eIDAS 2 Digital Identity Wallet: 2026 Guide

The entry into force of the eIDAS 2 regulation marks a historic turning point for digital identity management in Europe. With the EUDI Wallet — European Digital Identity Wallet — each citizen and business will soon have a sovereign, interoperable digital wallet recognized across all 27 Member States. For legal, HR, compliance and IT departments, this regulatory initiative opens as many opportunities as operational challenges. This article explains the technical and legal functioning of the EUDI Wallet, its practical implications for businesses and how it integrates with existing qualified electronic signature solutions.

What is eIDAS 2 and the EUDI Wallet?

From eIDAS 1.0 Regulation to eIDAS 2.0 Regulation: a Structural Evolution

Adopted in 2014, Regulation eIDAS No 910/2014 laid the foundations of digital trust in Europe: qualified electronic signatures, seals, timestamps and authentication services. But a decade later, its limitations became apparent: insufficient interoperability between Member States, uneven adoption of national digital identities, absence of a unified wallet. Regulation (EU) 2024/1183, known as eIDAS 2, officially adopted on 11 April 2024 in the EU Official Journal, addresses these gaps by imposing a common framework for sovereign digital identity.

To explore the full scope of the new regulatory framework, consult our comprehensive guide to eIDAS 2.0 regulation.

The EUDI Wallet: Architecture and Founding Principles

The EUDI Wallet (European Digital Identity Wallet) is a mobile and/or software application that each Member State must make available to its citizens and residents no later than 2026, in accordance with Article 5a of the revised regulation. Concretely, this digital wallet enables:

• Storage and presentation of verified identity attributes: identity card, driving license, diplomas, professional credentials, intra-Community VAT number for legal entities.
• User authentication with public and private services at high assurance levels (LoA High according to Annex I of the regulation).
• Electronic signing of documents at a qualified level, leveraging certified Qualified Electronic Signature Creation Devices (QSCD).
• Selective sharing of data (principle of selective disclosure) without revealing more information than necessary — a major contribution to GDPR compliance.

The architecture is based on technical specifications published by the European Commission via the Architecture and Reference Framework (ARF), maintained by the EUDIW consortium (European Digital Identity Wallet). The presentation formats adopted include notably ISO/IEC 18013-5 (mDL — mobile Driver's Licence) and SD-JWT VC (Selective Disclosure JSON Web Token Verifiable Credentials), two open standards ensuring portability.

Who is Concerned? Relying Parties

The eIDAS 2 regulation introduces the concept of Relying Party. Any organization — private business, public administration, online platform — that accepts identity attributes from the EUDI Wallet must register with its Member State and comply with a set of technical and security obligations. Article 5b of the regulation specifies that large platforms (as defined in the DSA) and certain sectors (banking, healthcare, energy) will be required to accept the EUDI Wallet upon national production deployment.

Technical Functioning of the EUDI Wallet for Businesses

The Authentication and Signing Flow Step by Step

Understanding the technical flow is essential for anticipating integration into information systems. A typical scenario of contract signing via EUDI Wallet unfolds as follows:

1. Initialization: the Relying Party (e.g., your SaaS platform) generates a presentation request compliant with the OpenID4VP protocol (OpenID for Verifiable Presentations).
2. Notification: the user receives a notification on their EUDI Wallet mobile app.
3. Consent and selection: the user chooses which attributes to share (name, surname, date of birth) via the selective disclosure interface.
4. Verifiable presentation: the wallet generates a cryptographic proof signed by the Trusted Issuer (the Member State or an accredited provider).
5. Verification: the Relying Party verifies the proof via the European trust registry (Trust Framework), without storing unnecessary data.
6. Qualified signature: if a signature act is required, the QSCD embedded in the wallet or hosted in the cloud (QSign) produces a qualified signature compliant with ETSI EN 319 132.

This flow guarantees a LoA High assurance level, the highest provided by the regulation, equivalent to face-to-face verification.

Integration with Existing Electronic Signature Platforms

Electronic signature solution publishers must integrate the OpenID4VCI (issuance) and OpenID4VP (presentation) protocols to connect to the EUDI ecosystem. For businesses already using an eIDAS 1.0-compliant platform, transitioning to eIDAS 2 requires a technical version upgrade, but preserves the legal value of already-realized signatures. It is therefore strategic to evaluate your current provider's roadmap, particularly if you are considering migrating from DocuSign or YouSign to a more compliant solution.

Digital Identity for Legal Entities: the Business Challenge

eIDAS 2 is not limited to natural persons. Article 5a §3 explicitly provides for wallets for legal entities, enabling businesses to:

• Prove their legal existence (equivalent to a verifiable digital business extract).
• Delegate signing authority to their employees in an audited and revocable manner.
• Automate KYB (Know Your Business) verification in B2B contract processes.

This dimension is particularly transformative for business electronic signature processes, especially in HR, legal and financial sectors.

Deployment Timeline and Regulatory Obligations 2024-2026

Implementation Phases According to the Regulation

Regulation (EU) 2024/1183 sets a binding timeline:

• April 2024: publication in the Official Journal, entry into force 20 days later.
• End of 2024: publication of Implementing Acts defining mandatory technical specifications.
• 2025: deployment of national pilot wallets (large-scale pilots projects: EU Digital Identity Wallet Large Scale Pilots, funded at €46 million by the Commission).
• End of 2026: mandatory provision by all Member States of at least one operational EUDI Wallet. Large platforms and regulated sectors must accept it.

For French businesses, deployment relies on La Poste's digital identity and the work of ANSSI regarding certification of national Trusted Issuers.

Obligations for Relying Parties

Businesses that wish to or must accept the EUDI Wallet are subject to several obligations:

1. Registration with the competent national authority (in France, ANSSI and CNIL where applicable).
2. Technical compliance with ARF v2.x specifications published on GitHub by the European Commission.
3. Transparency: publish in a public registry the attributes requested and the processing purpose.
4. Data minimization: request only attributes strictly necessary — an obligation reinforced by the GDPR.
5. Logging: maintain logs of verifiable presentations for audit purposes, without storing raw identity data.

Businesses that integrate the EUDI Wallet into their electronic signature workflows for law firms or for HR management will enjoy a significant competitive advantage from 2026.

Strategic Issues and Opportunities for Businesses

Reducing Friction in KYC/KYB Processes

One of the most immediate benefits of the EUDI Wallet is the elimination of manual identity verification. Today, onboarding a new customer or partner requires submission of supporting documents, manual verification by staff and processing delays. With the EUDI Wallet, verification becomes instantaneous, cryptographically certified and audited. Banking, real estate and insurance sectors — subject to AML/CFT obligations — see a major opportunity for automated compliance. The real estate electronic signature sector is particularly impacted, with identity verification processes representing up to 40% of administrative time today.

Digital Sovereignty and Reduced Dependence on GAFAM

The EUDI Wallet responds to a strong political ambition: reducing Europeans' dependence on identity systems operated by non-European actors (Google, Apple, Meta). For businesses, this translates into an interoperable, open and non-proprietary infrastructure for authentication, based on ISO and W3C standards rather than proprietary SDKs. This sovereignty is also a commercial differentiation argument in public procurement, increasingly sensitive to data localization clauses.

Impact on Qualified Electronic Signature and QTSP

Qualified Trust Service Providers (QTSP) see their role evolving. With the EUDI Wallet, QSCDs can be hosted directly in the wallet or delegated to a cloud QTSP (Remote Qualified Signature). For businesses, this means that qualified signature — until now reserved for critical cases due to its complexity — becomes accessible and scalable. Our comparison of electronic signature solutions now integrates this EUDI Wallet compatibility criterion into its analysis.

Legal Framework Applicable to EUDI Wallet and Businesses

eIDAS 2 Regulation: (EU) 2024/1183

The founding text is Regulation (EU) 2024/1183 of the European Parliament and of the Council of 11 April 2024, amending Regulation eIDAS No 910/2014. It is directly applicable in all Member States without national legislative transposition, ensuring legal uniformity across Europe. Articles 5a to 5c define obligations relating to the EUDI Wallet, assurance levels and user rights. Article 46f introduces specific obligations for Relying Parties in regulated sectors.

French Civil Code: Articles 1366 and 1367

Under French law, a qualified electronic signature produced via an EUDI Wallet benefits from the reliability presumption provided by Article 1367 of the Civil Code: "Electronic signature consists in the use of a reliable identification procedure guaranteeing its link to the act to which it is attached." Reliability is presumed when the signature is qualified within the meaning of eIDAS. Article 1366 equates electronic writing with paper writing provided that the author is identified and integrity is guaranteed — two conditions that the EUDI Wallet natively fulfills.

GDPR No 2016/679: Articulation with Data Minimization

Regulation (EU) 2016/679 (GDPR) applies fully to Relying Parties that process identity attributes from the EUDI Wallet. The principles of data minimization (art. 5 §1c), purpose limitation (art. 5 §1b) and privacy by design (art. 25) must be integrated from the design phase of technical integration. The native selective disclosure of the EUDI Wallet facilitates technical compliance, but the business remains responsible (art. 24) for documenting its legal bases for processing.

ETSI Standards and Technical Standards

A qualified signature produced via EUDI Wallet must comply with ETSI EN 319 132 (XAdES), ETSI EN 319 122 (CAdES) and ETSI EN 319 162 (PAdES) standards for advanced and qualified electronic signature formats. Certification policies are defined in ETSI EN 319 401 (General Policy Requirements for Trust Service Providers). European Commission Implementing Acts specify certification requirements for Trusted Issuers (standard ISO/IEC 27001 and Common Criteria EAL 4+).

NIS2 Directive: (EU) 2022/2555

EUDI Wallet infrastructure operators (Member States, Trusted Issuers, QTSP) are subject to NIS2 Directive (EU) 2022/2555 obligations, transposed in France by Law No 2023-703. For using businesses, NIS2 imposes obligations for managing risks related to third-party providers (art. 21 §2d), which includes suppliers of solutions integrating the EUDI Wallet. A risk impact analysis of the digital supply chain is therefore recommended before any deployment.

EUDI Wallet Use Cases in Business

Use Case 1: Law Firm — Identity Verification and Signature of Mandates

A twenty-person law firm handling hundreds of mandates, engagement letters and powers of attorney monthly. Today, verifying client identity requires submission of supporting documents via email, manual verification by the legal assistant and 48-hour processing delays. With EUDI Wallet integration as an authentication mechanism, the client presents their digital identity document from their wallet in less than 90 seconds. Qualified signature is produced immediately thereafter, without additional friction. According to feedback observed on large-scale pilots conducted between 2023 and 2025, this type of flow reduces client onboarding processing time by 60 to 75% and eliminates risks of data entry errors or expired documents. The law firm also gains AML/CFT compliance, with identity attributes being cryptographically certified by a Member State.

Use Case 2: Industrial SME — Management of Supplier Contracts and Signature Delegations

A hundred-person industrial SME managing about 300 supplier contracts annually, involving purchasing managers across three sites. Today, managing signature delegations is documented on paper and difficult to audit. With the enterprise EUDI Wallet (legal entity), management can assign verifiable delegation attributes to each purchasing manager: commitment ceiling, geographic scope, validity period. These attributes are stored in the employee's wallet and automatically presented at each signature act. In case of departure or job change, revocation is instantaneous and audited. This mechanism reduces risks of contractual disputes related to unauthorized signatures and improves traceability for internal audits. Finance departments typically observe a 30 to 40% reduction in time spent on signature authority management and verification.

Use Case 3: Hospital Group — Patient Consent and Access to Health Data

A hospital group comprising several facilities and approximately 1,500 health workers faces increasingly complex patient consent challenges, particularly for access to shared medical records via Mon Espace Santé. Integrating the EUDI Wallet as an informed consent mechanism enables the patient to validate, from their smartphone, access to their data by a specialist physician, specifying the duration and scope of access. Selective disclosure ensures that only relevant medical attributes are shared. For health workers, the wallet provides their RPPS number (Shared Directory of Health Professionals) as a verifiable attribute, eliminating current manual verification processes. This type of deployment, consistent with the European Health Data Space (EHDS) framework, can reduce access delays to authorized health data from several hours to a few seconds. For sector-specific insights, our guide on electronic signature in healthcare details applicable regulatory constraints.

Conclusion

The EUDI Wallet and eIDAS 2 regulation constitute the most significant transformation of European digital identity in a decade. For businesses, the challenge is not merely regulatory compliance but seizing an opportunity to profoundly modernize signature, onboarding and delegation management processes. Legal, HR, healthcare and industrial sectors are on the front lines. The key to success lies in anticipation: evaluate now the compatibility of your current tools, train your teams and choose partners whose roadmap aligns with eIDAS 2.

Certyneo supports businesses in this transition with an electronic signature platform designed for EUDI Wallet compatibility upon deployment. Discover our offerings and start free to anticipate 2026 with complete confidence.