What is eIDAS 2.0? How device intelligence strengthens EUDI Wallet compliance

The deadline is closer than most businesses realize. By December 2026, every EU member state must make a certified European Digital Identity (EUDI) Wallet available to all its citizens and residents. 

eIDAS 2.0 — formally Regulation (EU) 2024/1183 — is the law behind EUDI Wallets, and it is the EU's most significant overhaul of digital identity legislation in a decade. This is an updated framework for how individuals and businesses prove who they are online across borders. 

For the technical teams across industries who are operating in the EU or serving European customers, the clock is now running to transform applications and services in order to ensure compliance with the new regulation. 

This guide covers what eIDAS 2.0 is, what the EUDI Wallet does, its technical implications, and how device intelligence can strengthen your EUDI Wallet implementation. 

What is eIDAS 2.0?

eIDAS stands for Electronic Identification, Authentication and Trust Services. The original eIDAS Regulation (No 910/2014) was adopted in 2014 and created the EU's first unified framework for electronic identification and trust services. It covered things like digital signatures, electronic seals, and timestamping. Its goal was to give individuals and businesses a secure, legally recognized way to interact digitally across EU member states.

eIDAS 2.0 is the revised and updated version of the original eIDAS 1.0 regulation. This updated regulation's core ambition is straightforward. 

By 2030, the EU aims for at least 80% of citizens to be using a digital identity solution. The goal is to reduce reliance on fragmented national ID systems, minimize personal data disclosure, and enable more seamless cross-border digital interactions. 

The EUDI Wallet: The core of eIDAS 2.0

The European Digital Identity (EUDI) Wallet is the centrepiece of eIDAS 2.0, and it will have the most direct impact on how businesses verify customers and conduct digital transactions.

What is the EUDI Wallet?

The EUDI Wallet is a certified wallet provided or recognized by a member state, and through which EU citizens and businesses can store, manage, and share verified digital credentials. Think of it as a digital counterpart to a physical wallet, except every document it contains is cryptographically verified, legally valid across the EU, and under the full control of the holder.

Citizens can store and present credentials in the EUDI Wallet, including:

• National identity documents
• Driving licenses
• Professional qualifications and certifications
• Educational diplomas
• Business licenses and authorizations
• And others, depending on the region

The EUDI Wallet is built on a privacy-by-design principle. Data is stored locally on the user's device, so there is less centralized data concentration and breach risk. A built-in privacy dashboard gives users complete transparency over what they've shared, with whom, and when.

Selective disclosure: Sharing only what's needed

One of the wallet's most consequential features is selective disclosure. Rather than sharing an entire identity document, a user can present only the specific attributes a service requires. Proving you're over 18 doesn't require revealing your date of birth. Proving your professional license doesn't require sharing your home address.

Under GDPR, this substantially reduces compliance exposure and risk aspects for businesses that adopt the EUDI Wallet for identity verification.

Credential types for EUDI Wallet architecture

There are several credential types that can be used within the EUDI Wallet ecosystem: 

1. PID (Person Identification Data).The core identity credential issued by a member state.
2. PuB-EAAs (Public Body Electronic Attestations of Attributes). Attributes issued by public authorities, such as residence or civil-status information.
3. EAAs (Electronic Attestations of Attributes). Digital credentials issued by a wide range of organizations.
4. QEAAs (Qualified Electronic Attestations of Attributes). Electronic attestations issued under the eIDAS trust framework by Qualified Trust Service Providers (QTSPs).

For engineers and identity teams implementing EUDI Wallets, the distinction between credential types is important because they play different roles within the architecture and trust framework.

Who does eIDAS 2.0 apply to?

EU Member States

Every member state must provide at least one EUDI Wallet solution to citizens and legal entities by the end of 2026. They must also accept wallets issued by other member states — a key interoperability requirement that underpins the single digital market vision.

Regulated private-sector organizations

This is where eIDAS 2.0 has the broadest business impact. Many sectors face mandatory EUDI Wallet acceptance requirements, which vary in timeline and depend on specific situations where digital identification or authentication is required, for example, strong customer authentication (SCA). The regulation may impact KYC and AML workflows as well by introducing a standardized, wallet-based identity mechanism that many regulated organizations will need to support. 

Qualified Trust Service Providers (QTSPs)

Organizations that issue qualified electronic signatures, seals, timestamps, or other trust services are subject to specific technical and operational requirements under eIDAS 2.0, including accepting wallet-based authentication for the issuance of qualified certificates.

Individual citizens

Wallet use remains entirely voluntary for individuals. The regulation explicitly requires that no one is discriminated against for choosing not to use a wallet. Businesses must continue to support alternative authentication and verification methods for users who prefer them.

Non-EU businesses

eIDAS 2.0 applies to any organization that participates in regulated trust services, relies on EUDI Wallets, or falling into a covered relying-party category, regardless of where it is headquartered. If you have EU customers and operate in a regulated sector, this regulation and acceptance-obligation deadlines may apply to you.

Technical impact of eIDAS 2.0: Focus areas for development and fraud teams

There are several areas where eIDAS 2.0 will be an important consideration and impact project work for development and engineering teams. Those teams will need to focus efforts in these areas to ensure compliance.

IDV, KYC, and customer onboarding

The EUDI Wallet will significantly impact customer onboarding and user experiences for credential verification. Today, identity verification for financial services typically requires document submission, manual review, and processing windows that can take hours or days. 

Wallet-based verification can be completed in seconds: a customer presents government-verified credentials, the relying party checks the cryptographic proof, and the interaction is complete.

For high-volume businesses in banking, insurance, or fintech, this is a fundamental re-engineering of the onboarding funnel. 

For more on how new account fraud intersects with identity verification, see our guide.

Strong customer authentication (SCA)

Under PSD2, SCA requirements have strengthened transaction security but also introduced friction: one-time codes, app confirmations, and additional verification steps that increase checkout abandonment. 

The EUDI Wallet may offer a clean path through this, with the ultimate goal and outcome a single, wallet-based authentication step that can satisfy SCA requirements while reducing friction for the end user.   

For a full breakdown of how payment authentication works alongside these regulations, see our guide.

The gap eIDAS 2.0 doesn't close: What happens after verification

eIDAS 2.0 is built around a "verify once, reuse often" model. A citizen verifies their identity, stores credentials in the EUDI Wallet, and reuses those credentials across services without repeating the full verification process. 

For users, that's a significantly better experience. For businesses, it introduces a risk that the regulation itself doesn't address.

A EUDI Wallet credential establishes that a presented identity was valid at the moment of issuance. It has no view of what happens to the account after that moment. 

That one credential can't tell you whether the same person from the first session is accessing the account on the 47th session. It can't detect when a verified account changes hands, is used by automation, or is accessed from an environment that has changed materially since onboarding.

While the credential check is a critical security step, it is just one moment in time.

For more on the gaps in identity verification flows and how to extend visibility further than a single document check, read our full report.

How device intelligence strengthens the credential layer

The identity check at onboarding is a moment in time. It has no bearing on what happens to the account months later. This is the structural gap that device intelligence fills. 

A persistent device identifier, applied at the moment of verification and maintained across subsequent sessions, creates continuity that the credential layer alone cannot provide. Trusted users returning on a recognized device move forward without friction. 

Sessions where the device environment has changed materially — for example, when a returning visitor shows a different hardware profile, new browser configuration, or unfamiliar network pattern — can be flagged for step-up controls proportionate to the actual risk they represent, rather than applied universally to all returning users.

Fingerprint provides exactly this layer. Our device intelligence platform produces stable visitor identifiers that persist for weeks and months, even through cookie clearing, incognito sessions, and browser updates. Adding Smart Signals can surface even richer context at the session level, before any application-layer check runs. Things like bot activity, VM or VPN use, location anomalies, and browser tampering all become visible before a user reaches an authentication or transaction flow.

For organizations building compliant verification checks for EUDI Wallets, device intelligence can augment the credential layer by handling the session layer. Together, they can provide an added layer of trust that holds up across the full account lifecycle, not just at the moment of onboarding.

How to prepare: A step-by-step framework for eIDAS 2.0 compliance 

Compliance with eIDAS 2.0 is a program of work. The following steps provide a practical framework to help development and engineering teams get organized and get started.

1. Audit your current identity workflows. Map your existing onboarding, KYC, and authentication processes against eIDAS 2.0 requirements. Identify where wallet-based verification would replace or supplement current flows, and where gaps exist between your current data collection practices and the selective-disclosure model the regulation requires.

2. Register as a relying party. Depending on the jurisdiction, businesses that wish to accept EUDI Wallet credentials may need to register with their national eIDAS 2.0 authority as a relying party. This is a prerequisite for wallet integration: Begin this process early, as national implementation timelines vary.

3. Evaluate your technical stack. Assess compatibility with ISO/IEC 18013-5 (the mDL standard used for wallet credentials), W3C Verifiable Credentials, and the EUDI Architecture Reference Framework. For many organizations, this could mean integrating through a platform that already handles these standards rather than building compliance infrastructure from scratch.

4. Shift your data collection model. eIDAS 2.0 is built around attribute-based, selective disclosure. If your current onboarding flow collects full identity documents by default, you will need to re-engineer it to request only the specific attributes each transaction requires. This is both a technical change and an operational one that touches your privacy policies and consent flows.

5. Choose a Qualified Trust Service Provider (QTSP). QTSPs are the accredited entities that issue qualified signatures, seals, and attestations under eIDAS 2.0. Unless you are becoming a QTSP yourself, partnering with one is the most efficient route to compliance for most organizations.

6. Add a device intelligence layer. The EUDI Wallet handles credential verification at onboarding. It does not handle session-level risk across the account lifecycle. Device intelligence signals can complement your existing fraud and verification controls, by expanding visibility from beyond the single moment of approval and extending to subsequent visits and sessions. This is what enables low-friction return experiences for legitimate users and targeted step-up controls for sessions where risk context has changed. See how device intelligence strengthens identity verification for a practical walkthrough.

7. Participate in pilot programmes. The European Commission and several member states have run large-scale pilots to test real-world EUDI Wallet implementation. Where available, participating in these programmes provides practical integration experience before mandatory deadlines — and positions your organization ahead of the compliance curve.

8. Train your teams. Take stock of your internal policies and employees. Legal, compliance, product, and customer service teams all need to understand the new identity model, what wallet-based authentication means for user interactions, and how the credential types map to your existing verification requirements.

9. Test and validate. Before mandatory acceptance dates, your wallet integration should be thoroughly tested across all customer-facing platforms and internal systems. Understanding cross-border interoperability — for example, ensuring that a wallet issued in Germany works correctly with servers in another member state — deserves particular attention.

Building stronger verification for the new eIDAS 2.0 standard 

eIDAS 2.0 represents the most significant overhaul of identity verification in a decade. For businesses in regulated sectors, the EUDI Wallet rollout is a pressing operational and compliance undertaking.

The organizations that will emerge from this transition in the strongest position are those who are already actively working on the transition. By auditing identity workflows, evaluating technical infrastructure, and building relationships with qualified trust service providers now, those organizations can ensure compliance and acceptance of EUDI Wallets by 2027.

Adding a device intelligence layer to identity infrastructure can be a forward-thinking way for businesses to strengthen verification. Device intelligence extends visibility beyond a single moment-in-time check, so you can ensure trust and security hold up across sessions, as eIDAS 2.0 becomes the new identity standard in the EU.