How does eIDAS 2.0 differ from the original eIDAS?

Worn leather EU passport beside a modern digital identity card on a glass desk, reflecting cool navy and warm amber tones.

eIDAS 2.0 differs from the original eIDAS regulation primarily by introducing the European Digital Identity Wallet, extending the framework to private sector services, and creating new obligations for Member States to provide interoperable digital identity solutions to all citizens and businesses. Where the original eIDAS focused on mutual recognition of national eID schemes and electronic signatures, eIDAS 2.0 builds a far more comprehensive and user-controlled digital identity ecosystem across the EU.

The original regulation, in force since 2016, laid important groundwork but left significant gaps in coverage and adoption. eIDAS 2.0, adopted in 2024, addresses those gaps directly and raises the bar for what digital identity infrastructure must deliver. The sections below walk through the most common questions organizations are asking as they work to understand what has changed and what it means for them.

What changed between eIDAS and eIDAS 2.0?

The original eIDAS regulation allowed EU Member States to notify and mutually recognize each other’s national electronic ID schemes, but it did not require every country to create one. This led to significant variation across the EU, with some Member States offering mature eID solutions and others offering very little. eIDAS 2.0 fundamentally changes this by making digital identity provision mandatory and by introducing a common standard that applies across both public and private sectors.

The key shifts from eIDAS to eIDAS 2.0 can be summarized as follows:

  • Mandatory wallets: Every Member State must now provide a European Digital Identity Wallet to citizens, residents, and businesses.
  • Private sector inclusion: Large online platforms and service providers are required to accept the EUDI Wallet for authentication.
  • Expanded attribute sharing: Users can now share verified credentials beyond identity, such as qualifications, licenses, and health data.
  • Stronger user control: Users decide exactly what data they share, with whom, and when, reducing unnecessary data disclosure.
  • New trust service categories: eIDAS 2.0 introduces additional qualified trust services, including electronic attestations of attributes, electronic archiving, and electronic ledgers.

In short, the original eIDAS created a foundation. eIDAS 2.0 builds the house on top of it.

What is the European Digital Identity Wallet and why was it introduced?

The European Digital Identity Wallet (EUDI Wallet) is a secure mobile application that allows EU citizens, residents, and businesses to store, manage, and share verified identity data and digital documents. It can hold anything from a national ID and driving license to professional qualifications and healthcare credentials. Users share only the information that is strictly necessary for a given interaction, keeping full control over their personal data.

The wallet was introduced because the original eIDAS framework produced an uneven landscape. Not all Member States built interoperable eID systems, and those that did often limited them to public sector use. Citizens were repeatedly asked to prove the same things to different organizations, starting from scratch every time. The EUDI Wallet solves this by creating a single, portable, and universally recognized identity layer that works across borders and across sectors.

From 2026, Member States are legally required to make the wallet available. It can be issued directly by governments or by private entities that receive official recognition. The wallet is built on open-source principles, meaning the reference implementation is publicly available and Member States can develop their own solutions on top of it.

For organizations in sectors such as financial services or government, the wallet represents a practical shift in how identity verification and onboarding will work in the near future.

How does eIDAS 2.0 expand the scope beyond government services?

eIDAS 2.0 explicitly extends the digital identity framework to private sector services, which was not a core feature of the original regulation. Under the new rules, large online platforms, banks, telecoms, and other designated service providers must accept the EUDI Wallet as a means of user authentication. This means digital identity becomes a cross-sector infrastructure, not just a tool for accessing government portals.

The practical implications are significant. A person could use their wallet to open a bank account, register a SIM card, access healthcare services, sign contracts, or verify their age for an online platform, all without creating new accounts or submitting documents repeatedly. The large-scale pilot programs launched in 2023 tested exactly these scenarios across more than 350 participating entities from 26 Member States, Norway, Iceland, and Ukraine.

The pilots explored eleven real-world use cases, including opening bank accounts, accessing government services, SIM registration, and educational credential sharing. The feedback gathered from these pilots directly informed the technical specifications and architecture that underpin the final wallet design.

For organizations in healthcare or regulated industries, this expansion means that the wallet is not a distant government project. It is an incoming channel through which customers and patients will expect to interact with you.

What are qualified electronic attestations of attributes (QEAAs)?

Qualified electronic attestations of attributes (QEAAs) are a new type of trust service introduced by eIDAS 2.0. They are digitally signed statements, issued by a qualified trust service provider, that confirm specific attributes about a person or organization. Examples include a verified professional qualification, a confirmed address, or an employer-issued credential. Unlike a basic identity assertion, a QEAA carries a high level of legal and technical assurance.

This concept did not exist in the original eIDAS framework, which focused mainly on identity authentication and electronic signatures. QEAAs fill an important gap by enabling organizations to share and accept verified data that goes beyond “who you are” to include “what you are qualified to do” or “what has been confirmed about you.”

Within the EUDI Wallet, users can store QEAAs alongside their identity documents and present them to relying parties on demand. A hospital could issue a QEAA confirming a doctor’s credentials. A university could issue one confirming a degree. A government authority could confirm a business license. Each of these attestations is cryptographically verifiable and portable across borders.

For compliance teams and digital transformation managers, QEAAs represent a meaningful shift in how verified data can flow between organizations, reducing duplication and improving trust in the data being exchanged.

How do trust levels and assurance levels differ between the two frameworks?

Both eIDAS and eIDAS 2.0 use a three-tier assurance model: Low, Substantial, and High. These levels describe how reliably an identity has been verified before it is used in a transaction. The higher the assurance level, the more rigorous the identity proofing process that was used. This structure remains consistent between the two frameworks, but eIDAS 2.0 applies it more broadly and ties it to a wider range of credentials and trust services.

Under the original eIDAS, assurance levels applied primarily to notified eID schemes used for accessing public services. Under eIDAS 2.0, the same assurance framework now applies to the EUDI Wallet and to the new categories of trust services, including QEAAs. This means a relying party can know, with legal certainty, what level of verification sits behind any credential presented through the wallet.

eIDAS 2.0 also introduces more detailed technical requirements for achieving each assurance level, backed by implementing regulations and the Architecture and Reference Framework (ARF). This gives organizations clearer guidance on what they need to do to issue or accept credentials at a given level, which simplifies compliance decisions.

For risk and security professionals, the practical takeaway is that the assurance model itself is familiar, but its application is now much wider and better specified than before.

What does eIDAS 2.0 mean for organizations that must comply?

For organizations in regulated sectors, eIDAS 2.0 is not optional background noise. It introduces concrete obligations and changes the expectations placed on digital identity infrastructure. Member States must provide wallets by 2026. Designated relying parties must accept them. Trust service providers must meet updated requirements. Organizations that interact with customers digitally need to understand how the wallet fits into their onboarding, authentication, and data-sharing processes.

The compliance landscape is also broader than eIDAS 2.0 alone. Organizations are simultaneously navigating GDPR, AML, KYC, PSD2, and now the incoming AMLR requirements. eIDAS 2.0 does not replace these frameworks, but it intersects with all of them. A well-designed digital identity infrastructure can help satisfy requirements across multiple regulations at once, rather than building separate solutions for each.

Key actions organizations should consider include:

  1. Assess your current identity infrastructure against eIDAS 2.0 requirements and identify gaps in assurance levels, interoperability, and attribute handling.
  2. Map your customer journeys to understand where the EUDI Wallet will be relevant, from onboarding and authentication to consent and signing.
  3. Engage with wallet pilots and technical specifications to understand how your sector-specific use cases are being addressed in the Architecture and Reference Framework.
  4. Plan for reusable identity flows so that once a customer has verified once, that verification can be trusted and reused across interactions.
  5. Align compliance and technology teams so that regulatory requirements and technical implementation decisions are made together, not in isolation.

Organizations that start preparing now will be better positioned to meet the 2026 deadline and to benefit from faster, more trusted digital interactions with their customers. You can explore practical resources to support your preparation.

How TrustTech helps organizations navigate eIDAS 2.0

Understanding the differences between eIDAS and eIDAS 2.0 is one thing. Translating that into a working implementation is another. TrustTech supports organizations across regulated sectors in making this transition practical and manageable.

Working with TrustTech, organizations can:

  • Build EUDI Wallet-ready identity flows that connect verification, qualification, and signing in a single trusted process
  • Enable reusable KYC and compliance checks so customers verify once and that verification is accepted everywhere it is needed
  • Issue and accept qualified electronic attestations of attributes, supporting both internal and cross-organization data exchange
  • Align digital identity infrastructure with eIDAS 2.0, GDPR, AML, and sector-specific requirements in one coherent approach
  • Reduce onboarding friction and drop-off rates while meeting the highest assurance levels required by regulation

TrustTech’s platform sits between the parties that need to interact, without owning any of them, making it a neutral and trusted layer for identity, qualification, and signing. Whether you are in finance, government, healthcare, or another regulated sector, the TrustTech approach is built to match your context.

Ready to understand what eIDAS 2.0 means for your organization specifically? Get in touch with TrustTech and start the conversation.