The internet was not originally designed with an identity layer. This fundamental gap has left individuals with limited control over their personal data, creating an uneven distribution of power that favours large online platforms. With identity theft and fraud becoming more prevalent, the European Union is addressing these challenges through eIDAS 2.0, which will require widespread adoption of digital identity wallets throughout one of the world's largest trading blocks.
This regulation represents a significant shift towards user-controlled digital identity. Here's what eIDAS 2.0 means for governments and enterprises across various industries.
The original eIDAS regulation (2014/910) established the EU legal framework for secure electronic transactions and interactions between public and private sector entities across European member states. Implemented in July 2016, eIDAS guaranteed the legal binding and reliability of electronic identification (eID) and electronic signatures for cross-border recognition.
The regulation supported trusted digital identities and electronic signatures, establishing a secure digital foundation for enterprises, citizens, and public administrations within the EU while enabling cross-border online services and e-commerce.
Despite its foundational role, the original eIDAS regulation faced three main limitations:
National Implementation Variations: Different interpretations across member states resulted in fragmentation when applying the law. Cross-industry, cross-organisational, and cross-border adoption proved complex and difficult, according to the Study to support the impact assessment for the revision of the eIDAS regulation, which found that only 59% of the EU population had access to notified eID schemes, leaving 41% of EU citizens without cross-border digital identity options.
Limited Scope: eIDAS focused primarily on electronic signatures and select trust services. It lacked a broader digital identity framework covering sectors such as education, employment, finance, insurance, and healthcare. Its practical utility was essentially limited to citizen-to-government and electronic document signing applications.
Physical Presence Requirements: Under eIDAS, individuals were required to be present in person for identity verification, which proved inconvenient and became particularly problematic during the COVID-19 pandemic. This requirement led EU member states to interpret and apply the law differently, preventing the harmonisation of identity and trust services fundamental to eIDAS objectives.
eIDAS 2.0 (2024/1183) represents the first global regulation mandating digital identity wallets for citizens and organisations, giving them control over their personal data. This regulation will impact digital identity initiatives worldwide, directly affecting even non-European organisations operating in global markets.
The regulation aims to ensure that citizens and organisations have secure, private, and user-controlled digital identities, reducing fraudulent activities while enabling smooth digital cross-border transactions between public and business sectors.
Digital Wallet Provision: Citizens receive digital identity wallets to control and share data with third parties, including government agencies and businesses.
Government Credential Issuance: Governments must issue digital identity wallets and credentials to citizens (such as passport, driving licence, proof of residence) based on standards including ISO/IEC 18013-5:2021 and W3C Verifiable Credentials.
Business Integration Requirements: Businesses must accept digital identity credentials for user authentication and verification, including user onboarding and transaction processes.
Enhanced Security Standards: The regulation requires high levels of security and privacy, with mandatory external evaluation and certification processes.
The European Parliament approved eIDAS 2.0 on 29 February 2024. Member states must make digital wallets available to citizens by December 2026, with full compliance requirements for large online platforms and financial institutions by December 2027.
eIDAS 2.0 and decentralised identity share core principles: both use identity wallets to empower users with data control while centralising their digital relationships under user management.
From an economic perspective, eIDAS 2.0 addresses the "cold start problem" for the decentralised identity market. By requiring member states to offer digital identity credentials and wallets to all citizens while mandating private sector acceptance, the regulation creates legal predictability for massive adoption. Identity wallet and credential verification solutions will find established market demand in the EU and beyond.
Technically, eIDAS 2.0 integrates the same concepts, technologies, and standards used by the decentralised identity industry. The EU Digital Identity Architecture and Reference Framework (ARF) and implementing acts mandate support for:
The regulation effectively mandates the adoption of mobile digital identity in accordance with global and industry standards, creating interoperability with existing decentralised identity solutions.
Organisations across sectors need to prepare for credential verification requirements. Whether you're in financial services managing customer onboarding, retail handling age verification, or government services processing citizen applications, eIDAS 2.0 will require you to accept and verify digital credentials from EU wallets.
Rather than building and certifying your own verification infrastructure, organisations can integrate pre-certified verification services that handle multiple credential formats and maintain compliance with evolving regulations.
This analysis covers the regulatory foundation and technical framework of eIDAS 2.0. In part two of this series, we'll examine practical implications for different stakeholders, including specific implementation challenges for businesses, compliance strategies for financial institutions, and the broader economic impact across European markets.
Vidos provides the verification infrastructure organisations need to accept digital credentials from EU wallets and other standards-compliant sources. Our certified verification services support the credential formats required by eIDAS 2.0, including W3C Verifiable Credentials and ISO/IEC 18013-5:2021 mobile driving licences.
Contact our team to discuss your eIDAS 2.0 compliance requirements, or explore our verification solutions to see how quickly you can integrate certified credential verification.
