What are the key changes introduced by eIDAS 2.0?

Open EU passport on glass desk next to smartphone displaying a digital identity card, soft natural light, blue and silver tones.

eIDAS 2.0 introduces a major overhaul of the original eIDAS regulation, most notably by requiring every EU Member State to provide citizens, residents, and businesses with a European Digital Identity Wallet. Where the original regulation focused primarily on mutual recognition of national eID schemes, the revised framework extends obligations to the private sector, introduces new trust services, and establishes a single, interoperable digital identity standard across Europe. The sections below walk through each of the key changes in detail.

How does eIDAS 2.0 differ from the original eIDAS regulation?

The original eIDAS regulation, in force since 2016, created a framework for EU Member States to mutually recognise each other’s national electronic ID schemes. eIDAS 2.0 goes significantly further: it makes participation mandatory, extends the rules to private sector services, and introduces the European Digital Identity Wallet as a universal tool for every EU citizen and business.

Under the original regulation, Member States could choose whether to notify their national eID scheme for cross-border recognition. This led to uneven adoption and large differences in how digital identity worked from one country to another. Some countries had mature, widely used eID systems; others had almost nothing in place. The result was a fragmented landscape that made cross-border digital services unnecessarily complicated.

eIDAS 2.0 addresses this directly. Member States are now legally required to make a digital identity wallet available to all citizens, residents, and businesses. Private sector organisations that provide services in certain categories are also required to accept these wallets. The regulation shifts from being an optional framework to a binding infrastructure obligation, which is a fundamental change in both scope and ambition.

What is the European Digital Identity Wallet and what does it do?

The European Digital Identity Wallet, or EUDI Wallet, is a secure digital application that allows EU citizens, residents, and businesses to store, manage, and share verified identity data and documents. It enables users to prove who they are online and in person, share only the specific information needed for a given interaction, and sign documents electronically, all from a single app.

The wallet can hold a wide range of credentials, including national identity data, driving licences, academic qualifications, professional certificates, and health documents. When a user needs to access a service, they can share only the relevant attributes, for example, their age or nationality, without disclosing any additional personal information. This selective disclosure is one of the wallet’s most important privacy features.

Practically speaking, the wallet is designed to replace the need for repeated identity checks. Instead of proving your identity from scratch every time you open a bank account, register a SIM card, or access a government portal, you verify once and reuse that verified identity wherever it is accepted. Large-scale pilot programmes across 26 EU Member States have been testing exactly these scenarios, covering use cases from opening bank accounts and accessing government services to cross-border payments and SIM registration.

The wallet is open-source by design, meaning Member States and private providers can build their own implementations as long as they conform to the technical specifications set out in the Architecture and Reference Framework. Denmark’s AltID is one early example of a national wallet implementation that signals the direction of travel for the rest of Europe.

Which sectors and organizations are affected by eIDAS 2.0?

eIDAS 2.0 affects a broad range of sectors, with the strongest obligations falling on organisations that provide digital services requiring identity verification. Public sector bodies across all EU Member States are directly in scope, as are private sector organisations in categories such as banking, financial services, telecommunications, healthcare, transport, and online platforms with significant user bases.

The regulation specifically requires that certain categories of service providers accept the EUDI Wallet for user authentication. This means organisations cannot simply ignore the wallet and continue with their existing identity processes. They will need to integrate wallet acceptance into their onboarding flows, authentication systems, and compliance frameworks.

The sectors most immediately affected include:

  • Financial services and banking, where wallet-based identity verification can replace or complement existing KYC and AML processes
  • Government and public administration, which must both issue wallets and accept them for access to public services
  • Healthcare and pharmaceuticals, where verified identity is critical for patient records, prescriptions, and professional credentials
  • Telecommunications, particularly for SIM registration and contract management
  • Education, for the issuance and verification of academic credentials across borders
  • Online platforms and marketplaces that fall above certain usage thresholds

Organisations in financial services and government are among those facing the most immediate and concrete obligations, but the regulation’s reach is broad enough that most organisations handling identity data in a digital context should be assessing their readiness now.

What new trust services does eIDAS 2.0 introduce?

eIDAS 2.0 expands the list of qualified trust services recognised under EU law. In addition to the existing services such as electronic signatures, seals, timestamps, and website authentication certificates, the revised regulation introduces several new categories that reflect how digital interactions have evolved.

The new and expanded trust services include:

  1. Electronic attestation of attributes (EAA): A new service type that allows trusted parties to issue verified claims about a person or organisation, such as professional qualifications or age, in a machine-readable and cryptographically verifiable format. These attestations can be stored in the EUDI Wallet.
  2. Qualified electronic attestation of attributes (QEAA): A higher-assurance version of EAA, issued by qualified trust service providers, carrying greater legal weight across EU Member States.
  3. Electronic archiving services: Qualified services for the long-term preservation of electronic documents and signatures, ensuring their legal validity over time.
  4. Electronic ledger services: A new category covering the recording of data in a tamper-evident and verifiable way, relevant for use cases involving audit trails and data provenance.
  5. Remote qualified signature creation devices (QSCDs): Management of remote signing infrastructure as a qualified trust service, enabling legally valid electronic signatures without requiring physical hardware in the user’s possession.

These additions reflect a broader shift toward a richer, more interoperable trust ecosystem. Organisations in healthcare and other regulated sectors will find the attribute attestation services particularly relevant, as they enable the secure and portable sharing of professional credentials and patient data across organisational and national boundaries.

What are the compliance deadlines organizations need to know?

The most significant compliance milestone under eIDAS 2.0 is the obligation for all EU Member States to make a conformant EUDI Wallet available to citizens, residents, and businesses by 2026. For organisations required to accept the wallet, the practical implication is that integration work needs to be underway now, not after the deadline arrives.

While the regulation sets 2026 as the key deployment year, the groundwork has been laid over several years. Large-scale pilot programmes ran through 2025, testing wallet implementations across 26 Member States and refining the technical specifications. The Architecture and Reference Framework, which defines how wallets must work technically, has been developed iteratively based on feedback from those pilots. A series of Commission Implementing Regulations have also been adopted, covering everything from protocols and interfaces to certification requirements and cross-border identity matching.

For organisations, the practical compliance timeline means several things need to happen in parallel. Technical integration with wallet infrastructure, legal and contractual updates to reflect new data-sharing arrangements, staff training, and updates to onboarding and authentication flows all take time. Organisations that begin their assessment and preparation now are in a significantly stronger position than those waiting for final national implementations to appear.

It is also worth noting that eIDAS 2.0 does not operate in isolation. Related regulations such as AMLR and PSD2 intersect with digital identity requirements, and organisations in regulated sectors will need to ensure their compliance approach addresses all relevant frameworks together rather than treating each one separately.

How TrustTech helps organizations prepare for eIDAS 2.0

Navigating eIDAS 2.0 is not just a legal exercise. It requires aligning your technology, processes, and compliance frameworks with a regulation that is reshaping how digital identity works across Europe. That is exactly where TrustTech comes in.

TrustTech supports organisations across regulated sectors in preparing for and implementing the requirements of eIDAS 2.0 and the EUDI Wallet. The platform is built on European digital identity standards and connects every step of the identity lifecycle, from first verification to final signature. Concretely, TrustTech helps with:

  • Secure onboarding that reduces drop-off and meets eIDAS 2.0 assurance requirements
  • Reusable compliance so verified identity data can be shared and accepted across organisations without starting from scratch each time
  • Qualified electronic signatures with identity linked to every signature and a complete audit trail
  • EUDI Wallet readiness built into the platform by design, so your organisation is prepared for wallet-based interactions as they roll out across Europe
  • Cross-sector interoperability for finance, government, healthcare, and beyond

Whether you are still mapping out what eIDAS 2.0 means for your organisation or already moving toward implementation, TrustTech provides the expertise and infrastructure to make that transition practical and effective. Explore our identity solutions or get in touch with our team to discuss where your organisation stands and what the next steps look like.