A Person Identification Data set (PID) is the foundational set of identity attributes that every European Digital Identity Wallet must contain. It is the digital equivalent of your government-issued identity document, structured in a standardised, machine-readable format that can be verified instantly across EU member states. Under eIDAS 2.0, the PID is the cornerstone of how individuals prove who they are in digital environments.
Understanding what the PID contains, how it works, and what organisations can do with it is essential for any business preparing for the rollout of the EUDI Wallet. The sections below walk through the most important questions surrounding the PID in plain, practical terms.
What data does a Person Identification Data set actually contain?
A Person Identification Data set contains the core attributes needed to uniquely identify a natural person. At minimum, this includes a person’s first name and family name, date of birth, place of birth, current address, and a unique persistent identifier that links the individual to their home member state’s identity system. These attributes are defined in the eIDAS 2.0 regulation to ensure consistency across all EU wallets.
Beyond the mandatory minimum, the PID may also include additional attributes such as nationality, gender, and a portrait image, depending on what the issuing member state includes. The key principle is that the data set is standardised: regardless of whether a wallet is issued in Germany, Spain, or the Netherlands, the PID will follow the same structure and encoding format. This makes cross-border recognition technically reliable for the first time.
The data within the PID is expressed as verifiable credentials, meaning each attribute is cryptographically signed by the issuing authority. This allows a relying party to confirm not just what the data says, but that it has been issued by a trusted government source and has not been tampered with.
How does the PID differ from a traditional digital identity credential?
The PID differs from a traditional digital identity credential in three fundamental ways: it is issued directly by a government authority, it uses cryptographic proof rather than a username-and-password model, and it supports selective disclosure so users can share only the attributes a service actually needs. Traditional credentials typically rely on a central identity provider that authenticates users on behalf of a service, creating a dependency on that intermediary.
With a traditional eID or login credential, the identity provider often sees every transaction the user makes. The PID inside an EUDI Wallet changes this dynamic significantly. Because the wallet sits on the user’s own device, the user presents identity attributes directly to the relying party. The issuing government authority does not need to be involved in every transaction, and the identity provider does not learn which services the user is accessing.
This architecture also means the PID is reusable across different services without re-verification. Once a person’s identity has been bound to their wallet and the PID has been issued, they can use that same verified identity data to open a bank account, access healthcare records, or sign a contract, without starting from scratch each time. This is a significant improvement over the current fragmented landscape where each organisation runs its own verification process independently.
Who issues the PID under eIDAS 2.0?
Under eIDAS 2.0, the Person Identification Data set is issued by a designated PID Provider in each EU member state. This is typically a government body or an authority officially recognised by the state, such as a national identity registry, a civil registration authority, or a body responsible for issuing national identity documents. The regulation requires that PID providers appear on national trusted lists so relying parties can verify their authenticity.
Member states have some flexibility in how they structure PID issuance. A government may operate the PID provider directly, or it may delegate this function to a certified organisation, as long as that organisation meets the strict requirements set out in the regulation and its implementing acts. What is not permitted is for a private company to issue a PID without official government recognition, because the PID must be rooted in a legally authoritative source of identity.
This is different from other attestations that can be stored in the EUDI Wallet. A university can issue a diploma as a verifiable credential, and a bank can issue proof of account ownership. But only a state-authorised PID provider can issue the core Person Identification Data set that underpins the wallet’s identity layer.
How is the PID stored and protected inside the EUDI Wallet?
The PID is stored inside the EUDI Wallet as a cryptographically signed credential, bound to the wallet instance on the user’s device. Protection relies on a combination of secure hardware, cryptographic key management, and the wallet’s certification requirements. The wallet itself must meet high-level security standards defined in the eIDAS 2.0 implementing acts, and the private keys used to authenticate the PID must be stored in a secure element or equivalent trusted execution environment.
When a user presents their PID to a relying party, the wallet generates a cryptographic proof that demonstrates the credential is genuine, was issued to this wallet, and has not been altered. This happens without the issuing authority being contacted in real time, which protects user privacy while still enabling the relying party to trust the data.
Selective disclosure is another important protection mechanism built into the PID’s technical design. Rather than presenting the entire data set, a user can choose to share only specific attributes. For example, to prove they are over 18, they do not need to reveal their exact date of birth. To prove their nationality, they do not need to share their home address. This minimises the amount of personal data that flows to any given service, which directly supports GDPR compliance for both users and organisations.
What can organisations do with a verified PID?
Organisations that accept a verified PID can use it to confirm a user’s identity with a level of assurance equivalent to in-person document verification. This opens the door to fully digital, high-assurance onboarding for services that currently require physical ID checks. Sectors such as financial services, healthcare, and government services stand to benefit most directly, as these are areas where identity verification is both mandatory and often burdensome.
Practical use cases for organisations accepting a verified PID include:
- Opening a bank account or completing KYC checks remotely, without requiring the customer to visit a branch or upload document scans
- Granting access to government portals or public services across EU member states using a single trusted identity
- Verifying patient identity in healthcare settings before sharing medical records or prescriptions
- Streamlining employee onboarding by accepting verified identity and qualification data directly from the wallet
- Enabling legally binding electronic signatures that are linked to a verified identity, meeting eIDAS 2.0 requirements for qualified signatures
Organisations will need to register as relying parties to request and receive PID attributes. This registration process is designed to ensure that only legitimate services can request identity data, and that users can see exactly who is asking for what before they consent to share anything. For organisations in regulated sectors, accepting a PID can also simplify compliance reporting, since the identity data comes with a built-in audit trail and cryptographic proof of its origin.
For organisations wondering how to connect their existing systems to wallet-based identity flows, TrustTech’s identity solutions are built specifically for this kind of integration challenge.
When will the PID become available across EU member states?
The EUDI Wallet, and with it the PID, is scheduled to be made available by all EU member states by 2026. This deadline is set in the eIDAS 2.0 regulation, which entered into force in 2024 and requires member states to provide a wallet to all citizens, residents, and businesses within the EU. In 2026, this obligation is being actively implemented, with several member states already running pilot programmes or early rollouts.
The timeline for practical availability varies by country. Some member states are further along than others, and the large-scale pilot projects that ran across 26 member states, Norway, Iceland, and Ukraine have been instrumental in testing the technical architecture and collecting real-world feedback. These pilots covered use cases ranging from opening a bank account to accessing government services and registering a SIM card.
For organisations, the relevant question is not just when the PID becomes available, but when relying party infrastructure needs to be in place to accept it. Building that readiness takes time, and organisations that start preparing their technical and compliance frameworks now will be better positioned to offer wallet-based services from day one. The regulatory pressure is real: under eIDAS 2.0, certain categories of online services will be required to accept the EUDI Wallet as a means of authentication.
The implementation steps involved, from registering as a relying party to integrating wallet flows into existing onboarding processes, are worth mapping out well in advance. Organisations in financial services, government, and healthcare in particular should treat 2026 as a live deadline rather than a future horizon.
How TrustTech helps organisations prepare for PID-based identity
Implementing PID-based identity verification is not just a technical project. It touches compliance, customer experience, data governance, and system architecture all at once. TrustTech is built specifically to help organisations navigate this complexity and move from understanding the regulation to actually being ready for it.
Working with TrustTech gives organisations access to:
- Wallet-ready identity infrastructure that connects PID verification, reusable credentials, and qualified electronic signatures in a single platform
- Relying party integration support to connect existing onboarding and compliance workflows to EUDI Wallet-based identity flows
- Sector-specific implementation expertise across finance, government, healthcare, and other regulated industries where identity assurance requirements are highest
- eIDAS 2.0 compliance guidance that translates regulatory requirements into concrete technical and organisational actions
- Reusable compliance architecture so that once a customer is verified using a PID, that verification can be reused across services without starting from scratch
TrustTech sits between the parties that need to interact, providing the infrastructure that makes trusted digital identity practical and scalable. Whether your organisation is just beginning to map out its eIDAS 2.0 readiness or is already deep in implementation, the right support makes the difference between a smooth transition and a costly delay. Get in touch with TrustTech to discuss how your organisation can be ready for PID-based identity verification.