The History and Significance of eIDAS Regulation (and What Comes Next): How Europe Built Trusted Digital Identities

 Key Takeaways

• Fragmentation before eIDAS: Before eIDAS, EU countries used to handle digital identity and trust services nationally, resulting in limited cross-border recognition and inconsistent assurance models, creating disruption for cross-border businesses. In 2014, the eIDAS Regulation established a single EU-wide legal framework for electronic identification and trust services, now recognized across all 27 Member States.
• EIDAS 2.0 enters as a technical harmonization layer: Introduced in 2024, eIDAS 2.0 is gradually establishing the EU Digital Identity Wallet (EUDI Wallet), as a secure, interoperable foundation for identity and attribute sharing. It is supported by binding implementing acts that define security, interoperability, and certification requirements.
• Convergence by 2027: With the EU Anti‑Money Laundering Regulation (AMLR) set to apply directly across all EU Member States from July 2027, its requirements are converging toward a more consistent compliance landscape alongside eIDAS 2.0 and ETSI’s identity proofing standards. Together, they are shaping a harmonized, standards‑based framework for remote identity verification that reduces national divergence and strengthens legal certainty.

Before eIDAS: Fragmentation, Friction, and Missed Opportunities

Before the eIDAS Regulation existed, Europe’s digital identity landscape was fragmented. Member States developed national eID schemes, electronic signature laws, and trust service practices independently. While that may have fostered innovation locally, it limited cross-border recognition and resulted in inconsistent technical interoperability.

A contract signed using a “qualified” electronic signature in one country might not be accepted and opposable in another. A remote onboarding method approved by a bank in one jurisdiction could require additional checks elsewhere. For businesses operating across borders, digital trust was costly, uncertain, and difficult to scale.

The EU’s response was the eIDAS Regulation (EU No 910/2014), establishing a single legal framework for electronic identification, authentication, and trust services. Its objective was mutual recognition and interoperability across Member States, supported by common definitions, assurance levels and supervisory structures.

What eIDAS 1.0 Achieved (and Why It Wasn’t Enough)

eIDAS 1.0 laid the foundations of digital trust in the EU. It defined core trust services – such as electronic signatures, seals, timestamps, registered delivery, and website authentication. It also introduced Qualified Trust Service Providers (QTSPs) operating under national supervision and mandated mutual recognition of notified national eID schemes.

However, practical limitations soon emerged. Adoption outside the public sector remained uneven; technical implications diverged and remove identity verification practices varied significantly from state to state and evolved faster than the regulatory framework. As digital services became mobile-first and cross-border by default, the EU needed a more portable, reusable, and user-centric identity model.

Enter eIDAS 2.0: Wallet-First Identity and Expanded Trust Services

eIDAS, gradually entering into force since May 20, 2024, modernizes Europe’s digital identity framework. With the EUDI Wallet at its core – a secure, container for Person Identification Data (PID) and electronic attestations of attributes, users will now be able to verify their identity in the same way across all 27 EU Member States.

The EUDI Wallet enables selective disclosure, allowing users to share only what is necessary for a given transaction instead of oversharing data. It also establishes clear acceptance obligations for public bodies and certain private-sector use cases, creating predictable relying-party pathways across all Member States.

In November 2024, May and July 2025, the Commission adopted several batches of implementing regulations covering wallet security architecture, issuance and revocation of credentials, interoperability protocols, ecosystem notifications, and certification requirements. These implementing acts translate the regulation’s intent into actionable, testable technical requirements that significantly reduce interpretation risk and establish a common technical baseline for both issuers and relying parties.

Save the date: By the end of 2026, each EU Member State is required to make at least one EUDI Wallet available. Mandatory acceptance by public‑sector bodies and designated private‑sector service providers will then apply for defined use cases. These wallet requirements are highly technical, detailed, and designed to ensure seamless EU‑wide interoperability – moving well beyond the fragmented, country‑specific approaches of eIDAS 1.0.

What eIDAS 2.0 Offers in terms of Identity, eIDs, and IDV

The vision for frictionless identity in the EU is bold and clear: portable, high-assurance credentials that work anywhere in the Single Market. From a regulatory and technical standpoint, eIDAS 2.0 fundamentally shifts identity verification away from fragmented, document‑based checks toward certified, standards‑based, reusable digital credentials that support selective disclosure – ensuring users share only the minimum information needed. The model is built on certified, reusable credentials issued into wallets and verified consistently across borders. This shift isn’t just about convenience; it’s about privacy, fraud resilience, and operational efficiency at scale.

For identity verification, the EUDI Wallet moves the industry from “best-effort” approaches to standards-driven assurance. Financial institutions and regulated entities that prepare now will gain a competitive edge by:

• Designing identity checks aligned with ETSI identity proofing standards today, to ensure future compatibility with wallet-based credentials that can scale as risk or regulation evolves.
• Treating wallet-issued credentials and attributes as high-assurance inputs, reducing friction while increasing certainty.
• Preparing for cross-border customer journeys that can be designed against a single technical and regulatory reference framework and no longer require duplicative checks in each Member State.

The result is not only improved user experience but also stronger privacy guarantees, enhanced fraud resilience, and greater operational efficiency.

Why Convergence by 2027 Matters

The harmonized digital identity framework introduced by eIDAS 2.0 doesn’t stand alone – it’s part of a broader regulatory shift. From July 2027, the EU’s new Anti-Money Laundering Regulation (AMLR) will take effect, creating a single rulebook for customer due diligence across all Member States.

This alignment between eIDAS 2.0, ETSI identity proofing standards, and AMLR is designed to eliminate national inconsistencies, simplify compliance, and give financial institutions a more predictable and legally certain operating environment. In practice, it means onboarding journeys will become more consistent, less fragmented, and far easier to scale across borders – without compromising security or trust.

Convergence is the destination, while preparedness remains key. If you currently operate or plan to operate in the EU, you’ll need to map wallet-acceptance obligations, benchmark your processes against ETSI standards, and modernize your IDV stack. Start preparing by evaluating your identity solutions and build a roadmap that’s digital identity‑ready, standards‑aligned, and future‑proofed for 2027.