Regulation (EU) 2024/1183, known as eIDAS 2.0 (“electronic IDentification, Authentication, and Trust Services”) is the update to Regulation (EU) No 910/2014.

It entered into force on May 20, 2024, establishing a European Digital Identity Framework and making cross-border electronic identification a reality.

This article serves as your comprehensive guide to understanding the implications of this eIDAS Regulation revision and outlines the essential steps your company must take to be compliant.

What is eIDAS 2.0?

In June 2021, the European Commission unveiled a proposal to update the existing eIDAS Regulation (No 910/2014).

This proposed update, commonly referred to as eIDAS 2.0, stands as a response to the ever-evolving technological landscape and the dynamic needs of the EU digital market and seeks to improve the security and reliability of electronic identification and trust services.

To accomplish this, the main shift in the regulation is the creation of a unified European Digital Identity with a Digital Identity Wallet as a key component.

While we'll delve deeper into this concept shortly, it's essential to recognize that the new eIDAS regulation encompasses more than just the EU Digital Identity Wallet.

eIDAS 2.0 expands the regulation's scope to include more types of electronic trust services, including electronic registered delivery services, electronic certificates for authentication, and electronic seals for digital documents. This means it regulates new services like attestation of attributes and electronic ledgers, among others.

Moreover, eIDAS 2.0 places a strong emphasis on interoperability and security, which are areas to be improved within the current eIDAS regulation. It achieves this by offering technical standards and specifications to reduce fragmentation and by imposing new security requirements for cryptographic algorithms and key management while increasing the focus on data protection.

Understanding the European Digital Identity (EUDI) Wallet

The EUDI Wallet is a mobile application that the Member States will provide free of charge to their citizens, residents, and businesses to store and manage digital credentials and control their digital identity by deciding first-hand who can access their data.

Essentially, the EUDI Wallet offers a secure and standardized means for citizens to demonstrate their identity and personal information across the European Union and to authenticate when accessing different online services, including government services, e-commerce, and other internet platforms.

To put it in perspective, think of the EUDI Wallet as similar to the digital payment card wallets we already have on our smartphones, like Apple Pay, Google Pay, or Samsung Pay, but with a broader range of credentials, including national IDs, driver's licenses, academic diplomas, health records or employee cards.

Public and private authorities cryptographically sign these digital credentials, enabling automatic identity verification. This is a novel form of identification, and as an organization, you must prepare to embrace it.

It is important to note that the EUDI Wallet is not intended to replace the current digital and physical documents, as its usage is optional. Instead, it provides a portable and convenient digital version of these documents.

Moreover, beyond convenience, the goal of the EUDI Wallet is to boost digital trust and security while giving users full control over what data they share with third parties and the ability to monitor such sharing.

Who is impacted by eIDAS 2.0?

The eIDAS 2.0 regulation is set to significantly impact the European Union, with repercussions and opportunities extending to governments, businesses, and citizens alike.

The regulation stipulates that all Member States must introduce at least one European Digital Identity Wallet built on common technical standards aligned with the Architecture and Reference Framework (ARF) and follow compulsory certification to ensure the utmost levels of security and interoperability.

The Gataca Wallet adheres to the EUDI Wallet specifications and reference implementations to ensure compliance.

However, the reach of the European Digital Identity Wallet is not confined solely to the public sector. Private service providers required to use strong user authentication for online identification, including those in transportation, energy, banking and finance, social security, healthcare, telecommunications, and education, must accept European Digital Identity Wallets as an authentication method.

Additionally, very large online platforms (with more than 45 million users), which require user authentication for accessing their services, are also obligated to accept and facilitate the use of European Digital Identity Wallets.

It's essential to stress that for users, the use of the wallet is optional. However, the objective is to equip over 80% of the European population by 2030 with a digital wallet that will allow them to prove their identity and authenticate themselves when accessing online services.

In fact, the Europe Decentralized Identity Market is projected to experience substantial growth, with a forecasted CAGR of 77.8% during the period from 2022 to 2028.

When is eIDAS 2.0 mandatory?

eIDAS 2.0 entered into force on May 2024. We are currently waiting for the Implementing Acts' approval with the technical specifications for the EU Digital Identity Wallets, which may take 6 to 12 months.

Once approved, Member States will have to provide Digital Identity Wallets within 24 months after the adoption of the Implementing Acts, and impacted organizations will have to accept them as an authentication method in the following year.

However, we are already seeing different countries and organizations rolling out their EUDI Wallet implementations.

Why is eIDAS 2.0 an opportunity for organizations?

The introduction of eIDAS 2.0 and the EUDI Wallet presents a mix of challenges and opportunities for citizens, governments, and both public and private sector service providers.

For organizations, the initial challenges, such as investing in technology integration and navigating new regulations, are apparent. However, the anticipated benefits far outweigh these hurdles, which can be effectively addressed with solutions like Gataca’s.

The adoption of the EUDI Wallet offers several advantages that benefit both organizations and citizens:

• Increased Security: With EUDI Wallets, data is less susceptible to large-scale breaches by using biometrics, strong encryption, and distributed storage. This ensures data integrity and reduces the likelihood of identity theft.
• Enhanced User Experience: Managing multiple digital identities has become a considerable burden for users, who are often asked to create a digital identity for each service they want to access. With an ID Wallet, users have passwordless access to online services by simply scanning a QR code to share their credentials, reducing onboarding abandonment rates and increasing retention.

According to the Baymard Institute, in the eCommerce sector, 28% of users mentioned as the second most important reason for dropping out the fact that the site requests them to use a specific account.

• Cut Costs: One of the advantages is the potential for efficiency gains, achieved through reduced operational expenses related to customer identity verification processes, decreased expenditures on fraud prevention, and lowered storage costs for attributes and attestations.

According to the European Commission impact assessment study, the estimated savings from more efficient onboarding procedures for financial services in the EU would range between $860 million and $1.7 billion per year and the estimated savings from reduced fraud could range between €1.1 billion and €4.3 billion.

• Reduced Identity Fraud: Credentials are issued and cryptographically signed by trusted authorities, facilitating automatic identity verification. This ensures that only verified individuals access your organization's services, mitigating losses from fraud, errors, and fines linked to inaccurate customer identification and verification of transactions.
• Enhanced Privacy and Control: Individuals gain greater control over their personal information using an ID Wallet. They can choose what data to share and with whom, increasing data protection and reducing the risk of privacy breaches.
• Cross-border Interoperability: The EUDI Wallet is designed to work seamlessly across different industries and countries, not limited to the European Union.

The European Digital Identity Wallet and its benefits are currently being assessed through the Large Scale Pilots (LSPs) initiative. These pilot projects, led by the EU, feature the participation of over 250 early adopters from private and public organizations across nearly every Member State and aim to evaluate the EUDI Wallet in real-world scenarios like opening bank accounts, applying for university admissions, or requesting a SIM card.

To learn more about use cases, check out our blog on 35 use cases of decentralized identities.

How to prepare for eIDAS 2.0 Regulation: Step-by-Step Checklist

Preparing for eIDAS 2.0 and implementing authentication through digital identity wallets is a multifaceted process that requires a holistic approach to address data privacy, security, and user experience. To ensure a successful implementation and ongoing compliance, it's crucial to involve legal, IT, and product teams.

Here's a step-by-step checklist to guide you through this process:

Step 1: Understanding eIDAS 2.0 Requirements

Start by gaining a solid understanding of the eIDAS 2.0 regulation and its specific requirements for your organization. These key resources are a good starting point:

• Examine the 'EU Legislation in Progress' briefing and the Legislative Train Schedule for updates on legislative milestones and concise summaries.
• Take a deeper dive into the legal text.
• Familiarize with the technical specifications your chosen technology must comply with by reading the Architecture and Reference Framework (ARF).

Step 2: Building a Pilot

Conduct a pilot project to assess the feasibility and gather insights before implementing decentralized identity technology organization-wide to ensure compliance with eIDAS 2.0. Here's what you should do:

a. Assess Current Systems and Processes:

• Processes: Evaluate your organization's existing identity verification and authentication processes.
• Data: Identify which customer data you are collecting and their sources of trust (who issues/attests to the veracity of the information)
• Systems: identify which systems are used in customer onboarding, authentication and data storage processes.

b. Define Specific Use Cases:

• List several use cases and evaluate complexity, necessary stakeholders, generated impact, and capability to scale.
• Choose one that allows you to demonstrate the benefits and that can be expanded gradually to a larger customer base as you gain experience.
• Beyond identity verification and authentication processes, explore the possibility to issue credentials to your users
• Create user stories and journey maps to visualize how users interact with the ID Wallet in the selected use case.
• Estimate volumes for active users and issued credentials

c. Identify and Engage Stakeholders:

• Engage and get commitment from all impacted stakeholders, including internal teams, decision-makers, customers, national authorities, regulators, and partners.
• Do not underestimate the need to liaise with them, as their support is key to aligning with eIDAS 2.0 requirements.

d. Choose the Right Technology Partner:

• Select a decentralized identity technology solution that complies with the EUDI Wallet and eIDAS 2.0 standards and requirements.
• Consider factors like a strong track record and expertise in decentralized identity technology, deployment options (on-premise versus cloud strategies), industry expertise, implementation times, scalability, customization, user-friendliness, and support quality.

e. Plan and Design:

• Create a high level plan with prerequisites, architecture, technical specifications, and integration requirements.
• Set clear deadlines, milestones, and service levels for pilot users.

f. Execute the Pilot and Gather Results:

• Assess how the implementation of ID Wallets aligns with eIDAS 2.0 and gather user feedback.
• Refine user experience and address any issues before full-scale implementation.

Step 3: Incremental Scaling

A successful pilot serves as a foundation for incremental scaling. Here's what to do in this phase:

• Expand the use of decentralized identity technology to different and more complex use cases or to a larger user base as you gain confidence and as the organization's or regulatory needs evolve.
• Educate employees, especially the IT department, to ensure compliance and understanding of the new solution.
• Promote and educate your user base on using digital identity wallets for authentication and facilitate customer support if needed.
• Establish ongoing monitoring and auditing procedures to ensure continuous compliance with eIDAS 2.0.

This process can be time-intensive from start to finish, so now that eIDAS 2.0 has been adopted and you must be compliant in the next two years, we recommend to start a pilot to test and refine your systems before it takes full effect.

How can Gataca help?

Gataca stands ready to assist governments and organizations in achieving trusted digital identities that comply with eIDAS.

As a domain expert in decentralized digital identity, we've deployed our technology across governments, banks, universities, and different organizations with successful implementations of our solutions.

Moreover, both Gataca Studio and Gataca Wallet are aligned with eIDAS 2.0 and EUDI Wallet specifications, ensuring compliance with the regulation.

Speak to Gataca to explore how our solutions can cater to your organization's specific compliance needs, or get started with our solutions here.

The European Digital Identity (EUDI), a key component of the recently approved eIDAS 2.0 regulation, is a cross-border digital identity initiative set to transform identity verification online.

Using an ID wallet, known as the EUDI Wallet, the European Digital Identity will allow users to identify and prove facts about themselves online in a simple, private, and secure manner.

It will be available for all citizens, residents, and businesses in the European Union in 2026—although pilot initiatives by governments and organizations have already started.

As an organization, you may be impacted by this regulation, having to accept EUDI Wallets as a new authentication method. In this article, we’ll look into the EUDI Wallet, why it is needed, and how to prepare for it with Gataca.

What is the European Digital Identity (EUDI) Wallet?

The EUDI Wallet is a free mobile app that the Member States will make available to both individuals and businesses to store and share verifiable credentials, which are digital documents and attestations for identification.

Additionally, with the utmost security and respect for privacy, the EUDI wallet will enable you to control your data across the web, letting you decide what information to share, with whom, and when.

Therefore, the EUDI Wallet will make it easy for users in the European Union to prove their identity and share personal information online, whether for government services, online shopping, or other internet platforms.

Imagine it as the digital wallets you use for payments on your phone, such as Apple Pay or Google Pay, but going one step further, storing credentials like national IDs, passports, diplomas, health records, and more.

According to the regulation, each member state can decide whether to develop its own wallet, mandate a specific wallet provider, or create an open market for private wallet providers while certifying selected solutions.

Nonetheless, all EUDI Wallets will be standardized across the EU and accepted by all member states, opening up new possibilities for cross-border activities.

Are EUDI Wallets replacing existing ID documents and digital identity systems?

It is important to note that the EUDI Wallet won't replace the current physical documents, as its usage is optional. Instead, it provides a portable and convenient digital version of these documents that is equally valid.

Also, for now, the EU Digital Identity Wallet won't replace existing identity management systems; it will work alongside them.

Must your organizations accept ID Wallets for authentication?

The European Digital Identity Wallet isn't just for government services.

Private service providers in industries like transportation, energy, banking, finance, social security, healthcare, telecoms, and education that use strong user authentication, as well as large online platforms with over 45 million users, must also accept and facilitate the use of European Digital Identity Wallets.

However, even if the regulation doesn't impact your business, it is important to note that the goal is to have over 80% of Europeans equipped with a digital wallet by 2030, so you should prepare to embrace them.

And this is not just in the European Union. Initiatives worldwide are adopting ID Wallets and verifiable credentials, suggesting global adoption and interoperability in the short future.

Why do we need the EUDI Wallet?

Existing digital ID systems in the EU have notable shortcomings, such as being limited to certain online services and lacking cross-border recognition.

Moreover, as digital transactions and interactions grow, so does digital crime. As a result, digital services often require lengthy and complicated identity verification processes to protect against cyberattacks, which affects the user experience.

On top of this, when apps or websites prompt us to create new accounts or sign in through other platforms like Google, we don’t really know what happens to our data.

To address these challenges, ID Wallets, particularly Self-Sovereign Identity Wallets, prioritize security, privacy, and user experience while ensuring interoperability, which is why the European Union introduced the EUDI Wallet.

Benefits of the EUDI Wallet

The advantages of using EUDI Wallets can vary depending on your situation, but one thing is certain: adopting them benefits both your organization and your clients.

Benefits for organizations

• Increase Security: EUDI Wallets use biometrics, strong encryption, and distributed storage to minimize the risk of large-scale data breaches.
• Enhance User Experience: ID Wallets give users passwordless access to online services, eliminating friction during onboarding and lowering abandonment rates.
• Slash Costs: Save costs by reducing operational expenses related to customer identity verification processes, compliance, and data storage.
• Reduce Identity Fraud: Verifiable credentials use advanced cryptography so you can automatically verify their data authenticity and issuer organization.
• Lower Admin Burden: Ease operational processes by reducing paperwork and verification hurdles.

Benefits for individuals

• Simple Identity Verification: ID Wallets eliminate the need to repeatedly provide the same info and facilitate identification online with just one click, speeding up verification.
• Cross-border Interoperability: The EUDI Wallet is designed to work seamlessly across different industries and countries, not limited to the European Union.
• Privacy and Control: Using an ID wallet, users gain greater control over their personal information, choosing what data to share and with whom.
• Top-notch security: Personal information stays secure as EUDI Wallets use strong cryptographic security.

What can you do with the EUDI Wallet?

The EUDI Wallet allows you to access a wide range of services and transactions across the European Union, both online and offline.

This includes applying for public services, opening bank accounts, university applications, proving your identity, storing medical prescriptions, or securing transactions without carrying paper copies of ID documents or dealing with scanned copies.

Practical Example

Imagine applying for a master's degree. Normally, this process involves sending multiple documents and lots of back-and-forth communication if anything's missing. Plus, cross-border programs like ERASMUS face challenges due to different document formats and language barriers.

With the European Digital Identity, a student would simply respond to the university's verification request by selecting the required documents stored in their wallet, all in a standard format. For example, the student might select a national ID and an Academic Diploma issued by the government and their educational institution.

The university instantly verifies the information using the already verified, cryptographically signed Verifiable Credentials. And just like that, the student is onboarded and granted access to the student portal for their Master’s degree—all in seconds!

The state of digital identity in the EU

Before being fully introduced in Member States, the EU Digital Identity Wallet is currently being tested on four large-scale projects that began on April 2023 to test digital identity wallets in real-life situations and ensure successful adoption.

More than 250 private companies and public authorities from 25 Member States and Norway, Iceland, and Ukraine are participating.

At Gataca, we are involved in the DC4EU consortium, which focuses on using the EUDI Wallet for Identity, Social Security, and Education, and in the VECTOR consortium, to advance the EBSI/ESSIF Framework.

Technical challenges

In March 2024, the EU released version 1.3.0 of the EUDI Wallet Architecture and Reference Framework (ARF) to guide the development of an interoperable European Digital Identity (EUDI) Wallet solution. This ARF is a vital part of a continuous feedback loop within the large scale pilots program.

While we await the final version, here are some ongoing debates:

W3C vs ISO

Two dominant standards for digital credentials, ISO/IEC 18013-5 (mDL) and the W3C Verifiable Credentials Data Model, are being discussed.

The EU plans to support both for the EUDI Wallet. However, finding ways for these seemingly incompatible standards to coexist and interoperate is under debate.

SD-JWT

There's a debate about the best method for implementing selective disclosure for Verifiable Credentials. Selective Disclosure for JSON Web Tokens (SD-JWTs) is the method selected in the EUDI Wallet ARF as it offers advantages in terms of ease of implementation and standardized formats.

However, other mechanisms, such as Monoclaim Credentials, BBS+ signatures, selective disclosure predicates, and zk-SNARKs, may provide more specialized capabilities or stronger privacy guarantees in specific use cases.

CAs vs DIDs

Certification Authorities (CAs) and Decentralized Identifiers (DIDs) represent contrasting approaches to managing digital identities within a Public Key Infrastructure (PKI).

The current debate is whether DIDs should be built on distributed ledger technologies like blockchain and centralized PKIs, bringing an intermediary perspective to these approaches.

Preparing for EUDI Wallets

Setting up authentication with digital identity wallets takes time and effort, so now that eIDAS 2.0 has been approved and you must be compliant within the next two years, we recommend starting a pilot to test and refine your systems.

So, how do you start testing if the EUDI Wallet is not yet out?

Solutions like the Gataca Wallet are already available and aligned with the EUDI wallet standards and requirements. As soon as the final technical details are published, the Gataca Wallet will be compliant, so you can get started now.

Step 1: Understanding your organization's requirements

Start by gaining a solid understanding of the eIDAS 2.0 regulation and its specific requirements for your organization.

Step 2: Building a Pilot

Conduct a pilot project to assess the feasibility and gather insights before implementing decentralized identity technology using ID Wallets organization-wide:

a. Assess Current Systems and Processes:

Evaluate your organization's existing identity verification and authentication processes, which systems are used, and identify which customer data you are collecting and their sources of trust (who issues/attests to the veracity of the information).

b. Define Specific Use Cases:

List several use cases and evaluate complexity, necessary stakeholders, generated impact, and capability to scale. Choose one that allows you to demonstrate the benefits and that can be expanded gradually to a larger customer base as you gain experience and engage stakeholders.

c. Choose the Right Technology Partner:

Select a decentralized identity technology solution, such as Gataca that complies with the EUDI Wallet and eIDAS 2.0 standards and requirements.

Consider factors like a strong track record and expertise in decentralized identity technology, deployment options (on-premise versus cloud strategies), industry expertise, implementation times, scalability, customization, user-friendliness, and support quality.

d. Plan and Design:

Create a high-level plan with prerequisites, architecture, technical specifications, and integration requirements.

e. Execute the Pilot:

Gather user feedback, refine user experience, and address any issues before full-scale implementation.

Step 3: Incremental Scaling

Expand the use of decentralized identity technology to different and more complex use cases or to a larger user base as you gain confidence and as the organization's or regulatory needs evolve.

What’s next?

Gataca stands ready to assist governments and organizations in achieving trusted digital identities that comply with eIDAS.

As a domain expert in decentralized digital identity, we've deployed our technology across governments, banks, universities, and different organizations with successful implementations of our solutions.

Gataca Studio and Gataca Wallet align with eIDAS 2.0 and EUDI Wallet specifications to ensure compliance.

Speak to Gataca to explore how our solutions can cater to your organization's specific compliance needs, or get started with our solutions here.