Latest Articles Most Popular Articles
A woman presents her digital ID to demonstrate how it works and its functionality
#Business Transformation

A brIDge to eIDAS 2.0 compliance

Technical Innovation
6 Mins.

The European Union’s eIDAS 2.0 regulation mandates each member state must issue at least one digital identity wallet by the end of 2026, and relying parties requiring SCA must accept them by the end of 2027. Entities within affected sectors such as finance, banking, telecommunications, energy, healthcare, transport, and digital infrastructure have a lot to prepare for, and those hard deadlines are a lot closer than you think.

Table of contents

The backstory

As with most things these days, it’s about a deadline. Or, in this case, two deadlines.

First, the backstory: the European Union identified some areas that needed updating in its previous regulation to its member nations about digital IDs. The existing regulation dated from 2014. Clearly times, technologies, and threats have changed.1

That regulation, known as eIDAS, was debated over by the EU, and a newly updated regulation, eIDAS 2.0 – European Digital Identity Regulation (Regulation (EU) 2024/1183) – came into force in May 2024.2 

Its mission is clear: “Digital identification systems offered by governments in the EU before Regulation (EU) 2024/1183 (eIDAS 2.0) had several important shortcomings: they were not available to the whole population, they were often limited to online public services, and did not allow for seamless access cross-border.”3 eIDAS 2.0 provides the pathway to solving those issues with the European Digital Identity Wallet, or EUDIW, for the public and private sector. 

These wallets would be a secure and private means of seamless identification, allowing citizens to prove who they are no matter where they are in the EU, and giving them a place to “safely store, share, and sign important documents.”4 Among other use cases, enrollment in universities in other EU member states and opening bank accounts there would be made possible based on presentation of these wallets, without any need for physical documents.

All 27 member states of the EU are now required to make at least one digital identity wallet available to their citizens that will contain that citizen’s personal identification data (PID). The cutoff for that is the end of 2026.5 Further, relying parties in sectors identified as being important or critical by the EU – this includes organizations operating in banking, healthcare, education, and telecommunications – must accept these wallets by the end of 2027.6

A relying party, or verifier, is an entity that “relies” upon the information within the wallet to identify the user, to provide the service requested. In simple terms, any entity operating within a sector that requires strong customer authentication (SCA) under EU law will be required to accept such a wallet as proof of identification. Keep in mind that there will be at least 27 wallets, and there may well be more, as private entities might also decide to issue a certified EUDIW. That’s a lot of planning and implementation to get through before the deadline hits.

A person holds a smartphone showing a digital ID photo, with focus on the screen

The end of 2027 is closer than you think

This ecosystem has fascinating ramifications for all involved. The potential to get involved at various stages and levels is huge. But all this opportunity comes with a certain level of jeopardy. 

“Be clear what your role is,” stressed Thilo von Bredow, Business Development & Financial Lead, Digital Identities, at G+D. “Are you a relying party, accepting credentials issued by other trusted entities? Are you a credential issuer, planning to monetize verified data by issuing verified credentials (VCs)? Or are you a wallet issuer, and thus the primary interface for your customer’s digital interactions across industries? The strategic role you envision for your organization impacts everything.” 

Once you know your role, you can get on with preparing for this change. Relying parties have a lot to get ready for. Raquel de Horna, Product & Marketing Lead, Digital Identity, at G+D, is clear about the state of preparation across industries. “Banks and other industries that require SCA aren’t really aware of just how much work is involved in preparing for this. That doesn’t include maintenance in case they decide to do it themselves!” 

There is a certain degree of complacence, von Bredow agreed, though he did point to a reason: “The EU is assuming there will be interoperability between all these wallets, if they meet the guidelines laid down in the Architecture and Reference Framework (ARF). But our experience suggests this may not be the case.”

Both de Horna and von Bredow concurred on the scale and immediacy of the issue. A hard deadline – for a large entity, in the regulated industry space, probably with lots of customers and a sizeable IT setup – equals a real headache, with real costs and consequences in case of non-compliance.

A solution that acts as an orchestration layer [for acceptance of multiple wallets] would be really welcome.

Thilo von Bredow
Business Development & Financial Lead, Digital Identities, at G+D

Questions for relying parties

As ever, complexity is the real bugbear. Among other issues, we can expect:

  1. Proliferation of wallets

    The regulation mandates that each member state issue at least one wallet, but there is no upper limit. Already, private entities have explored rolling out their own certified identity wallets, foreseeing commercial opportunities if they can win adoption.

  2. A dynamic situation

    While the EU has mandated one regulation, the 27 member states are all sovereign, and make their own decisions based upon that regulation. Some member states will probably put a user’s PID into that state’s own government-managed wallet, while other member states may issue PIDs to any wallet that is compliant with the standards of the European Union Agency for Cybersecurity (ENISA). An organization can hope for the best case, but probably needs to plan for the worst case, which would be a lot of wallets.

  3. Infrastructure issues

    The relying party would have to build and maintain interfaces for each one of these wallets. This includes integrating and interacting with all the trust registries involved across the EU and managing and validating the necessary certificates.

At the end of the day, the user expects their credential to be verified and the service they are there for to be delivered. If a provider can’t deliver this, it just isn’t workable.

“Banks and other entities aren’t in the business of accepting and maintaining these interfaces and keeping up with all these registries,” noted von Bredow. “Removing complexity is key so they can focus on their core business.”

A man walks through a red hallway with large year numbers from 2024 to 2027 and white arrows

Success factors of a possible solution

Managing acceptance across multiple wallets is one of the key issues, both von Bredow and de Horna agreed. “A solution that acts as an orchestration layer [for acceptance of multiple wallets] would be really welcome,” said von Bredow.

To be successful, such a solution would ideally include the following:

  1. Be middleware, and be invisible to the user. The customers won’t realize that an intermediary service is supporting the onboarding, and the relying party would own the entirety of the user’s journey.

  2. Take care of all the interfaces for the many wallets that would typically be presented.

  3. Manage the interactions with the different trust registries, as well as the necessary certificates to allow the presentation of the PID of the user. 

  4. Be available as software as a service (SaaS). This would represent the easiest way to integrate the orchestration layer into the relying party’s existing offering, and offer instant adaptation and updates to the wallet’s ecosystem. Web elements and software development kits (SDKs) would be part of the solution.

Finally, it would be scalable. As de Horna pointed out, EU member states have to issue these wallets, and relying parties have to accept them. But citizens don’t have to adopt them (yet). Usage of these wallets will not be mandated for citizens in many member states. Enrollment might be cumbersome at the beginning, with a resultant lag in adoption. A solution that scales up as usage increases allows relying parties to save on up-front costs.

Banks and other industries that require strong customer authentication (SCA) aren’t really aware of just how much work is involved.

Raquel de Horna
Product & Marketing Lead, Digital Identity, at G+D

Clear benefits, including compliance

Compliance is the obvious benefit that such a solution would support. There are other advantages an organization would gain, however. The simplification of a mandatory process is a key operational win, saving costs and man-hours across the board. This also makes the user’s journey more efficient, as the provider can deliver the actual benefits the new EUDIW is designed for.

An interesting implication is cost-savings through shortened know-your-customer (KYC) measures, such as video identification. These measures currently eat up time, create friction, and are expensive. Regulated industry entities subject to anti-money-laundering (AML) requirements must allocate significant resources to KYC currently. If the EUDIWs function as planned, this may well change. 

This only works if the wallets have the best orchestration solutions ready to go. “In the best scenario, there will be less abandonment, and conversion rates will increase because creating an account would be quicker. Relying parties that have these solutions early will stand out from their peers. They’ll attract users. Call it the cool factor,” added de Horna.

The brIDge you need

Tracking down the solution and partner that best suits your needs is crucial. For relying parties, G+D’s brIDge solution meets all the requirements we noted above. It is an orchestration layer available as middleware that is invisible to the user. It is SaaS, and is easily and quickly integrated into an organization’s existing offering. It provides interoperability out-of-the-box with all available certified EUDIWs (and the equivalent ID wallet in Switzerland, known as SWIYU), acting as a registered intermediary service managing the relying party’s necessary registration certificates, enabling successful interaction with the user wallet. And, it is eIDAS 2.0–compliant. 

G+D is an innovation leader and is well known for providing human-centric security technology. We are ideally positioned at the intersection of payment technology, digital security, and identities. Compliance within a hard deadline can be onerously complex. The right partner can help you navigate that complexity.

Key takeaways

  • Know your role: are you a relying party, credential issuer, or a wallet issuer?
  • Do not underestimate the complexity of what is expected of you. Implementation is the beginning; maintenance is required as well, including keeping things up to date.
  • Act now: the deadlines are fast approaching.

  1. About the Initiative, European Commission, https://shorturl.at/HwsUs

  2. eIDAS 2.0: Updates, Compliance, European Union, https://www.european-digital-identity-regulation.com/

  3. ibid

  4. About the Initiative, European Commission, https://shorturl.at/HwsUs

  5. eIDAS 2.0: Updates, Compliance, European Union, https://www.european-digital-identity-regulation.com/

  6. eIDAS and EUDI Wallets, BMI (Germany’s Federal Ministry of the Interior), https://bmi.usercontent.opencode.de/eudi-wallet/eidas2/en/eidas2/

Published: 25/11/2025

Explore our products & solutions
 

Explore similar topics

#Finance #Healthcare #Central Banks #Commercial Banks #Digitalization

Share this article

Read similar articles
Subscribe to our newsletter

Don’t miss out on the latest articles in G+D SPOTLIGHT: by subscribing to our newsletter, you’ll be kept up to date on latest trends, ideas, and technical innovations – straight to your inbox every month.

Please supply your details: