The European Union Digital Identity Wallet (EUDI Wallet, the EU Digital Identity Wallet) has been circulating for years as a concept discussed in meetings, proposals, and working groups. Yesterday, it stopped being a conversation about the future.

What was presented were production-ready pilots, hybrid infrastructure models, legally binding timelines, and real use cases for SMEs.

I want to share with you the most relevant insights from each presentation and connect them with what, at EADTrust, we are building so that organizations can integrate into this ecosystem without improvisation.

Key concepts for understanding the event and the EUDI Wallet

eIDAS 2.0

Regulation (EU) 2024/1183, which amends the original eIDAS Regulation (EU) 910/2014. It establishes the legal framework for digital identity within the European Union, including the obligation for Member States to issue digital identity wallets and the obligation for the private sector to accept them from December 2027 onwards.

EUDI Wallet (Cartera IDUE)

European Digital Identity Wallet. The European Union’s digital identity wallet. An application that allows citizens and legal entities to prove their identity and attributes digitally, with full legal validity across all Member States. In Spain, it is referred to as the EU Digital Identity Wallet (Cartera IDUE).

Business Wallet

Digital wallet designed for legal entities. It enables companies to manage authorizations, delegations of representation powers, and evidentiary traceability in B2B and B2G relationships. It can be implemented independently of the official EUDI Wallet timeline.

PID (Personal Identity Data)

Personal identity data. The set of minimum attributes that uniquely identify a natural or legal person within the EUDI Wallet ecosystem. Functionally, it is equivalent to the electronic national identity card (eID) inside the digital wallet.

EAA

Electronic Attestation of Attributes. A verifiable credential that certifies a specific characteristic of its holder: academic qualifications, membership in a professional association, powers of representation, driving licence, etc. The 38 standardized attributes defined by DC4EU ensure that these attestations are interoperable across Europe.

Hybrid PKI

A public key infrastructure model combining traditional digital certification mechanisms (classical PKI, X.509) with new Verifiable Credential schemes. This is DC4EU’s technical approach to ensuring interoperability without forcing an abrupt replacement of existing systems.

QTSP (Qualified Trust Service Provider)

A Qualified Trust Service Provider. An entity supervised by a national supervisory body (in Spain, the Ministry of Economic Affairs through SETSI) that provides trust services with the highest level of legal assurance recognized under eIDAS. EADTrust is a QTSP.

DC4EU (Digital Credentials for Europe)

A project under the Digital Europe Programme focused on the interoperability layer of the EUDI Wallet ecosystem. It brings together 101 organizations from 25 countries and has standardized 38 electronic attributes to ensure that credentials issued in one Member State can be recognized and verified in any other.

EWC (EU Wallet Consortium)

A European consortium composed of 88 organizations running the reference pilots for the EUDI Wallet in the sectors of payments, tourism, and public procurement. Its results — including the first European payment carried out using a production digital wallet — serve as a basis for the technical validation of the ecosystem.

Trusted issuer

An organization authorized to issue verifiable electronic attestations about attributes of natural or legal persons. For example, a university issuing a verifiable academic degree, a professional association certifying membership, or a commercial register confirming powers of representation.

Verifier (relying party)

An entity that requests and validates attributes from a digital wallet in order to provide a service or authorize a transaction. For example, a financial institution verifying the identity of a customer, a public administration checking the eligibility of a contractor, or a company validating the powers of a representative.

How the event began

The event was opened by Albi Rodríguez, who was responsible for organizing the event and providing the context for everything that followed.

She did so in a direct and unscripted way: she introduced the overall framework of the discussion, positioned the speakers, and made it clear from the very beginning that the event was not a theoretical exercise, but a conversation about real decisions that companies need to make now.

That opening tone — concrete and without grandstanding — set the pace for the rest of the day.

Where does eIDAS 2.0 really stand?

The first speaker of the event, Ainhoa Inza, was direct: eIDAS 2.0 is not a draft, nor a proposal under public consultation. It is already binding legislation.

This matters more than many organizations realize. A significant number of companies still treat the regulation as something “coming in the future,” when in reality the deadlines are already fixed within the legal text itself. December 2026 is the deadline for Member States to have operational digital identity wallets in place. December 2027 is the date from which the private sector (banking, telecommunications, transport, among others) will be required to accept them.

There is no room for a wait-and-see approach. And the question that compliance officers and technology directors at any relevant company should be asking themselves right now is not “When will this affect us?” but rather “What role are we going to play within this ecosystem, and how much time do we need to be ready?”

The difference between preparing in 2026 and preparing in 2027 is not only about timing: it is about influence, integration costs, and the ability to shape how standards are ultimately implemented.

How is the Spanish digital wallet progressing?

Ángel Martín and Sancho Canela presented the current status of the national digital wallet — Spain’s implementation of the EUDI Wallet.

The message was familiar to anyone involved in public infrastructure projects: pragmatic progress within an environment where the European implementing acts are still being consolidated.

The Spanish architecture is structured around four pillars: the wallet itself, attribute issuers, verifiers, and the user registry. All four are currently evolving. And the most relevant point from a practical perspective is that there are already functional use cases in operation: identification through the PID (Personal Identity Data identifier) and age verification.

The existence of functioning use cases is not a minor detail. It means that organizations can begin planning their integration based on something real, rather than on abstract specifications. The question every company should already be answering is this: are we an attribute issuer, a verifier, or both? That answer will define the technical and regulatory roadmap for the next two years.

Do companies need to wait until 2027 to have a Business Wallet?

This was perhaps the most strategically relevant intervention of the morning. Moisés Menéndez presented something that many organizations had not previously considered: there is an independent path for the Business Wallet, disconnected from the European Commission’s official timeline and from the synchronization process between Member States.

The idea is simple to understand and complex to execute. Companies operating in complex B2B environments — with long supply chains, multiple delegations of authority, and contracting processes between legal entities — cannot afford to wait for the European ecosystem to fully mature. They already need a legally valid way to manage authorizations, delegations, and evidentiary traceability.

The independent Business Wallet is, in practical terms, a legally valid digital organizational structure: a framework that makes it possible to determine who can do what, under which level of authorization, and with what evidentiary traceability. It does not depend on Member States being fully synchronized. It does not depend on all European implementing acts having already been published. It can operate now.

For companies that cannot wait — and there are many — this approach completely changes the integration strategy.

Is the European wallet already operating in production?

Ivan Basart, speaking on behalf of the EU Wallet Consortium, provided the most concrete figures of the day. The consortium brings together 88 organizations and is currently running three real pilots — not laboratory simulations.

The point that attracted the most attention: the first European payment carried out using a digital wallet is already operating in production. Not in a testing phase. Not in a controlled environment. In production.

The three pilots focus on three sectors: tourism, public procurement, and payments. These three areas share a common denominator: they involve transactions between individuals or entities that need to verify identity, authority, and attributes in a trustworthy manner. The fact that these pilots are already operating in production is the clearest possible indication that the ecosystem is not a promise — it is a reality under construction.

For organizations that still wonder whether “this is really going to happen,” the answer is already in the data.

How is interoperability between countries being guaranteed?

Nacho Alamillo and Lluis Alfons Ariño presented DC4EU, the project responsible for the interoperability layer of the ecosystem.

If the EWC pilots demonstrate that the wallet works, DC4EU is working to ensure that it works in exactly the same way in Berlin, Lisbon, Warsaw, or Madrid.

The figures illustrate the scale of the project: 101 organizations, 25 countries, and 38 standardized attributes (the so-called EAAs — Electronic Attestations of Attributes). The core technical proposal is a hybrid PKI model that integrates traditional public key infrastructure with the new mechanisms of verifiable credentials.

This is not a replacement strategy: it is a coexistence model designed to make the transition viable for organizations that already have production systems in place.

The 38 standardized attributes are the most practical element of the entire initiative. They mean that when a Spanish company issues a verifiable credential, a Dutch counterparty can read it, validate it, and act upon it without ambiguity. Interoperability is not a philosophical objective; it is the sine qua non condition for the Digital Single Market to function.

And what about SMEs? Does this apply to them too?

Raquel Garay presented the case of WEBUILD, which has developed a Business Wallet specifically designed for SMEs.

The intervention was important because it challenged one of the most widespread assumptions about digital identity: that it is only relevant for large corporations with dedicated technical teams.

SMEs also need to prove identity and authority in their relationships with other companies and with public administrations. A B2B contract, a public procurement process, a financing transaction — in all of these contexts, the question “Are you who you say you are, and do you have the authority to do what you are doing?” requires an answer that is trustworthy, fast, and free from unnecessary intermediaries.

The Business Wallet for SMEs is, in essence, the same concept designed for large corporations, but with an accessibility layer that makes integration feasible without requiring a twenty-person technical department. For SMEs aiming to compete within the European digital market, this is not optional — it is foundational infrastructure.

Is the EUDI Wallet a product, or something larger?

Lucas Carmona was responsible for providing the strategic perspective behind everything discussed previously. His message was clear: the European digital identity ecosystem is not a product that can simply be purchased or installed. It is an infrastructure that must be built — and that construction process takes between three and five years.

The metaphor is useful: nobody waits for the highway to be finished before deciding where to place their company. Organizations that understand this position themselves now, while the infrastructure is still being built, because that early positioning creates value that cannot be recovered later.

Waiting has a cost. Not necessarily in terms of immediate fines or regulatory non-compliance, but in terms of influence over standards, higher integration costs once the ecosystem is mature, and business opportunities that others will already have captured.

Why is certification the piece that holds everything together?

Julián Inza closed the event with a reflection that was, in many ways, the most important of all. Everything discussed previously — pilots, interoperability, Business Wallets, infrastructure — only has legal and operational value because there is a certification system supporting it.

The legal framework created by Regulation (EU) 2024/1183, which amends the original eIDAS Regulation, is built precisely on that principle: trust is not improvised, it is certified.

Certification is not bureaucracy. It is the guarantee that the organizations, processes, and standards supporting the digital wallet have been verified by independent and recognized entities. Without certification, a digital wallet is simply an application. With certification, it becomes an instrument with legal validity before third parties, courts, and public administrations.

For EADTrust, as a Qualified Trust Service Provider, this point is not peripheral — it is at the core of what we do. Irrefutable trust is not declared; it is certified.

What is the next step for your organization?

Yesterday’s event led to one very concrete conclusion: the European Digital Identity Wallet ecosystem is no longer a conversation about the future. It is a reality under construction, with legally binding deadlines, production pilots, and technical models that are already functioning.

The remaining question is the most difficult one: what does your organization do now?

At EADTrust, in collaboration with technical and legal entities specialized in digital trust services, we are building the Directory of Informed Parties and Informants for the EU Digital Identity Wallet. A directory designed to connect organizations that want to integrate into the ecosystem — either as attribute issuers or as verifiers — with the communication protocols, technical information, and regulatory guidance necessary to do so correctly.

This is not about moving fast. It is about not arriving too late.

If your organization wants to stay informed about the upcoming changes and how to integrate with the EU Digital Identity Wallet, the first step is this:

👉 Access the directory and leave your contact details

Frequently Asked Questions (FAQ) about the EUDI Wallet

Conclusion

There were nine speakers yesterday, nine different perspectives, and yet all of them pointed in the same direction: the European digital identity ecosystem is not a bet on the future — it is a construction site already underway, with deadlines fixed on the calendar and real transactions operating in production. eIDAS 2.0 is already law. The pilots are already running. The infrastructure is being laid right now, like cables beneath the asphalt that nobody sees but that, once completed, will transform how trust circulates between companies, citizens, and public administrations across Europe.

What also became clear is that not all organizations are playing the same game. Some will need to become attribute issuers; others, verifiers; many, both. Some organizations may be able to wait until the European ecosystem matures; others — particularly those operating in complex B2B environments — already have access to an independent path that does not depend on Brussels or on the synchronization of twenty-seven Member States.

And then there was the question that Julián Inza left hanging at the end of the event: who certifies that all of this is truly what it claims to be?

That question is not a technical detail. It is the question that gives meaning to everything else. Because a digital wallet without certification is just an application. With certification, it becomes an instrument of trust. And trust, as those who have spent years building it already know, is not declared. It is engineered.