Debugging the Future: What We Learned in Ireland's First Innovation Sandbox

The European Digital Identity landscape is moving quickly—eIDAS 2.0 has a hard deadline, ComReg is due to assume supervisory-body responsibilities, and financial institutions are preparing for new obligations around customer authentication and fraud prevention. For a company like Vidos building digital credential and privacy-preserving verification tools, those moving parts can either feel like headwinds or a rare chance to engage regulators before rules are set in stone.

From December 2024 to June 2025, Vidos joined the Central Bank of Ireland Innovation Sandbox, a six-month programme focused on combating financial crime. The experience offered a test-bed for our technology, but more importantly it provided a forum to collectively debug the future—stress-testing assumptions with the very people who will soon enforce parts of the regulation, in a safe space where both sides could explore uncharted territory.

Bottom line: This programme compressed 18 months of regulatory discovery into six, providing actionable guidance that financial institutions can use to prepare for mandatory digital identity acceptance while reducing fraud and compliance costs.

Below is our "insider" account of what happened, what we learned, and how the journey is already influencing the way we can help customers.

Why We Applied

We approached the application with measured expectations. As Ireland's first innovation sandbox focused on financial crime, there were no precedents to gauge whether this would deliver meaningful regulatory clarity or simply become another consultation exercise. Regulatory sandboxes elsewhere have drawn criticism for being more about optics than outcomes—would this be different? With eIDAS 2.0 deadlines approaching and genuine uncertainty about enforcement approaches, we decided the potential upside warranted the investment of time, even if the programme would deliver only modest insights.

• Regulation at the centre of demand  
  eIDAS 2.0 (otherwise known as the EU Digital Identity regulation) will compel every bank, insurer and payments firm servicing EU clients to accept government-issued digital IDs. We needed clarity on how these IDs, which come with selective-disclosure (sharing only necessary data, like "over 18" instead of full birth date) and zero-knowledge proofs, could satisfy AML/KYC and data-minimisation rules without adding friction.
• Combating identity-driven financial crime  
  Identity fraud costs financial institutions billions annually—the European Banking Authority estimates that onboarding fraud alone accounts for 15-20% of all financial crime losses. Strong, cryptographically-verifiable identity removes whole categories of onboarding fraud. The Sandbox theme matched our mission: stop fraud at the root rather than detect it downstream.
• Cross-regulatory alignment  
  Adjacent frameworks—DORA for operational resilience, GDPR for privacy, the proposed Digital Euro—will interact in unpredictable ways. Direct access to supervisors promised first-hand guidance we could not get from white-papers alone.

What the Programme Looked Like

Application & On-boarding  
A concise application, an interview and a signed T&C later, we were in. Regular questionnaires helped CBI tailor content to participant needs.

Workshops  
Five themed modules mixed expert briefings with peer discussion:

1. Participant profiles & financial-crime trends
2. Current regulatory themes (AML, outsourcing, DORA)  
3. Data-sharing and privacy
4. Payments strategy & anti-fraud initiatives
5. Anti-Money Laundering, Countering the Financing of Terrorism & Consumer Protection

For each workshop, our team prepared advanced reading; doing that "homework" meant that we went straight into nuance instead of covering basics in the live hour.

One-to-Ones & Deep Dives  
Monthly check-ins with our Sandbox manager created accountability: action items tracked, introductions brokered, blockers escalated. Highlights included:

Department of Environment, Climate & Communications
A dedicated session with the Department of Environment, Climate & Communications (DECC) provided an invaluable deep dive into article-level wallet requirements under eIDAS 2.0. The DECC team, who lead Ireland's implementation of the EU Digital Identity regulation, walked us through specific technical and compliance challenges facing digital identity providers and relying parties. This granular exploration helped clarify ambiguities in the regulatory text and offered practical interpretations of how key provisions would likely be enforced. Similarly, a focused session with the CBI team developing draft plans for the Digital Euro allowed us to understand both the opportunities and implications from the central bank's perspective, particularly around how digital identity verification intersects with new payment infrastructure requirements.

Banca d'Italia Connection
Through the CBI Innovation Hub's international network, we secured a valuable meeting with Banca d'Italia's legal expert from their Retail Payment Instruments and Services Unit who was on secondment at the ECB in the Oversight Division. This connection allowed us to explore the Italian perspective on eIDAS 2.0 implementation, verification requirements for financial institutions, and the evolution of wallet-based payments in the Italian ecosystem. This cross-border regulatory dialogue gave us insights into how different EU member states are approaching wallet verification and compliance oversight, highlighting both common frameworks and national variations that our verification services need to accommodate.

Product Demos
In February we demonstrated the Vidos Verifier suite to AML and payments supervision teams, fielding granular questions on cryptographic proofs, auditability and fallback paths when wallet flows fail. We also covered EUDI Wallet payment flows—showing how merchants can accept digital identity credentials for age verification, loyalty programmes, and secure customer authentication using the Vidos Gateway to orchestrate wallet-to-merchant interactions while maintaining privacy through selective disclosure.

Showcase  
The June finale brought policymakers, representatives from the FCA innovation team & Banca d'Italia's Milan hub, and many members of the local FSI ecosystem to CBI HQ. A booth and a short presentation to the ~130 participants offered visibility in the Irish payments ecosystem and led to some interesting follow-ups.

Key Success Factors from the CBI Innovation Program

1. Strategic regulatory dialogue unlocked insights unavailable through formal channels. Face-to-face discussions created space for nuanced interpretation of enforcement priorities that shaped our verification architecture.
2. Accelerated decision pathways streamlined our regulatory navigation. The innovation team's direct involvement eliminated traditional bureaucratic delays, allowing us to validate compliance approaches in days rather than quarters.
3. Ecosystem cross-pollination revealed unexpected market synergies. Collaboration with established financial institutions and emerging fintechs identified integration opportunities that now feature in our partner roadmap.
4. Enhanced market positioning strengthened our offering. Work during the programme translated directly into sharper product differentiation and more targeted enterprise solutions.
5. Collaborative innovation model generated mutual value. The sandbox created conditions where both oversight bodies and market participants could collaboratively address implementation challenges, producing practical frameworks that benefit the entire ecosystem.

Innovating in an Emerging Market

• Emerging Technology Data  
  Working in a nascent field presents unique challenges. While we have conformance tests and adhere to emerging standards, much of the synthetic data we'd like to test against—EUDI wallet interaction patterns, cross-border verification scenarios—doesn't exist yet. This reflects the broader challenge of innovating ahead of widespread adoption.
• Cross-industry engagement  
  The showcase brought together 130+ attendees spanning financial institutions, government departments, and international regulatory bodies. This diversity created opportunities to understand how different sectors approach digital identity verification, though it also highlighted the varying levels of maturity in eIDAS 2.0 preparation across industries.

Impact on Our Product & Roadmap

1. Selective-disclosure frameworks  
   Through connections made in the programme, including peer-to-peer insights from other participating teams, we gained clarity on data sharing, especially how binary attestations ("over 18", "balance > €1m") can satisfy existing risk models while maintaining audit trails and privacy protections.
2. Operational resilience frameworks  
   Working with the Bank's resilience specialists clarified how verification service providers can support financial institutions' DORA compliance. This included understanding incident reporting requirements, third-party risk assessments, and the operational testing frameworks that banks will need from their digital identity vendors.
3. Trust-Service nuance  
   Conversations with DECC clarified that qualified electronic-signature rules extend to wallet-to-merchant flows, influencing how the Vidos APIs handle signature algorithms and giving us a clear mental model for providing trust services in the future.
4. Industry demand validation  
   Conversations with payments specialists and financial crime experts confirmed a clear market shift: institutions are prioritising fraud prevention over detection. This validates the economic case for cryptographic identity verification—stopping fraudulent onboarding saves significantly more than catching it post-facto. The feedback also highlighted specific use cases where selective disclosure can reduce both compliance costs and customer friction.
5. Implementation roadmap clarity  
   The programme provided concrete guidance on how financial institutions can prepare for eIDAS 2.0 deadlines. We now better understand the technical integration points, compliance checkpoints, and operational workflows that banks and payment providers need. This insight shapes how we deliver the Vidos Universal Resolver, Verifier, Validator, and Authorizer services as modular building blocks that can be deployed incrementally rather than requiring full-scale system overhauls.

Tips & Lessons for Innovation Teams (Sandbox Participants or Otherwise)

One of the programme's greatest strengths was the collaborative spirit among all seven participating companies. Everyone was generous with introductions, insights, and time—fostering the kind of open ecosystem thinking that benefits the entire Irish payments landscape. In that spirit, here are some approaches that worked for us and could benefit any team navigating regulatory complexity:

• Read the legislations and research session topics before key meetings—use face time to test interpretations and explore edge cases, not to learn basic concepts.  
• Come with specific asks—concrete requests for introductions, data sources, or policy clarifications help relationship managers deliver real value.  
• Document outcomes rigorously—a living "decision log" shortened our internal debates and fed directly into product roadmap decisions.  
• Prioritise in-person engagement whenever possible; the ROI on travel far outweighed the cost, especially for nuanced regulatory discussions.
• Speak up constructively—the programme team welcomed feedback and handled requests efficiently, creating genuinely two-way dialogue.

Looking Ahead

Armed with clearer guidance and deeper expertise, Vidos is immediately:

• Extending verification APIs and developing regulatory frameworks for "relying parties" (verifiers) who need to meet EUDI compliance deadlines with minimal effort.  
• Scoping pilot projects with two organisations met during the programme, targeting Q4 2025 launches.

The Sandbox compressed what could have been 18 months of regulatory discovery into six. More importantly, it grounded our product decisions in the realities of enforcement rather than speculation.

Acknowledgments

The quality of this programme reflected the commitment of everyone involved. Special thanks to the CBI Innovation team who managed an ambitious first sandbox with professionalism and genuine curiosity. The workshop speakers—from financial crime specialists to DORA experts to payments strategists—generously shared their time and expertise, often staying after sessions to explore nuanced questions.

We're equally grateful to the regulatory experts who opened their doors for one-on-one meetings: the DECC team who walked us through eIDAS 2.0 implementation details, the Banca d'Italia connection that provided European perspective, and the CBI specialists who helped us understand the intersection of digital identity with operational resilience and payment innovation.

Finally, our fellow participants created the collaborative spirit that made this programme special...

• AMLYZE (AML/CFT information-sharing framework)
• Expleo (Anti-SMS fraud mobile solution)
• Forward Emphasis (AI motor insurance fraud detection)
• Roseman Labs (Secure data collaboration for regulated sectors)
• Sedicii & PTSB (Zero-knowledge proof address verification)
• TrustElevate (Child age and parental verification)

The willingness to share challenges, insights, and introductions—rather than treating each other as competitors—demonstrated the kind of industry cooperation that meaningful innovation requires.

‍

A Thought Beyond Vidos

Regulatory sandboxes are often viewed as marketing badges or compliance shortcuts. Our experience suggests they offer something subtler: a space where innovators and supervisors jointly debug the future. When that dialogue is open, informed and iterative, everyone—start-ups, incumbents, regulators and ultimately citizens—benefits.

The positive energy throughout the programme—from CBI staff genuinely curious about emerging technology to participants openly sharing challenges and insights—created an environment where meaningful innovation could happen. This collaborative spirit, rather than the traditional adversarial stance between regulators and regulated, points toward a more effective way of shaping policy in fast-moving technical domains.

This approach has implications far beyond Ireland. As digital identity wallets roll out across all 27 EU member states, the companies and regulators who learn to "debug the future" together will shape not just compliance frameworks, but the entire user experience of digital identity. The technical decisions made today—around selective disclosure, cross-border verification, and fraud prevention—will determine whether digital identity becomes a seamless enabler of commerce or another friction point in increasingly digital lives.

Ready to prepare for eIDAS 2.0 compliance?  
Irish financial institutions face unique challenges as ComReg assumes supervisory responsibilities and eIDAS 2.0 deadlines approach. Whether you're a bank exploring EU Digital Identity Wallet integration, a payment provider looking to reduce onboarding fraud, or a fintech needing guidance on selective disclosure implementation, the Vidos team understands the Irish regulatory landscape and can help navigate the transition.

We're particularly interested in collaborating with Irish FSI organizations preparing for 2026 compliance requirements and exploring how cryptographic verification can strengthen your fraud prevention while meeting GDPR and upcoming regulatory obligations.

Contact us at vidos.id/contact-us.

‍