Europe’s new digital identity framework: urgency and opportunity for financial institutions

Joerg Lenz from Namirial discusses how the interplay of the AMLR, eIDAS 2.0, and the operational rollout of the EUDI Wallet forms the baseline for trust, security, and user experience in the digital financial ecosystem.

For banks, insurers, and fintechs alike, the clock is ticking. The coming years will bring sweeping regulatory changes that redefine how Know Your Customer (KYC), Strong Customer Authentication (SCA), and electronic signature processes operate across the European financial landscape. With key compliance obligations under the revised eIDAS regulation and the new Anti-Money Laundering Regulation (AMLR) taking effect in 2026 and 2027, institutions now face both an urgent need for adaptation and a rare window for innovation.

Major events in autumn 2025, such as the ENISA Trust Service and eID Forum, followed by the Certification Authority Day in Split in September, and the European Summit on Digital Sovereignty by German and French Government and the Bitkom and Payments & Banking Digital Finance Conference in Berlin in November, underlined that the convergence of these frameworks will not only tighten compliance, but also reshape Europe's digital trust infrastructure. Aligning AMLR and eIDAS requires financial institutions to ensure that their identity verification, authentication, and transaction signing processes are interoperable, while maintaining the cybersecurity and data protection standards set by ENISA, ETSI, and CEN. Those who act early can move beyond compliance and use new digital trust services as strategic assets.

At the heart of this transformation lies the European Digital Identity Wallet (EUDI Wallet), which will serve as a trusted and interoperable tool for securely sharing verified identity credentials across borders and sectors. The challenge for financial institutions is twofold: determining when and how these wallets will impact their customer and operational workflows and defining their role within this ecosystem. Traditionally, banks have operated purely as relying parties, consuming verified identities issued by others. Under the new framework, however, they may also act as issuers or verifiers of credentials. This expansion of roles opens opportunities to build deeper trust relationships with customers and to streamline compliance processes through verified digital attestations. 

At the European Summit on Digital Sovereignty, Oliver Lauer of the German Savings Banks Organisation was presenting their vision of combining age verification and payment in the EUDI Wallet session. Kristina Yasuda of the German Federal Agency for Breakthrough Innovation SPRIND demonstrated the use case of bank account opening using a beta version of the EUDI Wallet version of the German government, which is due to be released by the end of 2026 or in January 2027.

At the European Summit on Digital Sovereignty, Bitkom CEO Ralf Wintergerst presented a ‘Memorandum of Understanding for the Successful Introduction of the EUDI Wallet’, which was signed by more than 75 companies and the Federal Ministry for Digitalisation and Public Sector Modernisation. The signatories include companies from various sectors, such as banking and finance, retail, mobility, cybersecurity, and telecommunications. Signatories from the financial industry include Commerzbank, DKB, ING, N26, Raisin, and Scalable Capital. The memorandum commits the companies to rapidly adapting their processes for use with the EUDI Wallet. The Ministry of Digitalisation intends to incorporate feedback from the business community into the implementation process, while Bitkom will further expand the dialogue between the digital economy and the government.  

According to a recent Bitkom survey published in November 2025 in Germany, interest in a wallet solution is high: 82 percent of companies with 20 or more employees in Germany already stated that they intend to use the EUDI wallet in the future. Thirteen percent have not yet considered the topic, and only 2 percent do not plan to use the EUDI wallet. At the same time, of the companies that intend to use the wallet, only 4 percent have taken initial steps toward implementation, another 4 percent plan to begin this year, and 45 percent next year. However, three-quarters (75 percent) want to wait and see what experiences others have with the EUDI wallet.

A more strategic question follows: should a financial institution develop its own wallet or integrate wallet functionality into existing mobile banking applications? The decision will hinge on balancing regulatory obligations with user experience and long-term digital strategy. Providing a proprietary wallet could position a bank as a central node in the emerging trust network, while embedding wallet compatibility into current apps may deliver faster adoption and customer familiarity. Each path carries implications for infrastructure, liability, and ecosystem interoperability.

The introduction of Qualified Electronic Attestations of Attributes (QEAA) further broadens the horizon. These attestations allow organisations to verify and share specific customer attributes - such as age, address, or account status- under regulated and cryptographically secure conditions. Beyond compliance, they promise a new generation of digital services, from instant onboarding and automated credit risk assessment to secure cross-border transactions requiring high assurance levels. For institutions prepared to build around these capabilities, QEAAs could unlock efficiencies and revenue streams that traditional KYC frameworks have long constrained.

Another critical development concerns remote identification and eKYC processes for users who do not yet possess a European Digital Identity. New and updated pan-European standards, including ETSI EN 319 461, will override national regulations and harmonise the technical and procedural rules for remote identity verification. Financial institutions relying on video identification or biometric methods will need to adapt their systems to meet these updated standards. This harmonisation aims to strengthen trust and consistency across borders but will also require significant technical and procedural updates within existing compliance infrastructures.

The interplay of AMLR and eIDAS 2.0, coupled with the operational rollout of the EUDI Wallet, effectively sets a new baseline for trust, security, and user experience in the digital financial ecosystem. For institutions operating in regulated sectors, the next two years represent a period of both regulatory preparation and strategic repositioning. Compliance teams must map their obligations across both frameworks, assess where their processes intersect, and explore where new trust services can create value rather than simply absorb cost.

The message from regulators and experts at various events addressing the financial services industry in autumn 2025 is clear: digital identity and trust services are no longer peripheral compliance matters - they are foundational to the future of financial operations. Those who approach this transition with foresight and experimentation will not only meet the letter of regulation but help define the next generation of digital financial services in Europe.  

The rapidly approaching introduction of the EUDI wallet infrastructure makes it crucial for banks and financial service providers to familiarise themselves with practical applications at an early stage. One approach to this is so-called ‘sandboxes’ - simulated environments in which digital identity and trust services can be tested. For example, in October 2025, Namirial was the first qualified trust service provider to launch a global sandbox to test its wallet platform to give companies the opportunity to run through real-world deployment scenarios in advance.

The sandbox allows for trying out new features such as attribute verification (e.g., IBAN, Legal Person Identifier), strong authentication, and digital credentials - the very elements that will need to be regulated in the future by combining AMLR and eIDAS 2. Within the framework of such test environments, technical and organisational processes can be tested: What role does the institute play (e.g., relying party)? How can wallet apps be integrated into existing onboarding journeys? The answers can be obtained in a practical way before the operational pressure increases. Those who gain targeted experience now can better assess compliance risks and, at the same time, identify potential: The Namirial sandbox, for example, is explicitly designed for regulated industries and offers a ‘preceding’ platform that can be used to understand implementation obligations and market opportunities in parallel. 

With 2026 and 2027 deadlines for many standardised wallet requirements, time is of the essence. Sandboxes help to reduce uncertainties and build structures in preparation.

For employees in banks, this means not only looking at legal or technical aspects but actively trying things out and generating experience. Sandbox projects offer a bridge from the theoretical set of rules to real implementation.

About author

Since 1999, Joerg Lenz has specialized in legal, technical, and organisational requirements for identification and electronic signature systems across private and public sectors. His work covers signature workflow orchestration, biometric and digital identity methods, ID wallets, and trust services. He contributes to national and international expert groups, focusing on regulated industries and the evolving EU framework for European Digital Identities and forthcoming EUDI and EU Business Wallets.

 

About Namirial

Namirial provides trusted digital transaction management, supporting customer onboarding, agreement automation, signature workflows, identification, multi-factor authentication, e-signatures, registered delivery, long-term archiving, and e-invoicing. Founded in Italy in 2000, the company is now serving customers in 85 countries with over 1000 employees and 200 partners, processing millions of daily transactions. Namirial is a qualified trust service provider under eIDAS and contributes to shaping the evolving EU Digital Identity Framework.