The EUDI Wallet Is Coming: What Companies Need to Prepare Now for Digital Identity

With the adoption of the eIDAS 2.0 Regulation, the legal framework for a Europe-wide unified digital identity infrastructure has been established. At its core is the introduction of the European Digital Identity (EUDI) Wallet. While Member States are obligated to provide corresponding wallet solutions by early 2027 at the latest, the specific design at the national level is currently in a decisive implementation phase. In Germany, a ministerial draft for a Digital Identities Act (Digitale-Identitäten-Gesetz – DIdG) has been presented, which is intended to set the key parameters for the provision, use, and regulatory integration of the wallet. In parallel, both technical preparations and political and economic coordination processes are gaining significant momentum. For companies, it is already becoming apparent that the EUDI Wallet may become a mandatory component of digital business processes in the foreseeable future. Against this backdrop, the question arises as to which actors are specifically affected, what requirements arise from the European and national legal framework, and what action is needed in the short term.

I. Current Developments

The national implementation of the eIDAS 2.0 Regulation is in an advanced but not yet completed phase in Germany as of May 2026. On 26 March 2026, the Federal Ministry for Digital Affairs and State Modernisation (BMDS) presented a ministerial draft for a Digital Identities Act (DIdG), which is currently undergoing inter-ministerial coordination and is expected to be submitted to the Cabinet shortly. The draft specifies central elements of the future wallet infrastructure, in particular user onboarding, the integration of additional functions such as payment options, and potential acceptance obligations for companies. In terms of timing, the Federal Government is pursuing an ambitious roadmap: the Act is intended to enter into force during the course of the year, while the practical rollout of the wallet at the European level is scheduled for early 2027. In parallel, technical foundations are being established, for example through planned open-source documentation and supplementary security measures such as bug bounty programmes. Nevertheless, particularly at the municipal level, doubts remain regarding the feasibility of the timeline and the practical integration into existing administrative structures.

The reactions from industry associations are nuanced. In principle, the introduction of a Europe-wide harmonised digital identity solution is welcomed, but at the same time significant need for improvement is identified. Particular criticism is directed at the high complexity of the draft legislation and the resulting legal uncertainty, as numerous cross-references to other national and European regulations complicate application and increase the risk of incorrect implementation with potential sanctions. Furthermore, the market structure envisaged in the draft is questioned: associations call for a “level playing field” between public and private wallet providers, while a potential state preference is seen as inhibiting investment. In functional terms, there are also expectations that the wallet should provide all essential core functions – digital identification, attribute attestations, and qualified electronic signatures – in full from the outset, in order to avoid acceptance problems.

In parallel with the legal design, work is also continuing on the conceptual and technical development of the wallet. The BMDS has announced that the “EUDI Wallet“ will receive a new, more user-friendly name in Germany, as the current designation is considered difficult to remember and acceptance problems are feared. Technically, a phased expansion of functionalities is planned: in addition to traditional identity credentials, payment functions are also to be integrated over time, for example through the incorporation of existing credit cards or online payment services, with regulatory guardrails planned particularly regarding security and functional separation. At the same time, close integration with existing digital infrastructures such as BundID is planned, which promises synergies but also brings technical and organisational challenges, particularly on the administrative side. Overall, it is evident that implementation is currently in a dynamic phase between legislative specification, technical development, and political-economic coordination, with the coming months being decisive for the system’s practical viability.

II. Affected Companies

The eIDAS 2.0 Regulation does not impose a blanket obligation on all companies to integrate the EUDI Wallet. Rather, a distinction must be drawn between different categories of market participants, with specific obligations arising in particular for companies that offer or rely on digital identification processes.

Directly addressed are, first, so-called “relying parties”, i. e. service providers that use digital identification procedures to grant users access to their services or to receive legally relevant declarations. These include in particular regulated sectors such as credit institutions, payment service providers, telecommunications providers, and providers of digital platform services, insofar as they are legally obligated to identify their customers (for example under KYC or anti-money laundering requirements). These companies will in future be required to accept the EUDI Wallet as an identification tool, provided they use digital identification procedures and the wallet meets the required level of assurance. In such cases, a concrete need for integration and adaptation arises in existing onboarding and authentication processes.

A further group comprises companies that have not yet implemented mandatory identification processes but offer digital services for which identity verification is typically required or advisable. These include, for example, platform operators, providers of online marketplaces, or services with age verification obligations. For these actors, there is not necessarily an immediate obligation arising directly from the Regulation itself to integrate the wallet; however, the European legal framework opens up the possibility for Member States to establish corresponding acceptance obligations at the national level. Against this backdrop, it can be expected in the German context in particular that certain sectors will in future be subject to regulatory obligations to accept the wallet and process the corresponding attestations. The circle of specifically affected companies will therefore be significantly determined by subsequent national regulations.

By contrast, companies without any connection to digital identification processes – i. e. purely physical businesses without digital customer interaction – are generally not directly affected. Companies that exclusively use internal identity solutions and do not process external user identities also do not, in principle, fall within the direct scope of application of the eIDAS 2.0 Regulation.

Finally, a third group of actors must be considered, for whom the situation gives rise not so much to obligations as to market opportunities. These include in particular providers of wallet solutions, trust service providers, and technical service providers that offer interfaces, identity management systems, or verification solutions. These actors are also subject to regulatory requirements, for example regarding certification and security standards, but they are not primarily addressees of acceptance obligations; rather, they form part of the emerging ecosystem.

III. Recommendations for Action for Companies

In the short term, companies should first clarify whether and in which processes they already use digital identification procedures today. Particularly relevant are onboarding processes, contract conclusions, age verifications, and existing KYC or authentication solutions. As a first step, it is advisable to specifically inventory and prioritise these processes in order to identify those use cases in which the EUDI Wallet is likely to become mandatory or at least practically relevant in the future.

In parallel, internal responsibilities should be assigned, ideally involving Legal, Compliance, and IT. The EUDI Wallet is not a purely IT topic; regulatory requirements, liability issues, and technical integration are interlinked. Without clear responsibilities, there is a risk that necessary preparations will be delayed.

At the technical level, it is advisable to review the company’s own system architecture for wallet compatibility at an early stage. Companies should assess whether their existing identification and authentication systems are fundamentally open to external identity providers and have standardised interfaces (APIs). If this is not the case, at least a conceptual opening should be prepared in order to reduce subsequent integration effort.

Furthermore, it is advisable to closely monitor developments at the national level, particularly with regard to potential acceptance obligations for certain sectors. Companies that are potentially active in regulated areas (e.g. financial services, platform economy, telecommunications) should develop scenarios for how a mandatory wallet integration can be implemented organisationally and technically. This also includes early coordination with existing service providers, for example in the areas of identity verification or payment processing.

Finally, companies should consider concrete pilot or testing strategies as soon as corresponding interfaces or reference implementations become available. Early practical experience – even in limited use cases – makes it possible to realistically assess integration effort, user acceptance, and operational impacts, and to make necessary adjustments in a timely manner.

IV. Conclusion and Outlook

The EUDI Wallet will gradually gain practical significance with the further implementation of the eIDAS 2.0 Regulation and the accompanying national legislation. With a view to the planned rollout by early 2027, it is foreseeable that it will establish itself as an additional standard for digital identification and attestation processes. For companies, this primarily means that existing digital processes will need to be supplemented by or adapted to the use of the wallet over time.

At the same time, the current state of implementation shows that numerous detailed questions – particularly regarding specific technical design, market organisation, and potential acceptance obligations – remain open. Against this backdrop, a pragmatic approach is recommended: companies should closely follow regulatory developments and establish the necessary organisational and technical foundations at an early stage, without prematurely committing to specific solutions. Ultimately, what will be decisive is how clearly and practicably the national requirements are designed and to what extent the wallet actually gains traction in the market.

This article was created in collaboration with our student employee Emily Bernklau.