EUDI Wallet

The EUDI Wallet (European Union Digital Identity Wallet), also known as EUDI Wallet, is a key component of the new digital identity ecosystem that is being developed in the European Union, based on Regulation (EU) 2024/1183.

The IDUE wallet will be a product (a mobile App) and a digital service (an ecosystem with multiple participants that will enable the management of the App holders information) that will allow EU citizens and businesses to securely store, manage and share their identity data and other attributes linked to their identity in the form of «attribute statements» (also called «attribute testimonials»). Its main purpose is to support the identification and authentication of users to contract products and services. And on a day-to-day basis, it will be an identity management mechanism that will allow access to the digital services contracted and those offered by public administrations, leaving aside mechanisms such as the traditional «user» and «password».

The launch of the European Digital Identity Portfolio pursues several objectives:

  • Universal availability: so that it is available to all EU citizens, residents and businesses who wish to use it.
  • User control: Portfolio holders will have full control over their data, and will be able to request it with the portfolio from the organizations and entities where the information originally resides and choose to share certain data when requested by an entity or organization with which they are in communication. When the information transfers are registered, the portfolio may request the future elimination of the data transferred to some user parties by exercising the ARCO or SOPLAR rights.
  • Simple functionality of trust services: Starting with identity data, which can be used in contracting, the possibility of qualified electronic signatures and a «key» functionality to access services that require authentication, such as access to electronic banking.
  • Cross-border interoperability: It can be used in any country of the European Union, other than the one that issued it, with different use cases, for example, requesting medicines prescribed in the health system of another country in a pharmacy.
  • Security and privacy: It will offer a high level of security and protection of personal data, allowing special functions such as selective disclosure of information.

The wallets, in the form of a mobile app, will be available around 2026 in all EU countries and can be issued by member states themselves, by entities mandated by the state or by entities acting on their own but with state recognition.

For everything to work, portfolios require a complex ecosystem that includes:

  • Reporting parties (from authentic sources): entities that issue electronic attestations of attributes (also called electronic attribute statements).
  • Informed parties: entities that request and verify information from portfolios (also called «user parties»)
  • Trusted systems such as lists and certificates that indicate that the information sources are reliable or that user parties are authorized to request information from IDUE portfolios.

The general description of the portfolio and ecosystem is as follows:

  1. Personal data management (DIP, Datos de Identificación Personal): allows the user to store and control their personal data securely.
  2. Management of digital attribute statements or testimonials, from authentic sources, which, depending on the type of Lender (reporting party) will be:
    • Qualified testimonials
    • Non-qualified testimonials
    • Testimonials from public administrations
  3. Management of electronic signature certificates: Allows the storage and use of digital certificates for qualified electronic signatures.
  4. Access control system: Allows the portfolio holder to control what information is shared with third parties and to keep track of these transfers, being able to withdraw consent in the future.
  5. User parties (informed parties): Entities that request information from the portfolios.
  6. Trusted lists: So that only authorized entities can provide or request information.

In the ecosystem there are also:

  1. The state’s Supervisory Body.
  2. The National Accreditation Body(which audits the Conformity Assessment Bodies of the country).
  3. Conformity Assessment Bodies (CAB) of any country. In some countries there are no CABs and in others there are several. A country’s CAB can audit Qualified Suppliers from any country, on a biennial basis.
  4. Schema providers: They define the formats and data structures of the different types of declarations to favor standardization and interoperability.
  5. Portfolio Providers: Issued by the member states themselves, by entities mandated by the state or by entities acting on their own account but with state recognition.
  6. Manufacturer of the Operating System and of the cell phone architecture: Data of the basic functionality used by the Wallet App.

Within the Wallet, the cryptographic functions necessary for the electronic signature are performed, either by resorting to existing services in the hardware of the cell phone, or by accessing external chip cards (managed, for example with the NFC connectivity of the cell phone) or with functionalities such as remote HSM (Hardware Security Module), already developed in the context of Regulation (EU) 2014/910 (called EIDAS1) for the qualified signature of natural persons and the qualified stamp of legal entities. 

For the ecosystem to work, a system must be deployed to distinguish which information providers are reliable and which entities are authorized to request information from the portfolios. In many cases these will be entities that facilitate the contracting of their services by making use of the functionality of providing portfolio information (for example, the KYC «Know Your Customer» requirements of financial institutions) or the authentication functionality (to make use, for example, of «electronic banking» services).

Certificate issuing services will also be used to manage the trusted lists, so that information requests and responses will be electronically signed.

In summary, the IDUE Wallet represents a significant advance in digital identity management in the European Union, offering citizens a secure and versatile tool for interacting in the digital world, both with public and private entities, in a way that protects their privacy and gives them control over their personal data, but its implementation is a major challenge.