eIDAS 2.0 and the EU Digital Identity Wallet: What Merchants Need to Know

What is eIDAS 2.0?

The original eIDAS Regulation (EU 910/2014) established a framework for electronic identification and trust services across the European Union. While successful in enabling cross-border electronic identification, the original regulation had limitations: adoption was uneven across member states, only public services were required to accept eID, and the user experience varied dramatically between countries.

eIDAS 2.0 (formally the European Digital Identity Regulation) addresses these shortcomings through a fundamental evolution of the framework. Adopted by the European Parliament in February 2024 and entering into force in phases through 2027, eIDAS 2.0 creates a unified digital identity ecosystem that will transform how Europeans interact with online services.

Key Differences: eIDAS 1.0 vs eIDAS 2.0

The Regulatory Journey

Understanding the timeline helps merchants plan their adaptation:

February 2024: European Parliament adopts eIDAS 2.0 May 2024: Regulation enters into force December 2024: Implementing acts published (wallet integrity, PID/EAA, interoperability protocols) December 2026: Member states must offer EU Digital Identity Wallets 2027: Large online platforms must accept EUDIW 2028+: Progressive mandatory acceptance across sectors

The EU Digital Identity Wallet (EUDIW) Explained

The EU Digital Identity Wallet represents the centerpiece of eIDAS 2.0. Every EU citizen and resident will have the right to obtain a digital wallet that stores:

• Person Identification Data (PID): Core identity attributes
• Verifiable Credentials: Attestations from qualified providers
• User-controlled data: Documents and credentials the user chooses to add

Technical Architecture

The EUDIW follows a decentralized, privacy-preserving architecture:

// Conceptual EUDIW architecture
interface EUDigitalIdentityWallet {
  // Core identity - issued by member state
  personIdentificationData: {
    givenName: string;
    familyName: string;
    dateOfBirth: Date;
    nationality: string;
    personalIdentifier: string;  // Unique, pseudonymous
  };

  // Verifiable credentials - issued by qualified providers
  credentials: VerifiableCredential[];

  // User control features
  consentManagement: {
    activeConsents: Consent[];
    revokedConsents: Consent[];
    consentHistory: ConsentEvent[];
  };

  // Privacy features
  selectiveDisclosure: {
    // User can share only specific attributes
    shareAttribute(credentialId: string, attributeName: string): Proof;
    // User can prove properties without revealing data
    proveProperty(predicate: string): ZeroKnowledgeProof;
  };
}

interface VerifiableCredential {
  id: string;
  type: CredentialType;
  issuer: QualifiedTrustServiceProvider;
  issuanceDate: Date;
  expirationDate?: Date;
  credentialSubject: Record<string, unknown>;
  proof: CryptographicProof;
}

Wallet Issuance

Each member state will offer at least one EUDIW, either:

• State-operated: Directly by government agencies
• Authorized private: By licensed providers meeting technical requirements

All wallets must meet the same technical standards, ensuring interoperability regardless of issuing state or provider.

User Experience

The EUDIW is designed for seamless, mobile-first interactions:

Typical verification flow:

1. Merchant website displays QR code or sends deep link
2. User opens EUDIW app (or it opens automatically)
3. Wallet shows exactly what data is requested
4. User reviews and approves (biometric authentication)
5. Verification result returned to merchant (sub-second)
6. User continues transaction

Key UX principles:

• No document uploads or photos required
• User always sees and approves what's shared
• Consistent experience across all merchants
• Works offline for credential storage (online for verification)

Timeline: When Will This Affect Your Business?

The eIDAS 2.0 rollout follows a phased approach:

Phase 1: Pilot and Early Adoption (2024-2025)

What's happening:

• Large-Scale Pilots (LSPs) testing real-world scenarios
• Technical specifications being finalized
• Early adopter businesses beginning integration

Merchant action items:

• Monitor pilot results and emerging patterns
• Begin evaluating current verification infrastructure
• Assess which credentials will be relevant to your business

Phase 2: Wallet Availability (November 2026)

What's happening:

• All member states must offer EUDIW to citizens
• Citizens begin downloading and activating wallets
• Initial verifiable credentials become available

Merchant action items:

• Complete integration with eIDAS 2.0-ready providers
• Update privacy policies and consent flows
• Train customer support on EUDIW verification

Phase 3: Mandatory Private Sector Acceptance (2027+)

What's happening:

• Large online platforms (Article 45) must accept EUDIW
• Financial services, telecom, healthcare follow
• Progressive expansion to additional sectors

Affected sectors and timelines:

*Note: Exact sector-specific timelines are subject to implementing acts under Regulation (EU) 2024/1183. The 2027 deadline for large platforms is based on 36 months from December 2024 implementing acts.

Merchant action items:

• Ensure full compliance with mandatory acceptance requirements
• Integrate verifiable credential verification
• Develop customer communication strategy

Phase 4: Ecosystem Maturity (2028+)

What's happening:

• Wide availability of verifiable credentials
• New use cases emerging from credential ecosystem
• Network effects driving adoption

Opportunities:

• Leverage credentials for new business models
• Reduce onboarding friction with pre-verified customers
• Participate in credential issuance (if qualified)

New Capabilities for Merchants

eIDAS 2.0 introduces capabilities that go far beyond basic identity verification:

Selective Disclosure

Users can share only specific attributes, not entire credentials:

// eIDAS 1.0: All-or-nothing sharing
interface LegacyIdentityVerification {
  // User must share full identity to prove age
  result: {
    fullName: string;       // Revealed unnecessarily
    dateOfBirth: Date;      // Revealed unnecessarily
    address: string;        // Revealed unnecessarily
    idNumber: string;       // Revealed unnecessarily
    ageOver18: boolean;     // What merchant actually needs
  };
}

// eIDAS 2.0: Selective disclosure
interface SelectiveDisclosureVerification {
  // User shares only what merchant needs
  request: {
    credentialType: 'PersonIdentificationData',
    requestedAttributes: ['ageOver18'],  // Only this
    requiredAssurance: 'high'
  };
  result: {
    ageOver18: true,  // Only this is shared
    proof: CryptographicProof  // Cryptographically verifiable
  };
}

Business impact: Dramatically reduced GDPR compliance burden. You receive only the data you need, minimizing storage and security requirements.

Verifiable Credentials

Beyond identity, EUDIW enables verification of credentials issued by qualified providers:

Available credential types:

Integration example:

// Verify customer has valid professional qualification
async function verifyProfessionalQualification(
  sessionId: string,
  qualificationType: string
): Promise<QualificationVerification> {
  const verification = await eudiw.requestCredential({
    sessionId,
    credentialType: 'ProfessionalQualification',
    qualificationFilter: {
      type: qualificationType,
      status: 'valid',
      jurisdiction: 'EU'
    },
    requestedAttributes: [
      'qualificationType',
      'issuingAuthority',
      'validFrom',
      'validUntil',
      'isValid'  // Boolean - selective disclosure
    ]
  });

  return verification;
}

Zero-Knowledge Proofs

The most privacy-preserving feature: prove properties without revealing underlying data:

// Prove user is over 18 without revealing birthdate
const ageProof = await eudiw.requestZKProof({
  predicate: 'dateOfBirth < (currentDate - 18 years)',
  credentialType: 'PersonIdentificationData',
  requiredAssurance: 'high'
});

// Result: cryptographic proof that predicate is true
// No birthdate revealed, mathematically verifiable

// Prove user is resident of EU without revealing country
const residencyProof = await eudiw.requestZKProof({
  predicate: 'countryOfResidence IN euMemberStates',
  credentialType: 'ResidenceCredential',
  requiredAssurance: 'substantial'
});

Business applications:

• Age verification with maximum privacy
• Residency verification for geo-restricted services
• Credit score thresholds without exact score
• Income requirements without exact figures

Qualified Electronic Signatures

EUDIW includes qualified electronic signature capability:

// User can sign documents with legal equivalence to handwritten signature
const signedContract = await eudiw.requestSignature({
  document: contractPdf,
  signatureType: 'QES',  // Qualified Electronic Signature
  signaturePosition: { page: 12, x: 100, y: 200 },
  timestampRequired: true
});

// Result is legally binding in all EU member states

What Changes for Current eIDAS Pro Users

If you're already using eIDAS Pro for verification, the transition to eIDAS 2.0 is straightforward:

Backwards Compatibility

eIDAS Pro maintains full backwards compatibility:

// Current integration continues to work
const verification = await eidasPro.verify({
  requestedAttributes: ['age_over_18'],
  // Works with both legacy eID and new EUDIW
});

// Result structure unchanged
const result = {
  verified: true,
  attributes: {
    age_over_18: true
  },
  assuranceLevel: 'high',
  // New field indicates credential source
  credentialSource: 'EUDIW'  // or 'legacy_eID'
};

New Features Opt-In

Access new eIDAS 2.0 features through extended API:

// Opt into selective disclosure
const verification = await eidasPro.verify({
  requestedAttributes: ['age_over_21'],
  useSelectiveDisclosure: true,  // New option
  preferEUDIW: true  // Prefer new wallet when available
});

// Access verifiable credentials
const credentials = await eidasPro.verifyCredential({
  credentialType: 'MobileDrivingLicense',
  requestedAttributes: ['categoryB', 'validUntil'],
  issuerTrust: 'qualified'  // Only qualified issuers
});

// Request zero-knowledge proofs
const proof = await eidasPro.requestZKProof({
  predicate: 'age >= 18',
  assuranceLevel: 'high'
});

Migration Path

Preparing Your Business for eIDAS 2.0

Technical Preparation Checklist

Infrastructure updates:

• Ensure TLS 1.3 support (required for EUDIW communication)
• Implement CORS policies for EUDIW browser interactions
• Add support for deep links (mobile EUDIW activation)
• Update webhook handlers for new event types

Integration updates:

• Upgrade to latest eIDAS Pro SDK
• Test selective disclosure flows
• Implement credential type handling
• Add support for ZK proof verification

Compliance updates:

• Review and update privacy policy
• Implement granular consent management
• Update data retention policies (less data = less retention)
• Document lawful basis for each attribute request

User Experience Preparation

Customer communication:

• Prepare FAQ about EUDIW verification
• Update help documentation
• Train support staff on new flows
• Create migration guides for returning customers

UX optimization:

• Test verification flows with EUDIW prototypes
• Optimize for mobile-first EUDIW experience
• Implement fallback for customers without EUDIW
• A/B test new vs. legacy verification presentation

Organizational Preparation

Legal and compliance:

• Review contracts with eIDAS service providers
• Assess GDPR impact of reduced data collection
• Update terms of service for credential-based verification
• Evaluate sector-specific mandatory acceptance requirements

Business strategy:

• Identify new use cases enabled by verifiable credentials
• Assess competitive advantage of early adoption
• Plan marketing around privacy-preserving verification
• Evaluate credential issuance opportunities

New Use Cases Enabled

eIDAS 2.0 unlocks verification scenarios impossible under the original framework:

Educational Credentials

Scenario: Online learning platform verifies student has prerequisite degree

// Verify bachelor's degree before enrolling in master's program
const degreeVerification = await eidasPro.verifyCredential({
  credentialType: 'EducationalCredential',
  filters: {
    credentialLevel: 'bachelor',
    fieldOfStudy: ['computer_science', 'information_technology'],
    graduationStatus: 'completed'
  },
  requestedAttributes: [
    'credentialLevel',
    'fieldOfStudy',
    'graduationDate',
    'isValid'
  ],
  issuerRequirements: {
    accreditationStatus: 'accredited'
  }
});

Professional Qualifications

Scenario: Healthcare platform verifies medical professional credentials

// Verify medical license before allowing telemedicine consultations
const licenseVerification = await eidasPro.verifyCredential({
  credentialType: 'ProfessionalQualification',
  filters: {
    profession: 'medical_doctor',
    specialization: request.requiredSpecialization,
    jurisdiction: 'EU'
  },
  requestedAttributes: [
    'profession',
    'specialization',
    'licensingAuthority',
    'validUntil',
    'practiceRestrictions',
    'isCurrentlyValid'
  ]
});

Employment and Income

Scenario: Property rental platform verifies tenant income

// Verify income exceeds 3x monthly rent (privacy-preserving)
const incomeVerification = await eidasPro.requestZKProof({
  predicate: `monthlyIncome >= ${monthlyRent * 3}`,
  credentialType: 'EmploymentCredential',
  maxAge: '30 days',  // Credential must be recent
  assuranceLevel: 'substantial'
});

// Landlord learns: income is sufficient (true/false)
// Landlord does NOT learn: exact income, employer, position

Power of Attorney

Scenario: Legal service verifies authorized representative

// Verify person has power of attorney for specific actions
const poaVerification = await eidasPro.verifyCredential({
  credentialType: 'PowerOfAttorney',
  filters: {
    principalId: expectedPrincipalId,
    authorizedActions: ['financial_transactions', 'contract_signing'],
    validAt: new Date()
  },
  requestedAttributes: [
    'authorizedActions',
    'limitations',
    'validFrom',
    'validUntil',
    'notaryAttestation'
  ]
});

Health Insurance

Scenario: Pharmacy verifies insurance coverage before dispensing

// Verify insurance covers prescribed medication
const insuranceVerification = await eidasPro.verifyCredential({
  credentialType: 'HealthInsuranceCredential',
  filters: {
    coverageType: 'prescription',
    status: 'active'
  },
  requestedAttributes: [
    'insuranceProvider',
    'membershipId',
    'coverageLevel',
    'copayPercentage',
    'isActive'
  ]
});

The Competitive Advantage of Early Adoption

Merchants who prepare for eIDAS 2.0 now gain significant advantages:

Customer Experience Leadership

Early EUDIW integration signals innovation and privacy respect:

• Frictionless verification attracts privacy-conscious customers
• Consistent experience across devices and channels
• Reduced abandonment from verification friction
• Trust signal from using government-backed infrastructure

Reduced Compliance Burden

Less data means less risk:

• Selective disclosure minimizes PII collection
• Zero-knowledge proofs eliminate sensitive data handling
• Simplified GDPR compliance with data minimization
• Reduced breach exposure and notification requirements

New Market Access

Credentials enable new business models:

• B2B services using professional credential verification
• Premium services gated by verified qualifications
• Age-restricted content with frictionless verification
• Cross-border services leveraging EU-wide recognition

Operational Efficiency

Streamlined verification reduces costs:

• No manual document review
• Instant verification (sub-second)
• Reduced fraud from cryptographic verification
• Lower support costs from consistent experience

Future-Proofing

Building on eIDAS 2.0 infrastructure provides stability:

• Regulatory compliance assured by design
• Scalable to new credential types as they emerge
• Protected from obsolescence of proprietary solutions
• Aligned with EU digital policy direction

Conclusion

eIDAS 2.0 and the EU Digital Identity Wallet represent the most significant evolution in European digital identity since the internet's commercialization. For merchants, this evolution brings both obligations and opportunities.

The obligations are clear: Certain sectors will be required to accept EUDIW for specific use cases. Compliance timelines are fixed and approaching.

The opportunities are transformative: Verifiable credentials, selective disclosure, and zero-knowledge proofs enable verification scenarios that were previously impossible or prohibitively expensive. Reduced data handling simplifies compliance. Superior user experience improves conversion.

Merchants already using eIDAS-based verification are well-positioned for this transition. The infrastructure, integration patterns, and user behaviors you're building today will translate directly to the eIDAS 2.0 ecosystem. The cryptographic foundations are compatible; the API evolution is incremental.

For merchants not yet using eIDAS verification, the window for early adopter advantage is closing. Starting now allows you to:

• Build expertise before mandatory compliance deadlines
• Establish customer familiarity with eID-based verification
• Position your brand as privacy-respecting and innovative
• Capture market share from competitors still using legacy methods

The EU Digital Identity Wallet will become the standard way Europeans verify their identity online. Merchants who embrace this shift will thrive; those who resist will find themselves competing with friction as their primary differentiator.

---

Ready to prepare for eIDAS 2.0? eIDAS Pro provides a seamless migration path from current eIDAS verification to full eIDAS 2.0 capabilities. Our team can help you understand the timeline and develop your preparation roadmap. Schedule a futures consultation →