eIDAS 2.0 Explained: Steps to Ensure Compliance

Regulation (EU) 2024/1183, known as eIDAS 2.0 (“electronic IDentification, Authentication, and Trust Services”) is the update to Regulation (EU) No 910/2014.

It entered into force on May 20, 2024, establishing a European Digital Identity Framework and making cross-border electronic identification a reality.

This article serves as your comprehensive guide to understanding the implications of this eIDAS Regulation revision and outlines the essential steps your company must take to be compliant.

What is eIDAS 2.0?

In June 2021, the European Commission unveiled a proposal to update the existing eIDAS Regulation (No 910/2014).

This proposed update, commonly referred to as eIDAS 2.0, stands as a response to the ever-evolving technological landscape and the dynamic needs of the EU digital market and seeks to improve the security and reliability of electronic identification and trust services.

To accomplish this, the main shift in the regulation is the creation of a unified European Digital Identity with a Digital Identity Wallet as a key component.

While we'll delve deeper into this concept shortly, it's essential to recognize that the new eIDAS regulation encompasses more than just the EU Digital Identity Wallet.

eIDAS 2.0 expands the regulation's scope to include more types of electronic trust services, including electronic registered delivery services, electronic certificates for authentication, and electronic seals for digital documents. This means it regulates new services like attestation of attributes and electronic ledgers, among others.

Moreover, eIDAS 2.0 places a strong emphasis on interoperability and security, which are areas to be improved within the current eIDAS regulation. It achieves this by offering technical standards and specifications to reduce fragmentation and by imposing new security requirements for cryptographic algorithms and key management while increasing the focus on data protection.

Understanding the European Digital Identity (EUDI) Wallet

The EUDI Wallet is a mobile application that the Member States will provide free of charge to their citizens, residents, and businesses to store and share digital credentials to verify their identity and personal information across the European Union.

For a full breakdown of how the EUDI Wallet works, see our dedicated guide.

Who is impacted by eIDAS 2.0?

The regulation stipulates that all Member States must introduce at least one European Digital Identity Wallet built on common technical standards aligned with the Architecture and Reference Framework (ARF).

The public sector will be the first to be impacted, as government bodies will be required to accept EU Digital Identity Wallets as soon as they are officially rolled out.

However, the reach of the European Digital Identity Wallet is not confined solely to the public sector. Private service providers required to use strong user authentication for online identification, including those in transportation, energy, banking and finance, social security, healthcare, telecommunications, and education, must accept European Digital Identity Wallets as an authentication method.

Additionally, very large online platforms (with more than 45 million users), which require user authentication for accessing their services, are also obligated to accept and facilitate the use of European Digital Identity Wallets.

It's essential to stress that for users, the use of the wallet is optional. However, the objective is to equip over 80% of the European population by 2030 with a digital wallet that will allow them to prove their identity and authenticate themselves when accessing online services.

In fact, the Europe Decentralized Identity Market is projected to experience substantial growth, with a forecasted CAGR of 77.8% during the period from 2022 to 2028.

When is eIDAS 2.0 mandatory?

Last reviewed: April 2026

eIDAS 2.0 entered into force on May 2024 and in late 2024 the initial core Implementing Acts were adopted.

Member States have to provide Digital Identity Wallets within 24 months after the adoption of the Implementing Acts, and impacted organizations will have to accept them as an authentication method in the following year.

This sets the deadline for the Member States and public sector acceptance in late 2026 and for the private sector-impacted organizations in late 2027.

What happens if your organisation doesn’t comply with eIDAS 2.0?

Organisations that delay compliance risk sanctions, non-compliant KYC/AML processes, and reduced legal certainty in digital transactions.

They may also face barriers to onboarding users and delivering cross-border services as wallet acceptance becomes mandatory in key sectors.

Beyond compliance, late adoption leads to higher integration costs, rushed system changes, and fragmented user experiences. It also increases exposure to fraud, disputes, and liability due to weaker trust frameworks.

Meanwhile, early adopters will benefit from faster onboarding, better UX, and stronger trust—leaving lagging organisations at a clear competitive disadvantage.

Why is eIDAS 2.0 an opportunity for organizations?

The introduction of eIDAS 2.0 offers several advantages for organizations:

• Reduce Fraud: Verifiable credentials use advanced cryptography so you can automatically verify data authenticity and issuer organization.
• Increase User Conversions: Reduce drop-off rates during onboarding with passwordless access and one-click compliant identity verification.
• Enhance Security: Reinforce protection with biometrics, strong encryption, and distributed storage to reduce the risk of data breaches.
• Cut costs: Reduce operational expenses related to customer identity verification processes, compliance, and data storage.

How to prepare for eIDAS 2.0 Regulation: Step-by-Step Checklist

Step 1: Understanding eIDAS 2.0 Requirements

Start by gaining a solid understanding of the eIDAS 2.0 regulation and its specific requirements for your organization.

Step 2: Building a Pilot

Conduct a pilot project to gather insights and refine the user experience before implementing digital identity wallets organization-wide. Here's what you should do:

a. Assess Current Systems and Processes:

• Processes: Evaluate your organization's existing identity verification and authentication processes.
• Data: Identify which customer data you are collecting and their sources of trust (who issues/attests to the veracity of the information)
• Systems: identify which systems are used in customer onboarding, authentication and data storage processes.

b. Define Specific Use Cases:

• List several use cases and evaluate complexity, necessary stakeholders, generated impact, and capability to scale.
• Choose one that allows you to demonstrate the benefits and that can be expanded gradually to a larger customer base as you gain experience.
• Beyond identity verification and authentication processes, explore the possibility to issue credentials to your users.
• Create user stories and journey maps to visualize how users interact with the ID Wallet in the selected use case.
• Estimate volumes for active users and issued credentials.

c. Choose the Right Technology Partner:

Select a digital identity technology solution, such as Gataca, that complies with the EUDI Wallet and eIDAS 2.0 standards and requirements.

Consider factors like deployment options (on-premise versus cloud strategies), industry expertise, implementation times, scalability, customization, user-friendliness, and support quality.

Step 3: Incremental Scaling

A successful pilot serves as a foundation for incremental scaling.

• Expand the use of wallets to different and more complex use cases or to a larger user base.
• Promote and educate your user base on using digital identity wallets for authentication and facilitate customer support if needed.
• Establish ongoing monitoring and auditing procedures to ensure continuous compliance with eIDAS 2.0.

How can Gataca help?

Our solutions are aligned with eIDAS 2.0 and EUDI Wallet specifications, ensuring compliance with the regulation.

Talk to us to explore how our solutions can cater to your organization's specific compliance needs.