eIDAS 2.0 and the EUDI Wallet: What It Means for Identity Verification
On 20 May 2024, Regulation (EU) 2024/1183 amending the eIDAS Regulation entered into force – commonly known as eIDAS 2.0. At the heart of the reform is the European Digital Identity Wallet, or EUDI Wallet: a digital wallet that will be made available to every EU citizen on a mandatory basis from the end of 2026. For HR departments, compliance teams, and background check providers, this is not a side issue in IT, but a structural shift in identity verification. Those who think through the implications early gain a tangible first-mover advantage.
eIDAS 2.0 at a glance
The original eIDAS Regulation (EU) No 910/2014 governed electronic identification and trust services in the internal market – signatures, seals, timestamps, delivery services. In practice, adoption lagged behind expectations: national eID systems were heterogeneous, cross-border use was inconvenient, and the private sector had little incentive.
eIDAS 2.0 changes that fundamentally. The main innovations:
Obligation for Member States to provide at least one EUDI Wallet by the end of 2026 – free of charge, upon request, on smartphone and desktop.
Acceptance obligation for certain private actors (including very large online platforms under the DSA, banks, telecommunications providers, healthcare services, educational institutions) to recognize the EUDI Wallet when strong user authentication is required.
Qualified Electronic Attestations of Attributes (QEAA): legally binding, cryptographically signed attribute attestations – for example for diplomas, professional licenses, or employment references.
Selective Disclosure: users disclose only the attributes the recipient absolutely needs – data minimization under Art. 5(1)(c) GDPR is technically enforced.
What the EUDI Wallet contains
The EUDI Wallet is not just an ID container. It is an ecosystem of verified credentials from public and private sources, cryptographically bound. Especially relevant for HR purposes:
National ID data: name, date of birth, nationality, photo – from the national identity database.
Driver's license: classes, issue dates, validity.
Education credentials: university degrees, vocational training, certificates – issued by recognized educational institutions and stored in the EBSI network (European Blockchain Services Infrastructure).
Professional authorizations: licenses, chamber memberships, sector-specific permits (e.g. anti-money laundering officers).
Tax ID, social security number (depending on Member State).
Proofs of address, bank details, signature certificates.
Each credential is digitally signed by the issuing Attribute Provider. Tampering is cryptographically detectable; a forgery in the classic sense – a scanned ID with Photoshop retouching – becomes technically pointless.
Timeline: pilots, rollout, full operation
The implementation of the EUDI Wallet follows a phased roadmap:
2023–2025: Large Scale Pilots. Four large consortia (POTENTIAL, EWC, NOBID, DC4EU) are testing use cases cross-border – including education credentials, payments, driver's license, and mobile driving license.
2024–2026: Finalization of the implementing acts of the Commission on wallet architecture, security requirements, certification, and interoperability.
By the end of 2026: all Member States must provide at least one EUDI Wallet for their citizens (Art. 5a eIDAS 2.0).
2027 and beyond: large-scale rollout, a growing ecosystem of private attribute providers, broad use in HR and onboarding contexts.
Fundamental impact on background checks
For background check processes, the EUDI Wallet represents a paradigm shift in four dimensions.
Document upload becomes obsolete
Today's standard flow – the applicant uploads a PDF of the ID document, and the provider checks it manually or via OCR – becomes unnecessary. Instead of "upload document," the applicant clicks "share wallet," selects the attributes to display, and confirms biometrically on the smartphone. The recipient receives cryptographically signed attributes, not image files.
Qualification verification directly from the wallet
Today, verifying a foreign university degree takes days to weeks: request to the university, translation, apostille, follow-up questions. With QEAA-based education credentials, this becomes a real-time API call: the wallet provides the degree as a signed attribute, and the verifier checks the signature chain against the EU Trusted List.
Faster onboarding – time savings of 60 to 80 percent
The combination of eliminating manual document checks, immediate qualification verification, and real-time identity confirmation compresses onboarding times dramatically. Industry estimates from the EU pilots suggest time savings of 60 to 80 percent in identity and credential verification. What takes two to five days today will take minutes.
Higher trust scores through cryptographic verification
More important than the time savings is the increase in trust. A scanned ID is an image; a wallet attribute is a statement from a certified provider with cryptographic binding. The risk of tampering, identity theft, and synthetic identity fraud drops significantly. For roles with heightened requirements – financial sector, healthcare, critical infrastructure – this is the decisive lever.
Technical adjustments for background check platforms
Platforms optimized today for document upload and manual verification must adapt their architecture in several layers:
Verifier role under eIDAS 2.0: registration as a Relying Party, technical connection to national trust lists, maintenance of a verifier endpoint with TLS and attested authorization.
Protocol support: OpenID4VP (Verifiable Presentations), OpenID4VCI (Credential Issuance), and ISO/IEC 18013-5 (mDL) are the likely standards for EUDI interaction.
Credential schema handling: ability to parse different credential types (PID, mDL, QEAA) and extract the appropriate fields.
Selective Disclosure: request flows that ask only for the truly needed attributes – both for privacy reasons and because wallets will enable zero-knowledge-like disclosure.
Revocation handling: credentials can be revoked; the verifier must regularly check status lists.
Fallback flows: until wallets are used across the board, parallel support for classic identity procedures.
Concrete scenario: wallet-based onboarding
Ms Schmidt applies to a German bank for a compliance role. The employer requires: identity verification, university degree, Certified Anti-Money Laundering Specialist certification, and a current certificate of good conduct.
She opens the background check link and scans the QR code with her EUDI Wallet.
The wallet shows: "Indicium Technologies requests the following attributes – first name, last name, date of birth, nationality, university degree (Master's), CAMS certificate, certificate of no objection from the BZR."
She confirms biometrically (Face ID).
The wallet sends signed credentials to the verifier.
The verifier checks signatures against the EU Trusted List, validates revocation status, and extracts the attributes.
The system returns a go/no-go to the HR department within a few seconds.
No upload. No OCR correction loop. No follow-up questions because scans are unreadable. No waiting for external verifications.
What applies in Switzerland, Austria, and across the EU?
EU-wide: Regulation (EU) 2024/1183
The eIDAS 2.0 Regulation applies directly in all Member States. The implementation details – wallet architecture, security level (Level of Assurance "high"), certification framework – will be specified through delegated acts. The ARF (Architecture Reference Framework) is the central technical reference document; version 1.4 has been available since 2024, with further updates to follow.
Austria: ID Austria and OID integration
Austria already has a functioning state eID with ID Austria. The implementation of the EUDI Wallet builds on this: the Federal Computing Centre is working with the Federal Ministry of Finance and A-Trust on an EUDI-compatible wallet solution. Integration with the Austrian Qualifications Framework (NQR) and OID (Open Identity Exchange) is part of the roadmap. For employers in Austria, this means: today's ID Austria infrastructure is the transition path to the EUDI Wallet, not the endpoint.
Switzerland: SwissID today, state E-ID from 2026
Switzerland is not an EU member, so it is not directly bound by eIDAS 2.0. At present, the privately operated SwissID dominates. After the rejection of the E-ID Act in 2021, Parliament passed a new E-ID Act in 2024; the state Swiss E-ID is due to go live from 2026 and is deliberately designed technically as a decentralized, wallet-based solution – so it is architecturally close to the EUDI Wallet.
For corporations with Swiss and EU subsidiaries, interoperability is key. The federal government has signaled that the Swiss E-ID should be based on W3C Verifiable Credentials and OpenID4VP – the same standards as the EUDI Wallet. Seamless cross-border use is therefore technically possible, but depends on bilateral trust frameworks. Companies are well advised to choose a screening platform that maps both ecosystems.
EEA: Norway, Iceland, Liechtenstein
The EEA states adopt eIDAS 2.0 through the EEA Committee. The timeline may differ slightly from that of the EU, but the functional end state is identical.
First-mover advantage: why act now?
The EUDI Wallet is not a theoretical future vision. It is a legislative product with a binding roadmap, an investment framework (European Commission, Member States, Digital Europe Programme), and ongoing pilot projects. Three reasons why early adoption makes strategic sense:
Candidate experience: companies that offer wallet-based onboarding from 2026 onward stand out with tech-savvy candidates – especially in contested segments such as tech, finance, and healthcare.
Compliance dividend: cryptographically verified credentials reduce liability risks in fit-and-proper decisions and due diligence obligations under the German Money Laundering Act, § 25c KWG, Art. 3 BankG.
Infrastructure readiness: anyone who only builds the verifier role, trust list integration, and protocol support in 2027 will be two years behind the competition. The system work is not trivial.
What Indicium is preparing
Indicium Technologies is actively tracking the eIDAS 2.0 development and is preparing integration of the EUDI Wallet as soon as the technical specifications – especially the final implementing acts and the ARF in its production-ready version – are stable. The goal is to enable customers to move seamlessly from document-based to wallet-based screening without interrupting ongoing processes. Timeline and scope will depend on the progress of the European legal framework; we will only make concrete release commitments once the regulatory foundations are fully defined.
The message to HR and compliance leaders is clear: the next generation of identity verification is coming – faster, more secure, and more candidate-friendly. Those who plan now will have the right platform in 2026/27. Those who wait will be catching up.
Data protection: the EUDI Wallet strengthens GDPR, it doesn't weaken it
A common misconception: a digital identity wallet means more data leakage and therefore less privacy. The opposite is true. Three mechanisms of the EUDI architecture strengthen data protection.
Selective Disclosure enforces data minimization technically. If only the minimum age and professional authorization are relevant for a position, the verifier requests exactly those two attributes – no more. The wallet refuses to transmit any additional fields. What Art. 5(1)(c) GDPR requires is no longer a matter of processor discipline, but part of the protocol.
Unlinkability: the same wallet attribute presented twice to different verifiers should not be linkable by the attribute provider. The issuing state therefore does not see when and where a citizen presented their diploma. Technically, this is implemented through zero-knowledge proofs and randomized presentation handles.
User control: every release requires an active decision by the wallet owner, confirmed biometrically or by PIN. Silent data leakage without the affected person's action is ruled out by design.
For compliance teams, this means: the verification process becomes both faster and more privacy-friendly. That is a rare double win in the history of identity verification.
Preparation: five steps for HR and compliance teams
Create an inventory: Which identity and qualification checks are currently running in which systems? What share would fall away with wallet-based verification?
Vendor dialogue: Clarify with existing HR and screening providers whether they have a roadmap for EUDI support – including verifier registration, OpenID4VP support, and credential schema handling.
Define pilot cohorts: Identify applicant flows that are suitable for a wallet pilot in 2026 – typically tech roles, early-career candidates with high smartphone affinity, and international candidates with mobility between EU states.
Adjust policies: Prepare privacy notices, employment contracts, and applicant communications for wallet flows – including a fallback process for candidates without a wallet.
Clarify governance: Who in the company is responsible for the verifier role? How is the wallet-based result embedded in the existing hiring workflow? Which audit trails are stored?
Conclusion
eIDAS 2.0 and the EUDI Wallet mark a turning point in Europe's digital identity. For background checks, that means: higher verification quality at lower process cost, a better candidate experience with stronger privacy, and EU-wide interoperability instead of national silo solutions. The regulatory foundation is in place; the technical infrastructure is emerging. Companies that use the next 18 to 24 months to prepare will enter 2026/27 with an advantage that laggards will find hard to catch up to.
Want to know how your screening process can be prepared for eIDAS 2.0? Book a demo and we will show you the roadmap for wallet-ready background checks in the DACH and EU context.
Further reading — related articles
Nabil El Berr
