Digital ID, payments providers are trying to solve eIDAS ambiguities

The EU has been busy building a regulatory foundation for its European Digital Identity (EUDI), which will be offered to all Europeans by the end of 2026. Despite this, questions on legal intricacies remain, including for payment service providers (PSPs). This is despite payments being considered to be among the top use cases for EUDI Wallets.

The Dutch Payments Association has now published an assessment on the impact of the EUDI Wallet on payment processes. The paper, published by its eIDAS 2.0 Taskforce, focuses on payments for natural persons who are holders of an EUDI wallet and provides industry guidance to help payment providers navigate ambiguities.

“The regulation requires designated private service providers – including those in the payments sector  – to integrate and accept EUDIWs,” says the organization. “However, while the legal text is final, a conclusive interpretation of the scope of acceptance and impact on payments remains unclear.”

The EUDI Wallet’s legal foundation includes the eIDAS 2.0 regulation, which has already entered into force, and Implementing Acts, which provide technical and legal specifications. eIDAS introduces a requirement for relying parties to accept the EUDI Wallet for processes that involve Strong User Authentication (SUA). However, more clarity is needed from lawmakers regarding Strong Customer Authentication (SCA) requirements, according to the analysis.

Currently, it seems impossible for payment service providers to accept the EUDI Wallet for two-factor authentication (2FA) security processes while also adhering to the Strong Authentication Requirements (SCA) prescribed by the revised Payment Services Directive (PSD2) and its SCA Regulatory Technical Standards (RTS), the organization says.

The paper also hopes to help payment service providers differentiate between compliance rules set by eIDAS and optional rules. According to eIDAS 2.0 regulation, payment service providers do not have to accept electronic signatures or ‘electronic attestations of attributes’ (EAAs). PSPs are also not required to issue EAAs.

The document doesn’t delve into issues such as managing fraud or KYC for onboarding.

eIDAS discussed at EIC2025

The complexities of the eIDAS 2.0 regulation were also a part of discussions at the European Identity and Cloud Conference (EIC) 2025, held earlier this month in Berlin.

Andreas Freitag, co-CEO of Swiss eID company Procivis, explained how governments can align eIDAS 2.0 with existing electronic identification (eID) and Qualified Electronic Signature (QES) frameworks.

The implementation timeline for eIDAS2 is tight, with a deadline set for the end of 2026. This creates interoperability challenges across EU member states, as each country applies the regulation with its own specific interpretations, he says.

An additional problem is that the regulation allows for flexibility in interpretation, which can result in inconsistent implementation, with each country introducing its own nuances. Despite this, countries should first establish infrastructure for eIDAS2, allowing the private sector to follow, he says.

Freitag’s experience in introducing digital identity comes from Procivis’ projects. The company is a part of Orell Füssli, a Swiss banknotes printing company. The firm was selected by the U.S. Department of Homeland Security (DHS) for its Silicon Valley Innovation Program to provide privacy-preserving and interoperable wallets and verifiers for DHS. This has allowed a Swiss citizen in the U.S. to receive a permanent resident card using her Swiss E-ID.

Procivis also helped the City of Zug integrate digital employee certificates for teachers into the eZug app.

Boris Goranov, CEO of digital ID technology developer Ubiqu, focused on the EU Wallet Architecture Reference Framework and explained the tasks of Certificate Authority, Personal Identifiable Data (PID) and Qualified Electronic Attestations of Attributes (QEAA) issuers as well as Qualified Electronic Signature (QES) providers.

Goranov also presented his company’s remote secure element that can be remotely attached to a wallet with a direct connection.

“It’s compliant, it’s scalable, it’s inclusive, and we get a new capability that we need in this ecosystem – recovery, “ says Goranov.

Article Topics

digital ID  |  digital payments  |  digital wallets  |  EIC 2025  |  eIDAS  |  EU Digital Identity Wallet  |  Procivis  |  PSD2  |  regulation  |  Ubiqu