eIDAS 2 Digital Identity Wallet: 2026 Guide

The entry into force of the eIDAS 2 regulation marks a historic turning point for digital identity management in Europe. With the EUDI Wallet — European Digital Identity Wallet — every citizen and business will soon have a sovereign, interoperable digital wallet recognised across all 27 Member States. For legal, HR, compliance and IT departments, this regulatory project opens as many opportunities as operational challenges. This article decrypts the technical and legal operation of the EUDI Wallet, its concrete implications for businesses and how it articulates with existing qualified electronic signature solutions.

What is eIDAS 2 and the EUDI Wallet?

From eIDAS 1.0 regulation to eIDAS 2.0 regulation: a structural evolution

Adopted in 2014, Regulation (EU) eIDAS No 910/2014 laid the foundations for digital trust in Europe: qualified electronic signatures, seals, timestamps and authentication services. But a decade later, its limitations became apparent: insufficient interoperability between Member States, uneven adoption of national digital identities, absence of a unified wallet. Regulation (EU) 2024/1183, known as eIDAS 2, officially adopted on 11 April 2024 in the EU Official Journal, corrects these shortcomings by imposing a common framework for sovereign digital identity.

To explore the entire new regulatory framework in depth, consult our comprehensive guide to eIDAS 2.0 regulation.

The EUDI Wallet: architecture and founding principles

The EUDI Wallet (European Digital Identity Wallet) is a mobile and/or software application that each Member State must make available to its citizens and residents by the end of 2026, in accordance with Article 5a of the revised regulation. In concrete terms, this digital wallet enables users to:

• Store and present verified identity attributes: identity card, driving licence, diplomas, professional accreditations, intra-community VAT number for legal entities.
• Authenticate the user with public and private services at high assurance levels (LoA High according to Annex I of the regulation).
• Sign electronically documents with a qualified level, based on certified Qualified Electronic Signature Creation Devices (QSCD).
• Selectively share data (principle of selective disclosure) without revealing more information than necessary — a major contribution to GDPR compliance.

The architecture is based on technical specifications published by the European Commission via the Architecture and Reference Framework (ARF), maintained by the EUDIW consortium (European Digital Identity Wallet). The presentation formats adopted include notably ISO/IEC 18013-5 (mDL — mobile Driver's Licence) and SD-JWT VC (Selective Disclosure JSON Web Token Verifiable Credentials), two open standards guaranteeing portability.

Who is affected? Relying Parties (relying organisations)

Regulation eIDAS 2 introduces the notion of Relying Party (relying organisation). Any organisation — private company, administration, online platform — that accepts identity attributes from the EUDI Wallet must register with its Member State and comply with a set of technical and security obligations. Article 5b of the regulation specifies that large platforms (within the meaning of the DSA) and certain sectors (banking, healthcare, energy) will be obliged to accept the EUDI Wallet as soon as national production begins.

Technical operation of the EUDI Wallet for businesses

The authentication and signature flow step by step

Understanding the technical flow is essential to anticipate integration into information systems. A typical scenario for signing a contract via EUDI Wallet unfolds as follows:

1. Initialisation: the Relying Party (e.g., your SaaS platform) generates a presentation request complying with the OpenID4VP protocol (OpenID for Verifiable Presentations).
2. Notification: the user receives a notification on their EUDI Wallet mobile application.
3. Consent and selection: the user chooses which attributes to share (name, first name, date of birth) via the selective disclosure interface.
4. Verifiable presentation: the wallet generates a cryptographic proof signed by the Trusted Issuer (the Member State or an accredited service provider).
5. Verification: the Relying Party verifies the proof via the European Trust Registry (Trust Framework), without storing unnecessary data.
6. Qualified signature: if a signing act is required, the QSCD embedded in the wallet or hosted in the cloud (QSign) produces a qualified signature compliant with ETSI EN 319 132.

This flow guarantees an assurance level of LoA High, the highest provided for by the regulation, equivalent to face-to-face verification.

Integration with existing electronic signature platforms

Electronic signature solution providers must integrate the OpenID4VCI (issuance) and OpenID4VP (presentation) protocols to connect to the EUDI ecosystem. For companies already using an eIDAS 1.0 compliant platform, the transition to eIDAS 2 involves a technical upgrade, but preserves the legal value of signatures already created. It is therefore strategic to assess your current supplier's roadmap, especially if you are considering migrating from DocuSign or YouSign to a more compliant solution.

Digital identity of legal persons: the business challenge

EIDAS 2 is not limited to natural persons. Article 5a §3 explicitly provides for wallets for legal entities, enabling businesses to:

• Prove their legal existence (equivalent of a verifiable digital company registration certificate).
• Delegate signing authority to employees in an audited and revocable manner.
• Automate KYB (Know Your Business) verification in B2B contracting processes.

This dimension is particularly transformative for business electronic signature processes, particularly in HR, legal and financial sectors.

Deployment timeline and regulatory obligations 2024-2026

Implementation phases under the regulation

Regulation (EU) 2024/1183 sets a binding timetable:

• April 2024: publication in the Official Journal, entry into force 20 days later.
• End of 2024: publication of Implementing Acts defining mandatory technical specifications.
• 2025: deployment of national pilot wallets (large-scale pilot projects: EU Digital Identity Wallet Large Scale Pilots, funded at €46 million by the Commission).
• End of 2026: mandatory provision by all Member States of at least one operational EUDI Wallet. Large platforms and regulated sectors must accept it.

For French businesses, the deployment relies on La Poste's digital identity and ANSSI's work on certifying national Trusted Issuers.

Obligations for Relying Parties

Businesses that wish to or must accept the EUDI Wallet are subject to several obligations:

1. Registration with the competent national authority (in France, ANSSI and CNIL as applicable).
2. Technical compliance with the ARF v2.x specifications published on GitHub by the European Commission.
3. Transparency: publish in a public registry the attributes requested and the processing purpose.
4. Data minimisation: request only the attributes strictly necessary — an obligation enhanced by the GDPR.
5. Logging: maintain logs of verifiable presentations for audit purposes, without storing raw identity data.

Businesses integrating the EUDI Wallet into their electronic signature flows for law firms or for HR management will gain a significant competitive advantage from 2026 onwards.

Strategic issues and opportunities for businesses

Reducing friction in KYC/KYB processes

One of the most immediate benefits of the EUDI Wallet is the elimination of manual identity verification. Today, onboarding a new customer or partner involves sending supporting documents, manual verification by staff and processing delays averaging 48 hours. With the EUDI Wallet, verification becomes instantaneous, cryptographically certified and audited. The banking, real estate and insurance sectors — subject to AML/CFT obligations — see this as a major opportunity for automated compliance. The electronic signature in real estate sector is particularly impacted, with identity verification processes currently accounting for up to 40% of administrative time.

Digital sovereignty and reducing dependence on GAFAM

The EUDI Wallet responds to a strong political ambition: to reduce Europeans' dependence on identity systems operated by non-European actors (Google, Apple, Meta). For businesses, this translates into an interoperable, open and non-proprietary authentication infrastructure, based on ISO and W3C standards rather than proprietary SDKs. This sovereignty is also a commercial differentiation argument in public procurement calls, increasingly sensitive to data localisation clauses.

Impact on qualified electronic signature and QTSP

Qualified Trust Service Providers (QTSP) see their role evolving. With the EUDI Wallet, QSCDs can be hosted directly in the wallet or delegated to a cloud QTSP (Remote Qualified Signature). For businesses, this means that qualified electronic signature — hitherto reserved for the most critical cases due to its complexity — becomes accessible and scalable. Our comparison of electronic signature solutions now incorporates this EUDI Wallet compatibility criterion into its analysis.

Legal framework applicable to the EUDI Wallet and businesses

eIDAS 2 Regulation: (EU) 2024/1183

The foundational text is Regulation (EU) 2024/1183 of the European Parliament and of the Council of 11 April 2024, amending Regulation (EU) eIDAS No 910/2014. It is directly applicable in all Member States without national legislative transposition, guaranteeing legal uniformity across Europe. Articles 5a to 5c define obligations relating to the EUDI Wallet, assurance levels and users' rights. Article 46f introduces specific obligations for Relying Parties in regulated sectors.

French Civil Code: Articles 1366 and 1367

Under French law, a qualified electronic signature produced via an EUDI Wallet benefits from the presumption of reliability provided by Article 1367 of the Civil Code: "An electronic signature consists of the use of a reliable identification procedure guaranteeing its link with the document to which it is attached." Reliability is presumed when the signature is qualified within the meaning of eIDAS. Article 1366 equates electronic documents with paper documents provided that the author is identified and integrity is guaranteed — two conditions that the EUDI Wallet natively fulfils.

GDPR No 2016/679: articulation with data minimisation

Regulation (EU) 2016/679 (GDPR) applies fully to Relying Parties that process identity attributes from the EUDI Wallet. The principles of data minimisation (art. 5 §1c), purpose limitation (art. 5 §1b) and privacy by design (art. 25) must be integrated from the start of technical integration. The selective disclosure native to the EUDI Wallet facilitates technical compliance, but the company remains responsible (art. 24) for documenting its legal bases for processing.

ETSI standards and technical standards

The qualified signature produced via EUDI Wallet must comply with standards ETSI EN 319 132 (XAdES), ETSI EN 319 122 (CAdES) and ETSI EN 319 162 (PAdES) for advanced and qualified electronic signature formats. Certification policies are defined in ETSI EN 319 401 (General Policy Requirements for Trust Service Providers). The Commission's Implementing Acts clarify the certification requirements for Trusted Issuers (standard ISO/IEC 27001 and common criteria EAL 4+).

NIS2 Directive: (EU) 2022/2555

EUDI Wallet infrastructure operators (Member States, Trusted Issuers, QTSP) are subject to the obligations of the NIS2 Directive (EU) 2022/2555, transposed into French law by Act No 2023-703. For using businesses, NIS2 imposes risk management obligations related to third-party service providers (art. 21 §2d), which includes providers of solutions integrating the EUDI Wallet. An impact analysis of risks in the digital supply chain is therefore recommended before any deployment.

EUDI Wallet use cases in business

Scenario 1: Law firm — identity verification and signature of mandates

A mid-sized law firm of about twenty lawyers handles several hundred mandates, letters of engagement and powers of attorney each month. Today, identity verification of clients requires sending supporting documents by email, manual verification by the legal assistant and an average processing time of 48 hours. With the integration of the EUDI Wallet as an authentication mechanism, the client presents their digital identity card from their wallet in less than 90 seconds. The qualified signature is produced immediately, without additional friction. According to feedback from large-scale pilots conducted between 2023 and 2025, this type of flow reduces client onboarding processing time by 60 to 75% and eliminates the risk of typos or expired documents. The firm also gains in AML/CFT compliance, with identity attributes being cryptographically certified by a Member State.

Scenario 2: Small industrial enterprise — management of supplier contracts and signature delegations

A small industrial enterprise of about one hundred employees manages around 300 supplier contracts per year, involving purchasing managers spread across three sites. The management of signature delegations is currently documented on paper and difficult to audit. With the EUDI Wallet for businesses (legal entity), management can assign verifiable delegation attributes to each purchasing manager: commitment limit, geographical scope, period of validity. These attributes are stored in the employee's wallet and automatically presented at each signing act. In the event of departure or change of position, revocation is instantaneous and audited. This mechanism reduces the risk of contractual disputes related to unauthorised signatures and improves traceability for internal audits. Finance departments typically observe a reduction of 30 to 40% in the time spent managing and verifying signing powers.

Scenario 3: Hospital group — patient consent and access to health data

A hospital group comprising several establishments and about 1,500 healthcare workers faces increasingly complex patient consent issues, particularly for access to shared medical records via Mon Espace Santé. Integrating the EUDI Wallet as an informed consent mechanism allows the patient to validate, from their smartphone, access to their data by a specialist doctor, specifying the duration and scope of access. Selective disclosure ensures that only relevant medical attributes are shared. For healthcare workers, the wallet provides their RPPS number (Shared Register of Health Professionals) as a verifiable attribute, eliminating current manual verification processes. This type of deployment, consistent with the European Health Data Space (EHDS) framework, can reduce the time to access authorised health data from several hours to just seconds. To learn more about sector-specific issues, our guide to electronic signatures in healthcare details applicable regulatory requirements.

Conclusion

The EUDI Wallet and eIDAS 2 regulation represent the most significant transformation of European digital identity in over a decade. For businesses, the challenge is not just to comply with new regulations, but to seize the opportunity to fundamentally modernise their signature, onboarding and delegation management processes. The legal, HR, healthcare and industrial sectors are at the forefront. The key to success lies in anticipation: now assess the compatibility of your current tools, train your teams and choose partners whose roadmap aligns with eIDAS 2.

Certyneo supports businesses in this transition with an electronic signature platform designed to be EUDI Wallet compatible from deployment. Discover our offerings and get started for free to anticipate 2026 with complete peace of mind.