Fed up with 2 Factor Authentication (2FA)? Can’t get the MS or Google Authenticator app to work? Foxed by some new innovation like SMS Messages going to a hidden spam box? Locked out of your Apple account for a week while Apple resets your password? Or simply forgotten a password which you just changed? The list of ID verification issues never seems to end.

Or maybe, as a business, are you struggling to due diligence a partner from another country?

There again perhaps as an honest law-abiding contributor to the economy you are simply angry that ID fraud continues, that catfishing scams seem to be growing, that some immigrants still remain undocumented, and about many other problems which result from inadequate ID verification.

Then you’ll be happy to hear help is on its way this year. From an unlikely source: the EU. A favorite target of politicians’ badmouthing.

And you’ll probably be surprised too, because their new Decentralised Digital ID architecture which supports the new solution is being rolled out at Breakneck Speed.

• It is now less than 2 years from the legal framework coming in to force which compels big companies like Meta and Apple to offer clients the option to use it: eIDAS 2.0, May 20, 2024; and

• 3 years since the publication of the first version of its technical architecture which designs in the prevention of data seapage or leakage to either private or public players: ARF 1.0 (current version 1.6), Architecture and Reference Framework, 10 February 2023; and

• not yet 4 years since the W3F issued its recommended global open standard on digital IDs which determines the core, generic architecture of such systems: DiD 1.0, 19 July 2022.

So what is it? Called the EU-DI, it is an ID “wallet” which other countries are already wanting to copy. It’s leading the world.

But wait, we’ve had those for ages haven’t we?

• Years ago the EU created virtual IDs for government services and raised the status of electronic signatures to full legal force to substitute DocuSign etc in 2014 (eIDAS 1.0).

• The friendly folks at Apple and Google have given us wallets into which you put your credit cards, US driving license and passport, and which provide verification for retailers, police and airports acceptable in US.

• And elsewhere there is no need for “wallet” because the national ID card has become virtual through accessing a comprehensive central database. Like India (Aadhaar), Singapore (Singpass) and …. China. Enough said.

So what’s different about the EU’s approach to IDs? Well it’s the fact that it is integrated legal and technical open architecture which is

• comprehensive, layered up from a Foundational Personal ID (one stop shop),

• respects privacy (NOT one size fits all) and

• legally supported to yield the maximum benefits e.g. it must be available but not mandatory to use. In countries relying on the market to find solutions like the UK, the market is still free to offer only leaky solutions which favour commercial interests.

• open, so no one can restrict its use through patents or restricting know-how.

Key to its attractiveness is that the architecture designs in “Self-Sovereign” identity (SSI),

• Decentralised verification based on downloaded credentials on your device. So you need to be online only for the strongest types of verification (e.g. signature by corporate officer). In general verification will be offline, whether by NFC or QR code reading. The minimal size of central database (simply registries) makes it irrelevant whether they are constructed from blockchain or accessed peer-to-peer

• Selective disclosure based on permissioning certificates enabling verification or receipt of only specific types of data e.g. confirmation of age over 18 and not the year of birth (and certainly not the address shown on a standard driving license).

  For example, when proving your age in a bar ….

  • The Old Way: you show a physical ID that reveals your full name, home address, and exact birthdate.

  • The EU Way: you present a “Zero-Knowledge Proof” via your wallet that says “User is over 18.” The bouncer sees a green checkmark, but never learns your name or address.

Critics have said and will continue to say that the mere existence of a Unique Identifier is a back door to illegal, non-GDPR compliant aggregation of data by ill-intentioned parties.

But that ignores that

• the justification to divulge it will be very limited. Government departments will still be able to use and verify their own IDs in the wallet (tax number, health ID, social security ID etc) and, having need for it, will not be permissioned to receive it. The Unique ID will be used only for the strong verification purposes (e.g. for initial bank account opening KYC).

• data will be divulged only when individually authorised (Selective Disclosure)

  When a “Relying Party” requests your data, a screen will pop up on your phone showing who is asking for exactly what.

  For example:

  • | Requesting Party | “Ultimate Drink Bar” |

  • | Requested Data | “Age / Date of Birth” |

  • | Shared? | Can be shared as “Yes, over 18” |

• legal prohibition and technical design out of “big brother”-style tracking, constitutionally outlawed in various EU countries. In any case very little data will even be associated with the Unique ID much less available to be aggregated, because decentralisation removes the need even to ping a central registry except in very uncommon circumstances. Instead of a single ID number that follows you everywhere (which would allow companies to track your behavior across different services), the wallet can generate unique, sector-specific pseudonyms. For Example: Your “ID” for a health app would be different from your “ID” for a transport app, making it impossible for those two services to link your data together

• that the coding for the ID verification is open source, so the administrating bodies cannot add in back doors without being noticed.

Strategically for the EU and for EU businesses, the EUDI is great news for many reasons including:

1. that it is a cross-border solution, backed by biometrics. So it will enable not only the spread across borders of financial services, already the primary user of ID verification services, but also better border control; and it will hinder cross-border fraud. Focus can turn to the legal and regulatory frameworks for this (“Banking Reform”) and closing the avenues of fraud.

2. It will reduce verification costs hugely, from sometimes 25 Euro to perhaps 0.5 Euro per transaction

3. It is a demonstration that the hybrid governance of the EU works. It is not merely still effective but it can result in major world leading innovations in social and commercial life. National governments have been developing solutions in parallel for years, so when the time came to devise a new phase the diversity of expertise and experience was there to support it.

   Here are the names of a few of the national apps which will be updated this year to EUDI: France Identité, Digital Identity Wallet (Germany), DÁP (Hungary:”Digital Citizen”), MitID (Denmark), MiDNI (Spain), FINeID (Finland),DigID (Netherlands), IT Wallet (Italy), Digital Citizen (Cyprus), itsme (Belgium), BankID (Sweden), BankID (Norway), LuxTrust (Luxembourg)

Of course, like any very new technology, there will be unexpected issues and deadlines may not be hit. This may be why the mainstream media like the Economist have been quite quiet so far. Key moments to watch for are as follows:

31.12.2026: the deadline for every EU Member States to provide a Digital Identity Wallet (EUDI)

31.12.2027: the deadline for “Very Large Online Platforms” (like Meta or Amazon) and strategic sectors (banks, energy, transport) to accept the EUDI wallet. (This prevents private tech companies from becoming “gatekeepers” of your identity.)

Meanwhile I for one am enjoying the gradual replacement of the problematic ID verification methods I have to use as I link up my first apps (utilities, banks etc) to my digital ID wallet in Hungary. I expect it will help make payments too (I can change the default wallet for paying by NFC), but lower security “Pay” wallets do it well so I don’t need it to do that. For high security ID verification though, it is already working well.

Now I just need Microsoft to find a way to keep two accounts live on my desktop as well as my mobile phone does with its twin SIMs, so that I don’t even need to be verifying as I toggle between them!

COMMENTS AND CORRECTIONS ARE VERY WELCOME.

Sources and Further Reading:

https://ec.europa.eu/digital-building-blocks/sites/spaces/EUDIGITALIDENTITYWALLET/pages/791609471/What+is+the+Wallet (What is the Wallet - EU Digital Identity Wallet)

https://caribou.global/publications/european-digital-identity-wallet/ (The European Digital Identity Wallet | Caribou June 2024)

https://digital-strategy.ec.europa.eu/en/policies/business-wallets (European Business Wallets | Shaping Europe’s digital future 19 November 2025)

https://ec.europa.eu/digital-building-blocks/sites/download/attachments/930450954/Use%20Case_Manual_Age%20verification.pdf (Use Case_Manual_Age verification.pdf)