' architecture was selected because it provides:

• Security: Credentials under user control, not stored centrally where they could be compromised in a single breach
• Privacy: Minimal data sharing with selective disclosure; no central tracking of authentication events
• Usability: Cloud backup enables recovery without re-enrolling all credentials if you lose your phone
• BSI Compliance: Meets German security standards defined in TR-03127/128/130
• Compatibility: Works with existing AusweisApp and Smart-eID infrastructure

Comparison with Other Architectures

The EU Architecture Reference Framework defines four main models. Germany chose C' over:

• Architecture A (Cloud-Only): Rejected because credentials stored on provider servers, not user devices
• Architecture B (Device-Only): More secure but no recovery option if device lost
• Architecture D (Hybrid): More complex with limited additional benefits

BSI Technical Guidelines: The Security Foundation

BSI (Bundesamt für Sicherheit in der Informationstechnik - Federal Office for Information Security) publishes Technical Guidelines (Technische Richtlinien, TR) that define mandatory security requirements for German eID systems. Compliance with these guidelines is not optional—it's required by law.

Key Guidelines for EUDI Wallet

TR-03127: eID Cards and Chips

This guideline specifies cryptographic algorithms, chip architecture, and tamper resistance for ID cards and electronic credentials. It defines:

• Which cryptographic algorithms are approved (RSA, ECC, specific key lengths)
• How eID chips must protect keys against extraction
• Challenge-response protocols for authentication
• Resistance to physical attacks (chip extraction, power analysis, timing attacks)
• Secure storage requirements for credentials

TR-03128: eID Service Providers (v1.2)

This guideline defines requirements for organizations (banks, government agencies, businesses) that accept eID authentication. Version 1.2 includes specific updates for EUDI Wallet interoperability. Requirements include:

• Certificate management for service provider authorization
• Secure communication protocols (TLS versions, cipher suites)
• Audit logging of authentication requests
• Data minimization (request only necessary attributes)
• User consent management
• Cross-border interoperability with other EU wallets

TR-03130: eID Servers

This guideline specifies security requirements for backend servers processing eID authentication requests. It covers:

• Network security and firewall requirements
• Key management and hardware security module (HSM) usage
• Session handling and timeout policies
• Compliance monitoring and security audits
• Incident response procedures

Impact on EUDI Wallet

Germany's EUDI wallet must comply with all BSI TR guidelines, ensuring:

• Cryptographic strength matching or exceeding physical ID cards
• Resistance to known attack vectors (man-in-the-middle, replay, credential theft)
• Audit trails for compliance verification
• Data minimization (share only necessary attributes)
• Regular security audits and penetration testing by BSI
• Compliance certification before public release

This rigorous security framework means Germany's EUDI wallet will likely be one of the most thoroughly vetted implementations in the EU, though it may take longer to achieve full certification.

Open Source Development: Transparency as Security

Germany's EUDI wallet is fully open source, with code and documentation published on OpenCoDE GitLab (gitlab.opencode.de/bmi/eudi-wallet/eidas2). This represents a significant commitment to transparency rarely seen in government identity systems.

Why Open Source?

Making the wallet code public provides multiple benefits:

• Security Review: Independent researchers can identify vulnerabilities before deployment
• Public Trust: Citizens can verify the wallet operates as claimed (no backdoors, no hidden data collection)
• Collaboration: Other EU countries can learn from Germany's implementation
• Quality Assurance: Public scrutiny improves code quality
• Regulatory Compliance: Regulators can audit the implementation
• Academic Research: Universities can study and improve the system

Public Consultation Process

Germany conducted formal public consultations allowing stakeholders to provide feedback:

• Security researchers to propose improvements
• Privacy advocates to raise concerns
• Industry experts to suggest architectural changes
• Citizens to ask questions and provide feedback
• Technology companies to ensure integration compatibility

This transparent approach contrasts with closed-development models where code is revealed only at launch, leaving little time to address issues. Germany's approach allows issues to be identified and fixed during development rather than after public release.

What's Available on GitLab

The OpenCoDE repository includes:

• Complete wallet application source code (iOS and Android)
• Backend server implementations
• Cryptographic libraries and protocols
• Architecture documentation and specifications
• Security audit reports
• Integration guides for service providers
• Test suites and quality assurance tools

Implementation Partners: Who's Building Germany's Wallet

BMDS: Federal Ministry for Digital Affairs and State Modernization

BMDS (Bundesministerium für Digitales und Staatsmodernisierung) leads the EUDI wallet initiative. Established to accelerate Germany's digital transformation, BMDS sets strategic direction, coordinates stakeholders, ensures regulatory compliance, and represents Germany in EU-wide digital identity discussions.

SPRIND: Federal Agency for Disruptive Innovation

SPRIND handles technical implementation. Unlike traditional government contractors focused on incremental improvements, SPRIND specializes in innovative approaches and rapid iteration while maintaining security standards. SPRIND coordinates development teams, manages the GitLab repository, oversees testing, and ensures the wallet incorporates cutting-edge technology.

BSI: Federal Office for Information Security

BSI provides security certification and publishes Technical Guidelines. BSI conducts penetration testing, reviews cryptographic implementations, audits the codebase for vulnerabilities, and certifies that the wallet meets German security standards before public release. BSI's approval is legally required before the wallet can be deployed.

Bundesdruckerei: State-Owned Secure Printing

Bundesdruckerei has decades of experience producing secure documents (passports, ID cards, vehicle registrations, currency). They contribute expertise in credential issuance, anti-counterfeiting measures, physical-to-digital identity linking, and the transition from traditional documents to digital credentials. They also operate secure infrastructure for credential verification.

Fraunhofer AISEC: Applied Security Research

Fraunhofer AISEC (Applied and Integrated Security) provides cutting-edge cryptographic research, secure hardware integration, threat modeling, and analysis of emerging attack techniques. They help ensure the wallet resists not only current attacks but also future threats as cryptography and attack methods evolve.

PwC Deutschland: Audit and Compliance

PwC provides compliance auditing, ensuring the wallet meets eIDAS 2.0 requirements, GDPR data protection standards, German regulations, and EU cross-border interoperability specifications. They also assist with risk assessment and governance frameworks.

Governikus: eID Service Provider

Governikus operates one of Germany's largest eID service provider platforms, processing millions of AusweisApp authentications annually. They contribute real-world operational expertise, integration support for businesses adopting EUDI wallet authentication, and insights from managing existing eID infrastructure at scale.

Timeline and Milestones

Completed Milestones

• 2010: AusweisApp launches with eID-enabled ID cards 🟢
• 2010-2020: Gradual adoption, technical refinements, service expansion 🟢
• 2021: Smart-eID law enacted (smartphone storage of identity) 🟢
• April 2024: eIDAS 2.0 regulation signed into EU law 🟢
• May 2024: eIDAS 2.0 enters into force 🟢
• September 2024: BMI announces EUDI wallet development with SPRIND 🟢
• 2024-2025: Open source development on OpenCoDE GitLab 🟢
• 2025: Public consultations and architecture documentation published 🟢
• November 2024: EU adopts implementing acts (technical specifications) 🟢

Planned Milestones

• Q1 2026: Security audit and penetration testing by BSI 🟡
• Mid-2026: Cross-border interoperability testing with EU partners 🟡
• Q4 2026: Beta testing with selected user groups 🟡
• Early 2027: First stage public launch (planned) 🟡
• 2027: Gradual rollout and service integration 🟡
• End of 2027: Financial institutions required to accept EUDI wallet 🟢

Why Early 2027?

Germany's timeline extends slightly beyond the December 2026 regulatory deadline for several strategic reasons:

• Security Certification: BSI approval requires extensive testing that cannot be rushed
• Quality over Speed: Germany prioritizes correctness and security over meeting arbitrary dates
• Extension Precedent: eIDAS 2.0 allows extensions for countries demonstrating progress
• Mature Foundation: 14 years of AusweisApp operation provide interim solution during transition
• Cross-Border Testing: Ensuring compatibility with other EU wallets takes time

Given Germany's advanced state (operational eID system, legal framework for Smart-eID, open source development, partner ecosystem), regulators are likely to grant flexibility for thorough testing rather than rushing an incomplete system to market.

Use Cases and Services

Government Services

The EUDI wallet will work with existing German government services:

• Tax Services: Filing tax returns, requesting refunds, viewing tax statements
• Vehicle Services: Registration, license renewal, insurance verification
• Social Benefits: Unemployment benefits, child benefits, housing assistance, pensions
• Business Services: Company registration, permits, licenses, commercial registry access
• Property Services: Land registry access, property ownership verification
• Healthcare: Insurance enrollment, electronic health records, prescription access
• Education: University enrollment, student ID, academic credential verification

Financial Services

From the end of 2027, financial institutions will be required to accept the EUDI wallet for customer identification:

• Bank Accounts: Opening accounts, KYC verification, updating customer information
• Loans and Mortgages: Applications, income verification, credit checks
• Investments: Brokerage accounts, fund subscriptions, securities trading
• Credit Cards: Card issuance, limit increases, cardholder verification
• Cryptocurrency: Exchange verification, AML compliance, wallet registration
• Insurance: Policy applications, claims processing, beneficiary verification

Age Verification

The wallet supports privacy-preserving age verification:

• Online Shopping: Age-restricted products (alcohol, tobacco) without revealing birth date
• Adult Content: Website access gates using "over 18" verification
• Social Media: Platform registration with age attestation
• Gaming: Age-restricted game purchases, online gambling verification
• Physical Venues: Nightclub entry, casino access, age-restricted events

Cross-Border Use (Post-2027)

Once fully EUDI-compliant, your German wallet will work across the EU:

• Travel: Rental car services, hotel check-ins, transportation discounts across EU
• Banking: Opening accounts in other EU countries without in-person verification
• Employment: Professional license verification for cross-border work
• Education: University enrollment in other EU countries, credential recognition
• Healthcare: Accessing services in other EU countries with insurance verification
• Business: Company registration, cross-border trade documentation

Privacy and Data Protection

GDPR Compliance

As a government service processing citizen data, Germany's EUDI wallet complies with GDPR:

• Data Minimization: Share only attributes necessary for the service (e.g., age, not full birth date)
• Purpose Limitation: Identity data cannot be used for advertising or commercial profiling
• Right to Access: View complete logs of when and where you shared identity data
• Right to Deletion: Delete wallet and credentials without affecting physical documents
• Privacy Impact Assessments: Regular DPIA reviews ensure ongoing compliance
• Consent Management: Explicit approval required for each data sharing request

Selective Disclosure in Practice

Germany's implementation supports fine-grained selective disclosure:

• Age Verification: Share "over 18" or "over 21" without revealing exact birth date
• Residency Proof: Share city or region without revealing street address
• Nationality Proof: Share "EU citizen" without revealing specific country
• Student Status: Share "currently enrolled" without revealing institution name
• Employment: Share "employed" status without revealing employer

No Central Tracking

The Architecture C' design intentionally avoids creating a central database of citizen authentication events:

• Government does not receive logs of where you use your digital identity
• Each authentication is a direct interaction between you and the service provider
• Verification infrastructure confirms credential validity but does not track usage
• You maintain complete audit logs locally on your device

User Control and Transparency

Before any data sharing, the wallet displays:

• The identity of the service provider requesting data
• Exactly which attributes are being requested
• The purpose for which data will be used
• How long the service will retain the data
• Whether data will be shared with third parties

You must explicitly approve each request by entering your PIN or using biometric authentication. There is no "always allow" option—every data exchange requires conscious user approval.

Getting Started (When Available)

Prerequisites

To use Germany's EUDI wallet when it launches in early 2027, you will need:

• Valid Personalausweis (German ID card) or residence permit with eID function activated
• NFC-enabled smartphone (iOS or Android)
• 6-digit eID PIN (set when you received your ID card)
• Age 16 or older (minimum age for Personalausweis with eID function)

Expected Setup Process

Based on the AusweisApp and Smart-eID experience, the setup process will likely be:

1. Download the EUDI wallet app from App Store or Google Play
2. Open the app and select "Set up wallet"
3. Place your Personalausweis on the back of your smartphone (NFC area)
4. Enter your 6-digit eID PIN when prompted
5. The app reads your identity attributes from the ID card chip
6. Set up biometric authentication (fingerprint or Face ID)
7. Your digital credentials are securely transferred to the smartphone's secure element
8. Optionally enable encrypted cloud backup for credential recovery

Daily Use

After initial setup:

• Open the wallet app when you need to prove your identity
• Authenticate with biometric or PIN
• Review what data the service is requesting
• Approve or deny the request
• Service receives cryptographic proof of your identity attributes

Official Resources

For the latest information about Germany's EUDI wallet:

• AusweisApp Official Website (English) - Current eID system and future updates
• EUDI Wallet Technical Documentation - Architecture and specifications
• OpenCoDE GitLab Repository - Open source code and development progress
• BSI Technical Guidelines - Security standards and requirements
• Personalausweis Portal (German) - Information about German ID cards