The European Union's revised electronic identification regulation — known as eIDAS 2.0 — entered into force in May 2024, and its most consequential deadline is now months away. By the end of 2026, every EU member state must offer its citizens a digital identity wallet: a secure mobile application through which individuals can store, manage, and present government-issued identity credentials, educational qualifications, professional licences, and other verified attributes.

The wallet itself is voluntary — no citizen is required to use one. But the acceptance obligation is not. From 2027 onward, a wide range of public bodies and regulated private-sector entities will be required to accept the EU Digital Identity Wallet wherever they need to verify identity. Financial services, telecommunications, healthcare, and transport are among the sectors where mandatory acceptance will apply. A bank that requires identity verification to open an account must accept the wallet. A mobile carrier that verifies identity for SIM registration must accept the wallet. The refusal option is being removed by regulation.

Four implementing regulations have been adopted that set out the technical standards, data formats, and security requirements for the wallets. These cover everything from how credentials are issued and stored to how cross-border verification works — ensuring that a wallet issued in Portugal functions seamlessly for identity verification in Finland. The interoperability framework is designed to create a single identity verification infrastructure for approximately 450 million citizens across 27 member states.

For businesses operating in the EU, the practical implications are significant. Organisations that currently verify identity through document scanning and manual checks will need to implement systems capable of accepting and validating wallet-based credentials. This means integrating with the technical infrastructure specified in the implementing regulations, supporting the credential formats defined by the framework, and updating their verification workflows to accommodate a new input type alongside existing methods.

The transition is not a replacement of existing verification but an addition. Businesses will need to support both wallet-based and traditional document-based verification for the foreseeable future, since wallet adoption will be gradual and not all customers will choose to use one. The verification systems that are most prepared are those that are designed as modular platforms capable of accepting multiple input types rather than single-purpose document scanning tools.

The privacy architecture of the wallet is worth understanding. The system is designed around data minimisation. A wallet holder can present specific attributes — confirming they are over 18, for example — without revealing their full identity. Selective disclosure allows businesses to verify what they need to know without collecting information they do not need, which aligns with GDPR's data minimisation principle and reduces compliance burden.

For businesses outside the EU that serve European customers, the implications are equally relevant. Any online service that verifies the identity of EU citizens — for account creation, age verification, or regulatory compliance — should anticipate that a growing share of those customers will present wallet-based credentials rather than traditional documents.

The organisations that will navigate this transition most smoothly are those that invest now in verification infrastructure flexible enough to support wallet-based credentials alongside existing methods. deepidv is building identity verification infrastructure designed for this transition, supporting both document-based and emerging credential-based verification in a single platform.