The EU Digital Identity Wallet : Questions from around the world

The EU Digital Identity Wallet (EUDI Wallet) is transforming how individuals, businesses, and governments think about digital identity. During our recent webinar, “Navigating the Wallet Era: What Every Business Should Prepare For,” we were delighted by the number of insightful, practical, and forward-looking questions from companies across industries—and from over 60 countries.

While we couldn’t get to all of them live, we’ve compiled responses to some of the most common ones. From compliance and adoption to commercial models and AI-powered agents, here’s what’s on everyone’s mind.

Q: Is it just for EU citizens or does it include EU residents as well?

Many different aspects of the legislation are designated to be set up by the Member States (MS). It will be up to these national policies to determine whether to include issuance of identity and wallets to residents as well as citizens. This is similar to national eIDs, which some MS provide only to citizens, and others can do this also for residents.

Q: If an individual holds multiple citizenships, would this imply he holds multiple EUDI wallets that operate independently and aren't synchronised at the EU level?

For the near future this will be the case, because the current approach for wallet certification, which includes the PID issuing and user onboarding on a national level will not allow issuance of PID into the wallet of a different Member State.

Q: Norway is not in the EU. Is Norway also taking part in the EUDI wallet initiative?

eIDAS applies to all Member States (MS) in the European Union, including the European Economic Area (EEA). These are the three countries in EEA: Iceland, Liechtenstein and Norway. This will make the total number of wallet-issuing countries 30.

The timeline on mandatory issuing of a wallet for MS is set based on the date of entry into force of various Implementing Acts as described in Article 5a. This will be December 2026. EEA will get a year extra to comply.

Q: What about wallets for companies (legal persons) not just individuals?

Organisational wallets and identity are a part of eIDAS, but this area needs some more research and experience. This is being worked on in various Member States and Large-Scale Pilots (LSPs). EWC has a focus area on legal person identity (and organisational wallets) and it is the core topic of WE Build, an LSP that will start later this year and Signicat is a part of. The engagement of natural persons acting on behalf of an organisation being able to show the proper authorisations will be included in their work.

Similar to all EUDI Wallets, the Member States will be responsible for issuing (legal) PID into (organisational) wallets. It is expected that this will be done in close collaboration with the national business registers.

Q: Is there an order in which regulated industries need to accept this and if so, which ones? Or is it all regulated industries at once?

All regulated industries must accept the EUDI Wallet for strong customer authentication by December 2027. (Article 5.f)

Q: Will the EU wallet make the existing European eIDs redundant?

A person using an EUDI Wallet does not need to also use other eIDs. In that sense it’s redundant. However, usage of an EUDI Wallet will not be possible or desirable for all persons. Phasing out existing solutions for eIDs is not an easy task. Therefore, we expect that the existing eIDs will be around for a longer period of time, co-existing with the EUDI Wallets.

These are also different solutions. The identity in an EUDI Wallet is based on a specific type of attestation called PID (Person Identification Data). The issuance of PID can be done through existing eIDs, but each Member State will set up and certify their own processes for this. The procedures for notification of national eIDs remain as a different part of eIDAS.

Q: What practical eIDAS-compliant or Signicat-supported solutions are available to help financial institutions obtain missing data elements from most European IDs and eIDs (e.g. place of birth) to ensure compliance with AML regulations? Can this be done without having to request supplementary documents that disrupt the digital customer journey?

Signicat's Data verification service offers access to 240+ national and international data registers for KYC and AML checks via the Signicat platform. Any financial institution can automate looking up missing data elements such as place of birth, credit worthiness and PEP & sanction checks from these data sources without requesting supplementary documents from a customer. This dramatically reduces friction in the digital customer journey.

Additionally, Signicat helps wallet issuers, organisations and these data registry companies themselves issue these types of missing data into a user's digital wallet (including the EUDI wallet)

Signicat’s eID Hub currently also provides access to 36 European IDs which will be extended with EUDI wallets and other wallets for ensuring a seamless transition to wallet based future.

Q: How is this GDPR compliant with so much personal data being accessible?

The amended version of eIDAS (including the Implementing Acts) is fully aligned to GDPR. The accessibility of the data is limited to the user of the wallet and can only with their explicit consent be shared with Relying Parties (who need to be registered in a MS). The data is stored on the phone or on storage accessible through the wallet (this will be different for different wallet solutions and can be decentralized) and only accessible and decryptable by the user.

By allowing their users to use an EUDI Wallet, service providers can meet the GDPR requirements such as data minimization more easily because they can rely on high-assured confirmation of minimal claims and selective disclosure.

Q: If EUDI wallets are national, which law applies to liability on cross-border uses? Who will be liable in case on unauthorized usage of the wallets?

Liability is not directly addressed in the current legislation. eIDAS does however define levels of assurance (and the requirements for them), includes liability in the certification scheme of wallets and addresses liability for Trust Service Providers in case of non-compliance.

Q: An organisation which wishes to take advantage of EUDI wallets would need to register as a "Relying Party (RP)" in order to get an access certificate and be able to request attributes from EUDI wallets. Will this registration work as a global registration or a pan-EU one effective for all Member States? How can Signicat help RPs here?

The Implementing Regulation on the registration of wallet-relying-parties describes that there will be national registers in the Member States where the Relying Party (RP) must register and obtain an access certificate. Each Member State will have their own policy for this, which can include issuance of registration certificates. Only RPs with an access certificate are able to interact with EUDI Wallets.

If a RP works with an intermediary (such as Signicat) then Signicat will take over the registration responsibilities for that RP. This is described in section 3.11 of the ARF (note that the ARF is being updated regularly).

The current legislation does not address “peer-to-peer” interaction (wallet-to-wallet by natural persons). It is part of the “additional topics” in section 1.7 of the ARF.

Q: What will happen to private wallets such as Google Wallet? Will they also be included into EUDI Wallets?

 Member States are responsible for issuing and certifying EUDI Wallets on a national level. Each Member State will have their own approach for this. This can be issuance of their own developed wallet or designating a 3rd party (public or private) to do this on their behalf. Some Member States will have policies that allow for certification of any wallet meeting their requirements. This will allow any private-sector wallet to apply for certification as an EUDI Wallet. (Where it will then be certified as a specific national wallet.)

Q:To me, digital signing of information is one of the most valuable features. Think about being able to verify that a certain Youtube movie was actually created by a certain person or organization, or being able to send a mail that the receiver can actually be sure is yours. Or how about being able to use a telephone communication (to a bank, or a hospital) without all kinds of fragile checks. Is there any progress on these aspects of identity?

All data in the wallet is cryptographically signed and the transactions with the wallet also work with cryptographic signatures. This provides guaranteed and verifiable information on the contents (tamperproof) and the responsible source(s). All of this information can also be cryptographically linked to the identity (PID) of the user, the wallet or even the device of the wallet. 

Note that this is about signing of data and transactions. There’s also a trust services involving digital signatures, but that is about the signing of a document or file with the identity of the signer.

Q:As a central bank, we frequently deal with representatives of legal entities and individuals from across the entire EU who log in to our digital portal. Are there any developments in the wallets similar to eHerkenning, which currently only applies to Dutch legal entities, that would allow us to verify if the person logging in is authorized to use our portal on behalf of the legal entity?

This is at the core of what’s being worked on for organisational identity and wallets. These are part of eIDAS, but this area needs some more research and experience. This is being worked on in various Member States and Large Scale Pilots. EWC has a focus area on legal person identity (and organisational wallets) and it is the core topic of WE Build, an LSP that will start later this year. The eHerkenning suppliers will be collaborating in WE Build to work on approaches that can integrate eHerkenning with the EUDI Wallet.

Q:What will the EUDI wallet business model be for private sector?

The EUDI Wallet ecosystem will be heavily regulated. Some of the requirements protecting user’s privacy also limit the opportunities for commercial organisations to monetise transactions. For example: an issuer is not allowed to know where their issued attestations are being used, making it hard to ask the verifier for a direct payment when they request an attestation from that issuer.

This topic is being seriously discussed in many different settings. A great overview is provided by Signicat's Jon Ølnes' blog post on this “Elephant in the room”, which triggered a valuable discussion on LinkedIn. Several initiatives are being worked on to address various aspects, such as the possibility of a “billable event”, and the EUDI Wallet Consortium (EWC, one of the Large Scale Pilots) will provide a deliverable on the business model in June.

At this moment however, it is still impossible to answer these questions. The devil is in the details and many details are still unknown. The legislation around eIDAS puts the individual Member States in charge of many different policies around issuing and onboarding to wallets, certification of wallets, the registration of wallet relying parties and much more. The contents of these policies will heavily influence levels of adoption and ease of usage for both wallet-users and relying parties. We hope that this will also clarify how for example the interaction between EUDI Wallets and other (non-certified) wallets will be possible.

Without this information, it is very hard to make founded predictions.

Q:What is your view on having an AI Agent using your wallet to digital represent you?

The wallet is an excellent anchor for AI-agents or -assistants, because it provides a strong binding for a lot of information linked to you as a person. But with the current situation where EUDI Wallets are not fully specified yet, and wallet-based-AI-agents are a concept rather than existing tools, there’s still a lot of ground to cover. With the maturing of wallets we expect AI-agents will emerge that can interact with them.

Where to find more information

With such a large and complex set of regulations, extended with reference specifications and other information, it can be quite hard to find easy answers to any question. We’ve addressed some of the most asked topics, but for the full details, we’ll have to refer you to the regulation itself (eIDAS core regulation, the amendment from the EDI legal framework and all related Implementing Regulations). On more operational elements, the Architectural Reference Framework (ARF) is the main source of information (be aware that there are regular updates on this, and still many open discussion topics).

If you want to understand the basics, we have broken it down for you in our blog “10 fundamental things businesses need to know about the EUDI Wallet”

Final Thoughts

Whether you’re a bank, a fintech, or a government organisation, the EUDI Wallet isn’t just another IT project—it’s a strategic shift. And the global interest we saw during our webinar proves it: this is a transformation the world is watching closely. At Signicat, we’re proud to be part of shaping this future—helping companies adapt, integrate, and thrive in a wallet-based world.

About the author

Esther Makaay is the VP of Digital identity at Signicat, a thought leader in the EU Digital Identity Wallet space and the winner of IDnext's Lifetime Achievement Award for her contribution to the field of Digital Identity. She is also a member of the EU Wallet Consortium (EWC) and is actively involved in several EUDI Wallet Large Scale Pilots (LSPs). She is frequently found sharing her insights on the EU Wallet at various conferences.