European Digital Identity Framework (eIDAS 2)
AI-assisted content notice: this page includes AI-assisted summaries, FAQs, and glossary entries prepared for navigation purposes. Verify the underlying legal text before relying on this content.
Summary
The revised eIDAS framework updates EU rules on electronic identification and trust services and establishes the European Digital Identity Wallet (EUDI Wallet) as a common, interoperable means for individuals to identify themselves and share verified attributes across the EU. It strengthens and expands the EU trust services regime (including qualified trust services) and sets requirements for wallet security, interoperability, and user control. Member States must make at least one wallet available and ensure cross-border recognition and acceptance under the conditions set by the Regulation and implementing acts.
Who is affected?
EU Member States and their designated bodies (for notifying eID schemes and providing/ensuring availability of at least one EUDI Wallet), trust service providers, and public and private relying parties that must accept the wallet in specified cases. EU citizens, residents and businesses benefit from the ability to identify and authenticate and to receive/hold/share digital credentials and attributes across the EU.
Scope
Applies to electronic identification schemes, the European Digital Identity Wallet framework, and trust services (including qualified trust services) used for electronic transactions in the EU internal market.
Key Points
- Amends the eIDAS framework to introduce the European Digital Identity Wallet (EUDI Wallet) and common EU rules for its interoperability and security
- Requires each Member State to make available at least one EUDI Wallet under the conditions set by the Regulation and implementing acts
- Sets obligations for acceptance/recognition of the wallet and certain electronic identification means in cross-border contexts, including for access to public services and specified private-sector use cases
- Strengthens and expands the trust services framework, including new/updated qualified trust services and stricter requirements for qualified trust service providers
- Requires privacy and user-control features (e.g., selective disclosure of attributes) and security measures for wallets and relying parties
- Foresees extensive implementing acts and technical standards to operationalise the wallet ecosystem (formats, protocols, certification/security requirements and interoperability)
Related Regulations
Frequently Asked Questions
Who must comply with the eIDAS 2 Regulation?
EU Member States and their designated bodies must comply by notifying eID schemes and ensuring the availability of at least one European Digital Identity Wallet (EUDI Wallet). Trust service providers, as well as public and certain private sector relying parties, must also adhere to the Regulation’s requirements.
What is the main scope of eIDAS 2?
eIDAS 2 applies to electronic identification schemes, the European Digital Identity Wallet framework, and trust services—including qualified trust services—used for electronic transactions within the EU internal market.
What are the key obligations for Member States under eIDAS 2?
Member States must make at least one EUDI Wallet available to citizens and residents, ensure its compliance with security and interoperability requirements, and guarantee cross-border recognition and acceptance as specified by the Regulation.
What is the European Digital Identity Wallet (EUDI Wallet)?
The EUDI Wallet is a secure, interoperable digital tool that allows individuals to identify themselves, authenticate, and share verified credentials and attributes across the EU. It must meet strict security, privacy, and user-control standards.
Which entities are required to accept the EUDI Wallet?
Public sector bodies and certain private sector entities, especially those providing services where strong identification is legally required, must accept the EUDI Wallet for identification and authentication purposes in accordance with the Regulation.
What are the penalties for non-compliance with eIDAS 2?
Penalties for non-compliance are determined by individual Member States, but the Regulation requires that sanctions be effective, proportionate, and dissuasive. These may include administrative fines or other corrective measures.
How does eIDAS 2 interact with other EU regulations?
eIDAS 2 complements existing EU digital and data regulations, such as the GDPR, by providing a harmonized framework for digital identity and trust services. It ensures interoperability and legal recognition across borders within the EU.
What are the main security and privacy requirements for the EUDI Wallet?
The EUDI Wallet must implement robust security measures, including protection against unauthorized access and fraud, and support privacy features like selective disclosure of attributes. Users must have control over their data and consent to its use.
What practical steps should organizations take to comply with eIDAS 2?
Organizations should assess whether they are required to accept or provide EUDI Wallets or trust services, implement necessary technical and organizational measures, and follow relevant standards and certification processes as set out in the Regulation and implementing acts.
What is the timeline for the implementation of eIDAS 2 requirements?
The Regulation is in force, but specific deadlines for implementation may be set by the Regulation itself and subsequent implementing acts. Member States and stakeholders should monitor official communications for precise timelines.
Key Terms
- European Digital Identity Wallet (EUDI Wallet)
- A secure, interoperable digital wallet that allows EU citizens and residents to identify themselves and share verified credentials and attributes across Member States.
- Qualified Trust Service
- A trust service that meets enhanced requirements under eIDAS 2 and is provided by a qualified trust service provider, offering higher legal assurance and recognition across the EU.
- Trust Service Provider (TSP)
- An entity that provides electronic trust services, such as electronic signatures, seals, timestamps, and certificates, under the eIDAS framework.
- Electronic Identification Scheme
- A system for electronic identification that is notified by a Member State and recognized across the EU for secure authentication and identification.
- Relying Party
- A public or private entity that relies on electronic identification or trust services, such as the EUDI Wallet, to authenticate users or verify credentials.
- Selective Disclosure
- A privacy feature enabling users to share only specific attributes or credentials from their digital wallet, rather than their full identity or data set.
- Cross-Border Recognition
- The obligation for Member States and entities to accept notified eID schemes and EUDI Wallets issued in other Member States for specified use cases.
- Implementing Act
- A legally binding EU instrument adopted by the European Commission to set detailed technical and operational rules for the application of the Regulation.
- Notified eID Scheme
- An electronic identification scheme formally notified by a Member State to the European Commission for mutual recognition across the EU.
- User Control
- A requirement that individuals have the ability to manage, consent to, and control the use and sharing of their digital identity data within the EUDI Wallet.