What is eIDAS 2.0?

What does eIDAS stand for?

eIDAS stands for electronic IDentification, Authentication and trust Services. The original eIDAS Regulation (EU 910/2014) established the legal framework for mutual recognition of electronic identification schemes across EU member states, along with trust services such as electronic signatures, seals, and time stamps.

eIDAS 2.0 (Regulation (EU) 2024/1183) is the revision that amends the original regulation. It was adopted to address the limitations of eIDAS 1.0 — in particular, the low cross-border adoption of national eID schemes and the absence of a citizen-controlled digital identity wallet. The revision introduces the European Digital Identity Wallet, new categories of trust services, and stronger requirements for interoperability across the EU.

What is a European Digital Identity Wallet?

The European Digital Identity Wallet (EUDIW) is a mobile application that lets citizens and residents store, manage, and present digital credentials — including national identity documents, driving licences, diplomas, professional qualifications, and health certificates. The wallet puts the individual in control of their data through selective disclosure: users decide exactly which attributes to share in any given interaction.

Key characteristics of the European Digital Identity Wallet:

• Mandatory availability — every EU member state must offer at least one wallet to its citizens and residents by 2026
• Free of charge — wallets must be free for natural persons
• Cross-border interoperability — a wallet issued in any member state must be recognised and accepted across the entire EU
• Selective disclosure — users can prove specific attributes (e.g. being over 18) without revealing their full identity or date of birth
• Architecture and Reference Framework — the technical specifications are based on the ARF developed by the eIDAS Expert Group, ensuring consistent implementation across member states
• High Level of Assurance — wallets must meet the "high" level of assurance as defined under eIDAS, ensuring robust identity proofing and authentication

The wallet is designed to work for both online and offline scenarios — from logging into government portals and opening bank accounts to presenting a driving licence during a roadside check or proving professional qualifications to a new employer across borders.

What are Verifiable Credentials?

Verifiable Credentials are tamper-proof, cryptographically signed digital statements issued by a trusted party. They can represent virtually anything — a university diploma, proof of address, a professional licence, an age attestation, or a company registration certificate. What makes them "verifiable" is that any relying party can independently check the cryptographic proof of authenticity and integrity without needing to contact the original issuer.

The Verifiable Credentials model involves three roles:

• Issuer — a trusted entity (university, government, employer) that creates and signs the credential
• Holder — the individual or organisation that stores the credential in their wallet and decides when and to whom to present it
• Verifier — the party that requests and checks the credential (e.g. a border agent, bank, or online service)

Verifiable Credentials are based on W3C standards (the Verifiable Credentials Data Model) and are a core building block of both eIDAS 2.0 and SSI (Self-Sovereign Identity). Under eIDAS 2.0, the new QEAA (Qualified Electronic Attestation of Attributes) trust service provides a legally recognised, high-assurance form of Verifiable Credentials issued by QTSPs.

What is Self-Sovereign Identity?

SSI (Self-Sovereign Identity) is a model where individuals own and control their digital identity without depending on a central authority. Instead of relying on a platform, government database, or identity provider to mediate access to personal data, SSI puts the individual at the centre of every identity interaction.

SSI is built on two complementary technologies:

• DIDs (Decentralized Identifiers) — globally unique identifiers that individuals create and control themselves, without needing a centralised registration authority. DIDs can be resolved to cryptographic keys and service endpoints, enabling secure, peer-to-peer communication.
• Verifiable Credentials — cryptographically signed digital attestations that can be stored in a wallet, selectively disclosed, and independently verified (see the section above)

The practical result is that people can prove claims — such as their age, qualifications, citizenship, or employment status — without revealing more information than necessary. This principle of data minimisation aligns directly with the GDPR and is central to the privacy-by-design approach.

eIDAS 2.0 incorporates SSI principles into EU law. The European Digital Identity Wallet is, in effect, an SSI wallet with legal standing across the entire EU — combining the decentralised, user-controlled model of SSI with the legal certainty and cross-border recognition of EU regulation. Read more in our blog on SSI and privacy.

How does eIDAS 2.0 relate to Digital Product Passports?

DPPs (Digital Product Passports) and eIDAS 2.0 address different domains — product information and digital identity — but they intersect at a critical point: trust. DPP data is only as reliable as the identity of the economic operators and supply chain actors who created, verified, and attested it.

The connection works in several ways:

• Trusted identity for economic operators — manufacturers, importers, and conformity assessment bodies need verifiable, cross-border identity to sign declarations of performance, conformity certificates, and DPP data entries
• Business credentials in wallets — eIDAS 2.0 wallets can carry organisational credentials such as company registrations, LEI attestations, trade licences, and sector-specific authorisations
• Data integrity through qualified trust services — Qualified Electronic Seals and Qualified Time Stamps from eIDAS 2.0 can ensure that DPP data has not been tampered with and can be traced to a verified source
• Supply chain verification — each actor in a supply chain can use wallet-based credentials to prove their identity and authorisations when contributing data to a DPP

Regen Studio wrote the Trusted DPP position paper for FIDES and the Dutch Blockchain Coalition, exploring exactly how eIDAS 2.0 and DPP infrastructure should converge to create trustworthy product data ecosystems. The EDI Wallet demo illustrates these concepts in practice.

When does eIDAS 2.0 take effect?

Regulation (EU) 2024/1183 entered into force on 20 May 2024. The rollout follows a phased timeline, with member states, the European Commission, and the eIDAS Expert Group working in parallel on technical specifications, implementing acts, and large-scale pilots.

Key milestones:

• 20 May 2024 — Regulation (EU) 2024/1183 entered into force
• 2026 — member states must offer EU Digital Identity Wallets to their citizens and residents
• Ongoing — implementing acts are being developed for wallet technical specifications, certification schemes, trust service requirements, and interoperability protocols
• Ongoing — the wallet toolbox and ARF (Architecture and Reference Framework) are being finalised by the eIDAS Expert Group

Four LSPs (Large-Scale Pilots) are already testing wallet implementations across real-world use cases:

• POTENTIAL — identity verification, travel, payments, and government services across 19 EU countries
• DC4EU — education credentials and social security across member states
• NOBID — Nordic-Baltic payment and identity use cases
• EWC — travel, organisational identity, and payments

These pilots are providing critical real-world feedback that shapes the implementing acts and technical architecture. Organisations that want to be ready should engage now — the infrastructure is being built, and design decisions being made today will define the ecosystem for years to come.

What are Qualified Trust Services under eIDAS 2.0?

Qualified Trust Services are the legally recognised, high-assurance services that underpin digital transactions across the EU. Under eIDAS 2.0, the list of qualified trust services has been expanded to include new categories that support the wallet ecosystem and modern digital workflows.

The full set of Qualified Trust Services under eIDAS 2.0:

• QES (Qualified Electronic Signatures) — the digital equivalent of a handwritten signature, with the highest legal standing in the EU. Can be created using the wallet.
• Qualified Electronic Seals — used by organisations (legal persons) to guarantee the origin and integrity of documents and data
• Qualified Time Stamps — cryptographic proof that data existed at a specific point in time
• QWACs (Qualified Website Authentication Certificates) — certificates that verify the identity of websites, providing users with assurance about who operates a site
• QEAA (Qualified Electronic Attestation of Attributes) — new in eIDAS 2.0. Legally recognised attestations about a person's or organisation's attributes (qualifications, authorisations, memberships), issued by QTSPs and presentable through the wallet
• Electronic Archiving — qualified services for long-term preservation of electronic documents and data, ensuring their integrity over time
• Electronic Ledgers — new in eIDAS 2.0. Qualified services for recording data in a tamper-evident, chronologically ordered sequence

QTSPs (Qualified Trust Service Providers) must meet strict security, audit, and supervisory requirements set by their national supervisory body. They undergo regular conformity assessments and are listed on the EU Trusted List, making their status verifiable across all member states. The addition of QEAA is particularly significant — it provides the legal basis for high-assurance digital credentials in wallets, bridging the gap between technical Verifiable Credentials and legally binding attestations.

How can Regen Studio help with eIDAS 2.0?

Regen Studio provides independent advisory on eIDAS 2.0, digital identity, and the intersection with Digital Product Passports. We do not sell wallet software, identity platforms, or trust service infrastructure — our advice is shaped by your needs, not by a product we need to sell.

Our expertise and track record in digital identity:

• EDI Wallet demo — we designed and built the EDI Wallet demonstration (try it live), showcasing how European Digital Identity Wallets work in practice for credential issuance, storage, and selective disclosure
• Trusted DPP position paper — we led the Trusted DPP position paper for FIDES and the Dutch Blockchain Coalition, mapping how eIDAS 2.0 and DPP infrastructure should converge
• SSI and privacy-by-design — deep expertise in Self-Sovereign Identity architecture, privacy engineering, and the practical design of verifiable credential ecosystems (read our SSI and privacy blog)
• Regulatory navigation — we help organisations understand what eIDAS 2.0 means for their sector, assess readiness, and design identity architectures aligned with EU requirements

Whether you are a government body preparing to issue wallet credentials, a QTSP adapting to eIDAS 2.0, a brand exploring how digital identity supports your DPP strategy, or an industry association coordinating a sectoral approach — we can help you navigate the landscape.