EUDI Digital Identity Wallet

Explore the European Digital Identity ecosystem: Issuance, Presentation, and Signing.

What is eIDAS 2.0?

The European Digital Identity Regulation (, Regulation EU 2024/1183) entered into force in May 2024 and mandates that all 27 EU member states provide citizens and residents with at least one by late 2026. Unlike eIDAS 1.0 where national eID notification was voluntary, eIDAS 2.0 makes digital identity wallets mandatory — creating a pan-European trust framework for identity, attestations, and qualified electronic signatures.

eIDAS 1.0 (2014)
  • National eID notification voluntary
  • 5 qualified trust services
  • No wallet framework
  • Limited cross-border recognition
eIDAS 2.0 (2024)
  • EUDI Wallet mandatory for all states
  • Attribute attestations (EAA, QEAA)
  • Full cross-border mutual recognition
  • Private sector acceptance required
Key Deadlines
  • May 2024: Regulation entered into force
  • Dec 2024: Five implementing regulations adopted
  • Dec 2026: Wallets available
  • Late 2027: Private sector acceptance

Credential Formats: mdoc vs SD-JWT

The EUDI Architecture Reference Framework (ARF 2.0) supports two credential formats. Both enable , but serve different use cases.

mso_mdoc (ISO 18013-5)
  • Encoding: CBOR (binary)
  • Optimized for: Proximity — NFC, BLE (in-person verification)
  • Namespace: eu.europa.ec.eudi.pid.1
  • Used in this module: PID credential
vc+sd-jwt ( RFC 9901)
  • Encoding: JSON (text-based)
  • Optimized for: Remote — online services, APIs
  • Disclosure: Hash-based selective claims
  • Used in this module: Diploma attestation

Trust Framework

EUDI establishes a layered trust chain. can verify credential authenticity without contacting the issuer, using public trust infrastructure.

National Trusted ListsEach member state publishes a machine-readable list of Qualified Trust Service Providers (QTSPs).
Certified organizations that issue qualified attestations (QEAA) and provide qualified signatures ().
eIDAS Trust Framework (Bridge)Cross-border mechanism ensuring mutual recognition of wallets, PIDs, and attestations across all 27 member states.

Privacy by Design

The EUDI Wallet enforces strong privacy guarantees aligned with GDPR.

Selective Disclosure

Only requested attributes are revealed. All other claims remain cryptographically hidden from the verifier.

Unlinkability

Different presentations to different Relying Parties should not be correlatable. The ARF addresses this through batch-issued credentials and pseudonymous identifiers.

Data Minimization

GDPR Art. 5(1)(c) compliance. The wallet enforces sharing only the minimum data necessary for a specific purpose.

Post-Quantum Readiness

Current EUDI implementations use classical (P-256, P-384) for signatures and key binding. eIDAS 2.0 does not yet mandate post-quantum cryptography, but ENISA has identified wallet providers as high-impact entities for early PQC adoption. Future ARF versions are expected to require PQC-safe algorithms (, ) for long-lived credentials.

EU PQC Transition Roadmap (April 2024)
  • Dec 2026: National PQC transition roadmaps due
  • Dec 2030: High-risk use cases migrated
  • Dec 2035: Full transition to PQC

This simulation uses classical algorithms to match current ARF specifications. The PQC migration path for EUDI is an active area of ETSI and ENISA research.

Large-Scale Pilots

The EU funded four Large-Scale Pilots (LSPs) testing EUDI wallets across 26+ countries, followed by a second wave in 2025.

Wave 1 (2023–2025)
DC4EU
Education & Social Security
EWC
Travel & Org Identity
NOBID
Banking & Telecom
POTENTIAL
Government & Payments
Wave 2 (2025–2027)
APTITUDE
Travel Credentials & Banking
WE BUILD
Business Identity (NL/SE)

Related Resources

Compliance
NIST, BSI, ANSSI & Common Criteria requirements
Risk Assessment
Assess your organisation's quantum readiness
Migration Timeline
NIST milestones, country deadlines & standardization
Threat Dashboard
Industry-specific quantum risks & PQC replacements