eIDAS 2 Digital Identity Wallet: 2026 Guide

The entry into force of the eIDAS 2 regulation marks a historic turning point for managing digital identity in Europe. With the EUDI Wallet — European Digital Identity Wallet — every citizen and company will soon have a sovereign, interoperable digital wallet recognised across the 27 Member States. For legal, HR, compliance and IT departments, this regulatory initiative opens as many opportunities as operational challenges. This article decodes the technical and legal functioning of the EUDI Wallet, its concrete implications for companies and how it articulates with existing qualified electronic signature solutions already in place.

What is eIDAS 2 and the EUDI Wallet?

From eIDAS 1.0 Regulation to eIDAS 2.0 Regulation: A Structural Evolution

Adopted in 2014, Regulation eIDAS No. 910/2014 laid the foundations for digital trust in Europe: qualified electronic signatures, seals, time stamps and authentication services. But a decade later, its limitations became apparent: insufficient interoperability between Member States, uneven adoption of national digital identities, absence of a unified wallet. Regulation (EU) 2024/1183, known as eIDAS 2, officially adopted on 11 April 2024 in the EU Official Journal, corrects these shortcomings by imposing a common framework for sovereign digital identity.

To deepen your understanding of the entire new regulatory framework, consult our comprehensive guide on eIDAS 2.0 regulation.

The EUDI Wallet: Architecture and Founding Principles

The EUDI Wallet (European Digital Identity Wallet) is a mobile and/or software application that each Member State must make available to its citizens and residents no later than 2026, in accordance with Article 5a of the revised regulation. Concretely, this digital wallet enables users to:

• Store and present verified identity attributes: identity card, driving licence, diplomas, professional credentials, intra-Community VAT number for legal entities.
• Authenticate the user to public and private services at high levels of assurance (LoA High according to Annex I of the regulation).
• Sign electronically documents with a qualified level, relying on certified Qualified Electronic Signature Creation Devices (QSCD).
• Selectively share data (principle of selective disclosure) without revealing more information than necessary — a major contribution to GDPR compliance.

The architecture is based on technical specifications published by the European Commission via the Architecture and Reference Framework (ARF), maintained by the EUDIW (European Digital Identity Wallet) consortium. The presentation formats adopted include notably ISO/IEC 18013-5 (mDL — mobile Driver's Licence) and SD-JWT VC (Selective Disclosure JSON Web Token Verifiable Credentials), two open standards ensuring portability.

Who is Affected? Companies as Relying Parties

The eIDAS 2 regulation introduces the concept of Relying Party (relying organisation). Any organisation — private company, administration, online platform — that accepts identity attributes from the EUDI Wallet must register with its Member State and comply with a set of technical and security obligations. Article 5b of the regulation specifies that large platforms (within the meaning of the DSA) and certain sectors (banking, health, energy) will be obliged to accept the EUDI Wallet as of national production deployment.

Technical Operation of the EUDI Wallet for Companies

The Authentication and Signature Flow Step by Step

Understanding the technical flow is essential to anticipate integration into information systems. A typical scenario of contract signature via EUDI Wallet unfolds as follows:

1. Initialisation: the Relying Party (e.g., your SaaS platform) generates a presentation request compliant with the OpenID4VP protocol (OpenID for Verifiable Presentations).
2. Notification: the user receives a notification on their EUDI Wallet mobile.
3. Consent and selection: the user chooses which attributes to share (name, surname, date of birth) via the selective disclosure interface.
4. Verifiable presentation: the wallet generates a cryptographic proof signed by the Trusted Issuer (the Member State or an accredited provider).
5. Verification: the Relying Party verifies the proof via the European Trust Registry (Trust Framework), without storing superfluous data.
6. Qualified signature: if a signature act is required, the QSCD embedded in the wallet or hosted in the cloud (QSign) produces a qualified signature compliant with ETSI EN 319 132.

This flow guarantees a level of assurance of LoA High, the highest provided for by the regulation, equivalent to face-to-face verification.

Integration with Existing Electronic Signature Platforms

Editors of electronic signature solutions must integrate OpenID4VCI (issuance) and OpenID4VP (presentation) protocols to connect to the EUDI ecosystem. For companies already using a platform compliant with eIDAS 1.0, the transition to eIDAS 2 involves a technical version upgrade, but preserves the legal value of signatures already made. It is therefore strategic to assess your current supplier's roadmap, particularly if you are considering migrating from DocuSign or YouSign to a more compliant solution.

Digital Identity for Legal Entities: The Business Challenge

eIDAS 2 is not limited to natural persons. Article 5a §3 explicitly provides for wallets for legal entities, enabling companies to:

• Prove their legal existence (equivalent to a verifiable digital business registration certificate).
• Delegate signing powers to their employees in an auditable and revocable manner.
• Automate KYB (Know Your Business) verification in B2B contractual processes.

This dimension is particularly transformative for electronic signature processes in business, particularly in HR, legal and financial sectors.

Deployment Timeline and Regulatory Obligations 2024-2026

Implementation Phases According to the Regulation

Regulation (EU) 2024/1183 sets a binding timetable:

• April 2024: publication in the Official Journal, entry into force 20 days later.
• End of 2024: publication of Implementing Acts defining mandatory technical specifications.
• 2025: deployment of national pilot wallets (Large-scale Pilot projects: EU Digital Identity Wallet Large Scale Pilots, funded at €46 million by the Commission).
• End of 2026: mandatory provision by all Member States of at least one operational EUDI Wallet. Large platforms and regulated sectors must accept it.

For French companies, deployment is based on the La Poste digital identity and ANSSI's work on certifying national Trusted Issuers.

Obligations for Relying Parties

Companies that wish to or must accept the EUDI Wallet are subject to several obligations:

1. Registration with the competent national authority (in France, ANSSI and CNIL as applicable).
2. Technical compliance with ARF v2.x specifications published on GitHub by the European Commission.
3. Transparency: publish in a public registry the attributes requested and the purpose of processing.
4. Data minimisation: only request attributes strictly necessary — an obligation reinforced by the GDPR.
5. Logging: keep logs of verifiable presentations for audit purposes, without storing raw identity data.

Companies integrating the EUDI Wallet into their electronic signature flows for law firms or for HR management will gain a significant competitive advantage as of 2026.

Strategic Issues and Opportunities for Companies

Friction Reduction in KYC/KYB Processes

One of the most immediate benefits of the EUDI Wallet is the elimination of manual identity verification. Today, onboarding a new customer or partner involves sending supporting documents, human verification and processing delays. With the EUDI Wallet, verification becomes instantaneous, cryptographically certified and audited. Banking, real estate and insurance sectors — subject to AML obligations — see a major opportunity for automated compliance. The electronic signature sector in real estate is particularly impacted, with identity verification processes currently representing up to 40% of administrative time.

Digital Sovereignty and Reduced Dependence on GAFAM

The EUDI Wallet responds to a strong political ambition: reducing Europeans' dependence on identity systems operated by non-European actors (Google, Apple, Meta). For companies, this translates into an interoperable, open and non-captive authentication infrastructure, based on ISO and W3C standards rather than proprietary SDKs. This sovereignty is also a commercial differentiation argument in public procurement calls increasingly sensitive to data localisation clauses.

Impact on Qualified Electronic Signature and QTSP

Qualified Trust Service Providers (QTSP) see their role evolving. With the EUDI Wallet, QSCD can be hosted directly in the wallet or delegated to a cloud QTSP (Remote Qualified Signature). For companies, this means qualified signature — hitherto reserved for the most critical cases due to its complexity — becomes accessible and scalable. Our comparison of electronic signature solutions now integrates this criterion of EUDI Wallet compatibility into its analysis.

Legal Framework Applicable to EUDI Wallet and Companies

eIDAS 2 Regulation: (EU) 2024/1183

The founding text is Regulation (EU) 2024/1183 of the European Parliament and Council of 11 April 2024, amending eIDAS Regulation No. 910/2014. It is directly applicable in all Member States without national legislative transposition, ensuring European legal uniformity. Articles 5a to 5c define obligations relating to the EUDI Wallet, levels of assurance and users' rights. Article 46f introduces specific obligations for Relying Parties in regulated sectors.

French Civil Code: Articles 1366 and 1367

Under French law, qualified electronic signature produced via an EUDI Wallet benefits from the reliability presumption provided for by Article 1367 of the Civil Code: "Electronic signature consists in the use of a reliable identification procedure guaranteeing its link with the act to which it attaches." Reliability is presumed when the signature is qualified within the meaning of eIDAS. Article 1366 equates electronic writing to paper writing provided that its author is identified and integrity is guaranteed — two conditions that the EUDI Wallet meets natively.

GDPR No. 2016/679: Articulation with Data Minimisation

Regulation (EU) 2016/679 (GDPR) applies fully to Relying Parties processing identity attributes from the EUDI Wallet. The principles of data minimisation (art. 5 §1c), purpose limitation (art. 5 §1b) and privacy by design (art. 25) must be integrated from the outset of technical integration. The native selective disclosure of the EUDI Wallet facilitates technical compliance, but the company remains responsible (art. 24) for documenting its legal bases for processing.

ETSI Standards and Technical Standards

Qualified signature produced via EUDI Wallet must comply with standards ETSI EN 319 132 (XAdES), ETSI EN 319 122 (CAdES) and ETSI EN 319 162 (PAdES) for advanced and qualified electronic signature formats. Certification policies are defined in ETSI EN 319 401 (General Policy Requirements for Trust Service Providers). The Commission's Implementing Acts specify certification requirements for Trusted Issuers (standard ISO/IEC 27001 and Common Criteria EAL 4+).

NIS2 Directive: (EU) 2022/2555

Operators of EUDI Wallet infrastructure (Member States, Trusted Issuers, QTSP) are subject to obligations under the NIS2 directive (EU) 2022/2555, transposed in France by law No. 2023-703. For using companies, NIS2 imposes risk management obligations related to third-party service providers (art. 21 §2d), which includes suppliers of solutions integrating the EUDI Wallet. An impact analysis of risks in the digital supply chain is therefore recommended before any deployment.

Use Scenarios for EUDI Wallet in Business

Scenario 1: Law Firm — Identity Verification and Signature of Mandates

A business law firm with around twenty employees processes hundreds of mandates, engagement letters and powers of attorney each month. Today, verifying client identity requires sending supporting documents by email, manual verification by the legal assistant and an average processing delay of 48 hours. With EUDI Wallet integration as an authentication mechanism, the client presents their digital identity card from their wallet in less than 90 seconds. Qualified signature is produced immediately afterwards, without additional friction. Based on feedback from large-scale pilots conducted between 2023 and 2025, this type of flow reduces client onboarding processing time by 60 to 75% and eliminates risks of data entry errors or expired documents. The firm also gains in AML compliance, as identity attributes are cryptographically certified by a Member State.

Scenario 2: Industrial SME — Management of Supplier Contracts and Signature Delegations

An industrial SME with around one hundred employees manages approximately 300 supplier contracts per year, involving purchasing managers spread across three sites. Managing signature delegations is currently documented on paper and difficult to audit. With the EUDI Wallet for enterprises (legal entity), management can assign verifiable delegation attributes to each purchasing manager: commitment ceiling, geographic scope, validity period. These attributes are stored in the employee's wallet and automatically presented during each signature act. In case of departure or change of position, revocation is instantaneous and audited. This mechanism reduces risks of contractual disputes related to unauthorised signatures and improves traceability for internal audits. Finance departments typically observe a reduction of 30 to 40% in time spent managing and verifying powers of signature.

Scenario 3: Hospital Group — Patient Consent and Access to Health Data

A hospital group comprising several establishments and approximately 1,500 healthcare workers faces increasingly complex patient consent challenges, particularly for access to shared medical records via Mon Espace Santé. Integrating the EUDI Wallet as a mechanism for informed consent allows the patient to validate, from their smartphone, access to their data by a specialist doctor, specifying the duration and scope of access. Selective disclosure ensures that only relevant medical attributes are shared. For healthcare workers, the wallet provides their RPPS number (Shared Repository of Healthcare Professionals) as a verifiable attribute, eliminating current manual verification processes. This type of deployment, consistent with the European Health Data Space (EHDS) framework, can reduce access delays to authorised health data from several hours to a few seconds. For more information on sector-specific challenges, our guide on electronic signatures in healthcare details applicable regulatory constraints.

Conclusion

The EUDI Wallet and eIDAS 2 regulation constitute the most significant transformation of European digital identity in a decade. For companies, the challenge is not just to comply with new regulations, but to seize an opportunity to fundamentally modernise their signature, onboarding and delegation management processes. Legal, HR, health and industrial sectors are in the frontline. The key to success lies in anticipation: assess the compatibility of your current tools now, train your teams and choose partners whose roadmap is aligned with eIDAS 2.

Certyneo supports companies in this transition with an electronic signature platform designed to be EUDI Wallet compatible as of its deployment. Discover our offers and start free to anticipate 2026 with complete peace of mind.