The defining tension of January 2026 is the gap between political debate and infrastructure reality...
In the EU, the Architecture Reference Framework reached version 2.4.0 while Member State readiness assessments revealed significant variation: nine countries already have wallet solutions deployed at the national level, while others have barely started. The European Commission advanced the European Business Wallets proposal, extending digital identity from individuals to companies. Two large-scale pilots, WE BUILD and APTITUDE, continued testing real-world use cases across 27 countries.
Ireland announced a 2,000-person digital wallet pilot while civil liberties organisations challenged the legal foundation of MyGovID ahead of a March 2026 Data Protection Commission deadline. Ireland's upcoming EU Council presidency, starting July 2026, adds a layer of strategic significance to its domestic digital identity developments.
In the UK, the government's decision to abandon mandatory digital identification attracted significant public attention, yet the practical buildout of digital identity infrastructure continued at pace across multiple government programmes. GDS hosted industry engagement events, the digital driving licence entered private testing, and programmatic verification capabilities moved into development.
For enterprises, January's developments carry a consistent message: regardless of whether digital identity is voluntary or mandatory in any given jurisdiction, the infrastructure is being built, deadlines are approaching, and the verification landscape is becoming more complex. Organisations need to be preparing now, not waiting for policy certainty.
The Architecture Reference Framework (ARF) version 2.4.0 was released in January 2026. The update is based on the legal text adopted by co-legislators, including adopted Commission Implementing Regulations such as CIR 2025/849 covering the list of certified European Digital Identity Wallets.
Technical standards referenced include ISO/IEC 18013-5:2021, ISO/IEC TS 18013-7:2024, OpenID4VP, SD-JWT, mdoc formats, W3C Verifiable Credentials Data Model 2.0, and ETSI TS 119 461 v2.1.1.
Why this matters: The ARF is the technical blueprint that ensures EUDI Wallets remain interoperable across Member States. Version 2.4.0 incorporates the implementing regulations published in December 2025, aligning the reference architecture with the legal framework. For technical teams building wallet or relying party infrastructure, this release defines the current standard baseline. The standards referenced represent the core formats and protocols that verification and issuance systems must handle.
Vidos perspective: The standards referenced in ARF 2.4.0, particularly OpenID4VP, SD-JWT, mdoc, and ISO 18013-5/7, are all supported by Vidos. In January, we shipped improvements to OID4VP trust anchor configuration and audience claim handling, and a DCQL path schema fix, all directly aligned with the interoperability requirements outlined in this framework version. Our ongoing conformance testing against these standards ensures that as the ARF evolves, our verification infrastructure keeps pace.
Commission Implementing Regulation (EU) 2025/2531 entered into force on 6th January 2026, establishing qualified electronic ledgers as a new trust service under eIDAS 2.0. The regulation defines electronic ledgers as sequences of electronic data records ensuring integrity and accurate chronological ordering. This represents one of four implementing regulations published on 16th December 2025.
Why this matters: The establishment of qualified electronic ledgers as a trust service creates a new category of compliance-relevant infrastructure. The focus on tamper-proof audit trails and integrity assurance connects to the broader accountability requirements organisations face when handling digital credentials.
Vidos perspective: With the entrance of a new trust service type to the regulatory landscape and a focus on audit trails and integrity assurance, the establishment of qualified electronic ledgers connects to the compliance requirements organisations face when implementing digital credential verification. We believe it’s worth monitoring as the qualified trust service provider landscape expands with these new service categories.
Industry assessments of Member State readiness for the December 2026 deadline reveal significant variation. Nine countries already have digital identity wallet solutions deployed at the national level, including Austria, France, Italy, Belgium, and Poland.
Austria's eID has approximately 3 million users. Italy launched its IT Wallet in December 2024, integrated into the IO App. Poland's mObywatel app has over 18 million downloads, with version 3.0 planned for November 2026. Spain is piloting an age-assurance wallet. Germany and Finland are still developing their solutions. The Netherlands has signalled it is unlikely to meet the December 2026 deadline fully. Bulgaria has not begun substantial work on a state-provided digital identity wallet.
Why this matters: The wide variation in readiness creates a phased rollout reality rather than a simultaneous EU-wide launch. Organisations needing to verify credentials from multiple countries will face different wallet capabilities and maturity levels depending on which Member States their users come from. Early mover countries (Austria, Italy, Poland) provide testing opportunities in 2026, while lagging countries create coverage gaps that require fallback verification methods.
Vidos perspective: The variation across Member States is precisely the interoperability challenge we address. In January, we added support for the French Identité wallet, including the French sandbox IACA certificate. This is part of our ongoing programme of testing and integrating European wallet implementations as they come online. Organisations cannot wait for universal wallet availability; verification infrastructure needs to handle a heterogeneous landscape from day one.
The WE BUILD consortium, led by the Ministry of Economic Affairs (Netherlands), KVK (Netherlands), and Bolagsverket (Sweden), continues its 24-month pilot launched in September 2025. The consortium includes 197 participants across 27 countries, with a total budget of approximately €25 million, deploying 13 high-impact use cases across business, supply chain, and payments domains.
The APTITUDE consortium continues testing EUDI Wallets across travel, mobile vehicle registration certificates, interoperability, usability, and scalability. The pilot began in October 2025 and is working on digital travel credentials compliant with ICAO standards, mobile ticketing, and advanced banking applications.
Why this matters: These large-scale pilots are generating practical evidence of what works and what does not. WE BUILD's focus on business, supply chain, and payments use cases extends testing beyond personal identity into commercial applications. APTITUDE's work on digital travel credentials and banking applications tests cross-sector interoperability. Results from these pilots will directly influence how Member States and private-sector organisations deploy wallet infrastructure through 2026.
The European Business Wallets proposal, part of the Commission's Digital Package released on 19th November 2025, is advancing through the legislative process. The proposal would create a wallet-based digital identity for companies with a unique persistent identifier recognised across all 27 Member States.
Companies would be able to create, store, and present verified digital documents, including licences, permits, and certificates, as well as digitally sign, seal, and timestamp documents. The Commission projects potential savings of up to €150 billion per year. Public administrations would have two years to deploy the system after adoption. The proposal is designed for SMEs and microenterprises as well as large companies.
Why this matters: The business wallets proposal extends digital identity from individuals into B2B and B2G contexts. A unique persistent identifier for companies across 27 Member States would fundamentally change how cross-border business verification works, from checking company registrations in individual countries to verifying a single European business credential. The projected €150 billion per year in savings signals significant Commission ambition.
Vidos perspective: For verification infrastructure, this opens a new category of credentials beyond personal identity: business licences, permits, and certificates that will need to be verified programmatically. Organisations building verification capabilities now will be well-positioned as these credential types emerge alongside the personal identity credentials already in development.
The feedback period for the public consultation on remote user onboarding under Article 5a(24) extends to 5th March 2026. The consultation addresses reference standards for remote identity proofing during wallet user onboarding.
Why this matters: This consultation determines how citizens will be onboarded to wallets remotely, affecting both user experience and the security of the initial identity proofing process. The standards established here will define the onboarding requirements that wallet providers and identity proofing services must meet. Organisations involved in remote identity verification should review the consultation and consider submitting feedback before the 5th March deadline.
The Irish Council for Civil Liberties (ICCL) and Digital Rights Ireland called on the government to urgently clarify the legal basis for proposed social media identity verification plans in January 2026.
The intervention comes as the March 2026 deadline approaches for the government to establish legal footing for MyGovID following a June 2025 Data Protection Commission ruling that the SAFE2 mechanism was illegal.
Joe O'Brien, ICCL Executive Director, stated: "These reports suggest the Minister wants every adult and child in Ireland over the age of 15 to present a MyGovID whenever they want to post on social media... On what legal basis?"
Why this matters: The March 2026 DPC deadline coincides with the Q1 digital wallet pilot timeline, creating parallel tracks of implementation and legal challenge. For enterprises evaluating Irish digital identity infrastructure for verification integrations, the legal foundation question introduces uncertainty that will not be resolved until the government establishes a statutory basis for MyGovID. Organisations should monitor legal framework developments alongside technical implementation progress.
A 2,000-person pilot programme for the Government Digital Wallet is scheduled to launch in Q1 2026, involving both over-18s and under-18s. The pilot aims to prove age verification capabilities when navigating different platforms. The wallet, which will be available as a mobile app, will also enable the government to send alerts, information, and public notices to users.
The system is being designed in collaboration with the Office of the Government Chief Information Officer (OGCIO) and the Department of Social Protection. A previous pilot was completed in July 2025 involving over 500 public servants. The government allocated €20 million for Ireland's digital wallet rollout in 2025.
Documents that can be stored include: driving licences, birth certificates, death certificates, and European Health Insurance cards.
Why this matters: Ireland is moving from policy to implementation with defined participant numbers and timelines. The inclusion of both over-18s and under-18s tests the full age verification use case. The progression from 500 public servants in July 2025 to 2,000 public participants in Q1 2026 shows controlled scaling. The credential types listed (driving licence, birth certificate, EHIC) will each require specific verification protocols on the relying party side.
Vidos perspective: The 2,000-person pilot represents a practical step from policy to implementation. The credential types listed will all require verification infrastructure on the relying party side, each with a distinct format and validation requirements. With Ireland's EU Council presidency starting in July, the timing positions Ireland to shape the broader European conversation on digital wallets from a position of domestic implementation experience.
Ireland will assume the Presidency of the Council of the European Union from July to December 2026, marking the country's eighth presidency.
Tánaiste Simon Harris announced that Ireland's presidency will push for EU-wide identity-verified social media accounts, aiming to limit anonymous abuse, combat bot networks, and counter coordinated disinformation. Harris backed an Australian-style age verification regime and is expected to present detailed proposals during the presidency, potentially seeking revisions to parts of the EU's Digital Services Act.
Harris stated: "We have a digital age of consent in Ireland, which is 16, but it's simply not being enforced."
Why this matters: Ireland's presidency gives it agenda-setting power for the second half of 2026. Proposals to revise the Digital Services Act to mandate identity-verified social media accounts would affect every platform operating in the EU. For digital identity providers and verification services, this signals potential new regulatory requirements at the EU level that could create significant demand for age verification infrastructure.
The UK government abandoned plans for compulsory digital identification on 15th January, confirming that digital ID will remain voluntary. Individuals will be able to use alternative forms of identification, including biometric passports or e-visas. A government spokesperson acknowledged concerns about "privacy, data security, and public confidence."
Chancellor Rachel Reeves indicated the government was "relaxed" about the form digital identification takes. A full public consultation is expected later in 2026.
Separately, Minister Josh Simons confirmed on 26th January that the government expects the new digital ID to be "designed, built and run by in-house government teams, not outsourced to external suppliers," though it may use "specialist external services or expertise." The government rejected the Office for Budget Responsibility's December estimate of £1.8 billion for the scheme, claiming costs will be met "within existing spending review settlements." A public consultation is scheduled to launch in February 2026.
The House of Commons Library published a comprehensive research briefing on digital identity (reference CBP-10369) on 16th January, summarising recent debates and noting the government's plans for a public consultation. The briefing references the nearly 3 million signature petition that was debated in Parliament on 8th December 2025.
Why this matters: The voluntary approach removes near-term uncertainty about compulsory adoption timelines, but the infrastructure buildout continues regardless. The February 2026 consultation will shape how the GOV.UK Wallet, digital driving licence, and broader digital identity services are being developed. For organisations in the DVS ecosystem, the commitment to in-house government teams alongside "specialist external services" signals that private-sector verification infrastructure will complement, not compete with, government-built systems. The 17 written questions from Sir David Davis about budget implications and the gap between OBR estimates and government projections suggest ongoing parliamentary scrutiny through 2026.
The government updated guidance on the DVS Trust Framework certification scheme on 12th January, confirming that Beta (0.3) certificates will forcibly expire on 31st March 2026. All certified providers must uplift to Gamma (0.4) before that date. OfDIA stated its intention to publish version 1.0 of the certification scheme in 2026, starting with a pre-release version that will allow DVS providers to use the trust mark.
The government also published a new Cyber Action Plan on 6th January, backed by over £210 million, which specifically references developing digital wallets and verifiable credentials as new capabilities. GOV.UK One Login is working with national cyber security authorities to align with a new Secure by Design standard.
Why this matters: The 31st March forced expiry creates a hard deadline for all certified DVS providers. Any gap between Beta expiry and Gamma certification means a provider loses their place on the statutory register. The planned version 1.0 publication later in 2026 represents the framework's first stable release, moving beyond the iterative beta and gamma versions that have characterised the framework since its inception. The Cyber Action Plan's mention of digital wallets and verifiable credentials within a cybersecurity context aligns the government's security and digital identity agendas.
Vidos perspective: The Beta to Gamma transition is one providers need to complete well before the 31st March deadline to avoid any gap in certification status. The planned publication of version 1.0 later in 2026 is an important milestone for the framework's maturity. We are tracking these certification transitions closely as part of our DIATF certification work. The Cyber Action Plan's reference to verifiable credentials reinforces the standards-based approach that underpins both the DVS Trust Framework and our verification infrastructure.
OfDIA published an update on enabling digital verification services for proof of age in alcohol sales in England and Wales on 7th January. The Home Office is working to change Mandatory Licence Conditions (MLCs) under the Licensing Act 2003, a process originally planned for 2025 but subsequently delayed.
Author Eleanor Curry stated: "This is a complex area of law, and it has not been possible to change the MLCs last year as had been planned."
Five key requirements are being considered for DVS providers: statutory registration on the DVS register, binding requirements, validation processes, age confirmation of at least 18 years, and a confidence level of at least "medium" as defined in Good Practice Guide 45 (GPG45).
Why this matters: Alcohol sales represent one of the first consumer-facing use cases for the DVS Trust Framework beyond right to work and right to rent checks. The five requirements provide concrete guidance for providers building age verification capabilities. The delay from 2025 highlights the legislative complexity involved, but the specificity of the requirements signals that implementation is on a defined path. For relying parties in retail and hospitality, this will mean a significant operational change when the Statutory Instrument passes through Parliament.
Vidos perspective: The GPG45 confidence level requirements and statutory registration criteria give the market concrete parameters to work with. For relying parties in retail and hospitality, the shift from physical document checks to digital verification represents a meaningful change in how age is verified at the point of sale. This use case expansion strengthens the commercial case for DVS ecosystem investment.
GDS reported that over 15,000 veterans have added the Digital Veteran Card to the GOV.UK One Login app since its launch in October 2025. Private testing of the digital driving licence began in December 2025 with the Driver and Vehicle Licensing Agency (DVLA). The next development phase will enable programmatic verification for authenticating digital documents. GDS has hosted an industry kick-off event and held nearly 30 meetings with private sector identity providers.
GDS also published a six-point roadmap for digital government through 2030, reporting that GOV.UK One Login has been used by more than 13 million people for over 120 services, with the government estimating £45 billion in potential savings from digital transformation.
The Government Digital Service separately detailed its security approach for GOV.UK One Login, confirming there is no central database linking user information across different government services. Security measures include threat monitoring, access control protocols, detailed logging, regular independent security testing, and red team exercises.
Why this matters: The progression from wallet launch to programmatic verification development signals the government is building out the verification side of the wallet ecosystem, not just the issuance side. Nearly 30 meetings with private sector identity providers and the industry kick-off event indicate active engagement with the DVS ecosystem. The 13 million user base and 120+ services provide substantial scale for credential adoption. The confirmation that there is no central database addresses one of the primary public concerns raised during the mandatory digital ID debate.
Vidos perspective: The mention of enabling DVS industry partners to test data-sharing capabilities is directly relevant to our work. Our January product updates included improvements to OID4VP trust anchor handling and audience claim interoperability, which are core to the protocols underpinning wallet-to-verifier interactions. As the GOV.UK Wallet moves toward supporting programmatic verification, the protocols and standards that enable this, particularly OpenID4VP, are the same standards we implement and test against daily.
Companies House published guidance on identity verification for PSCs (Persons with Significant Control) on 16th January. PSCs who are not directors must verify their identity within the first 14 days of their birth month. New PSCs must provide a personal verification code when first added to the register or within 14 days of receiving a direction letter.
Companies House estimates that 6-7 million individuals will need to verify their identity by mid-November 2026. Verification can be completed via GOV.UK One Login (free) or through an Authorised Corporate Service Provider.
Why this matters: 6-7 million individuals represent one of the largest identity verification programmes in the UK. The dual verification path through GOV.UK One Login and Authorised Corporate Service Providers creates clear demand for the DVS ecosystem. This is the first use case where millions of individuals have a regulatory obligation to complete digital identity verification within a defined timeframe, providing a significant test of the ecosystem's capacity.
Vidos perspective: The scale of Companies House verification, 6-7 million individuals by November 2026, creates substantial demand through the DVS ecosystem. The dual path of GOV.UK One Login and Authorised Corporate Service Providers means the verification supply chain will be tested at volume for the first time.
Across all three jurisdictions, digital identity infrastructure development continued regardless of political debate. The UK's GOV.UK Wallet added 15,000 veteran card holders and began digital driving licence testing while the mandatory versus voluntary debate played out in the press. The EU published ARF 2.4.0 and continued large-scale pilot testing while Member States grappled with readiness gaps. Ireland scheduled its 2,000-person pilot while civil liberties organisations challenged MyGovID's legal foundation.
Why this matters: Organisations waiting for political certainty before investing in verification infrastructure are watching the wrong signal. The technical buildout is progressing on its own timeline, driven by existing legislation (the Data (Use and Access) Act in the UK, eIDAS 2.0 in the EU) rather than the newer policy proposals generating headlines.
Three significant deadlines fall within Q1 2026: the UK's forced expiry of Beta (0.3) DVS certificates on 31st March, Ireland's DPC deadline for establishing MyGovID's legal footing by March, and the EU's remote user onboarding consultation closing on 5th March. Beyond Q1, Companies House requires 6-7 million identity verifications by November 2026, and EU Member States must have wallets available by December 2026.
Why this matters: These converging deadlines create immediate action requirements. DVS providers must complete their Gamma uplift. Irish digital identity stakeholders must monitor the government's response to the DPC ruling. Organisations with views on remote onboarding standards should submit consultation feedback. The compressed timeline means delays in any one area compound downstream.
The EU's European Business Wallets proposal, the UK's Companies House PSC verification programme, and the WE BUILD consortium's business use cases all point to business identity as a growing requirement alongside personal identity. The Commission's projection of €150 billion per year in savings from business wallets, alongside the UK's 6-7 million PSC verifications, indicates that business identity verification will become a significant market.
Why this matters: Organisations that have focused exclusively on personal identity verification will need to extend their capabilities to handle business credentials, company identifiers, and organisational attestations. The business identity use case introduces different verification requirements: checking company registrations, validating authorised representatives, and confirming business credentials that may not follow the same formats as personal identity credentials.
The voluntary versus mandatory debate does not change the compliance landscape. Whether digital ID is voluntary or mandatory in the UK, the DVS Trust Framework is statutory, Companies House verification is mandatory for 6-7 million individuals, and alcohol sales regulations are advancing. Organisations need verification infrastructure regardless of the outcome of the February consultation.
Certification deadlines require immediate action. The 31st March Beta (0.3) expiry is a hard deadline for DVS providers. Any gap in certification status means removal from the statutory register. Organisations relying on certified providers should confirm their providers' Gamma (0.4) transition plans.
Member State wallet variation requires an adaptable verification infrastructure. Nine EU countries already have wallet solutions deployed, while others have not started. Organisations needing to verify credentials from multiple countries must prepare for a heterogeneous landscape, not a uniform standard. Testing against available wallets now, rather than waiting for universal deployment, reduces integration risk.
Business identity is no longer a future consideration. The European Business Wallets proposal and Companies House PSC verification create near-term requirements for business credential verification. Organisations should assess whether their verification infrastructure can handle business credentials alongside personal identity.
Legal foundations matter as much as technical readiness. Ireland's MyGovID legal challenges and the UK's policy reversal demonstrate that technical capability without public trust and legal foundation creates uncertainty. Organisations evaluating digital identity infrastructure in any jurisdiction should assess legal framework stability alongside technical conformance.
Implementation support reduces complexity. Vidos runs training workshops on eIDAS 2.0, EUDI Wallet implementation, and digital credential verification for compliance teams, technology architects, and business leaders. These sessions cover regulatory frameworks, technical architecture, and practical integration patterns across UK and EU requirements.
January 2026 confirmed that digital identity infrastructure development has its own momentum, advancing through government programmes, EU regulation, and large-scale pilots, regardless of political debate. The UK's DVS ecosystem faces its first certification transition. The EU's Member States have 11 months to deploy wallets. Ireland moves from policy announcements to a public-facing pilot.
The month ahead brings the UK's February 2026 consultation on digital identity, the 5th March deadline for EU remote onboarding consultation feedback, and Ireland's March DPC deadline for MyGovID's legal foundation. The DVS Beta certificate expiry on 31st March will test whether the certification ecosystem can manage transitions at scale.
For enterprises, the action items are clear: confirm certification transition plans, begin testing against available EUDI Wallet implementations, assess business identity requirements, and prepare verification infrastructure for a landscape where multiple credential formats, standards versions, and wallet maturity levels coexist.
Want to discuss digital credential verification infrastructure, eIDAS 2.0 compliance, or UK DIATF integration?
Contact us to arrange a conversation.
For organisations preparing for the DVS certification transition or the EUDI Wallet deployment deadline, Vidos can provide a technical assessment of verification readiness across both UK and EU frameworks.
This monthly update distils regulatory developments, certification milestones, and implementation progress affecting digital identity across the UK, EU, and Ireland. For organisations navigating compliance requirements or exploring digital credential adoption, Vidos provides verification infrastructure that supports any credential format through standards-based APIs.
