The European Digital Identity Wallet (EUDI Wallet) is no longer just an innovative R&D question, or an initiative to get ahead of the competition, it’s now law. With the adoption of eIDAS 2.0, (legal text: Regulation 2024/1183), organizations across the EU must prepare to integrate wallet-based identity flows into their services. For some industries, this isn’t optional.
If your business already uses strong customer authentication, there’s a good chance you’ll be legally required to accept the EUDI Wallet by 2027. In this article we break down what the law states, what industries are required to comply, and what you can do to make sure you make the most of the opportunities EUDI brings to your industry.
So what does the law actually say? The obligations for public and private service providers to accept the EUDI wallet (making them relying parties) are defined in Article 5f of the regulation.
Public services must accept it
Any public service that requires users to identify themselves must accept the EUDI Wallet for that purpose. This sets the baseline: wallet acceptance is mandatory across all digital government services.
Original text
Where Member States require electronic identification and authentication to access an online service provided by a public sector body, they shall also accept European Digital Identity Wallets that are provided in accordance with this Regulation.
Article 5f, section 1
Some Private sectors must accept it
Whether private sectors need to support the EUDI wallet is based on if they are considered high-trust. In plain terms: if you're already obligated to use strong user authentication, you’ll need to accept the EUDI Wallet too.
Article 5f, section 2 makes EUDI Wallet support mandatory in regulated sectors if they already use strong authentication and are not small enterprises. That goes for a wide range of regulated industries.
- Finance & Banking, think of: opening a bank account, applying for a mortgage, digital KYC, loan applications.
- Telecom, think of: registering a new SIM card, subscribing to mobile/broadband plans, accessing secure customer portals
- Transport, think of: checking in with a Digital Travel Credential, identity verification at airports or for train travel.
- Healthcare, think of: accessing ePrescriptions, viewing electronic health records, booking medical appointments.
- Utilities, think of: signing up for electricity or water services, verifying identity for contract changes.
- Education, think of: applying to university, accessing digital diplomas, verifying qualifications for admissions.
- Digital infrastructure services, think of: logging in to cloud platforms, secure email providers, or domain registration services requiring ID.
The legislation names specific industries. These are not optional integrations for qualifying organizations. If you already verify user identity online in a high-trust sector, you will need to accept the EUDI Wallet as a valid method.
Original text
Where private relying parties that provide services, with the exception of microenterprises and small enterprises as defined in Article 2 of the Annex to Commission Recommendation 2003/361/EC (*4), are required by Union or national law to use strong user authentication for online identification or where strong user authentication for online identification is required by contractual obligation, including in the areas of transport, energy, banking, financial services, social security, health, drinking water, postal services, digital infrastructure, education or telecommunications, those private relying parties shall, no later than 36 months from the date of entry into force of the implementing acts referred to in Article 5a(23) and Article 5c(6) and only upon the voluntary request of the user, also accept European Digital Identity Wallets that are provided in accordance with this Regulation.
Article 5f, section 2
If you are required to accept European Digital Identity Wallets, the legislation is very clear that they need to be accepted in the same way as other means of identification (meaning you cannot make it more difficult to use the EUDI wallet than another type of identification measure you support) through Article 5f section 3.
Issuing vs. verifying
The legislation only focuses on accepting the EUDI wallet for identification, so in practice there are still a lot of question marks about to what extent the EUDI wallet will actually be used to its full potential. A big part of the envisioned benefit of verifiable credentials is that flows that require verification of any data could be automated entirely by crafting presentation requests that combine a multitude of statements (or proofs) about a natural person. However, being required to accept an eID from the EUDI wallet as identification does not mean parties are required to verify other types of credentials, for non-identification cases.
It also does not mean parties are required to issue credentials into the EUDI Wallet. Only public sector bodies (who manage "authentic sources" of data) and qualified trust service providers (QTSPs) (who once registered and certified, are legally bound to comply with issuance requirements), are expected by law to act as issuers based on their role and legal responsibilities
While public sector bodies and authentic sources are expected to provide credentials when relevant and feasible, the regulation does not force them to replace existing systems or to immediately switch from existing solutions. The EUDI system is an addition and alternative, not a mandatory replacement. Actual adoption outside of high-trust regulated sectors will depend on the willingness to issue, verify, and integrate the EUDI Wallet solution into broader flows than purely what is required by law.
Where to start
Are you working in a sector that will be required to adopt the EUDI Wallet? Or are you interested in the potential that is created from a system where so many parties will support the same digital identity infrastructure? Although the deadline for compliance is still a bit away, there is much that can be done already in terms of supporting the EUDI infrastructure as an issuer, verifier, or wallet solution.
Paradym can help you navigate this landscape. Our straightforward API's enable you to comply with the technical elements of eIDAS 2.0. We offer a cloud managed option, that enables you to start issuing to or verifying from the EUDI wallet immediately, as well as an on-premise solution where you have full control over the security and hosting of the platform. Schedule a call to discuss your industries requirements with our team.
Whether you're issuing diplomas, verifying financial identities, or onboarding telecom users, Paradym accelerates your path to compliance and control.
