EUDI Wallet: European Digital Identity Wallet

A mobile app that allows EU citizens to store and share verified digital identity credentials across all 27 member states. Required by eIDAS 2.0 regulation, every EU country must provide at least one EUDI Wallet by December 2026.

The EUDI Wallet is not a single monolithic application but a carefully designed system of interacting components defined in the Architecture Reference Framework (ARF). Understanding these components is essential for grasping how the wallet operates securely.

Wallet Secure Cryptographic Device (WSCD): This is the tamper-resistant hardware or software environment where private cryptographic keys are generated and stored. The WSCD ensures that keys never leave the secure environment and that all signing operations happen within it. On modern smartphones, this typically maps to the Secure Element (SE) or Trusted Execution Environment (TEE) built into the device's processor, such as Apple's Secure Enclave or Android's StrongBox.

Wallet Secure Cryptographic Application (WSCA): The WSCA is the software layer that interacts with the WSCD. It manages the cryptographic operations, handles secure communication between the wallet application and the secure hardware, and enforces access control policies. The WSCA ensures that even if the main wallet application were compromised, the cryptographic keys remain protected.

PID Provider: The Person Identification Data (PID) Provider is the authoritative entity, typically a government agency, that issues the foundational identity credential to the wallet. In each member state, the PID Provider verifies the citizen's identity using existing national identity systems and then issues a cryptographically signed PID credential containing core attributes like name, date of birth, and a unique identifier. This PID serves as the root of trust upon which all other credentials build.

Wallet Provider: The entity responsible for making the wallet application available, maintaining it, and ensuring it meets certification requirements. A Wallet Provider can be a government body, a private company acting under government mandate, or a combination. The Wallet Provider is responsible for keeping the app secure, updated, and compliant with evolving ARF specifications.

Many people already use digital identity solutions such as banking apps with identity verification, government login portals, or commercial identity wallets like Apple Wallet or Google Wallet. The EUDI Wallet differs from all of these in several fundamental ways.

Cross-border interoperability by law: Unlike national eID solutions that work only within one country, the EUDI Wallet must be accepted across all 27 EU member states plus EEA countries. A German EUDI Wallet must work smoothly with a French government service or a Spanish bank. This interoperability is not optional; it is legally mandated by eIDAS 2.0.

Government-backed trust: Commercial identity solutions rely on the reputation of a private company. The EUDI Wallet's credentials are issued by government PID Providers and carry the full legal weight of national identity documents. When a relying party verifies a credential from the EUDI Wallet, they can trust it to the same degree as a physical passport or national ID card.

Privacy by design: Unlike many commercial identity apps where the provider can see and track every transaction, the EUDI Wallet architecture is designed so that the wallet provider and credential issuers cannot monitor how, when, or where you use your credentials. This is a core requirement, not an afterthought.

User control over data: The citizen decides what to share and with whom. Through selective disclosure, users can prove specific attributes, for example that they are over 18 years old, without revealing their exact date of birth, address, or any other personal information.

The legal foundation for the EUDI Wallet is Article 5a of the revised eIDAS Regulation (EU) 2024/1183, commonly known as eIDAS 2.0. This article establishes several critical requirements.

Article 5a(1) states that each member state shall issue a European Digital Identity Wallet within 24 months of the entry into force of the implementing acts (effectively by late 2026). The wallet must be issued under a notified eID scheme at assurance level "high" and must enable the user to securely request, obtain, store, select, combine, and share data for identification and authentication purposes.

Article 5a(4) mandates that the wallet shall be issued free of charge to natural persons. Member states may charge legal persons (companies), but for individual citizens the wallet must always be freely available. This ensures that digital identity does not become a privilege reserved for those who can afford it.

Article 5a(5) requires that the wallet allows the user to be in full control of their data, including the ability to selectively share attributes and to request the deletion of data. The user must be able to easily understand what data is being requested, by whom, and for what purpose, before they consent to sharing it.

Importantly, Article 5a also establishes that the use of the wallet shall be voluntary for natural persons. No public or private service may deny access to someone who chooses not to use the wallet, and alternative means of identification must remain available.

The EUDI Wallet is designed to hold a wide range of digital credentials, far beyond simple identity data. These credentials fall into several categories.

Person Identification Data (PID): The foundational credential, containing your core identity attributes: family name, given name, date of birth, and a unique persistent identifier. This is the first credential loaded into the wallet and is required before other credentials can be issued.

Qualified Electronic Attestations of Attributes (QEAAs): These are high-assurance credentials issued by qualified trust service providers. Examples include mobile driving licences (mDL) compliant with ISO/IEC 18013-5, professional qualifications such as medical or legal licences, academic diplomas and educational certificates, and health insurance cards.

Non-qualified Electronic Attestations of Attributes (EAAs): These carry lower assurance but cover a broad range of use cases such as loyalty cards, gym memberships, library cards, proof of address, and employee badges.

Electronic signatures and seals: The wallet can also create Qualified Electronic Signatures (QES) that carry the same legal weight as a handwritten signature, enabling citizens to sign contracts, tax filings, and legal documents directly from their phone.

One of the most important design principles of the EUDI Wallet is its privacy architecture. The system is built to prevent tracking and profiling of citizens, even by the wallet provider or credential issuers themselves.

Issuer unlinkability: When you present a credential to a relying party, the credential issuer (for example, the government PID Provider) cannot learn that you used the credential, who you presented it to, or when the presentation happened. This prevents the government from building a profile of your online activities.

Relying party unlinkability: Two different relying parties should not be able to collude and determine that they interacted with the same wallet user, unless the user explicitly provides identifying information. This is achieved through techniques like batch issuance of credentials and the use of different presentation tokens for each transaction.

Local data storage: Credentials are stored on the user's device, not in a centralized cloud database. There is no central server that holds everyone's identity data and could become a target for hackers or surveillance. The wallet provider does not have access to the credentials stored in the wallet.

Selective disclosure: Using cryptographic techniques like SD-JWT (Selective Disclosure JSON Web Token), users can reveal only specific claims from a credential. A bar can verify that a customer is over 18 without seeing their full name, address, or exact date of birth.

Before any EUDI Wallet can be offered to citizens, it must undergo a rigorous certification process. This ensures that all wallets across the EU meet the same high security standards, regardless of which member state or entity provides them.

Common Criteria certification: The WSCD and WSCA components must be certified under the Common Criteria framework (ISO/IEC 15408) at an assurance level determined by implementing acts. This is the same certification standard used for passports, banking cards, and other high-security systems.

EUCC scheme: Under the EU Cybersecurity Act, the European Common Criteria-based cybersecurity certification scheme (EUCC) provides a harmonized certification framework. Wallet solutions must demonstrate compliance with this scheme, including vulnerability assessment and penetration testing.

Assurance level high: The eIDAS 2.0 regulation requires wallets to operate at assurance level "high," the strictest tier. This means strong identity proofing during onboarding, strong authentication mechanisms (biometrics, PIN, or both), secure cryptographic key management, and protection against sophisticated attack scenarios including device compromise.

Regular security updates: Wallet providers are required to maintain the security of the wallet over its entire lifecycle. This includes regular security audits, timely patching of vulnerabilities, and compliance with evolving certification requirements as the ARF is updated.

• •Germany: AusweisApp
• •France: France Identité
• •Belgium: MyGov.be