digital certificate

eIDAS 2.0 - Roadmap, Toolbox, and The European Digital Identity Wallet Architecture

The European Commission has now published its first version of a common EU Toolbox in order to implement the European Digital Identity Wallet (EUDI Wallet). This Toolbox includes the core technical Architecture and Reference Framework - a set of common standards and technical specifications as well as guidelines and best practices

This outcome leads to a planned and determined drive for secure digital identification for all European people, which may perhaps set the benchmark for the rest of the world.

The Framework can be found here: European Digital Identity Architecture and Reference Framework – Outline

You can read an introduction to eIDAS 2.0 in our article here

Roles in the EUDI Wallet Ecosystem

The underlying illustration sets out the architecture of the EUDI Wallet ecosystem and details the various roles and process flows:

Chart eIDAS 2.0 Roles


The potential roles are:

1. End Users of EUDI Wallets

End users are defined as natural or legal persons that will be using the wallets to send, receive, store and share attestations and personal attributes about themselves which would be used to prove identity. End users will be able to produce qualified electronic signatures and seals (QES) using an EUDI Wallet. 

Who can be a User of an EUDI Wallet by citizens depends on national law and will not be mandatory. 

2. EUDI Wallet Providers

EUDI Wallet Providers are Member States or organizations required or authorized by Member States that make the EUDI Wallet available to end Users. The terms and circumstances of the mandate or recognition would be determined by each Member State.

The EUDI Wallet Providers provide Users with an array of products and Trust Services, as outlined in the legal proposal, within the framework of an EUDI Wallet Solution. This empowers Users with complete control over the utilization of their Person Identification Data (PID) and Qualified or non-qualified Electronic Attestations of Attributes (QEAA or EAA), alongside any additional personal data stored in their EUDI Wallet. Technically speaking, this also means granting Users sole authority over sensitive cryptographic materials (such as private keys) related to the use of this data in a variety of contexts, including electronic identification, signatures and seals. 

It is the duty of the EUDI Wallet Providers to make sure that the requirements are followed.

3. Person Identification Data Providers (PID)

PID providers are trusted entities and are responsible for verifying the identity of the EUDI Wallet user, maintaining an interface to securely provide PID to the EUDI Wallet, and making information available for Relying Parties to verify the validity of the PID, without receiving any information about the PID's use. EUDI Wallet Providers may or may not be the same organizations as PID providers.

PID Providers are trusted entities responsible for: 

  • Verifying the identity of the EUDI Wallet User in compliance with LoA high requirements, 
  • Issuing PID to the EUDI Wallet in a harmonized common format, 
  • Making available information for Relying Parties to verify the validity of the PID.

4. Trusted List Providers

The status of a role in the EUDI Wallet ecosystem shall need to be verified. Such roles may be:

  • EUDI Wallet Providers
  • Person Identification Data Providers
  • Qualified Electronic Attestation of Attributes (QEAA) providers
  • Qualified certificate for electronic signature/seal (QC) providers
  • Relying Parties
  • Non-qualified Electronic Attestation of Attributes (EAA) providers
  • Non-qualified certificate for electronic signature/seal providers
  • Providers of other Trust Services
  • Catalogue of attributes and schemes for the attestations of attribute providers

5. Qualified Electronic Attestation of Attributes (QEAA) Providers

Qualified EAA are provided by QTSPs. QEAA providers maintain an interface for requesting and providing QEAAs, including a mutual authentication interface with EUDI Wallets and potentially an interface towards Authentic Sources to verify attributes.

QEAA Providers provide information or the location of the services that can be used to enquire about the validity status of the QEAAs, without having an ability to receive any information about the use of the attestations.

6. Non-Qualified Electronic Attestation of Attributes (EAA) Providers

Non-qualified EAA can be provided by any Trust Service Provider. While they are supervised under eIDAS, it can be assumed that other legal or contractual frameworks than eIDAS mostly govern the rules for provision, use and recognition of EAA.

Other frameworks could encompass policy areas like driving licenses, educational credentials, and digital payments, with potential dependence on qualified Electronic Attestation of Attributes Providers. To facilitate the utilization of Electronic Attestation of Attributes (EAA), Trusted Service Providers (TSPs) present Users with a mechanism to request and acquire EAA, meaning that they need to comply with the technical specifications outlined in the EUDI Wallet interface. 

7. Qualified and Non-Qualified Certificate for Electronic Signature/Seal Providers

The EUDI Wallet enables the user to create qualified electronic signatures or seals. This can be achieved in two ways:

8. Providers of other Trust Services

Providers of other qualified or non-qualified Trust Services such as timestamps may be further expanded in future versions of the ARF.

9. Authentic Sources

Authentic Sources are the public or private repositories or systems recognized or required by law containing attributes about a natural or legal persons. Authentic sources are sources for attributes on address, age, gender, civil status, family composition, nationality, education and training qualifications titles and licenses, professional qualifications titles and licenses, public permits and licenses, financial and company data.

Authentic Sources are required to provide interfaces to QEAA Providers to verify the authenticity of the above attributes, either directly or via designated intermediaries recognized at a national level.

10. Relying Parties

Relying Parties are natural or legal persons that rely upon an electronic identification or a Trust Service. Relying Parties need to maintain an interface with the EUDI Wallet to request the necessary attributes within the PID dataset with mutual authentication. Relying parties are responsible for carrying out the procedure for authenticating PID and (Q)EAA.

11. Conformity Assessment Bodies (CAB)

The EUDI Wallets must be certified by accredited public or private bodies designated by Member States. QTSPs need to be audited regularly by Conformity Assessment Bodies (CABs).

12. Supervisory Bodies

The supervisory bodies are notified to the Commission by the Member States, which supervise QTSPs and take action, if necessary, in relation to non-qualified Trust Service Providers.

13. Device Manufacturers and Related Entities

EUDI Wallets will have a number of interfaces with the devices they are based on, which may be for purposes such as local storage, online Internet access, sensors such as smartphone cameras, IR sensors, microphones, etc, offline communication channels such as Bluetooth Low Energy (BLE), WIFI Aware, Near Field Communication (NFC) as well as emitters such as screens, flashlights, speakers etc, and smart cards and secure elements.

14. Qualified and Non-Qualified Electronic Attestation of Attributes Schema Providers

(Q)EAA Schema Providers publish schemas and vocabularies describing (Q)EAA structure and semantics. It may enable other entities such as Relying Parties to discover and validate (Q)EAA.  Common schemas, including by sector-specific organizations are critical for widespread adoption of (Q)EAAs. 

15. National Accreditation Bodies

National Accreditation Bodies (NAB) under Regulation (EC) No 765/2008 are the bodies in  Member States that perform accreditation with authority derived from the Member State.  NABs accredit CABs as competent, independent, and supervised professional certification bodies in charge of certifying products/services/processes against normative document(s) establishing the requirements (e.g., legislations, specifications, protection profiles). NABs monitor the CABs to which they have issued an accreditation certificate. 

IMPORTANT: Please note that the above-mentioned information provides only a brief summary of the possible roles within the EUDI Wallet ecosystem. For more detailed information, it is strongly advised that you refer to the European Digital Identity Wallet Architecture and Reference Framework.

The eIDAS 2.0 Roadmap & Toolbox

The initial planning of the European Commission is detailed in the following Roadmap:

Chart eIDAS 2.0 Roadmap


Now that the Toolbox European Digital Identity Framework and Toolbox has been published by the EU Commission, EU States now need to prepare their versions of EUDI wallets to be built to common standards in preparation for launch in 2024.

The Toolbox explains everything the Member States need to construct the proper technological infrastructure to support the EDIW and implement it. It will include a collection of common standards, technical references, practices, and recommendations. It shall also describe everything the Member States need to construct the appropriate technical infrastructure to support the EUDI Wallet and to implement it. The collection of common standards, technical references, practices, and guidelines has now been provided.

The following illustration details the eIDAS toolbox mapped into SSI architecture:

Chart eIDAS 2.0 Toolbox

The illustration details how the Wallet should have 4 functions:

  • Identification and authentication,
  • Verifiability of the validity of the evidence by third parties throughout Europe,
  • Secure storage and presentation of verified identities and their data and
  • Generation of qualified electronic signatures and seals.

Building the Toolbox - How can you prepare for eIDAS 2.0?

In preparation for development and final rollout of the European Digital Identity (EUDI) Wallet, speak to Utimaco about the range of solutions that your organization requires as a part of your toolbox. An example of some of the services and solutions that Utimaco provides for the purpose of fulfilling EU Toolbox compliance requirements are:

• Qualified Trust Services for secure digital identity wallets 

• Authentication 

  • Enhancing log-on security with strong authentication, alongside regulations such as PSD2 SCA
  • Mutual authentication between the EUDI Wallet and external entities
  • Payment authentication with a high degree of security

• Data Encryption

  • Data may need to be stored or moved between different storage components, local or remote. Therefore, sensitive personal data requires secure storage and encryption

• EUDI Wallet Secure Cryptographic Device

  • The EUDI wallet should support cryptographic algorithms and processes and provide a secure environment for those. This can be a Hardware Security Module.

Please speak to us for further information in order to discuss your requirements.



Related products

Related products

To find more blog posts related with below topics, click on one of the keywords:

How can we help you?

Talk to one of our specialists and find out how Utimaco can support you today.
You have selected two different types of downloads, so you need to submit different forms which you can select via the two tabs.

Your download request(s):

    By submitting below form you will receive links for your selected downloads.

    Your download request(s):

      For this type of documents, your e-mail address needs to be verified. You will receive the links for your selected downloads via e-mail after submitting below form.

      About Utimaco's Downloads

      Visit our Downloads section and select from resources such as brochures, data sheets, white papers and much more. You can view and save almost all of them directly (by clicking the download button).

      For some documents, your e-mail address needs to be verified. The button contains an e-mail icon.

      Download via e-mail


      A click on such a button opens an online form which we kindly ask you to fill and submit. You can collect several downloads of this type and receive the links via e-mail by simply submitting one form for all of them. Your current collection is empty.