eIDAS2 puts a state-recognised digital identity wallet into the hands of every EU resident. For payments, it reframes who authenticates you, how SCA can work, and what “know your customer” might cost.
The original eIDAS regulation (2014) governed electronic identification and trust services — e-signatures, seals, timestamps. eIDAS2 (Regulation (EU) 2024/1183) revises it and adds the headline new artefact: the EU Digital Identity Wallet (EUDI Wallet).
The EUDI Wallet is a state-recognised app that holds verified identity attributes and credentials — who you are, your age, a diploma, a payment credential — and lets you present exactly the attribute a relying party needs, under your control. Every member state must provide at least one wallet to its citizens and residents.
The wallet stores person identification data and electronic attestations of attributes. A relying party — a bank, merchant, public authority — requests specific attributes; the user consents and the wallet presents a cryptographically verifiable response. The design goal is selective disclosure: prove you are over 18 without revealing your birth date, prove you hold an account without exposing the full statement.
Attributes live in the wallet on the user’s device; the user approves each disclosure. This is the data-minimisation pitch.
A wallet issued by one member state must be accepted by relying parties across all 27 — a single identity layer for the whole union.
EUDI wallets target the eIDAS “high” level of assurance, the strongest identity tier, suitable for opening accounts and authorising payments.
For payments the wallet touches two expensive processes: strong customer authentication and customer onboarding (KYC/CDD).
The PSD3/PSR reform explicitly contemplates the EUDI wallet as a strong-authentication method. A wallet-held credential can serve as an SCA factor.
eIDAS2 may oblige PSPs to accept the wallet for authentication, but PSD2/PSR SCA also demands dynamic linking (binding auth to amount + payee). The wallet alone does not automatically satisfy that — the two regimes must be reconciled.
A high-assurance identity attestation in the wallet could collapse onboarding cost — re-using a verified identity instead of re-running document checks every time.
eIDAS2 entered into force in 2024 and the rollout runs on a two-stage clock.
| Milestone | Deadline | Who it binds |
|---|---|---|
| Each member state provides at least one EUDI Wallet | By December 2026 | The 27 member states |
| Relying parties must accept the wallet | By December 2027 | Banks, PSPs, EMIs, large platforms |
From end-2027, a PSP requiring strong online authentication must accept all recognised EUDI wallets — even from member states it does not operate in. That is up to 27+ wallet variants to integrate.
The detailed technical specifications arrive through implementing/delegated acts and the wallet reference framework. Building against a moving spec is the real-world risk as of May 2026.
If you are a PSP or bank: the December 2027 acceptance obligation is a build, not a maybe. Start by treating the wallet as an additional SCA and KYC channel, and design for the reconciliation between eIDAS2 acceptance and PSR dynamic-linking up front — that gap is where compliance projects stall.
If you run onboarding: the wallet is a genuine cost-reduction opportunity for KYC/CDD, but only if you build to consume high-assurance attestations rather than bolting the wallet onto a document-scan flow. The savings come from removing steps, not adding a channel.
Cost of being wrong: waiting for one canonical wallet. There will be many (one-plus per member state). The integration surface is the federation, not a single app, and underestimating that is the classic planning error.