20/10/2025

The EU is transforming how digital identity is managed across Member States, with the concept of a Digital Identity Wallet progressing from abstract policy to imminent rollout. Central to this evolution is the revised eIDAS2 Regulation, which came into force on 20 May 2024, building on the original eIDAS framework that legislated for electronic identification and trust services across the EU.

The cornerstone of eIDAS2 is the European Digital Identity Wallet (the “Identity Wallet”) – a secure mobile app that allows EU citizens and businesses to store, manage and share digital credentials such as ID documents, professional certificates and business licenses.  By the end of 2026, the Identity Wallet must be available to all EU citizens, residents, and organisations. By December 2027, certain regulated industries, including banks, credit institutions, e-money institutions, payment service providers, will be required to accept them as a way for citizens to verify identity and other credentials.

With the upcoming role of the Identity Wallet in everyday life in mind, we are looking are the framework that supports it and what organisations will have to do to support its introduction.   

What is eIDAS?

The eIDAS Regulation’ (EU No 910/2014) (Electronic Identification, Authentication and Trust Services) came into force in 2016, establishing a regulatory framework to facilitate electronic interactions between businesses, citizens, and public authorities through electronic identification, authentication, and trust services.  A European Commission review in 2020-2021 identified various shortcomings with eIDAS, such as an over-focus on public authorities rather than a holistic digital identity and poor interoperability between Member States, which hindered cross-border recognition, as well as difficulties with remote identity proofing.  This led to limited adoption of national electronic identity solutions, which were the key goal of the framework.

To improve adoption of the framework, the Commission updated eIDAS to provide an EU-wide framework for attribute-based electronic identity solutions.  The main purpose of the eIDAS2 Regulation (EU 2024/1183) is to introduce a voluntary digital identity wallet, which Member States are obliged to offer to their citizens.

What is the Digital Identity Wallet?

By December 2026, all Member States must offer their citizens a secure digital wallet to store and manage credentials like ID cards, diplomas, and health records and trust services, such as e-signatures and certificates, simplifying access to online services, secure transactions, and cross-border operations. While public sector adoption of the Identity Wallet is mandatory, the Identity Wallet’s influence extends to private services as well.

Citizens using the Identity Wallet will be able to prove, across the EU, their identity where necessary to access services online, to share digital documents, or simply to prove a specific personal attribute, such as age, without revealing their full identity or other personal details. Practical uses of the Identity Wallet will include both online and offline identification across the EU when opening bank accounts, receiving medical prescriptions, and verifying academic qualifications.

The Identity Wallet also supports the issuance and validation of Electronic Attestations of Attributes (“EAAs”), which confirm the accuracy of a specific attribute. EAAs are issued by authorised providers and can be added, stored and presented within the Identity Wallet. There are three types of EAA:

  1. Qualified Electronic Attestation of Attributes (QEAA) – A trusted digital document issued by an organisation (e.g. university diploma) that confirms specific attributes about a person, issued solely by or on behalf of Qualified Trust Service Providers (QTSPs) offering the highest level of legal assurance. These attestations are verified against authoritative sources like government databases and are used alongside key Personal Identity Data in the Identity Wallet.
  2. Public Body Authentic Source Electronic Attestation of Attributes (Pub-EAA) – A digital document issued by or on behalf of a public authority, where data originates from official registries or government database (e.g. a residency permit).
  3. Non-Qualified Electronic Attestation of Attributes (EAA) – A less sensitive digital document, such as a gym membership card or train ticket, used to confirm certain attributes. It should be noted however that an EAA will not be denied legal effect because it does not meet the requirements for QEAAs.

Under eIDAS2, public bodies that issue EAAs that derive from ‘authentic sources within the public sector’ are obliged to make those EAAs verifiable at the request of an Identity Wallet user, irrespective of the Member State where the Identity Wallet is provided. This will allow Identity Wallet users to present trusted credentials directly from their Identity Wallet to relying parties without the need for repeated manual verification processes across Member States.

Who needs to accept the Identity Wallet?

While the Identity Wallet must be offered to citizens by all Member States, the use of the Identity Wallet is completely voluntary. As a result, public and private bodies must accept the use of the Identity Wallet where they need to verify the identity of an individual, but they cannot refuse service to individuals who choose not to use the Identity Wallet.  Therefore, alternative identification measures will have to be available in parallel for individuals who choose not to use the Identity Wallet.

For certain industries, there will be a mandatory requirement to accept an Identity Wallet as an authentication method in cases where Strong Customer Authentication (“SCA”) is legally required. This applies to certain private sector providers operating under EU or national regulations, such as those falling within the scope of the Payment Services Directive (“PSD”) or other applicable national laws.  Recital 56 to eIDAS2 gives examples of the services provided by the private sector that might be included to include “…transport, energy, banking and financial services, social security, health, drinking water, postal services, digital infrastructure, telecommunications or education….”.

While these businesses may continue using their own or existing authentication solutions, they must also support the alternative of Identity Wallet-based authentication unless they qualify as a ‘micro’ or ‘small’ enterprise under the EU definition. This obligation only applies to scenarios involving SCA – verification processes or transactions that do not involve SCA are not affected.

Timelines for Identity Wallet rollout
December 2026All EU Member States must provide at least one Identity Wallet to their citizens.
Public authorities / public services must accept Identity Wallets when identity/authentication is required upon user request.
December 2027Financial / AMLregulated entities (and other relying parties required to use Strong User Authentication) must accept Identity Wallets upon user request.
Very Large Online Platforms (as defined by the Digital Services Act) must accept Identity Wallets for user authentication, ensuring data minimisation.

Registration for relying parties

Where a public or private body intends to rely on data received from an individual’s Identity Wallet, that “relying party” must register as such in the Member State in which it is established before it is permitted to rely on Identity Wallet credentials, providing information on the types of data they will request in order to provide the services, as well as the reasons for that request. Where the registration is successful, the body will be granted a “Wallet Relying Party Access Certificate”.

The registration requirement introduces several challenges as each Member State must maintain its own register, meaning the Identity Wallet will have to interact with 27 different registers.  It remains to be seen whether the cost and added administration of applying for a relying party access request will hinder registration.

From vision towards reality

The rollout of the Identity Wallet marks a significant shift in digital identity management and access to trusted services across the EU.  Ireland recently completed a successful pilot of its national Identity Wallet with over 500 civil servants, and government departments are now working to update laws so that digital credentials will have full legal status nationally. A public Beta testing programme is planned.  On 17 September 2025, the Government’s Legislation Programme for Autumn 2025 was published, which states that the Heads of Bill are currently being drafted to make the necessary legislative changes to provide for the Identity Wallet.

For Irish businesses, this harmonisation around digital identity presents a strategic opportunity to simplify compliance, reduce operational costs, and streamline user onboarding across EU markets. However, the framework’s success hinges on the effective deployment of national Identity Wallets and consistent adherence to shared technical and legal standards across Member States.  Companies will have to get ready to accept digital identities from across the EU, while implementing robust safeguards against identity fraud and data misuse. Early adoption and compliance will be critical for organisations aiming to stay competitive in an increasingly digital European economy and enables businesses to future-proof operations.

If you require assistance with any aspect of preparing your organisation for the roll out of the EU Digital Identity Wallet, please contact a member of our team. You can also view the Technology and Innovation section of our website for further information.

The material contained in this article is for general information purposes only and does not constitute legal or other professional advice.

The authors would like to thank Patrick McWalter for his contribution to this article.