How eIDAS 2.0 affects private relying parties and SCA [Analysis]

The calculated bet on EUDI Wallet adoption

There is a clear logic behind the eIDAS 2.0 framework that redefines digital security.

One of its primary objectives is to ensure that Strong Customer Authentication (SCA) is used wherever secure identification is essential.

In simplified terms, the EU legislator requires high–assurance authentication whenever SCA is mandated under Union law, national law, or contractual obligations.

To ensure this SCA is accessible to everyone, the relevant entities will be obliged to accept electronic identification via European Digital Identity (EUDI) Wallets.

Why?

Because the Wallet is inherently secure and carries the highest level of assurance. Consequently, in the specific sectors outlined in the regulation (see: Art. 5f of eIDAS 2.0), the mechanism is mandatory; elsewhere, it remains optional.

At the same time, eIDAS 2.0 defines only the minimum use cases in which the EUDI Wallet must be accepted.

This reflects a broader regulatory strategy: once organisations build the infrastructure required to support wallet–based authentication, they may begin to use it in other digital processes as well.

The wallet is intended to combine a high level of assurance with a superior user experience compared with many traditional verification methods, making it attractive for wider use.

The European Commission describes this mechanism as a “catalyst for broad deployment.” How widely it is adopted will depend on how the wallet evolves and what additional credentials are integrated over time.

In the early stages, the EUDI Wallets will primarily contain the Personal Identification Data (PID). On its own, the PID might not be attractive enough to trigger mass adoption, and there is no single legal provision to force that momentum.

Yet, the true potential lies in what we integrate into advanced processes later.

This will entice entities outside the mandatory catalog – and in areas beyond those explicitly mentioned in eIDAS 2.0 – to join the ecosystem.

As a result, not only the electronic identity system but the entire landscape of remote transactions, underpinned by a secure wallet, will experience exponential growth.

Key objectives of eIDAS 2.0

Let’s just imagine a world where the friction of managing dozens of passwords, physical cards, and fragmented accounts simply vanishes.

In its place is a single, secure digital wallet on your smartphone – your gateway to logging in, identifying yourself, and managing your most sensitive credentials with total control.

This is the core idea behind the EUDI Wallet:

With the introduction of the EUDI Wallet, your smartphone becomes a secure hub for your digital identity.

From official documents to private services, the EUDI Wallet ensures seamless, secure access and data sharing throughout the European Union.

Practical implications of the new infrastructure

User autonomy in EUDI Wallet

Member States will provide a mobile wallet (or equivalent) to store digital identity data and credentials (e.g. originating from diplomas, licenses). Users decide what to share and keep control over their information.

Impact on SCA processes

The wallet can be used for online identification and SCA where required by EU law, national law, or contract. It must support high–assurance authentication.

Mandatory roles for issuers and verifiers

Issuers (public authorities or authorised entities) issue credentials into the wallet. Verifiers (service providers) must accept the wallet when a user chooses to present it.

Data minimisation & user control

Verifiers can request only data that is necessary and proportionate for the service. Users can share specific attributes and, where allowed, use pseudonyms.

Obligations for a wide range of service providers

Providers in key sectors (e.g., banking, telecom, energy, transport, education, healthcare) must accept EUDI Wallets when strong authentication is legally required.

Interoperability across the EU

Wallets and relying systems must work across all Member States under common standards and specifications. This enables cross–border use without separate national setups.

Operational oversight of the EUDI Framework

Each Member State must appoint bodies to supervise compliance and manage trust lists. Oversight also covers cross-border coordination to keep the system consistent across the EU.

Digital wallets vs payment wallets – is market consolidation inevitable?

One could even go so far as to say that we are witnessing a reversal of the expected trend:

Identity wallets will start as tools for secure identification, but over time their functionality and accepted credentials may expand to include payments and other services.

This transition will take time, though, and users are likely to have several wallet options available, from which they may choose a single solution covering both identity verification and payments.

In practice, it signals the need for large–scale technical and regulatory overhauls for entities mandated to apply Strong Customer Authentication (SCA).

Two milestones are critical

By December 24, 2026, the mandate to introduce at least one EUDI Wallet per Member State will come into effect.

It is intended to be an electronic identification at the "high" level of assurance (LoA), fulfilling security requirements, built on open-source licenses, provided free of charge, and capable of issuing qualified electronic signatures.

Subsequently, on December 24, 2027, the obligation for certain private "relying parties" to accept the EUDI Wallet will take effect.

Taking as an example the payment service sector, this would mean that payment service providers will essentially become "private relying parties" within the meaning of eIDAS 2.0, meaning a natural or legal person that relies upon electronic identification or a trust service.

Understanding your registration duty

What is also crucial?

Private relying parties will be subject to the obligation to register in the Member State of establishment as a relying party accepting the EUDI Wallet (including a statement of the purpose for which they use the EUDI and the data to be obtained through the EUDI).

Importantly, the EUDI is to support common protocols and interfaces, among others, for the purpose of transmitting and presenting data to the relying party, authenticating relying parties through the implementation of authentication mechanisms, or verifying the authenticity and validity of the EUDI by relying parties.

Free QES for all citizens – a major step toward universal digital accessibility

The EUDI Wallet also changes how natural persons can use Qualified Electronic Signatures (QES) for non–professional purposes.

Individuals who hold a European Digital Identity Wallet can create a QES by default and free of charge, without having to undergo additional administrative procedures.

The Wallet also enables the signing or sealing of personal statements and verified attributes.

This broader availability of QES will definitely affect the current market for qualified trust service providers.

As the only digital format legally equivalent to a handwritten signature, the QES is the gold standard for agreements, the EUDI Wallet transforms this experience by offering a frictionless way to trigger a QES.

Who should keep a close eye on eIDAS 2.0?

Age–restricted retail & digital platforms:

Providing automated, privacy–first age verification for entities legally mandated to perform checks – such as liquor stores or gambling platforms. Electronic attestation of selected attributes will ensure full compliance without exposing sensitive personal details.

Banking & finance:

Driving remote account opening and simplified Customer Due Diligence (CDD) through identity verification powered by notified electronic identification means and integrated QES.

Telecoms:

Enabling "zero–friction" identity checks for instant SIM card registration and service agreements, drastically reducing drop–out rates during onboarding.

Powers of attorney/ verification of authorization:

Much like the original eIDAS established for QES – an electronic attestation of attributes cannot be denied legal effect solely because it’s in digital form; this aligns qualified e–attestations with traditional paper documents, enabling instantaneous, cross–border verification of user status without the burden of bureaucracy

HR & recruitment:

Eliminating the "paper trail" by using legally binding digital employment contracts and secure, cross–border onboarding.

Insurance:

Powering compliant digital claims and applications while providing a seamless, secure identity proofing experience for policyholders.

Healthcare:

Facilitating the secure and tamper–proof exchange of verified medical data, prescriptions, and patient authorizations.

Logistics & access management:

Optimizing real–time identity management and digital authorization for drivers, external staff, and sensitive site access.

Education:

Modernizing the issuance and validation of digital diplomas and academic credentials, making them instantly verifiable across all EU Member States.

Why is early adoption key?

A further question arises:

How will payment service providers adapt to accepting not only the 27 mandatory EU national wallets but also, inevitably, numerous other identity solutions?

The fact that each Member State is required to implement its own national EUDI wallet, it does not mean:

There will be only one wallet available per country;
It excludes the development of commercial ID wallets (in fact, the opposite is true).

Given that these wallets are not limited to the public sector, they may be issued by both government authorities and accredited private entities, one must be prepared to integrate with a minimum of 27 national wallets across the EU, alongside an unlimited number of accredited commercial wallets coming soon.

On top of that, eIDAS 2.0 sets deadlines, while many countries will be ready before those deadlines.

Therefore, it's important to realize that adoption has already started.

Simplifying it: the first deadline is set for the end of December 2026, and every EU member state should release their wallet by that date.

12 months later, another deadline kicks in: to accept wallets.

Ultimately, it is a matter of internal strategy: companies must decide whether to embrace these wallets as they launch or risk falling behind more agile competitors.

EUDI Wallet integration and the new PSR rules

It’s worth bearing in mind that by 2027, Strong Customer Authentication (SCA) will no longer be governed by the Revised Payment Services Directive (PSD2), but mainly by the Payment Services Regulation (PSR), in combination with eIDAS 2.0.

The legal framework for payment authentication will therefore be directly applicable across Member States and closely linked to the European Digital Identity (EUDI) infrastructure.

Consumers will have the right to use the EUDI Wallet to perform SCA, particularly for remote account access and electronic payment initiation.

Banks, selected fintech companies, and payment service providers will need to ensure that their authentication systems support wallet–based SCA, including building secure and convenient cross–application authentication flows in mobile environments.

It is important to note that this obligation applies only to remote scenarios.

The requirement to accept the EUDI Wallet for SCA does not extend to in–person transactions at point–of–sale terminals or ATMs. Existing SCA methods remain applicable in those contexts.

The complexity lies in the implementation phase.

Particularly in aligning EUDI–based authentication with PSR requirements such as secure credential storage and mandatory dynamic linking.

Architectural choices for 2027 compliance

And one more thing:

While users remain free to choose whether to authenticate through the wallet or through existing channels, regulated entities must ensure that the wallet option is available wherever Strong Customer Authentication is required.

In practice, this means that architectural design, system integration, and compliance alignment must be completed in advance, as readiness will ultimately depend on technical implementation rather than policy declarations.