An initiative designed to drive significant changes in the digital landscape across Europe, Alexander Reithoffer, CISSP, explains the European Digital Identity Wallet (EUDI Wallet) and its potential implications for security professionals, trust architects and product strategists, as well as how it will relate to citizens, organizations and trust in the digital space.

Disclaimer: The views and opinions expressed in this article belong solely to the author and do not necessarily reflect those of ISC2.

Alexander Reithoffer, CISSPThis look at the European Digital Identity Wallet (EUDI Wallet) is based on the EUDI Wallet Architecture and Reference Framework v1.5.1., which currently undergoes frequent updates. The concepts presented here will evolve over time. This article is intended as an introduction for first-time readers on this topic.

The Wallet

The EUDI Wallet is an ambitious initiative designed to drive significant changes in the digital landscape across Europe. Its core objectives include:

  • Ensuring personal data sovereignty for users
  • Strengthening cross-border interaction within the EU
  • Enhancing digital services for both public and private sectors
  • Reducing bureaucratic inefficiencies

Development of the EUDI Wallet began in 2020 and is currently being tested in large-scale pilot projects across Europe. By the end of 2026, all EU member states are expected to provide EUDI Wallets to their citizens, residents and organizations. Several countries have already initiated the rollout.

The EUDI Wallet will initially include a "starter set" of government-issued credentials, such as personal ID, address, family relationships, driving license and more. This alone will provide a significant push toward ID digitalization. However, the EUDI Wallet can also hold certificates from private bodies, including financial data, insurance records, professional qualifications, travel documents and more. This comprehensive digital identity ecosystem will be decentralized, with the user retaining complete control over their data. It will simplify business processes while maintaining high levels of security.

While primarily focused on the EU, the underlying technology of the EUDI Wallet is agnostic to its region of origin, offering the potential to positively influence similar wallet projects worldwide. Despite some gaps that need to be addressed, the project’s progress and outlook are promising.

The Functions

The EUDI Wallet revolves around three core functions:

  • Identification and Authentication: This function spans a variety of use cases, from verifying a user's age (e.g., for a discounted museum entry) to presenting a driver’s license or authorizing online/offline payments.
  • Exchanging User Attributes: The wallet enables users to request, store and share personal data. It serves as a digital version of all the documents traditionally stored in a physical filing cabinet, allowing users to manage their data securely and maintain control over how it is shared.
  • Electronic Signatures: The wallet provides the capability to sign documents and transactions with qualified electronic signatures and seals, free of charge.

Example Use Case: When showing a physical driver’s license at a nightclub to gain access, a user may overshare more information than necessary (e.g., full name, exact date of birth, etc.). The EUDI Wallet enables the user to share only the relevant data (e.g., belonging to a certain age group) without compromising their privacy.

The Ecosystem

The EUDI Wallet ecosystem involves several roles, with the following being the three basic parties:

A user refers to an individual who holds and controls a wallet. While users typically control their own data, a wallet could also store data for others (e.g., children or an organization the user represents). The user is the central actor in this ecosystem, as they authorize the use of their data and manage who and to whom their data is presented and shared.

Users are responsible for:

  • Managing their digital identity and selecting which credentials to store in which wallet (users may have more than one wallet)
  • Providing consent for sharing specific data with relying parties
  • Creating signatures and seals
  • Creating and presenting pseudonyms

Users have full control over their personal data, with the ability to use mechanisms like selective disclosure to share only the necessary attributes of their data in each context, or zero-knowledge proofs to provide proof without sharing any personal data at all (ZKPs are expected in the next major release of the architecture reference framework). Users are always asked for consent before any attribute is shared, even with law enforcement or for critical services.

An issuer (provider) is any organization or entity responsible for issuing digital credentials or attributes that populate the EUDI Wallet. Issuers can be both public and private entities, such as government authorities (e.g., for personal identification or driving licenses), educational institutions (e.g., for diplomas and certifications), or private sector organizations (e.g., for insurance policies, bank statements, or employment records).

Issuers:

  • Create and sign credentials: Issuers authenticate and verify the user’s identity or other data and issue corresponding digital credentials as verifiable claims
  • Provide trusted data: Credentials issued by trusted entities carry a high level of assurance and are cryptographically signed

Issuers will not be able to track the use of the credentials they create for users. For instance, the issuer of a driver's license will never know when the license is used for age verification. This principle is extended to the EUDI Wallet to ensure that issuers do not track where their credentials are used (except for specific use cases, such as in payments).

A relying party is any entity (private or public) that accepts and trusts the data shared by the user via the EUDI Wallet. This could include government agencies, service providers, financial institutions, businesses, or any organization requiring the verification of the user’s identity or attributes.

Relying parties:

  • Trust the data: Relying parties trust the credentials and attributes presented by the EUDI Wallet, based on the assurance provided by the underlying identity and authentication mechanisms
  • Request data: Relying parties can request specific user attributes required to complete a transaction or service
  • Verify authenticity: They use digital signatures, secure protocols and trust frameworks to ensure the data received from the user’s Wallet is accurate, legitimate, and unaltered.

Relying parties use data and issuers provide data. However, it's important to understand that organizations can play both roles and may switch between them depending on the use case. For instance, an insurance company might issue a credential to a user, which they can then use with their bank to negotiate a loan. Conversely, the bank could provide financial information to the user, which they can then use in a use case with their insurance company.

Example Use Case: An example of how the ecosystem could come together involves a user wishing to rent a flat. Instead of providing sensitive documents such as employment contract, pay slips or an entire bank account history, the user could share two specific credentials: one from their employer confirming their employment since [X date], and another from their bank stating that they have maintained an average free available monthly balance of [Y amount] in their income account. By doing so, the user shares only the relevant data, avoiding oversharing while still providing sufficient information for the rental application.

The Principles

The EUDI Wallet is built upon four guiding design principles:

  • User-Centricity: The Wallet is designed to be user-friendly and accessible to people of all technical backgrounds. Its goal is to make digital interactions convenient for citizens across the EU (and beyond).
  • Interoperability: The Wallet will standardize the exchange of information across borders, ensuring that public and private organizations can securely share data using the same protocols. This will make cross-border services more seamless for EU citizens.
  • Privacy by Design: Privacy is at the core of the EUDI Wallet. Techniques such as selective disclosure and zero-knowledge proofs will ensure that only the minimal amount of personal data necessary for a transaction is shared, enhancing both security and user control.
  • Security by Design: From the initial design to implementation, security is a foundational element of the EUDI Wallet. Security principles have been integrated to mitigate vulnerabilities at every layer – whether in coding, architecture, or process design. A decentralized structure ensures that the data remains secure and no single EU-wide data store holds all the information, thus minimizing the risk of a data breach.

Example Use Case: A user wants to understand which data they have shared. Since all data exchanges happen via the wallet and one of the core functions of the wallet is to provide this information, the user can simply look it up within the wallet. They can even request the cessation of data sharing with a specific relying party.

The Trust

The trust model of the EUDI Wallet goes beyond simple identity verification – it creates a robust, multi-layered assurance system that spans across various stakeholders. The foundational actors in the EUDI Wallet ecosystem – issuers, users, and relying parties – each play a role: issuers create and sign digital credentials, users hold and control their credentials, relying parties trust and use these credentials for transactions or services. However, true trust is built on additional layers that strengthen security and assurance across the entire system.

The trust model for the EUDI Wallet is designed to establish and maintain trust between all entities of the ecosystem:

Wallet Trustworthiness: At the heart of the trust model lies the wallet unit. It comprises:

  • The user’s device (hardware, software, operating system)
  • The wallet instance (a wallet solution installed on the user’s device in form of an app or application)
  • The wallet secure cryptographic device and its application (used for storing keys and performing security-critical functions)
  • The wallet providers backend (responsible for maintenance and updates)

The wallet unit becomes fully operational only after it’s linked to personal identification data (PID) and issued a Wallet Unit Attestation (WUA) by the wallet provider, guaranteeing both personal identification and system compliance.

Relying Party Trustworthiness: To access the EUDI Wallet ecosystem, a relying party must receive an access certificate from a trusted registrar. Without this certificate, a relying party cannot authenticate itself to the wallet unit or request data. Additionally, the trustworthiness of relying parties is tied to a lifecycle and can be revoked if necessary.

Attestation Trustworthiness: Users can request PID or other attestations to be added to their wallet. Once added, these attestations can be presented to a relying party or another user’s wallet. The entity that issued the attestation (issuer/provider) is responsible for maintaining its lifecycle and ensuring its validity.

Sharing Trustworthiness: When presenting data to a relying party, a trust relationship is formed. This process includes:

  • Ensuring that the user is confident in the identity of the relying party
  • The wallet verifying that the relying party does not request more attributes than it is entitled to
  • An optional disclosure policy, which governs which attestations can be shared with which relying parties, though this can be overridden by the user if needed

Wallet Solution Trustworthiness: The wallet provider manages the core technology behind the EUDI Wallet, ensuring its security and integrity. The provider must register their wallet solution with a trusted list provider to be included in the ecosystem. In certain situations, the trusted list provider can suspend or withdraw this trust if the wallet solution fails to meet required standards.

Issuer Trustworthiness: Entities that provide attestations or Personal Identification Data (PID) are registered with the trusted list provider. This registration enables issuers to participate in the ecosystem and issue attestations to users. If the issuer provides PID, Qualified Electronic Attestations of Attributes (QEAA), or Public Body Authentic Source Electronic Attestations of Attributes (PuB-EAA), their trust anchors are also listed with a trusted list provider. Relying parties can use this list to verify the authenticity of PIDs, QEAAs, or PuB-EAAs obtained from users' wallets, thus enhancing the trust in these attestations in comparison to attestations from Non-Qualified Electronic Attestation of Attributes (EAA) Providers.

Use Cases from Personal Experience

On a personal note, I recently had to complete a procedure with a government office on behalf of my daughter. The official process required me to send personal documents for my daughter, my wife and myself to an unsigned mail recipient. There was no option for physical handover and no digital process was available. After some back-and-forth, I did what most parents probably end up doing: I relented and sent the documents via plain email. Then, yet again, I faced another round of back-and-forth because I had selected a wrong document.

This experience highlights a fundamental challenge the EUDI Wallet seeks to address – improving security and protecting personal data, whilst improving efficiency. The wallet has the potential to elevate citizens' data handling to a new level, still it is crucial to acknowledge that certain concerns still need to be addressed:

  • Data Breaches of a Specific Wallet: With sensitive personal data stored in the wallet, any data breach could have severe consequences. To mitigate this risk, strong encryption standards, continuous updates and a well-defined lifecycle model are essential. A key differentiator from traditional data stores is decentralization. Even in the event of a breach, exposure is minimized, significantly reducing the potential impact.
  • Phishing and Social Engineering: Attackers may attempt to deceive users into revealing their credentials or personal information. The trust model of the EUDI Wallet is managed by appointed authorities, which ensure that only trusted parties are granted the necessary credentials to access the ecosystem. While it's true that this also could be faked, doing so requires a higher level of effort than, for instance, creating a fraudulent website.
  • Trust in the Ecosystem: As previously outlined, the EUDI Wallet ecosystem is designed with a high level of inherent trust. Even if a party within the ecosystem is compromised, lifecycle management procedures allow that party to be swiftly removed. For individuals who may not know each other personally but are conducting transactions online, the ecosystem provides reassurance. Their identity is verified by a trusted government issuer, their job role is confirmed through a digital attestation from their company and their bank account is authenticated as belonging to a legitimate business. In practical terms, when I send money, I can trust that it’s going to the correct account, owned by the right company and reaching my designated account manager – who I only know digitally.
  • Endpoint Access Security: If a user's device is compromised, attackers may gain unauthorized access to the Wallet – but only that device. Any intentional changes to the device (like rooting) could reduce security as well. The ecosystems decentralized design and secure data exchange protocols help limit the impact of a compromised device. A compromised user endpoint does not guarantee access to the ecosystem and the lifecycle management of the wallet unit allows for the revocation of attestations, effectively cutting off access to the system.
  • Endpoint Data Security: Secure elements, such as dedicated security modules (whether local or remote, internal or external) and device-level encryption ensure that the Wallet’s data remains protected, even if the device itself is compromised.
  • Anonymity: Personal data is often shared with relying parties, which means they may learn about the user’s identity. However, data minimization practices ensure that only the essential information is shared. The goal is to balance privacy with functionality, ensuring that only the necessary data is used for each specific transaction or interaction.

Looking Ahead

The EUDI Wallet promises to be a significant step in transforming the digital landscape. As it continues to evolve, its impact on security, privacy and user control will only grow. However, significant challenges remain, including standardization, cross-border harmonization and scaling the technology to meet diverse needs across various sectors. Despite these hurdles, the European Digital Identity Wallet holds the potential to reshape how we think about digital identity, trust, and data sharing.

Alexander Reithoffer, CISSP, has a background in software development, project management and leadership across various IT units. He transitioned to IT security in 2020, focusing primarily on identity and access management (IAM). He has represented his employer at the European Wallet Consortium (EWC), a pan-European pilot project aimed at developing and researching the European Digital Identity Wallet (EUDI Wallet).

Related Insights