Estimated reading time: 5 minutes

The European Union wants to make a digital identity wallet available to every one of its citizens by 2026. It’s a hugely ambitious project. But multiple pilots are already underway across a range of use cases…

All over the world, the ‘problem’ of digital identity is hurting people and businesses. Take cyber fraud. One estimate says losses from online payment crime could exceed $362 billion between 2023 and 2028. It’s clear that weak digital identity processes are at the heart of this epidemic. In the current environment, it’s very easy for criminals to steal online identities (or set up fictitious ones) in order to scam people and business. 

The solution seems obvious: a robust and secure digital ID system. With such a framework in place, criminals would find it almost impossible to pass as someone else. 

However, strong digital ID has the potential to do more than reduce online scams. It can also make it easier for citizens to perform a range of critical tasks both online and in physical locations: travelling across borders, proving age, signing documents, claiming prescriptions.

The good news is that now, across Europe, such a system is now being built.

A digital wallet available for every EU citizen from 2026

In June 2021, the European Commission (EC) proposed a framework for a new EU Digital Identity Wallet (EDIW) accessible to all EU citizens, residents and businesses. The proposal was built on an existing EU

regulation/protocol – eIDAS (electronic identification, authentication and trust services) – which was established in 2014 and later updated as eIDAS 2.0. 

Under the new legislation, every member state must make a digital identity wallet available to its citizens by 2026.

What does the EU Wallet do?

The new proposal will give every EU citizen a unique digital identity. And it  will be recognised anywhere in the zone and beyond, since the EU wallet is built on interoperable international standards. Users can store a range of encrypted, digitalised ID credentials in their wallets, and then share their credentials with any verified third party that needs to check them. These third parties might include public administrations, customs official, banks, hospitals, employer, e-commerce site and more.

The project promises to change the lives of millions of EU citizens, making it much easier to move around, prove identity and entitlements and access government services. But, more than this, it also has the potential to bring about a new era in which people take more control of their own data – sharing it securely with organisations they trust on their terms.

It’s why Ursula von der Leyen, President of the European Commission, described the wallet as “a secure European e-Identity…that any citizen can use anywhere in Europe…a technology where we can control ourselves what data and how data is used.”

This people-centric model of digital identity – sometimes called self-sovereign identity (SSI) – is an idea that has been around for many years. In this framework, citizens and consumers no longer need to fill out long forms full of personal details or scan documents when on-boarding to a service. Instead, they click on a signed digital credential they have loaded inside their digital wallet, then share it securely with any service provider.

Evidence suggests that citizens welcome this model. For example, in 2023 officials in Queensland Australia worked with Thales’ Digital ID Services to launch a digital licence app. 500,000 people downloaded it inside seven months.

How eIDAS 2.0 will promote interoperability across Europe 

The EU’s vision for its eIDAS 2.0 framework is to harmonise the development of digital wallets across the zone. This is an important goal. Why? Because some member states already have their own national schemes. Examples include Belgium’s itsme, Norway and Sweden's BankID, and Italy's SPID. 

These digital ID services are very popular. For example, itsme, which is linked to Belgium’s banking network, has 7 million users.

For all their success, the established national legacy identification services only work in their home countries. The eIDAS 2.0 framework seeks to change this. It will also extend the capability of mobile digital ID wallets to include issuance, storage, presentation of PID and attestations. The national schemes can do this by modifying their existing solutions or building new dedicated projects to comply to EU wallet technical specifications.

Meanwhile the regulation is expected to help member states that are less advanced. Stakeholders believe that, as relying parties in all countries start to accept EDIW to prove identity and verify official documents, this will create a virtuous circle and boost adoption across the EU zone.

What makes this interoperability possible is the EDIW’s inclusion of international standards such as ISO mDoc 18013-5 and VC W3C. They are the pillars the EU digital ID wallet is built upon.

These protocols define the ways that data is exchanged and verified. It means that, when a user presents the digital credential – representing a driving licence or a university degree, for example – the ‘relying party’ can easily check whether it is authentic, valid and if it was issued and signed by a trusted party.

The importance of privacy

In any discussion of digital ID, the topic of privacy always comes up. With this mind, the EDIW has in-built protections.
All the digital documents stored in the wallet (digital ID, mobile driving licence, health pass, e-prescription, pay slips etc.) remain private, as will the transactions in which citizens use these documents. Not even the issuers of the documents will know when the documents are shared.
This will ensure only users decide how their data is shared. It will let everyone in the EU access private (or public) digital services safely, while protecting users and service providers against identity theft.

And the extra benefit is that, when people use the wallet, they only ever need to supply minimal information. So, for example, if a service is for adults only, the credential can give a yes/no answer to the question: is this person over 18? No other private information is needed.

Bringing the right level of security

Of course, the EDIW model only works if the wallet is secure, with the highest level of assurance. Thus, the EDIW uses advanced cryptographic methods to encrypt personal data and includes safety measures to prevent cryptographic keys from being exported outside the wallet. 

To build a chain of trust, the verified identify of the holder must be binded to the wallet app. Creating a secure link will ensure that the wallet only hosts documents that belong to the holder.
In addition, member states and software providers will be required to certify every wallet they make available. Digital document issuers will be audited every two years to ensure they take the necessary security measures to address all risks.
The burden of trust extends to relying parties too. They have to declare how they will use EDIW data. They must also carry out data protection impact assessments.

The EU wallet: what stage is the project at now?

The EU Wallet really got started in June 2021 when the Commission proposed a framework for a new European digital identity platform. The proposal amended the existing 2014 eIDAS to eIDAS 2. In 2023, the Council presidency and European Parliament reached agreement on this new framework.

In the current pre-launch stage stakeholders are working hard to research the potential use cases for the wallet, explore how the tech will work and refine what the user experience will look like. 

That process took a big leap forward in May 2023, when the EU announced four large-scale pilot projects. These pilots involve approximately 360 entities, including private companies and public authorities from 26 member states, Norway, Iceland, and Ukraine. They are scheduled to continue until 2025.

The four pilots are as follows:

#POTENTIAL
The project is looking at the experience across six digital identity sectors — governmental services, banking, telecommunications, mobile driving licences, electronic signatures, and health.

#NOBID
Exploring the development of the wallet for authorising payments across Iceland, Norway, Denmark, Latvia, Germany and Italy.

#The EU Digital Identity Wallet Consortium (EWC)
This pilot tests uses related to digital travel credentials.

#DC4EU
Focused on educational and social security sectors and the potential for interoperable, cross-border service.

These projects are now under way, supported by some of the world’s foremost multinationals. Thales is part of both the Potential and the NOBID consortia.

In its work on Potential, Thales is leveraging its expertise in digital security. Specifically, it is focusing on the secure element in the smartphone to ensure maximum security for the wallet. As part of NOBID, Thales is in charge of adapting the open source EU digital ID Wallet reference app to payment use cases.

For all stakeholders, the objective of the four pilots is to test the EU Wallet across a range of everyday scenarios, and gather feedback on features such as security, interoperability, and overall design. Specifically, they have already started to explore 11 use cases. These are:

#Accessing government services
Such as applying for a passport, filing taxes, or accessing social security information.

#Opening a bank account
Secure verification of a user's identity when opening an online account.

#Registering a SIM
Proving identity when on-boarding pre and post-paid SIM card contracts.

#Using a mobile driving licence
Accessing and presenting a mobile driving licence. This is part of the EU’s plan, with a dedicated EU directive revealed in December 2023, to give all drivers a mobile licence, which can be used in online and offline scenarios. 

#Signing contracts
Creating secure digital signatures for signing contracts online.

#Claiming Prescriptions
Providing details to a pharmacist.

#Travelling
Presenting travel documents online and at airport security/customs.

#Proving organisational identities
Showing proof that a person is a legitimate representative of an organisation.

#Making payments
Proving identity when paying online.

#Acquiring an educational certification
Accessing digital versions of diplomas, degrees etc.

#Accessing state benefits
Acquiring and storing documents such as the European Health Insurance Card that speed up access to government support.
 

The above pilots illustrate the EU's commitment to the digital identity project. They provide a giant laboratory where all stakeholders can learn and share best practice. 

And in May 2024, the EU revealed that it would inject a further 20 million euros into its pilot programs targeting business, payment and banking, travel and age verification. The new round of grants focuses on improving technical specifications and implementation guidelines for the wallet.

Just three years after the EU announced its ambitions for a digital wallet, the scheme is progressing fast. By 2027, citizens should have the opportunity to store secure and unique digital versions of their identity, passports, driving licences, diplomas, prescriptions and more.