eIDAS 2.0 and the EUDI Wallet: What really changes for your business

‍

The eIDAS 2.0 regulation and the European Digital Identity Wallet (EUDI Wallet) represent the most significant shift in digital identity infrastructure Europe has seen.

‍
With a hard deadline of end-2026 for member states and November 2027 for large enterprises, the question is no longer whether this will change how you verify customers — it is how ready you are when it does.

‍

This article cuts through the political announcements to give compliance, product, and operations teams a clear picture: what is confirmed, what remains uncertain, and what your organisation needs to build right now.

‍

1. What we know: the confirmed regulatory framework

‍

The two deadlines that are not moving

‍

The regulation sets two non-negotiable dates.
‍

End of 2026 — Member State Obligation
Every EU member state must make at least one wallet available to its citizens and residents. This is the baseline: a government-issued digital identity the EUDI Wallet.
‍

November 2027 — Large Enterprise Obligation
Large companies in banking and telecoms will be required to accept the wallet — and supporting documents such as payslips and tax notices — as a means of authentication. This obligation sits within the broader AMLR (Anti-Money Laundering Regulation) framework, reinforcing identity verification requirements to combat fraud and financial crime.

How the wallet actually works
‍

The EUDI Wallet operates entirely online. The flow is straightforward:

‍

1. The user scans a QR code
2. They authenticate within their wallet application
3. They select and approve which data to share
4. The data is transmitted instantly

‍

Consent is mandatory at every interaction. The wallet does not share data passively.
‍

Guaranteed minimum content: a PID (Personal Identity Data — name, date of birth, nationality) certified by the state, at the highest level of assurance ("high"). Additional documents — driving licences, diplomas, proof of address — will be added progressively by each member state.

‍

‍

2. What we don't know: Four Major Uncertainties

‍

The regulatory framework is clear. What it doesn't resolve are the operational questions that will determine your integration roadmap.

‍

Deployment timeline for Non-PID Documents

‍

The basic PID will be available by end-2026. There is no confirmed timeline for secondary documents: proof of address, payslips, tax notices. Planning around these is premature.

‍

Approved wallet operators

‍

Both public operators (e.g. France Identité) and private operators (e.g. Docaposte) will offer wallet solutions. The exhaustive list does not yet exist. Whether a unified API standard will emerge, or whether you will face multiple integrations by country, remains open.

‍

Technical standards

‍

High-level specifications are published. Definitive API schemas are not. National variants are probable. Any technical build that depends on a specific schema today carries re-work risk.

‍

Real-world adoption

‍

The political ambition is 80% usage by 2030. No reliable short-term forecast exists. Plan for a hybrid period of at least 5 to 10 years — where wallet and non-wallet journeys must coexist simultaneously.

‍

3. The structural gaps: what the wallet cannot do

‍

Beyond uncertainties, the EUDI Wallet has deliberate design limitations that create clear requirements for complementary solutions.

‍

No Financial Data

The wallet contains no income data, no expenditure history, no credit behaviour, no repayment capacity. This is a deliberate design choice driven by GDPR constraints.

The consequence is significant: the wallet tells you who the customer is — not whether they can pay. Affordability assessment via Open Banking, document OCR, or internal scoring remains mandatory for any credit or financing decision.

‍

No Dynamic Fraud Detection

The wallet certifies identity at the point of onboarding. It does not monitor for fraud throughout the account lifecycle: deepfakes, synthetic identities, document theft, account takeover, nominee fraud. Static identity verification is necessary but no longer sufficient. Continuous behavioural analysis is essential.

‍

B2C Only — No Business Verification

The wallet does not cover KYB. Beneficial ownership, shareholding structures, financial statements, insolvency proceedings — none of this is in scope. Registries such as Companies House verify legal existence but do not certify document authenticity, leaving B2B fraud risk unaddressed.

‍

EU Residents Only

The wallet covers EU citizens and residents. For international customers, non-EU verification remains a separate requirement.

‍

4. How to Prepare: Four Strategic Decisions
‍

‍

1. Do not build an architecture that depends solely on the Wallet
‍

The hybrid period will last a minimum of 5 to 10 years. The wallet covers roughly 20% of the trust problem — basic identity. The remaining 80% — affordability, fraud detection, KYB, full AMLR compliance — requires complementary layers. Build an orchestration architecture now that can route intelligently between sources.

‍

2. Account for national differences

‍

Regulatory harmonisation does not mean operational uniformity. In France, the tax address (updated once a year) and the postal address (held by La Poste) can diverge by up to 12 months. In Germany, residents are required to register their address within three weeks of moving, creating near-perfect synchronisation. These differences persist with the wallet — your verification logic needs to account for them by market.

‍

3. Design for orchestration, not replacement

‍

The operational challenge is not technical — it is organisational. Your system needs to handle at least four scenarios simultaneously:

ScenarioResponseWallet available and acceptedUse wallet PIDWallet unavailable or declinedClassic KYC journeyNon-EU customerInternational verification solutionBusiness customerKYB process

Building this orchestration layer before the wallet becomes mandatory is far less costly than retrofitting it under deadline pressure.

‍

4. The wallet does not remove Your AMLR obligations

‍

This is the most important point for compliance teams. The EUDI Wallet facilitates basic identity verification. It does not replace your anti-money laundering obligations:

• Standard Customer Due Diligence (CDD)
• Enhanced Due Diligence (EDD) for high-risk profiles
• Sanctions list and PEP screening
• Ongoing transaction monitoring

The wallet answers who is the customer. It does not answer what is their risk profile — and that distinction is exactly what AMLR requires you to make.

‍

Identity Is the foundation, not the finish line

‍

The EUDI Wallet will simplify baseline identification and reduce classic document fraud. It is a meaningful step forward. But it solves one part of the problem.

The organisations that will be prepared are not those waiting passively for 2027. They are the ones building orchestration architectures today — systems that combine certified identity with:

‍

• Affordability assessment (Open Banking, document OCR)
• Dynamic fraud detection (AI, continuous behavioural monitoring)
• Regulatory compliance (AMLR screening, EDD)
• B2B verification (KYB, beneficial ownership)

‍

Certified identity is the foundation. What you build on top of it determines whether your customers trust you — and whether your regulators do too.

‍

‍

Frequently Asked Questions

‍

What is the eIDAS 2.0 regulation?

‍
eIDAS 2.0 is a European regulation adopted in November 2024 that introduces the European Digital Identity Wallet (EUDI Wallet). It requires EU member states to provide a digital identity wallet to citizens by end-2026, and large enterprises in banking and telecoms to accept it by November 2027.

‍

What does the EUDI Wallet contain?

‍
The wallet's guaranteed minimum content is a PID (Personal Identity Data: name, date of birth, nationality) certified by the state at the highest assurance level. Additional documents — driving licences, diplomas, proof of address — will be added progressively depending on the member state. The wallet contains no financial data.

‍

Does the EUDI Wallet replace KYC processes?

‍
No. The wallet simplifies identity verification for EU residents but does not cover affordability assessment, dynamic fraud detection, B2B verification (KYB), or non-EU customers. Existing KYC and AML/CFT obligations remain fully in force.

‍

When must large companies comply with eIDAS 2.0?

‍
Large companies in the banking and telecoms sectors must accept the EUDI Wallet as an authentication method by November 2027, as part of the AMLR (Anti-Money Laundering Regulation) framework.

‍

What should businesses do now to prepare for the EUDI Wallet?

‍
Start building an orchestration architecture that can route between wallet-based and non-wallet journeys. Do not design a system that depends solely on the wallet — the hybrid period will last at least 5 to 10 years. Maintain all existing AML/CFT and affordability assessment capabilities alongside wallet integration.

‍

Key Takeaways

‍

• Two hard deadlines: end-2026 (member states) and November 2027 (large enterprises in banking and telecoms)
• The wallet covers basic identity only — no financial data, no fraud monitoring, no B2B verification
• A hybrid period of 5 to 10 years minimum is guaranteed — plan accordingly
• AMLR obligations are not replaced by the wallet
• Orchestration architecture is the critical build, not wallet integration alone

‍