eIDAS 2.0 and self-sovereign identity (SSI) are related but distinct concepts in the digital identity space. eIDAS 2.0 is a European regulatory framework that mandates how identity is issued, verified, and recognised across EU Member States. SSI is a design philosophy that gives individuals direct control over their own identity data, independent of any central authority. The two share common values around user control and privacy, but they differ significantly in governance, legal standing, and implementation. This article walks through the key questions organisations ask when trying to understand how these two approaches relate and what that means in practice.
How do eIDAS 2.0 and self-sovereign identity actually relate to each other?
eIDAS 2.0 and self-sovereign identity are not the same thing, but they are not opposites either. eIDAS 2.0 is a binding EU regulation that creates a legal and technical framework for digital identity across Europe. SSI is an architectural and philosophical approach to identity that prioritises individual control and decentralisation. The two overlap in their shared emphasis on user-controlled data and privacy, but eIDAS 2.0 operates within a state-governed trust model while SSI traditionally envisions a world without central authorities.
In practical terms, eIDAS 2.0 draws heavily on SSI-influenced concepts, particularly the use of verifiable credentials and decentralised identifiers. This means organisations building for eIDAS 2.0 compliance will encounter technology that has roots in the SSI movement. Understanding SSI therefore gives teams a useful conceptual foundation for understanding what eIDAS 2.0 is trying to achieve technically, even if the regulatory and governance layers look quite different.
What are the core principles of self-sovereign identity?
Self-sovereign identity is a model of digital identity in which individuals hold and control their own identity data without relying on a central issuer or intermediary to authenticate them. Rather than storing identity information in a centralised database owned by a government, bank, or platform, SSI enables users to carry cryptographically verified credentials in a personal wallet and present them directly to any party that needs to verify them.
The SSI model is typically built around three core principles:
- User control: Individuals decide what information they share, with whom, and when. No third party can share or revoke that data without the user’s knowledge.
- Verifiable credentials: Identity claims are issued as cryptographically signed digital documents that any relying party can verify without contacting the original issuer.
- Decentralisation: Trust is established through open standards and distributed ledgers or registries, rather than through a single trusted authority.
These principles emerged partly as a response to the privacy risks and power imbalances built into traditional centralised identity systems, where users have little visibility into how their data is used or shared.
Where does eIDAS 2.0 align with SSI principles — and where does it diverge?
eIDAS 2.0 aligns with SSI principles in three important ways: it requires user-controlled wallets, it uses verifiable credentials as the technical format for identity data, and it enforces selective disclosure so users share only what is necessary. These are all hallmarks of SSI thinking applied at a regulatory scale.
However, eIDAS 2.0 diverges from pure SSI in one fundamental respect: governance. In the SSI model, trust is established through open, decentralised systems where no single entity holds authority. Under eIDAS 2.0, trust is rooted in state-backed certification. Member States are legally required to issue wallets, and only officially recognised issuers can provide credentials that carry legal weight. This creates a governed trust hierarchy that SSI purists would argue contradicts the decentralisation principle at the heart of the movement.
In short, eIDAS 2.0 borrows the technology and user experience of SSI but places it within a regulated, government-anchored trust framework. For organisations operating in regulated industries, this is actually a feature rather than a limitation, since it provides the legal certainty that pure SSI systems currently lack.
Does the EUDI Wallet use self-sovereign identity technology?
The European Digital Identity Wallet uses technology that is closely associated with the SSI movement, most notably verifiable credentials and selective disclosure mechanisms. Users can store identity attributes and documents in their wallet, present only the specific data a service requires, and do so without the receiving party needing to contact the original issuer. This technical architecture is directly inspired by SSI standards.
That said, the EUDI Wallet is not a pure SSI implementation. The wallet ecosystem is governed by a regulatory framework in which Member States are obligated to provide wallets to all EU citizens, residents, and businesses. Credentials are issued by officially recognised authorities rather than by any entity a user chooses to trust. The trust model is therefore hybrid: SSI-style technology operating within a state-governed infrastructure.
The four large-scale pilot programmes launched across Europe have been testing this hybrid model in real-world scenarios, from opening bank accounts and signing contracts to claiming prescriptions and presenting travel documents. The insights gathered are helping refine the architecture so that the wallet works securely and interoperably across all Member States.
Which approach should organisations implement: eIDAS 2.0 or SSI?
For most organisations operating in Europe, eIDAS 2.0 is not a choice but a compliance requirement. If your organisation serves EU citizens or operates within the EU, you will need to accept EUDI Wallets and recognise eIDAS-compliant credentials as a legal obligation. The question is not whether to implement eIDAS 2.0, but how to do it effectively.
SSI as a standalone approach remains more relevant for organisations exploring identity solutions beyond the EU regulatory context, or for those building systems where no government-backed trust anchor exists. It is also relevant as a design philosophy that can inform how you build internal identity infrastructure, even when the external-facing layer must comply with eIDAS 2.0.
The practical recommendation for most organisations is to build eIDAS 2.0 readiness as the foundation, while designing systems in a way that is compatible with SSI principles. This means adopting open standards for verifiable credentials, designing for selective disclosure from the start, and avoiding proprietary identity architectures that will create migration costs later. Organisations in financial services and government services in particular should treat 2026 as the year to move from planning to implementation.
How does understanding SSI help organisations prepare for eIDAS 2.0?
Understanding SSI helps organisations prepare for eIDAS 2.0 because the two share the same underlying technical vocabulary. Teams that are familiar with verifiable credentials, decentralised identifiers, and selective disclosure will find it significantly easier to evaluate eIDAS 2.0 tooling, ask the right questions of vendors, and make sound architectural decisions.
Beyond the technical layer, SSI thinking encourages a user-centric mindset that is directly applicable to eIDAS 2.0 compliance. Regulations like eIDAS 2.0 and GDPR both require organisations to give users meaningful control over their data. Organisations that have already internalised this principle, rather than treating it as a compliance checkbox, will build better products and face fewer integration challenges when wallet-based identity becomes the norm.
There is also a strategic benefit. SSI has been evolving as a field for over a decade, and the standards it has produced, such as the W3C Verifiable Credentials Data Model, are now embedded in the eIDAS 2.0 technical architecture. Organisations that engage with these standards now, rather than waiting for regulatory deadlines, will be better positioned to build reusable identity infrastructure that works across multiple regulatory contexts.
For organisations in healthcare and life sciences, this is especially relevant. Identity verification in those sectors must satisfy multiple overlapping regulatory requirements, and an SSI-informed approach to eIDAS 2.0 implementation provides a flexible foundation that can adapt as regulations evolve.
- Start with the standards: Familiarise your team with W3C Verifiable Credentials and the eIDAS 2.0 Architecture and Reference Framework.
- Audit your current identity flows: Identify where users currently verify themselves and where those flows will need to accept wallet-based credentials.
- Design for selective disclosure: Build systems that request only the minimum necessary data, both as a privacy best practice and as a compliance requirement.
- Engage with the pilot ecosystem: Follow the outcomes of the large-scale pilot programmes to understand real-world implementation lessons before you build.
- Plan for interoperability: Ensure your identity infrastructure can interact with wallets and credentials from multiple Member States, not just your home country.
How TrustTech helps with eIDAS 2.0 and self-sovereign identity
Navigating the intersection of eIDAS 2.0 compliance and SSI-based identity architecture is complex, particularly for organisations in regulated sectors where the stakes of getting it wrong are high. TrustTech is built specifically to support organisations through this transition.
As a platform designed for eIDAS 2.0 readiness, TrustTech provides:
- Secure onboarding infrastructure that reduces drop-off and speeds up time-to-trust across your customer journeys
- Reusable identity and compliance checks so customers verify once and their credentials are accepted across every interaction
- Qualified digital signatures that are identity-linked, legally compliant, and fully auditable
- Wallet-ready architecture built on European digital identity standards, compatible with the EUDI Wallet ecosystem
- Cross-sector expertise in finance, government, healthcare, and science, helping you translate regulatory requirements into practical implementation steps
Whether you are at the stage of understanding what eIDAS 2.0 means for your organisation or ready to move into production, TrustTech helps you build the identity infrastructure that meets today’s requirements and scales with tomorrow’s. Explore our identity solutions or get in touch to discuss your specific situation.