By Mark Medum Bundgaard
By the end of 2026, every EU Member State is expected to provide a Digital Identity Wallet under the updated eIDAS regulation. Much of the public discussion focuses on surveillance fears. For businesses, however, the more immediate question is how identity verification works in practice and whether it will finally reduce the friction of online trust.
For many years digital identity in Europe existed largely as a policy discussion. Lawyers, regulators and standards bodies debated frameworks while most companies continued verifying customers much as they always had. The revised eIDAS 2.0 regulation (Electronic Identification, Authentication and Trust Services) changes that dynamic. Each Member State is now required to make at least one certified European Digital Identity Wallet available to citizens by the end of 2026.
As the deadline approaches, discussion about digital identity has become increasingly polarised. Some view the wallet as a breakthrough that could simplify onboarding, reduce fraud and enable seamless digital services across Europe. Others worry that a government-backed identity framework could evolve into a tool for monitoring citizens online.
In practice, the reality is more complex. The wallet architecture is designed to minimise unnecessary data sharing through techniques such as selective disclosure and zero-knowledge proofs. At the same time, any infrastructure built around digital identity inevitably raises questions about governance, interoperability and trust.
For businesses, the practical issue is less about choosing between these competing narratives and more about understanding what the infrastructure will mean in day-to-day operations. If implemented successfully, digital identity could reshape how organisations verify customers, meet compliance requirements and build trusted digital interactions across Europe.
Before we talk about the wallet’s impact, we need to look at how identity verification currently works. In many cases the process still involves uploading scans of identity documents to a website or mobile app. A passport photo or a driver’s licence is uploaded and the service provider stores a copy somewhere in its systems. In effect, people end up distributing digital copies of highly sensitive documents across dozens of different organisations.
In the physical world identity checks are usually momentary. A licence is shown, checked and handed back. Online verification rarely works that way. Instead, full copies of identity documents are typically uploaded and stored, leaving organisations responsible for protecting large volumes of sensitive personal data.
The idea behind the EU Digital Identity Wallet is to change this dynamic. Instead of repeatedly sharing documents, individuals will hold verifiable digital credentials on their devices. These credentials can confirm specific attributes when required. A retailer could confirm that a customer is over 18 without receiving their full date of birth. A bank might verify identity without requesting a passport scan. In principle, organisations only receive the information they actually need.
For businesses this could make a real difference. Many organisations currently collect far more personal data than they truly need simply because identity verification requires it. Those datasets bring cost, security risk and regulatory responsibility. If verification can happen without copying documents, companies may be able to reduce the amount of sensitive data they store in the first place.
The privacy debate around digital identity often centres on the idea that governments could track how people use their credentials. That concern is understandable, however, in practice, credentials are stored on the user’s device and shared directly with the organisation requesting verification. The authority that issued the credential does not automatically see when or where it is used. In essence, the system is designed to mimic how identity works offline. Information is shown when needed, not continuously reported back to a central system.
Recent advances in privacy-preserving cryptography help make this possible. One example is the use of zero-knowledge proofs, which allow someone to demonstrate that a statement is true without revealing the data behind it. A person can prove they are above a certain age without sharing their exact birth date.
Another technique increasingly discussed in identity systems is multi-party computation (MPC), which allows information to be verified without revealing the underlying data to any single system. In practice this can help address a long-standing challenge in digital identity: how to confirm someone’s identity without exposing sensitive information such as biometric data. Unlike passwords, biometric data cannot simply be changed if it is compromised, making protection particularly important.
Together with approaches such as selective disclosure and zero-knowledge proofs, these cryptographic methods allow identity credentials to be verified while revealing only the information required for a specific interaction.
These approaches also fit well with the data minimisation principle embedded in the EU’s General Data Protection Regulation. Rather than collecting full identity records, organisations can confirm only the specific attribute required for a transaction. For sectors, such as financial services, telecommunications and healthcare, that already face strict compliance obligations, that change could significantly reduce the exposure created by large identity databases.
Despite the sophistication of the cryptography involved, the real challenges facing digital identity in Europe are unlikely to be technical. The mathematical foundations behind these tools have been studied for decades. The more complicated questions involve interoperability, certification and governance.
The EU is currently testing the wallet ecosystem through four large-scale pilot programmes involving more than 350 organisations across 26 Member States. Initiatives such as NOBID, which focuses on payments and public services in the Nordic and Baltic region, and POTENTIAL, which is exploring cross-border use cases such as digital driving licences, are testing how wallet credentials might work in practice.
Alongside these European pilots, similar technologies are being explored in other environments. For example, a proof-of-concept at the Okinawa Institute of Science and Technology has examined the use of mobile wallet credentials for campus access and services, combining blockchain with privacy-preserving cryptography. Together, these projects suggest that the underlying technologies are already viable; the greater challenge lies in integration, interoperability and governance.
Adoption will ultimately depend on simplicity. Businesses tend to adopt technologies that reduce friction. If verifying a credential becomes as straightforward as integrating an authentication feature into a website or mobile app, the wallet could spread quickly.
For companies operating across the EU, the potential benefits are obvious. One of the persistent problems in the digital single market has been the need to repeat identity verification in each country where a service operates. A widely used wallet could make it easier for verified credentials to move between services and jurisdictions.
Digital identity has long been framed as a regulatory project. Increasingly it looks more like part of the infrastructure that supports digital trust. Payments, connectivity and authentication have all followed similar paths: they began as policy discussions and eventually became everyday utilities.
If the EU Digital Identity Wallet reaches meaningful scale, it could change how trust is established online across Europe. Instead of repeatedly submitting identity documents or creating new accounts for every service, people may rely on credentials they already hold on their devices. The next few years will determine whether that vision becomes reality. What is clear already is that digital identity in Europe is moving out of policy discussions and into the real world.
About the Author
Mark Medum Bundgaard is Chief Product Officer at Partisia, where he focuses on privacy-preserving technologies and digital identity systems. His work centres on applying advanced cryptographic techniques to enable secure data sharing, decentralised identity, and trusted digital interactions across public and private sector services.
