Digital identity and data sharing in Europe are on the brink of a massive change. The next two years are shaping the way the EU Digital Identity Wallet (DIW) will be designed, as mandated by the European Union (EU) in the eIDAS Regulation.
The EU Regulation stipulates that by the end of 2026, a DIW needs to be made available to citizens and businesses by every EU Member State (MS). Citizens and businesses can obtain and store qualified data and identity data from public institutions and other organisations – and share this in many situations. While the wallet itself is the eye-catcher the actual change and impact will come from the data exchange and identification that is made possible.
In the next two years, the Large-Scale Pilots (LSPs) will give results of cross-border use case testing and details of the Regulation and the DIW will be finalised in Implementing Acts and the Architecture Reference Framework (ARF). What will define the success however are clear data agreements, assurances on data valuation, and working through sectoral frameworks for assurance. Ultimately, it all comes down to practical use cases.
Many national initiatives started to pilot their wallets. Every MS needs to have a digital identity wallet in place by the end of 2026 and is free to choose their own approach. For example, the Dutch government is working on a national wallet, the NL Wallet, and is currently piloting with users in two main municipalities. The German government has issued a public consultation and innovation competition for prototypes of wallets, that ultimately could be certified as a German eIDAS compliant wallet.
The results of national pilots are expected to reveal that, once the technology enables data sharing, the real question is how the valuation of the data occurs, and how to trust it as a receiving party. That can already be as practical as interpreting the ‘address’, which has a (technical) format and a data definition, or accepting a ‘diploma’ as an actual educational certification.
The discussions in 2025 will be on trusting the data, value, and assurance given to the data, and industry-specific agreements on a data dictionary and data assurance agreements. One example of such an ‘industry’ that already has a framework is the educational sector, where there are agreements on how to value diplomas across borders.
Another development to be expected this year is how the use of wallets integrates into existing customer journeys and B2B interactions. Banks will be mandated to accept customers who want to share data with their wallets. They need to find a way to fit that into their current user journeys.
The integration in payments of the use of the EU DIW deserves specific attention. The EU DIW could be applied in such a way that it authorises transactions. This is still in development in 2025, yet the possibility has a significant impact on customer interactions and the customer view a bank will have after 2026.
Banks should be involved in the pilots that are ongoing or started on the European and national levels. This gives banks insight into the actual impact of the EU DIW and allows them to take appropriate measures, for both ensuring that customers can work seamlessly with the digital wallet on the banking app and services. It also allows banks the possibility to input to the EU DIW development, which improves the success rate of the pilots and delivers more ‘wholesome’ digital wallets. Engaging now provides banks with a self-selected position in the ecosystem. The alternative is focussing only on technical integration requirements that ensure compliance with eIDAS. Those banks will be forced into accepting however the EU DIW will operate, with no influence on the data flows.
It’s the saying: if you’re not at the table, you’re on the menu.
Banks should identify how the digital identity wallet impacts online exchanges, and other types of interactions where banks are involved (e.g., processing payments). Banks should also ensure their understanding of the wallet is up to date to make sure they can provide the financial services (which may change due to the impact) and maintain their guardian role for the financial system. Malicious actors (fraudsters) will immediately look for the weaknesses in exchanges of data using an EU DIW, and banks are one line of defence that should be prepared to catch fraud before it is completed.
The impact of the EU DIW development is significant for banks, and they should get involved: to learn, steer, and contribute. That will place the bank in pole position when the national EU DIWs are operationalised in 2026.
Source: https://www.formula1.com/en/latest/article/why-the-albert-park-changes-should-add-up-to-a-thrilling-racing-spectacle. 5XY84WeuRvqgKRkRGSjGKb
This editorial piece was originally published in The Paypers` Global Payments and Fintech Trends Report 2025. The report compiles insights and expertise from leaders representing companies across the financial services spectrum and it delves into the latest innovations and trends in payments and fintech across key markets worldwide.
Henk Marsman is a Principal Consultant at SonicBee, advising organisations on Identity and Access Management out of his 20+ years of experience. Prior he led the Rabobank global IAM services and built and led the IAM service of Deloitte NL. Henk conducts academic research at Delft University on digital identity wallets and responsible data sharing. Henk speaks and publishes on this topic internationally and is a member of various advisory boards.
SonicBee is an Identity and Access Management (IAM) company providing innovative and cutting-edge advisory services to make businesses faster, smarter, and more secure. We ensure that everything and everyone within your environment can access information in a safe, compliant, and smart way. The experts of SonicBee contribute to industry associations. We believe that sharing knowledge and experience will benefit society as a whole, for secure identities, access, and improved cyber security.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now