What is the European Union Digital Identity Wallet (EU DI Wallet)?

The EU Digital Identity Wallets (in English, EU Digital Identity Wallet or EUDI Wallet) will be digital wallets (plural, as there will be at least one per country), issued by Member States or with their authorization, in the form of mobile applications. These apps will allow all citizens to identify themselves, sign electronically, and digitally store and manage documents containing personal data issued by entities responsible for their authenticity (e.g., academic qualifications). These documents can be shared from the wallet when required in official procedures.

Member States will publish their wallets in App Stores by Christmas 2026 at the latest

According to Regulation (EU) 2024/1183 (eIDAS 2), all EU Member States must provide at least one EUDI Wallet to their citizens free of charge within 24 months of the implementing acts coming into force — that is, before December 24, 2026. This means that, by the end of 2026, EU citizens will be able to voluntarily access this digital tool to identify themselves and manage their electronic attribute declarations.

Citizens will be able to authenticate themselves on public entities’ electronic sites using the Wallet

Public entities must adapt their electronic offices by December 24, 2026, so that when electronic identification and authentication are required to access an online service, they accept identity wallets provided in accordance with the eIDAS 2 Regulation. In addition, they must continue offering the authentication options currently available.

Financial institutions and other regulated companies will have to accept the wallet as a means of authentication no later than the end of 2027

The eIDAS 2 Regulation (Article 5 septies) requires online service providers that are legally or contractually obliged to carry out strong user authentication — excluding micro and small enterprises as defined in Commission Recommendation 2003/361/EC — to accept the wallet as a means of user authentication.

Specifically, this applies to sectors such as transport, energy, banking, financial services, social security, healthcare, drinking water, postal services, digital infrastructure, education, and telecommunications.

The laws that require strong authentication within the European Union are primarily those in the payments services sector. Specifically, Directive (EU) 2015/2366 (PSD2) on payment services requires Strong Customer Authentication (SCA), and mandates payment service providers (AISP or PISP) to apply SCA when a banking customer accesses account information or initiates an electronic payment transaction.

This means that the banking and financial services sectors are among the primary entities subject to eIDAS 2 obligations.

All obligated entities must swiftly adapt their systems, with a deadline of December 2027 — 36 months after the entry into force of the first implementing acts.

Big Tech companies and other ‘VLOPs’ will have to accept the wallet as a means of authentication, giving us greater control over our data

When Very Large Online Platforms (VLOPs) — platforms with more than 45 million monthly active users in the EU, as defined by the EU Digital Services Act (DSA) — require user authentication to access online services, they must accept and enable the use of digital identity wallets for user authentication.

When identifying users, VLOPs may only request the minimum data necessary for the specific online service requiring authentication, marking a shift from many current identification processes.

The obligation to restrict data collection to the “minimum necessary” is aimed at data protection and user control, aligned with the data minimisation principle set out in the General Data Protection Regulation (GDPR).

Member States will monitor and define penalties for non-compliance

Monitoring compliance with the obligations established by eIDAS 2 will be carried out by national authorities designated by each Member State — in Spain, it is likely to fall under the Ministry of Digital Transformation and Public Function, which is currently the supervisory body for Qualified Trust Service Providers.

Member States are also responsible for setting the penalties applicable to violations of the Regulation, which must be effective, proportionate, and dissuasive.

It will lead to significant cost savings thanks to greater efficiency and security

According to the 2021 impact assessment report on the EUDI Wallet by the European Commission — prepared during the proposal to reform Regulation (EU) 910/2014 — the Commission expects that its implementation will generate significant operational cost savings for online service providers across several sectors.

The following table shows the European Commission’s estimate of the annual savings across the European Union from simplified identification procedures (onboarding, KYC/Know Your Customer, AML/Anti-Money Laundering, etc.), as well as from reduced costs and damages related to cybercrime (data theft, online fraud).

Sector	Average KYC Savings	Average Cyber Savings	Expected Average Total Savings
Financial Services	€1,02	€1,13	€2,15
eSalud	€1,89	€0,45	€2,34
Aviation	€45 million	€5,25 million	€50,25 million
eCommerce	€0,36	€0,20	€0,55

(*) Unless otherwise indicated, data are in billions of euros.

According to its analysis, the Commission expects net benefits from the implementation of the Digital Identity Wallet to range between €800 million and €6.5 billion.

It will boost the adoption of qualified electronic signatures, which will be free for personal use.

According to eIDAS 2 Regulation, the wallets provided by Member States to citizens will offer all individuals qualified certificates to electronically sign documents free of charge. However, the use of qualified electronic signatures will only be free for natural persons using them for non-professional purposes, since qualified electronic signatures for professional use will entail a cost.

Find out all about it by subscribing here.