This is huge (dramatic, but true)!! Yesterday, on 29th February 2024, The European Parliament (EP) approved eIDAS 2.0 legislation - obligating European member states to implement a European Digital Identity wallet and also obligating a host of private relying parties to accept the wallet to proof and verify the identity of customers.

A look into the future

Fast forward to 2030 and 80% of European citizens, residents and businesses have already adopted the European Digital Identity Wallet (EDIW) for everyday use to onboard, access and verify their identity across an ever-increasing range of public and private service providers within European single market.

More than that, the EDIW has evolved into a multi-purpose wallet, enabling users store a wide variety of credentials to proof entitlements – for example, ‘tickets for concerts’; ‘boarding passes for flights’; ‘prescriptions for medicine’; ‘health records’; ‘tokenised payment credentials for making payments’; ‘educational diplomas and professional qualifications for job applications’; and so on.

The EDIW can offer a convenient one-stop shop for securing trust in our digital interactions and to enable is manage our digital lives via a single application interface via our omni-present SMART phones. It is easy to see the appeal of the EDIW, and I am super excited to see how the EDIW evolves and to one-day use the wallet.

That’s all well and good, but a pretty ambitious and seismic shift from where we are today!

European Digital Identity today

Today, the European identity services market remains fragmented along the lines of national borders without a single market solution. Nationally, there are a number success stories (itsme in Belgium, BankID in Sweden and Norway, MitID in Denmark, SPID in Italy, eID in Estonia), perhaps serving to provide a basis for validating the potential and value of a single market digital identity solution. In response to the 2014 eIDAS regulation, most member states have implemented digital identity schemes (if we were to agree to label them as such) to issue citizens digital identities, providing a reusable identity for online access to public services. However, for the most part, these national digital identity schemes are not interoperable and thus confined to domestic market use e.g. Irish Government MyGovID.

Why single market Digital ID is relevant?

Globally, societies are increasingly digital first. Today, we engage digitally to ‘file our taxes’, ‘access social welfare’, ‘open bank accounts’, ‘manage our money’, ‘interact with social communities via online platforms’, ‘find companionship’, ‘initiate payments’, ‘seek medical advice’ and so much more besides.

The EU aims to enable EU citizens to study, live, shop, work and retire in any EU country and enjoy services and products from all over Europe. As European society becomes increasingly digital first, it is clear there must be a mechanism ensuring users have trust in digital interactions and transactions with one another. That is, we should be able to unequivocally (or at least to an exceptionally high level of confidence) trust that the person or entity we are engaged with online, is in fact who they claim to be. The answer lies in trusted reusable digital identity and the EC believes the EDIW provides the right solution for Europe.

Decentralised Digital Identity aligns with European principles

EDIW could be the worlds first mass-market decentralised digital identity solution. A decentralised digital identity solution places the user in control by creating an open (but trusted) ecosystem of identity service providers who provide verified and trusted identity information to the wallet user for onward use with relying parties (third parties who rely on the wallet to proof or verify identity).

By design, the digital identity wallet plays a central role to request specific identity information from trusted identity service providers and then for the wallet (with user consent) to communicate these attributes with requesting relying parties. Consequently, the model protects the privacy of the user as none of the service providers are aware of how the user is using the identity data with relying parties.

Overview of how it works

Under proposals for the EDIW, it is intended member states (government) will be responsible for the user identity and verification process, and issuing the core digital identity with a mandatory set of identity attributes to the user – which can be linked to the EDIW. From there, the user can rely on the EDIW to verify their identity toward relying parties, to proof identity when onboarding for a new account or service, when accessing (login with EDIW) or to authenticate or verify their identity for a transaction (e.g. authenticate a payment order).

The EDIW ecosystem supports certified third parties to provide verified and trusted identity attributes or credentials about the user to the EDIW – thus providing the EDIW user access to a broader variety of identity attributes and credentials (than the member state will provide) for sharing with relying parties. Naturally, the ecosystem will take time to evolve and therefore, initially the EDIW is likely to be limited by the availability of data from the member state and a limited number of trusted identity service providers.

What is happening and when?

Yesterday, on 29th April 2024, the European Parliament approved eIDAS 2.0 to be adopted into law. The legislation needs to be approved by the European Council, but that step is expected to be a formality.

• Within 30 months (estimated end 2026) of the legislation approval by the EC - European member states are required to ensure they verify/assure the identity of natural and legal persons to the required standard, issue standardised digital identities, and make available a EDIW which is interoperable for single market use.
• Within 12 months (estimated end of 2027) of member states making the EDIW available, private industry are mandated to accept the EDIW. Mandated private industry players include; Banking and Financial Services, Large Online Platforms, Digital Infrastructure, Energy, Transportation, Postal Services, Health, Education and more

Clearly the approach is designed to drive adoption in a 2-sided market. In the first instance, government will be required to provide the identity credentials and wallet and in the second instance, EDIW users should be able to use the EDIW for a broad range of public and private use cases.

Requirements on Banking and Financial Services

In the case of Banking and Financial Services, the proposed text requires firms to;



• rely on the EDIW to proof the identity of customers during onboarding i.e. with equivalence to current proof of identity documentation e.g. paper documents like passports
• rely on the EDIW to access online accounts (i.e. login with EDIW)
• rely on the EDIW where the procedure of Strong Customer Authentication (SCA) is required (e.g. provision tokens, authenticate a payment transaction, high risk actions implying a risk of fraud)

Clearly the implications of the EDIW on Banks and Financial Services firms are far reaching and significant. Afterall, Identity verification, identity proofing and authentication are each at the very heart of financial services and legal obligations to counteract financial crime and counter finance terrorism.

Dont wait, act now and prepare to respond

Member state decisions on how they will comply with the requirements are key to enabling private relying parties to determine the technical requirements for compliance. Nonetheless, relying parties should begin the work necessary to identity, evaluate and make business decisions on the implications of relying on a third party service for customer identity. Apart from compliance, EDIW presents Banks and Financial Service providers with several opportunities. For example;

• Reduce friction in customer onboarding and new product application journeys
• Reduce cost and streamline back office processes for Customer Due Diligence and KYC
• Improve data accuracy and control by accessing verified and trusted customer identity attributes and credentials
• Improve compliance with privacy regulations
• Potential to provide a digital identity wallet in the national market or for use across borders;
• To provide verified and trusted identity attributes to customer EDIW for onward use with relying parties;
• To support the update of identity data held by other identity providers in the EDIW ecosystem;
• To support the expansion of the EDIW to include financial services use cases e.g. payments, financial data and management services.

About the author

I am an enthusiastic payments professional with 18 years’ experience supporting businesses adapt their organisations in response to a rapidly changing payments landscape. I started my payments journey with Ryanair plc, supporting Europe’s largest low-cost airline to streamline its payment acceptance services across multi-gateway and acquiring bank relationships. For 5 years’ I was head of programmes and change management with AIB Merchant Services, a joint-venture between AIB Bank and First Data (latterly Fiserv). For the past 8 years, I have worked as a Deloitte management consultant and supporting Deloitte clients address their most pressing payments challenges.