eIDAS 2 Digital Identity Wallet: 2026 Guide

The entry into force of the eIDAS 2 regulation marks a historic turning point for digital identity management in Europe. With the EUDI Wallet — European Digital Identity Wallet — every citizen and every business will soon have access to a sovereign, interoperable digital wallet recognised across all 27 member states. For legal, HR, compliance and IT directors, this regulatory initiative opens as many opportunities as operational challenges. This article decodes the technical and legal operation of the EUDI Wallet, its concrete implications for businesses and how it integrates with existing qualified electronic signature solutions.

What is eIDAS 2 and the EUDI Wallet?

From eIDAS 1.0 regulation to eIDAS 2.0 regulation: a structural evolution

Adopted in 2014, Regulation eIDAS No. 910/2014 laid the foundations for digital trust in Europe: qualified electronic signatures, seals, time stamps and authentication services. But a decade later, its limitations became apparent: insufficient interoperability between member states, uneven adoption of national digital identities, absence of a unified wallet. Regulation (EU) 2024/1183, known as eIDAS 2, officially adopted on 11 April 2024 in the EU Official Journal, corrects these shortcomings by imposing a common framework for sovereign digital identity.

To learn more about the entire new regulatory framework, consult our comprehensive guide to eIDAS 2.0 regulation.

EUDI Wallet: architecture and founding principles

The EUDI Wallet (European Digital Identity Wallet) is a mobile application and/or software that each member state must make available to its citizens and residents no later than 2026, in accordance with Article 5a of the revised regulation. Concretely, this digital wallet enables:

• Storage and presentation of verified identity attributes: identity card, driving licence, diplomas, professional accreditations, intra-community VAT number for legal entities.
• Authentication of the user to public and private services at high levels of assurance (LoA High according to Annex I of the regulation).
• Electronic signature of documents with a qualified level, leveraging certified Qualified Electronic Signature Creation Devices (QSCD).
• Selective sharing of data (principle of selective disclosure) without revealing more information than necessary — a major contribution to GDPR compliance.

The architecture relies on technical specifications published by the European Commission via the Architecture and Reference Framework (ARF), maintained by the EUDIW (European Digital Identity Wallet) consortium. The adopted presentation formats include notably ISO/IEC 18013-5 (mDL — mobile Driver's Licence) and SD-JWT VC (Selective Disclosure JSON Web Token Verifiable Credentials), two open standards guaranteeing portability.

Who is affected? Relying Party enterprises

eIDAS 2 regulation introduces the concept of Relying Party. Any organisation — private business, administration, online platform — that accepts identity attributes from the EUDI Wallet must register with its member state and comply with a set of technical and security obligations. Article 5b of the regulation specifies that large platforms (within the meaning of the DSA) and certain sectors (banking, health, energy) will be required to accept the EUDI Wallet from national production entry.

Technical operation of the EUDI Wallet for businesses

The authentication and signature flow step by step

Understanding the technical flow is essential to anticipate integration into information systems. A typical scenario for contract signature via EUDI Wallet proceeds as follows:

1. Initialisation: the Relying Party (e.g., your SaaS platform) generates a presentation request compliant with the OpenID4VP protocol (OpenID for Verifiable Presentations).
2. Notification: the user receives a notification on their mobile EUDI Wallet.
3. Consent and selection: the user chooses which attributes to share (name, surname, date of birth) via the selective disclosure interface.
4. Verifiable presentation: the wallet generates a cryptographic proof signed by the Trusted Issuer (the member state or an accredited service provider).
5. Verification: the Relying Party verifies the proof via the European trust registry (Trust Framework), without storing superfluous data.
6. Qualified signature: if a signature act is required, the QSCD embedded in the wallet or hosted in the cloud (QSign) produces a qualified signature in accordance with ETSI EN 319 132.

This flow guarantees a LoA High level of assurance, the highest provided for in the regulation, equivalent to face-to-face verification.

Integration with existing electronic signature platforms

Electronic signature solution vendors must integrate the OpenID4VCI (issuance) and OpenID4VP (presentation) protocols to connect to the EUDI ecosystem. For businesses already using an eIDAS 1.0 compliant platform, the transition to eIDAS 2 involves a technical version upgrade, but preserves the legal value of signatures already made. It is therefore strategic to assess your current supplier's roadmap, particularly if you are considering migrating from DocuSign or YouSign to a more compliant solution.

Digital identity of legal entities: the business issue

EIDAS 2 is not limited to natural persons. Article 5a §3 explicitly provides for wallets for legal entities, enabling businesses to:

• Prove their legal existence (equivalent of a verifiable digital business registration extract).
• Delegate signing powers to their employees in an audited and revocable manner.
• Automate KYB (Know Your Business) verification in B2B contractual processes.

This dimension is particularly transformative for electronic signature processes in business, notably in the HR, legal and financial sectors.

Deployment schedule and regulatory obligations 2024-2026

Implementation phases according to the regulation

Regulation (EU) 2024/1183 sets a binding schedule:

• April 2024: publication in the Official Journal, entry into force 20 days later.
• End 2024: publication of Implementing Acts defining mandatory technical specifications.
• 2025: deployment of national pilot wallets (large-scale pilots projects: EU Digital Identity Wallet Large Scale Pilots, funded at €46 million by the Commission).
• End 2026: mandatory provision by all member states of at least one operational EUDI Wallet. Large platforms and regulated sectors must accept it.

For French businesses, the deployment is supported by La Poste's digital identity and ANSSI's work on certifying national Trusted Issuers.

Obligations for Relying Parties

Businesses that wish to or must accept the EUDI Wallet are subject to several obligations:

1. Registration with the competent national authority (in France, ANSSI and CNIL as appropriate).
2. Technical compliance with ARF v2.x specifications published on GitHub by the European Commission.
3. Transparency: publish in a public registry the attributes requested and the purpose of processing.
4. Data minimisation: request only attributes strictly necessary — an obligation reinforced by the GDPR.
5. Logging: retain logs of verifiable presentations for audit without storing raw identity data.

Businesses integrating the EUDI Wallet into their electronic signature flows for law firms or for HR management will benefit from significant competitive advantage from 2026.

Strategic issues and opportunities for businesses

Reduction of friction in KYC/KYB processes

One of the most immediate benefits of the EUDI Wallet is the elimination of manual identity verification. Today, onboarding a new customer or partner involves sending supporting documents, manual verification by staff and processing delays. With the EUDI Wallet, verification becomes instant, cryptographically certified and audited. The banking, real estate and insurance sectors — subject to AML/CFT obligations — see major compliance automation opportunities. The electronic signature in real estate sector is particularly impacted, with identity verification processes currently representing up to 40% of administrative time.

Digital sovereignty and reduced dependence on GAFAM

The EUDI Wallet responds to a strong political ambition: to reduce Europeans' dependence on identity systems operated by non-European actors (Google, Apple, Meta). For businesses, this translates into an interoperable, open and non-captive authentication infrastructure, based on ISO and W3C standards rather than proprietary SDKs. This sovereignty is also a commercial differentiation argument in public calls for tender, increasingly sensitive to data localisation clauses.

Impact on qualified electronic signature and QTSPs

Qualified Trust Service Providers (QTSP) see their role evolving. With the EUDI Wallet, QSCDs can be hosted directly in the wallet or delegated to a cloud QTSP (Remote Qualified Signature). For businesses, this means that qualified signature — hitherto reserved for the most critical cases due to its complexity — becomes accessible and scalable. Our comparison of electronic signature solutions now incorporates this EUDI Wallet compatibility criterion into its analysis.

Applicable legal framework for EUDI Wallet and businesses

eIDAS 2 Regulation: (EU) 2024/1183

The founding text is Regulation (EU) 2024/1183 of the European Parliament and of the Council of 11 April 2024, amending eIDAS Regulation No. 910/2014. It is directly applicable in all member states without national legislative transposition, guaranteeing European legal uniformity. Articles 5a to 5c define obligations relating to the EUDI Wallet, levels of assurance and user rights. Article 46f introduces specific obligations for Relying Parties in regulated sectors.

French Civil Code: articles 1366 and 1367

Under French law, a qualified electronic signature produced via an EUDI Wallet benefits from the presumption of reliability provided by Article 1367 of the French Civil Code: "Electronic signature consists of the use of a reliable identification process guaranteeing its connection with the act to which it attaches." Reliability is presumed when the signature is qualified within the meaning of eIDAS. Article 1366 assimilates the electronic document to the paper document provided that its author is identified and integrity is guaranteed — two conditions that the EUDI Wallet meets natively.

GDPR No. 2016/679: articulation with data minimisation

Regulation (EU) 2016/679 (GDPR) applies fully to Relying Parties that process identity attributes from the EUDI Wallet. The principles of data minimisation (art. 5 §1c), purpose limitation (art. 5 §1b) and privacy by design (art. 25) must be integrated from the technical integration design stage. The native selective disclosure of the EUDI Wallet facilitates technical compliance, but the business remains responsible (art. 24) for documenting its legal bases for processing.

ETSI standards and technical standards

The qualified signature produced via EUDI Wallet must comply with ETSI EN 319 132 (XAdES), ETSI EN 319 122 (CAdES) and ETSI EN 319 162 (PAdES) standards for advanced and qualified electronic signature formats. Certification policies are defined in ETSI EN 319 401 (General Policy Requirements for Trust Service Providers). The Commission's implementing acts specify requirements for Trusted Issuers certification (ISO/IEC 27001 standard and EAL 4+ common criteria).

NIS2 Directive: (EU) 2022/2555

Operators of EUDI Wallet infrastructure (member states, Trusted Issuers, QTSP) are subject to NIS2 Directive (EU) 2022/2555 obligations, transposed in France by Law No. 2023-703. For user businesses, NIS2 imposes obligations for managing risks related to third-party service providers (art. 21 §2d), which includes suppliers of solutions integrating the EUDI Wallet. An impact analysis of risks in the digital supply chain is therefore recommended before any deployment.

EUDI Wallet use cases in business

Scenario 1: Law firm — identity verification and signature of mandates

A business law firm with around twenty employees processes several hundred mandates, letters of engagement and powers of attorney each month. Today, verification of client identity involves sending supporting documents by email, manual verification by a legal assistant and an average processing time of 48 hours. With the integration of the EUDI Wallet as an authentication mechanism, the client presents their digital identity card from their wallet in less than 90 seconds. The qualified signature is produced immediately, without additional friction. According to feedback from large-scale pilots conducted between 2023 and 2025, this type of flow reduces client onboarding processing time by 60 to 75% and eliminates risks of typographical errors or expired documents. The firm also gains in AML/CFT compliance, with identity attributes being cryptographically certified by a member state.

Scenario 2: Industrial SME — management of supplier contracts and signature delegations

An industrial SME with around one hundred employees manages approximately 300 supplier contracts per year, involving purchasing managers spread across three sites. Today, signature delegations are documented on paper and difficult to audit. With the EUDI Wallet enterprise (legal entity), management can assign verifiable delegation attributes to each purchasing manager: commitment ceiling, geographical scope, validity period. These attributes are stored in the employee's wallet and automatically presented for each signature act. In case of departure or job change, revocation is instant and audited. This mechanism reduces the risk of contractual disputes related to unauthorised signatures and improves traceability for internal audits. Finance departments typically see a reduction of 30 to 40% in the time spent on managing and verifying signature powers.

Scenario 3: Hospital group — patient consent and access to health data

A hospital group comprising several facilities and approximately 1,500 health workers faces increasingly complex patient consent issues, particularly for access to shared medical records via Mon Espace Santé. Integration of the EUDI Wallet as an informed consent mechanism allows the patient to validate, from their smartphone, access to their data by a specialist doctor, specifying the duration and scope of access. The selective disclosure ensures that only relevant medical attributes are shared. For health workers, the wallet provides their RPPS number (Shared Register of Health Professionals) as a verifiable attribute, eliminating current manual verification processes. This type of deployment, consistent with the European Health Data Space (EHDS) framework, can reduce authorised data access times from several hours to a few seconds. To learn more about sector-specific issues, our guide on electronic signature in healthcare details applicable regulatory requirements.

Conclusion

The EUDI Wallet and eIDAS 2 regulation constitute the most significant transformation of European digital identity in a decade. For businesses, the challenge is not merely to comply with new regulation, but to seize an opportunity to deeply modernise their signature, onboarding and delegation management processes. The legal, HR, health and industrial sectors are on the front line. The key to success lies in anticipation: assess now the compatibility of your current tools, train your teams and choose partners whose roadmap is aligned with eIDAS 2.

Certyneo supports businesses in this transition with an electronic signature platform designed to be EUDI Wallet compatible from its deployment. Discover our offers and get started for free to anticipate 2026 with complete peace of mind.