Insights

The EU Digital Identity Framework: Key features, benefits and business implications

By 16 March 2026April 17th, 2026No Comments6 min read

Introduction

The EU has overhauled its digital identity regime with Regulation (EU) 2024/1183, which amends eIDAS to establish the EU Digital Identity Wallet (EUDIW) as the centrepiece of a new, interoperable ecosystem for trusted identification, authentication and qualified attestations across the Single Market. The Regulation entered into force in May 2024 and is being operationalised through an extensive suite of Implementing Acts, with 29 already published in the Official Journal. Member States are obliged to make an EUDIW available to citizens, residents and businesses that want one by Q2 2027, with mandatory acceptance by certain private services, including banking and financial services, for strong customer authentication (SCA)-relevant interactions from Q2 2028. Very large online platforms must also accept certified EUDIWs in relevant access and sign-in workflows, and wallets will be fully interoperable for use across the EU.

Under the framework, wallets are hosted on the user’s device, issued by public bodies or private entities recognised by a Member State, and certified by the relevant Member State. They are designed to store and manage personal identification data and user attributes, with legal equivalence given to digital and paper-based identity forms and clarified responsibilities and liabilities across ecosystem participants through the Implementing Acts. Users are afforded control over access to wallet data through a privacy dashboard, reinforcing a privacy-by-design approach to data sharing and consent. The Commission and stakeholders are aligning on a single set of open specifications through the Architecture and Reference Framework (ARF), supported by an open-source reference implementation, to ensure interoperability and consistency of wallet solutions across the Union.

Functionality

From a functional perspective, the EUDIW will support identification and authentication to access public and private services, payment authorisation and KYC, the storage and presentation of attestations of attributes such as diplomas or driving licences, and the execution of electronic signatures and seals, including for banking agreements. In the payments context, core use cases encompass customer onboarding and KYC using high-assurance attributes, SCA, qualified attestations for credit and mortgages, and qualified electronic signatures, with the obligation to accept wallets for SCA commencing three years after the adoption of the Implementing Acts. The definition of strong user authentication under the EUDI framework mirrors that in PSD2, signalling regulatory continuity for payment service providers while shifting credential presentation into the wallet environment.

Legal architecture

The legal architecture is being completed through targeted Implementing Acts addressing wallet certification, protocols and interfaces, breach reporting, registration of wallet relying parties (W‑RPs), personal identification data and electronic attestations of attributes, and verification of the identity and attributes of holders of qualified credentials. Liability is expressly addressed in the Regulation, with Member States liable for damage caused intentionally or negligently due to failures to comply with their obligations, and the ARF formalising a trust model with revocation mechanisms to manage risks such as account takeover. The Commission is providing a reference technical infrastructure and open-source libraries, tested in Large Scale Pilots, to promote standardisation and support Member States in scaling the framework.

For businesses, the framework offers benefits in assurance, efficiency and cross-border operability. Service providers will be able to rely on a harmonised, high-assurance identity mechanism accepted across the EU, reducing friction in onboarding and authentication while enabling selective disclosure of attributes aligned with data minimisation. Public and private sectors are expected to recognise the wallet for transactions requiring authentication, opening opportunities to streamline contract execution and remote service delivery with legally robust electronic signatures and seals. Open, interoperable specifications should reduce vendor lock-in and enable a competitive market of certified wallet solutions.

Impact

The business implications are particularly acute for payment service providers and other firms operating in regulated financial services. PSPs will, at a minimum, be required to interact with the EUDIW ecosystem by registering as wallet relying parties, sourcing registration and access certificates, deploying relying party instances to manage authenticated interactions, and revising operational workflows to accept EUDIW-based KYC, onboarding and SCA for payments. The dedicated Implementing Act on the registration of W‑RPs requires Member States to maintain national registers and designate registrars, with W‑RPs providing prescribed identification and service information at registration, receiving public key certificates to authenticate subsequent interactions, and operating via defined relying party instances that control access to authentication certificates. Sector bodies are aligning standards for acceptance of EUDIWs in SCA-relevant flows, with the European Payments Council invited to develop relevant scheme documentation by the end of Q1 2027 and engaging on interactions between the Regulation, its Implementing Acts, and technical specifications in the ARF.

Open questions remain as implementation advances. Interoperability with existing national eID schemes, the sustainable business model and fee structure for wallet acceptance, secure provisioning and management of wallets, and the scope of cooperation with technology providers across the ecosystem will need to be resolved at Member State and EU levels. Practicalities around attribute validation, including in face-to-face and offline contexts, user information and consent flows, cross-recognition of wallets and real-time revocation of compromised attributes are also in focus, alongside whether wallet providers should be treated as trust service providers for SCA with corresponding responsibilities and liabilities under the emerging payments regulatory framework.

Organisations should map where identity, attribute sharing, authentication and signing occur in their customer journeys, assess reliance on current identity providers, and plan for integration as W‑RPs, including certificate management, relying party instance deployment and updates to KYC and SCA processes within the Q2 2027 to Q2 2028 compliance horizon. Early engagement with national registration processes, technical specifications in the ARF, and sector standards will position firms to realise the benefits of higher assurance, reduced fraud exposure and smoother cross-border operations as the EU Digital Identity framework scales across the Single Market.

Contacts

Dr Qazi Jalisi

Dr Qazi Jalisi

Partner
Vedrana Kovacevic-Jalisi

Vedrana Kovacevic-Jalisi

Partner

Related

Solutions

Compliance
Regulatory compliance

Regulatory compliance

Regulatory change and strategy

Regulatory change and strategy

Related articles

Insights SM&CR reforms: What the government’s consultation response means for your firm

SM&CR reforms: What the government’s consultation response means for your firm

Bara Vaneckova
Bara Vaneckova29 April 2026
Consumer Duty Board reports Insights FCA review of Consumer Duty Board reports: progress and priorities for improvement

FCA review of Consumer Duty Board reports: progress and priorities for improvement

Bara Vaneckova
Bara Vaneckova20 April 2026
Insights PSD3 / PSR: The final compromise text

PSD3 / PSR: The final compromise text

Bara Vaneckova
Bara Vaneckova13 April 2026