What is the European Digital Identity and how will it change your procedures?

La European Digital Identity It's no longer a distant project or science fiction: it's the new "digital ID" that the European Union is launching so that any person, company, or resident can identify themselves, share documents, and securely sign online throughout the EU. It takes the form of a mobile application, a digital wallet or purse, that centralizes credentials and official data under a very specific legal framework: the eIDAS2 Regulation.

This major change comes at a time when More and more procedures and services are being carried out onlineIn both the public and private sectors, security, privacy, and control over personal data have become sensitive issues. Throughout this article, you will see in detail how these topics are handled. What exactly is the European Digital Identity?How the EUDI Wallet works, what the eIDAS2 regulation says, what you can use it for in your daily life, what its advantages and risks are, and the actual deployment schedule until 2026.

What is the European Digital Identity and the EUDI Wallet?

The call European Digital Identity (European Digital Identity, EUDI) is a common electronic identification framework that allows citizens, residents, and businesses to prove who they are in any country of the European Union Securely, interoperably, and legally recognized. It's not just a simple username and password: it's designed to be a robust electronic identity, valid for both public and private services, and backed by European legislation.

The practical heart of this system is the EUDI Walleta whirlpool bath, digital wallet in the form of a mobile application which will serve to securely store and manage various digital credentials: identity documents, driver's licenses, academic degrees, medical prescriptions, certificates, payment methods, etc. The idea is that this app will be the "personal digital wallet" you carry on your mobile phone, allowing you to identify yourself and sign documents without relying on proprietary solutions like Apple Wallet or Google Pay.

In practice, this portfolio will function as a Encrypted container for electronic credentials attributes (electronic attestations of attributes), issued by trusted service providers (see how manage digital certificates): public administrations, universities, healthcare entities, banks, insurance companies, or authorized third parties. Each Member State must offer at least one official version of the portfolio, free of charge to citizens, before the end of 2026, thus guaranteeing a common minimum of interoperability and user experience throughout the EU.

This new digital identity does not appear out of nowhere: it builds upon and expands the framework created by the eIDAS Regulation 2014 (EU Regulation No. 910/2014), which already regulated electronic identification and trust services (electronic signature, sealing, etc.). The updated version, eIDAS2, introduced by Regulation (EU) 2024/1183, corrects many limitations of the original standard and adds the missing piece: a standardized European digital wallet, mandatory to accept for many services and available in all countries.

From a legal and fundamental rights perspective, the European Digital Identity is directly connected to the right to recognition of legal personality (Article 6 of the Universal Declaration of Human Rights), with the notion of “personal data” of GDPR (art. 4.1) and with the principle set out in its recital 7: People should have control over their personal dataIn countries like Spain, identity is also protected through internal regulations, such as the Organic Law on the Protection of Citizen Security.

Relationship between eIDAS2, GDPR and the technical framework of the portfolio

The Regulations eIDAS2, which came into force on May 20, 2024, aims to strengthen the security, usability and interoperability of electronic identification and trust services in the EU. One of its key features is that it makes mandatory the acceptance of electronic means of identification notified by a Member State by everyone else, which strongly promotes cross-border digital interactions, for example to open a bank account or access a public service in another country.

From a technical point of view, the implementation of the EUDI Wallet is structured around the Architecture and Reference Framework (ARF), an architectural and reference framework that establishes common technical standards, safety requirements and best practices that Member States must follow. The ARF (currently in version 1.4.1, with further revisions planned) defines how wallets should be built to be interoperable, secure and able to evolve with future technological innovations.

In addition, the European Commission is approving a series of Implementing ActsThe first set of which was adopted in November 2024. These rules specify the details. technical specifications, security protocols, credential formats, and interoperability rulestranslating the high-level objectives of eIDAS2 into practical and binding requirements for all Member States. The ARF serves as the basis for these regulations, which must ensure that portfolios also comply with data protection law.

The design of eIDAS2 has been done with a view to close alignment with the GDPRso that the processing of personal data in the portfolio respects principles such as data minimization, purpose limitation, transparency, and the exercise of rights. For example, service providers acting as Related Parties (the entities that rely on the wallet to identify a user) that perform data protection impact assessments when the treatment is likely to involve a high risk, and that they consult the supervisory authorities in such cases.

The regulations themselves stipulate that the portfolio must include mechanisms so that the user can track and review all transactions made: time and date, identity of the service with which you have interacted, data requested, and data actually shared. In addition, the EUDI Wallet must offer a common panel where the user can see the updated list of providers with whom they maintain a connection, the data exchanged, and from where they can request the deletion of data from a provider (art. 17 GDPR) or notify the data protection authority if they believe that they have been asked for unlawful or suspicious information.

To prevent misuse and unwanted profiling, eIDAS2 requires that personal data linked to the provision of the portfolio be kept logically separated from other data from the portfolio providerand that the wallet itself does not reveal to credential issuers how or where their certificates are being used. The need for non-binding properties between different transactions and revocation mechanisms for both the wallet and the credentials, so that a compromised credential can be withdrawn without bringing down the entire system.

Despite all this regulatory framework, there is a broad consensus among researchers, authorities, and professionals that The current version of ARF still has gaps to fully guarantee all these privacy and security requirements. Hence the emphasis on data protection authorities closely monitoring how these principles are reflected in implementing regulations and future updates to the ARF, and on promoting certification of portfolios that truly comply with the GDPR.

Everyday uses and use cases of the European Digital Identity

The European Digital Identity is designed to cover a a wide variety of everyday life situationsBoth online and offline. Thanks to the EUDI Wallet, users can reliably identify you without having to send photocopies of your ID card by email or insecure scans. These are some of the clearest uses contemplated by the regulations and the Commission's explanatory documents:

In the public sector, the portfolio will allow access government services from any EU country: from applying for a passport or driver's license, to filing tax returns, downloading birth certificates, or reporting a change of address. It will also facilitate access to social security information and benefits, as well as the management of health documents, including the European Health Insurance Card.

In the financial sector, the European Digital Identity will be used to open bank accounts and contract services in other countries without needing to physically visit a branch. Identity verification, which can currently be cumbersome if not done in person, will be carried out through the digital wallet, improving processes such as money laundering prevention and enabling cross-border customer acquisition with greater legal certainty.

Another specific use is that of SIM card registrationBy linking a SIM card to a digital identity, fraud is reduced and costs for operators are lowered. mobile networksSimilarly, the portfolio will allow you to display a digital driving licenseboth online and physically, for example when renting a car in another EU country.

The EUDI Wallet will also be integrated into scenarios of Electronic signature of contracts and documentsWithout the need to print paperwork or visit an office, it will be possible, for example, to sign a rental agreement, an insurance policy, or an employment contract remotely, using qualified electronic signatures issued through the digital wallet. It will even facilitate the signing of emails and other electronic messages, reinforcing the traceability and authenticity of communications.

In the educational field, the European Digital Identity will allow the storage and presentation of academic degrees, diplomas and certificates of study...and even a structured digital CV. When applying to a university in another Member State, or when providing proof of qualifications to a foreign employer, simply sharing the relevant credentials from your digital wallet will suffice, eliminating the need to certify documents or translate them each time.

In the healthcare sector, it will be possible claim and use electronic prescriptions at any pharmacy in the Union, as well as sharing relevant medical data, always with control over what is shared and with whom. This will facilitate continuity of care when someone lives, works, or travels in another country.

Travel will also be simplified: the EUDI Wallet will allow certain documents to be submitted. travel document data, such as passport or visa requirements, to expedite border, customs or airport security controls, reducing queues and manual checks.

Another important dimension is that of the organizational digital identitiesThe portfolio will be able to demonstrate that a person is acting on behalf of a company or organization (for example, to sign contracts, submit documents to the administration or contract corporate services), avoiding the manual exchange of notarized powers of attorney in each transaction.

All of this is complemented by uses of online payments and strong authenticationThe wallet will be able to link payment methods and be used as an identification factor to confirm transactions more securely than current solutions. It will also help prove age or certain attributes (for example, that a person is over 18) without revealing all underlying personal data.

Benefits and promises of the European Digital Identity

The European Commission and various national bodies highlight a number of key benefits that the European Digital Identity aims to provide benefits to citizens, businesses, service providers, and society as a whole. One of the most frequently mentioned benefits is that the wallet will allow for a easier and more uniform access to public and private services across the EU, reducing administrative barriers and paperwork.

From a privacy standpoint, the EUDI Wallet is designed to ensure that the user has full control over your personal dataOnly the information strictly necessary for each procedure will be shared, allowing you to selectively choose which attributes to reveal and which not to. The use of [other information] is also contemplated. pseudonyms and minimal disclosure techniquesThis will allow, for example, demonstrating that a requirement (age, residence, qualification) is met without having to disclose the rest of the identity data.

In terms of ciberseguridadThe regulation promotes a harmonized approach across the EU, with minimum security requirements and certification models that portfolios must meet, and promotes good practices in digital hygieneThe publication of the licensed software open source For the wallet portion, it has been designed as a transparency mechanism: anyone can audit the code, increasing confidence that no backdoors or hidden tracking functions are included.

Another obvious benefit is the reduction of bureaucracy and in-person proceduresProcesses that today require multiple trips, physical submission of documents and manual validations (for example, notarial procedures, registration of powers of attorney, accreditation of qualifications) can be integrated into 100% digital workflows, with electronic signature and automated verification of credentials.

For businesses and digital service providers, the European Digital Identity offers the possibility of simplify and reduce the cost of user authenticationThis delegates the most complex part of identifying and verifying attributes to the portfolio. This reduces responsibilities and risks associated with managing sensitive data and avoids exclusive dependence on the large technology platforms that currently concentrate a significant portion of users' digital identity.

On the macroeconomic front, the rollout of the portfolio is expected to boost a increase in secure online transactionsThis will generate new business opportunities (services based on verifiable credentials, financial advice with consolidated data, eHealth solutions, etc.) and allow for the reallocation of resources previously dedicated to manual checks to higher value-added activities. All of this should contribute to a more reliable digital environment and sustained economic growth.

Risks, criticisms and challenges of security and privacy

Despite all these advantages, the European Digital Identity is not without its drawbacks. Controversies and expert warningsMore than 550 scientists and researchers have pointed out weaknesses in the eIDAS2 framework, particularly regarding the security of trusted infrastructure and the potential for mass cyber-surveillance if adequate safeguards are not in place.

One of the most prominent criticisms concerns the possibility that states can pre-install root certificates in browsers without these entities being able to fully verify their legitimacy, which in theory would open the door to the interception or monitoring of encrypted traffic. It has also been questioned whether the text, as currently worded, could facilitate unnecessary links between governments and large digital providers, compromising the principle of non-binding.

Privacy experts like the engineer Carmela Troncoso, at the head of the EPFL's SPRING Laboratory, have insisted that It all depends on the specific design of the technical architecture.Currently, they point out that a fully public and closed final architecture does not yet exist, and that, although it is technically possible to build a very privacy-respecting wallet, the design margin is wide and it is necessary to ensure that mature cryptographic technologies and best practices already available are adopted.

Other specialists, such as lawyers Javier pascual y Maria GraciaThey also point to the risks arising from the fact that States choose which companies issue digital certificatesA security breach at one of these trusted service providers could have a huge impact, affecting millions of users, given the centrality of the wallet in daily life: health, finance, mobility, communications, etc.

To mitigate some of these fears, the regulations stipulate that the portfolio can operate in a local and offlinesecurely stored on the user's device, without needing to upload all the data to the cloud. The proposed security systems resemble current methods for electronic certificates on mobile devices: installation of software issued by a trusted provider and use of passwords, multi-factor authentication such as USB fingerprint reader every time you want to share or sign something.

Even so, researchers like Juan Tapiador o Javier Sánchez Monedero They emphasize that the main risk is not only technical, but also social and exclusionIf European Digital Identity becomes the de facto standard for accessing basic services, employment, or banking, not using a digital wallet could lead to a level of isolation similar to not having one at all. smartphone Today, groups with less digital competence, such as many older people, may be especially disadvantaged if real alternatives and in-person support are not provided.

Finally, the academic community insists that many of the safeguards included in the eIDAS2 text (non-binding, effective revocation, logical data separation, user control panel) will only materialize if the ARF and implementing regulations develop them with sufficient precision. Until that happens, There is a gap between proclaimed principles and practical implementations.

From eIDAS 2014 to eIDAS2: evolution of the European framework

To better understand how we got here, it's helpful to briefly review the evolution of eIDASRegulation No 910/2014 was created as an instrument to facilitate secure electronic transactions between citizens, businesses and public administrations, providing a legal framework for electronic signatures, digital seals, time stamps, certified electronic delivery and trust services in general.

However, the experience accumulated since 2014 has shown that the original eIDAS It did not adequately meet the needs of a European electronic identity system modern. On the one hand, it allowed member states to voluntarily notify their national electronic identification systems, which the others had to recognize from 2018 onwards, but it did not oblige all countries to create a national eID nor did it adequately resolve the technical interoperability between very different systems.

The solution that was adopted then was a kind of interoperability superstructure To connect the different systems, which in practice led to technical problems, fragmentation, and difficulties in extending the model to private services. Furthermore, the directive had gaps in terms of supplier oversight, accountability details, compatibility with new technologies, and truly user-friendly experiences.

The new eIDAS2 Regulation comes precisely to closing these gapsIt obliges member states to offer citizens and businesses a official digital wallet that links your national digital identity with other personal attributes (driver's licenses, diplomas, bank accounts, professional certificates, etc.), and allows these wallets to be issued by both public authorities and recognized private entities.

In this way, we move from a model in which digital identification was relatively limited and little used (in Spain, for example, through systems such as Cl@ve or certificates for specific procedures), to a integrated digital identity ecosystem in which the wallet becomes the gateway to a vast number of services, both online and offline. The intention is that, unlike what happened with eIDAS 2014, citizens will be able to use it extensively and on a daily basis.

Practical impact: mandatory use, large platforms and the digital divide

On paper, the use of the European Digital Identity will be voluntary for citizensNo one will be legally obligated to download or use the app. However, many experts point out that, in practice, its widespread adoption will make it almost indispensable for the vast majority of people, since Numerous central services will come under its control..

For example, the so-called very large online platforms (VLOP) regulated by the Digital Services Act, such as Amazon, Facebook Booking.com and other online retailers will be required to accept the European digital identity wallet as an authentication mechanism for their users. If public administrations, banks, universities, insurance companies, and other institutions are added to this, the incentive to use the wallet will be enormous.

This “voluntariness in law, but obligation in practice” poses significant challenges in terms of digital inclusionGroups with less technological skills or less access to suitable devices could be left out of many processes, just as has already happened with the migration from traditional banking to the online world, where many older people have had difficulties continuing to operate normally.

Partial solutions have been implemented, such as smart kiosks or in-person assistance at certain public offices, but experts warn that the problem goes beyond having a device or connection: it has to do with power relations, dependence and needIf providing digital wallet credentials is required to apply for a job, enroll in a course, or access aid, the "weaker" party in the process will not have much power to refuse.

At the same time, both business and public administration sectors emphasize that a well-designed European digital identity can represent a stop to fraud, to the identity impersonation already the false documentationThis results in a safer environment for everyone. Balancing these benefits with the risk of social exclusion will be one of the major challenges in the coming years.

Calendar, deadlines and next steps

The implementation of the European Digital Identity is a gradual process which has been in development for several years. The initiative formally began in 2021; the general approach was agreed upon in 2022, and a provisional text was published months later. After intense debates and legal adjustments, Regulation (EU) 2024/1183 has now entered into force, marking the start of the most crucial phase.

With the approval of eIDAS2, the EU has set a clear horizon: Member States must make at least one European digital identity wallet available to citizens, residents and businesses by the end of 2026This timeframe implies that, over the next few years, several critical tasks must be completed: approval of all implementing regulations, maturation and updating of the ARF, development of national portfolios, pilot testing and progressive deployments.

During this transition period, it will still be necessary listen to civil society organizations, privacy experts, the technology industry, and data protection authorities to smooth out the ambiguities in the text and resolve the most heated controversies, especially regarding cryptographic security, certificate governance, surveillance risks, and digital exclusion.

There isn't a single date yet when everyone will start using wallets all at once; rather, we'll see. a phased deploymentSome countries will progress faster than others, needing more time to adapt their systems. Even so, the regulatory commitment to have digital wallets available by the end of 2026 marks the point at which European Digital Identity should cease to be a project and become an everyday reality across the Union.

In this context, technology companies specializing in digital identity, such as those participating in EBSI Wallets projects or decentralized solutionsThey are already aligning their developments with the EUDI ecosystem. The goal is for organizations to be able to integrate the portfolio into their processes with the least possible operational impact, leveraging modular architectures and real-world use cases in areas such as healthcare, cybersecurity, banking, and conversational assistants.

European Digital Identity is thus taking shape as a centerpiece of Europe's digital futureA combination of legal framework, technical architecture and mobile application that can radically simplify the relationship of citizens with the administration and companies, strengthen the security of transactions and, at the same time, open up profound debates on surveillance, inclusion, digital sovereignty and effective control of personal data that are still far from being closed.