Language:
Frau tippt auf Smartphone

The EUDI Wallet: Secure Digital Identification Across Europe

Published on 12/06/2024

Many people are already using smartphone wallets to store boarding passes, bank cards, or event tickets. Now, the EU is working on its own version of the digital wallet: the EUDI Wallet. What sets this wallet apart? What are the benefits of using it to prove your digital identity?

The EUDI Wallet – A digital wallet for your smartphone

Smartphones have become more than just communication tools – for many, they’re a central hub for organising everyday life. Smartphone wallets, used to store payment cards or tickets, are playing an increasingly important role. With the revised Regulation on Electronic Identification and Trust Services for electronic transactions in the internal market (eIDAS 2.0) , the EU has mandated that all Member States provide their citizens with their own digital wallet. The advantage of these wallets is that they will also allow users to store official documents, certificates and proofs of identity such as ID cards or driving licences. Using the European Digital Identity Wallet (EUDI Wallet), citizens will be able to identify themselves and authenticate across borders for both public and private online services. Moreover, they will be able to manage their digital identity in the form of credentials autonomously on their smartphones, rather than relying on large corporations to do so.

eID as the Core Identity of the EUDI Wallet 

At the heart of the EUDI wallet, sometimes referred to as EUid, is a core set of Person Identification Data (PID). These fundamental personal details form the wallet’s basic identity. In Germany, this PID is expected to be derived from the eID (electronic ID) – that is, the online ID function of the national ID card. The basic identity includes information such as first and last name, nationality, and date of birth.  

Reduced administrative burden through additional credentials  

In addition to basic identity information, users will also be able to store other personal attributes in the form of entitlements or qualifications. This will reduce time spent on form-filling and offer significant efficiency gains for public bodies, institutions and businesses. For example, in the EUDI, the attribute “driving license” is represented by the digital driving licence, while the attribute “university graduate” is evidenced by a university graduation certificate. This opens up a wide range of potential applications for the EUDI Wallet, including: 

  • Public administration services: Because the EUDI Wallet provides secure proof of identity, it can be used to access government services online – for example, to apply for ID documents, submit tax returns or access social security records.
  • Education sector: : Students can enrol at European universities using their digital identity, with qualifications, diplomas and certificates stored directly in the wallet.
  • Finance: Kunden und Kundinnen eröffnen ein Bankkonto oder beantragen einen Kredit per EUDI, ohne dafür immer wieder persönliche Daten eingeben zu müssen. Banken wiederum könnten digitale Identitäten sekundenschnell verifizieren.
  • Tavel: As well as holding their digital identity, users can store travel documents – such as visas – in the wallet. Hiring a car could also be handled directly via the wallet, as the digital driving licence can be saved and presented both digitally and physically.
  • Signing contracts: The EUDI can be used as proof of identity for contractual processes where identification is required , such as when registering SIM cards. It also enables legally binding digital signatures, as the wallet supports Qualified Electronic Signatures (QES) under the eIDAS Regulation, which are legally equivalent to handwritten signatures. By linking the QES to the electronic file, the document can no longer be altered after signing without detection. A certificate also confirms who signed the document.  

The EUDI and the Digital Single Market 

The legal basis for the EUDI Wallet is the 2024 revision of the eIDAS Regulation (eIDAS 2.0). It requires all EU Member States to introduce a digital wallet for citizens by 2026. This revision became necessary because too few EU countries had introduced their own certified eID under the original eIDAS Regulation. According to the eIDAS revision, by as early as 2030 at least 80 percent of EU citizens should be able to use the new sovereign digital identity. In addition, all users should be able to prove further attributes – such as educational qualifications or driving licences – to public or private sector services across Europe using the EUDI Wallet both online and offline.  

Giving people secure, transparent and user-friendly control over their identity data and attributes is expected to play a major role in strengthening trust in the European digital ecosystem. In turn, the EUDI Wallet will support the development of the European Digital Single Market, where trusted digital identities enable secure transactions and promote uptake of digital services. 

 

Integrating the EUDI Wallet into National Systems 

To ensure the EUDI Wallet can be used across borders, common standards and interoperability are essential. For this to happen, the identity systems of the individual Member States must mutually recognise each other. Germany is already well placed to do so: Person Identification Data (PID) here is based on the national eID system, which is already a secure means of online authentication. Under the original eIDAS Regulation, a voluntary notification mechanism laid the groundwork for mutual recognition. Germany’s online ID function meets the highest trust level defined under eIDAS – “high” – meaning it guarantees secure identification and authentication across all Member States. This guarantees secure identification and authentication in every Member State. 

Likewise, the digital driving license, digital certificates, and other documents stored in the wallet are expected to meet the requirements of trustworthy credentials. This will be made possible by a new type of trust service introduced under eIDAS 2.0: the Qualified Electronic Attestation of Attributes (QEAA). While authorities in EU countries already rely on each other, qualified trust service providers (qTSP) act as the issuing bodies for the QEAA and are listed on the respective national trusted lists, which in turn are part of a European Trusted List. 

 

Technical Aspects of the EUDI Wallet  

The technical specifications for making Wallet compatible with administrations and private providers across the EU are defined by the Architecture and Reference Framework (ARF). This document outlines infrastructure requirements of national wallets, published by a group of experts from the EU and its Member States. Based on the ARF, the Federal Ministry of the Interior and Community has already launched a comprehensive architecture and consultation process. The aim is to develop and test an overall concept for a German EUDI Wallet ecosystem according to eIDAS 2.0, including the development and evaluation of prototype wallets through an innovation competition. The government-run EUDI Wallet is expected to be launched in stages until 2027 and will be usable in its first iteration by the end of 2025. Initially, this will involve providing the core functionality that is intended to enable the identification of natural persons to third parties. To give citizens freedom of choice and promote innovation, the regulatory framework will also allow non-governmental providers to offer a wallet. 

A wide range of stakeholders took part in the consultation process, including representatives from business, academia, government and civil society. All participants were able to submit comments and contribute their perspectives through joint workshops. In early October 2024, a decision was made in favour of a solution for Person Identification Data (PID) that relies on a hardware security anchor in the cloud and on signed data. The state of development is presented at regular events and can be transparently viewed via the Open CoDE platform. Interested parties can also provide their feedback there, and this will be taken into account as the development process continues.

Data Sovereignty and Data Protection 

Strict data protection requirements apply to the use of the EUDI Wallet, as it is subject to the regulations of the General Data Protection Regulation (GDPR). As a component of eIDAS 2.0, it is also part of the European Cybersecurity Act. The certification required under eIDAS ensures that the EUDI Wallet complies with the highest security standards.  

The EUDI Wallet also represents a commitment to the digital sovereignty of citizens: personal credentials will be stored securely on the user’s mobile device. Individuals remain in full control of their data and decide for themselves which information to share – and with whom. The principle of data minimisation ensures that only the necessary data is disclosed in any given interaction.  

Bundesdruckerei’s Role in Europe’s Digital Identity Ecosystem

With the EUDI Wallet at its core, the digital identity ecosystem aims to uphold the highest standards of privacy and security. As a key technology provider to the German government, the Bundesdruckerei Group plays an active role in shaping and delivering this infrastructure at both national and European levels.

As a federal technology company, the Bundesdruckerei is working with cooperation partners on behalf of the Federal Ministry of the Interior and Community to develop the architecture for implementing the national wallet ecosystem. It also acts as a technical service provider to the Federal Ministry for Digital and Transport (BMDV) and the Federal Motor Transport Authority (KBA) for the prototype implementation of the digital driving licence, including its pilot as part of the EU Large Scale Pilot project.

The Bundesdruckerei also provides prototype PID issuer services. This backend system for issuing interoperable digital core identities can also be described as the heart of the wallet. It ensures that the most important data from the identification document is transferred into the wallet. In Germany's case, this is derived via the online identification function of the national ID card. In that way, identity data such as name, nationality, place of birth and registered address can be used cross-border via smartphone Currently, the PID issuer services are being piloted in a test operation.

To enable both issuers (institutions that provide credentials to the EUDI Wallet ecosystem) and service providers (institutions that verify credentials) to start testing the integration and use of the wallet, Bundesdruckerei is developing an EUDI Wallet test platform. This platform enables end-to-end testing of individual credentials and can, if required, be connected to dedicated test applications and customers’ existing specialist procedures.

Conclusion  

The EUDI Wallet represents a major step forward in the EU’s goal to provide all citizens with a trusted and secure digital identity. While it empowers users with control and convenience, the standardised processes for digital authentication will also benefit public and private service providers alike. To ensure a successful EU-wide rollout, interoperability and shared technical standards are essential. The foundations for a functioning digital identity ecosystem have been laid with eIDAS 2.0 – and the architectural and development process has already produced a first proposal for the technical implementation of the EUDI Wallet. 

You might also be interested in

man working with tablet server room
Article
Security by design: security from the very start

for user-friendly IT products which comply with data protection regulations. It is centred around secure guardrails which prevent unnecessary crisis management. This concept has already been successfully rolled out in practical applications.

man and women researching in a ab
Article
Why we need a European Health Data Space

A secure digital system to collect and process health data for the entire EU – that is precisely what the so-called European Health Data Space is to provide in the near future. Doctors and their patients could benefit, but so too could research. It we look to Finland, we can see the advantages of a common health data space and the conditions needed to make this space secure.

women with smartphone sick in bed
Article
Digital consulting room

Health apps are designed to help with migraines or depression, but how promising and safe is digital therapy? Important answers at a glance.

money cash register
Article
Fair play at the cash register

From January 2020, cash registers must be protected against manipulation. We will explain exactly what the applicable regulation requires, who is affected by it and which solutions are currently being discussed.