Mandatory Acceptance: Mandatory Credential Acceptance

Definition

Phased Implementation Timeline

The mandatory acceptance obligations follow a phased timeline designed to allow organizations to prepare their technical infrastructure while creating early critical mass of acceptance points. The first phase targets public sector bodies, which must accept EUDI Wallet credentials for all online services requiring electronic identification by December 2026. This covers tax filing, social security access, healthcare portals, vehicle registration, building permits, and all other government digital services.

The second phase, effective December 2027, extends mandatory acceptance to several critical private sector categories. Very Large Online Platforms (VLOPs) as defined under the Digital Services Act -- platforms with more than 45 million monthly active users in the EU, including services like Google, Amazon, Meta, Apple, and Microsoft -- must accept EUDI Wallets for user authentication. This means citizens can use their EUDI Wallet to log in to these platforms instead of creating separate accounts with passwords.

Financial institutions subject to Anti-Money Laundering (AML) regulations must accept EUDI Wallet credentials for customer due diligence (Know Your Customer) by the same December 2027 deadline. This transforms the traditionally paper-heavy KYC process into a digital flow where a customer can present their identity credential directly from their wallet, reducing onboarding time from days to minutes.

Additional sectors including telecommunications (for SIM registration), healthcare (for patient identification), and transport (for driving license verification) have their own acceptance timelines defined in the regulation and its implementing acts. The European Commission retains the power to extend mandatory acceptance to additional sectors through delegated acts.

Technical Requirements for Accepting Organizations

Organizations subject to mandatory acceptance must implement the technical infrastructure to receive and verify EUDI Wallet credential presentations. This primarily means deploying OpenID4VP (OpenID for Verifiable Presentations) endpoints that can process credential presentations from any compliant EUDI Wallet, regardless of which Member State issued the wallet or credentials.

Accepting organizations must register as relying parties within the EUDI Wallet trust framework, specifying which credential types they require and which specific attributes within those credentials they need to access. The registration process ensures that organizations are authorized to request certain types of identity data and enforces the data minimization principle -- a retail store cannot request a full national ID credential when a simple age-over attestation suffices.

The technical implementation must support both online (remote) and, where applicable, proximity (in-person) presentation flows. Online services implement OpenID4VP for web-based credential requests, while physical locations may need NFC or QR code readers for ISO 18013-5 proximity presentations.

Interoperability is a key requirement: accepting organizations must be able to verify credentials from any EU Member State's EUDI Wallet. This means supporting both SD-JWT and mDoc credential formats, validating issuer trust chains against the common trust registry, and handling the Level of Assurance framework correctly.

Impact on the Digital Identity Market

Mandatory acceptance is the most transformative aspect of eIDAS 2.0 because it solves the classic chicken-and-egg problem of digital identity adoption. Previous digital identity schemes struggled because citizens had no incentive to adopt a wallet that few organizations accepted, and organizations had no incentive to integrate a wallet that few citizens used. By mandating acceptance in key sectors, eIDAS 2.0 ensures that EUDI Wallets will have immediate practical utility from day one.

For citizens, mandatory acceptance means a single digital identity wallet can replace dozens of separate login credentials, physical identity documents, and authentication apps. Logging into government services, banking, social media, and healthcare with the same wallet credential creates a smooth digital experience across all major services.

For organizations, while there is an initial compliance cost for implementing the technical infrastructure, mandatory acceptance also creates significant benefits. Digital identity verification through EUDI Wallets is more secure than password-based authentication, reduces fraud, simplifies KYC compliance, and can dramatically lower customer onboarding costs. Financial institutions estimate that digital KYC through EUDI Wallets could reduce identity verification costs by up to 80% compared to traditional paper-based processes.

The competitive effect is also significant. Once major platforms accept EUDI Wallets, smaller organizations are incentivized to follow voluntarily, as users increasingly expect the convenience and security of wallet-based authentication everywhere.

Cross-Border Implications

Mandatory acceptance extends across borders within the EU. A French citizen must be able to use their EUDI Wallet to access German government services, open a bank account in Spain, or verify their age on a Dutch platform. This cross-border dimension is what distinguishes the EUDI Wallet mandate from national digital identity schemes that operate only within their home country.

The mutual recognition framework ensures that credentials issued by any Member State at LoA High must be accepted by organizations in all other Member States. This creates a true single digital identity market covering approximately 450 million citizens, making the EUDI Wallet the largest mandatory digital identity system in the world.

Related Terms