Understanding The eIDAS 2.0 Digital Identity Regulation

On February 29, 2024, the European Parliament took a significant step toward reshaping digital identity in the European Union by voting to introduce new regulations requiring each EU and EEA citizen to have access to a government-issued digital identity. This marks a pivotal moment for the payments industry, as digital identity is poised to streamline authentication, increase security, and foster innovation in both consumer and business transactions. However, realising the full potential of eIDAS 2.0 will require perseverance across the payments industry, as only a small fraction of the necessary work has been completed to date.

On a functional level, the new regulation mandates that EU governments provide their citizens with a digital identity that can be used voluntarily. Unlike traditional passports or physical identity cards, digital identities will be designed for seamless use across digital platforms, offering a more user-friendly experience on laptops, smartphones, and other devices. Citizens will be able to store these credentials in secure digital wallets (EUDI wallets), maintaining full control over when and how they share their information. The important point to note here is that the identity information contained within the EUDI wallets will be stored locally on the user’s mobile device - as opposed to central government database for example.

From a technical perspective, the sharing and verification of the eIDAS 2.0 digital identity information will happen within a decentralised network. This differs greatly from many prior concepts of digital identity, which were focused on a more centralised approach. This new approach more closely mimics blockchain technology and has the added positives of greater security and data sovereignty.

End users of digital IDs can find the main benefits in one of the three following branches:

• Convenience: Users can be more easily onboarded and authenticated for new services. For example, tasks such as proving age, address, income & education will become much simpler

• Time Saving: Repetitive and convoluted identity verification processes are eliminated with the use of a digital ID

• Data Privacy: Users are allowed to share only the most necessary information – this is called Selective Disclosure. This reduces the exposure of personal data.

‍

All this being said, if one were to search recent ‘eIDAS 2.0’ posts on LinkedIn, or other professional forums, they would discover a rabbit hole of discussion, debate and resulting confusion surrounding how exactly the EUDI wallets will function and operate between countries and entities. There is still a significant amount of detail that needs to be hashed out for the implementation of these wallets to be effective and smooth.

Research Into The Next Phase of Digital Wallets

Research and development programmes are currently underway to build out different EUDI Wallets and understand their ability to host payment capabilities without causing disruption to existing payment infrastructures. The two main payment related wallet capabilities that are being researched as part of these programmes are payment authentication and payment initiation.

Before getting stuck in to the latest EUDI wallet / payment initiatives, it is worth noting at this stage that there is likely to be a wave of new EUDI wallets - at least 27 (one per member state as a minimum). It’s going to be no small feat to build out the cross-border interoperability that eIDAS 2.0 suggests.

Four different consortia have been formed and announced by the European Commission to spearhead large-scale pilots in accordance with eIDAS 2.0; the two more closely associated with payments are the Nordic-Baltic eID Consortium (NOBID) and the EU Digital Identity Wallet Consortium (EWC). These two groups are working together to build a feedback paper to the European Commission that describes how the EUDI wallet can be used within payment flows across card and account payments.

The EWC is the widest spanning consortium, made up of over 60 organisations with representatives from all 27 EU member states plus the UK, Norway and Ukraine. Within the EWC is a payments taskforce of 18 participants including Google, Visa, Worldline, Outpayce, BPC and Worldline. It has been their job to explore the different barriers and enablers for the acceptance of EUDI Wallets in payment flows. Their working assumption is that eIDAS 2.0 will require all banks to enable EUDI Wallets as an alternative SCA method for all online payments (card and account payments under PSD2), KYC and logging in to mobile banking apps.

Beyond authentication, research is being conducted into the viability of payment initiation within new digital identity wallets: either in-store via NFC or online. Functionally, these wallets would provision card and account tokens to initiate these payments. One pilot that EWC is currently operating, as a proof-of-concept, is to build a wallet-payment flow for the scenario of a student purchasing a discounted item from an online merchant. Historically, students first must verify their education status before then separately making the transaction. In this pilot, the goal is to enable the student to verify their status and make the payment within the same transaction. It is examples like this that showcase the added convenience that the next phase of digital wallets is likely to bring us.

EUDI Wallets and Open Banking

Let’s try and frame this all in relation to the current state of Open Banking. At present if a consumer wants to initiate an Open Banking payment for an online transaction, they are re-directed to their mobile banking environment. This disrupts the payment flow and, across the variety of banking apps, creates a fragmented set of experiences. For an Open Banking payment to be authenticated, each bank has its own flow. Some use apps, others SMS codes or web portals. This inconsistency causes friction and payment dropouts.

Now, let’s visualise how the flow may differ if a user chooses to make a banking payment via the EUDI wallet option. Firstly, the plan for these wallets is to enable them as a payment method - just like we all currently experience with Google Wallet and Apple Pay today. Within the EUDI wallet payment option, the user will then have the choice between different tokenized payment credentials. Again, this is not dissimilar to the current Google wallet experience, for example, but with the big difference that the EUDI wallets will enable the initiation of Open Banking payments. This is a huge win for Open Banking, if implemented as above, as the user will no longer have to leave the payment flow. These wallets can act as embedded functions and do not require them to leave the checkout environment. Ontop of this, with the EUDI wallets, users can pre-approve certain actions (such as recurring payments or specific trusted merchants). This means that when it’s time to pay the wallet simply confirms your identity and no re-authentication, such as an SCA, is required via the bank. Lastly, from a consistency point of view, the EUDI wallets will seek to provide a single, standardised authentication and payment experience. No more being caught off guard because your bank requests the use of your card reader during a blue moon. In short, the impact will be the following: consistency and reduced friction. This should accelerate the growth of Open Banking payments, if done correctly.

The Impacts of eIDAS 2.0 on Consumer Payments

The payments industry stands to gain significantly from this initiative. Digital identity will enhance fraud prevention, simplify compliance with anti-money laundering (AML) and know your customer (KYC) regulations, and unlock new opportunities for seamless, cross-border transactions. Whilst there is a strong case to be made for new digital identity technologies to drastically improve the B2B payment ecosystem, the following 5 consumer-focused areas are where we expect digital identity to make its first impacts within the payment space:  

1. Frictionless Customer Onboarding & Payments Authentication

Digital identity will streamline user onboarding for payment services, reducing the need for manual KYC checks. Banks, fintechs, and merchants can instantly verify identities, reducing sign-up friction and increasing conversion rates.

2. Age & Residency Verification for Payments

Many merchants and financial institutions require age or residency verification to comply with regulations. Digital identity will allow consumers to share only the necessary information (e.g., confirming they are over 18) without exposing unnecessary personal data.

3. Reducing Payment Fraud & Identity Theft

Fraudulent transactions and chargebacks are a major issue for merchants and payment providers. Digital identity tied to biometrics and cryptographic verification will make it far harder for fraudsters to use stolen card details or impersonate users.

4. Instant Payments & Embedded Finance

Digital identity will likely be integrated into real-time payment systems, enabling instant verification of sender and receiver identities. This will help drive innovations in embedded finance, where identity and payments are seamlessly linked.

5. Cross-Border Payments & Compliance

One of the biggest hurdles in international transactions is compliance with differing regulations. With eIDAS 2.0, a standardized digital identity framework will make it easier for payment providers to verify users across jurisdictions, reducing cross-border friction.

An example use of EUDI wallets within consumer payments has been recently showcased by the EWC consortium. It represents how a purchaser of a large knife from an online kitchen supplier can verify their age and make payment from within the wallet:

‍

The Impacts of eIDAS 2.0 on B2B Payments

Digital identity is not just limited to individuals – a digital identity can be assigned to any asset, object or entity. This includes being able to issue and store a digital identity for a businesses and individuals within a business. For this reason, digital identity has a strong case for transforming B2B payments. Here are some key arguments for why digital ID will be crucial in this space soon:

1. Business Identity Verification & Fraud Prevention

Digital identity can be used to verify the legitimacy of businesses in transactions, ensuring that both buyers and suppliers are properly authenticated. This prevents fraud, such as fake vendors or shell companies attempting to open accounts or commit invoice fraud.

2. Streamlined B2B Onboarding & Compliance

Today, B2B payments require complex onboarding and due diligence checks, often involving paperwork, business registration validation, and compliance reviews. With digital identity, businesses can prove their existence, financial standing, and legal status instantly, making onboarding faster and smoother. This reduces time spent on KYB (Know Your Business) and AML (Anti-Money Laundering) compliance processes.

3. Authorization for Business Transactions

Digital identity wallets could be used to verify that an employee has the authority to make payments on behalf of a company. This ensures that only authorized personnel can approve or execute payments, reducing internal fraud risks.

4. Secure Cross-Border B2B Transactions

Many B2B transactions happen across borders, requiring verification of business entities in different regulatory environments. A standardized EU-wide digital identity system will enable businesses to verify partners internationally without needing country-specific documentation.

5. Digital Contract Signing & Payments Integration

Digital identity can be used to sign contracts, authorize payments, and provide proof of transaction legitimacy. This could enable the automation of payment execution after contract terms are verified, improving efficiency in supply chain payments and procurement.

The Payment Businesses Best Poised to Leverage eIDAS 2.0

As clear benefits of digital ID can be found for the end users, the same can be said for numerous business entities across the payment’s ecosystem. Identity verification is often a bottleneck in digital transactions. By integrating with different digital identity providers and EUDI wallets, payment processors can expect to encounter fewer security challenges and delays.

This will manifest in a reduction in the risk of payment fraud, account takeovers, and unauthorized transactions. Another benefit of this is that consumers will gain the confidence that their transactions are safe, reducing cart abandonment in e-commerce and increasing adoption of digital payment solutions.

Here are several business examples that we can expect to witness deploying digital identity measures over the coming years:

1. Financial Institutions, Fintech & Neobanks

Digital wallets and fintech platforms will integrate digital ID for improved fraud prevention, seamless customer onboarding, and user verification in lending or credit assessment processes. For example, imagine you are signing up for a new Revolut account: rather than taking a photo of you next to your physical ID you can just send the verification information from your EUDI wallet.

2. Payment Processors & Gateways

Companies like Stripe, Adyen, and Worldpay will benefit from digital ID by reducing fraud-related disputes, enabling instant verification for transactions, and ensuring compliance with AML regulations. Payment providers can comply with regulatory requirements while allowing users to share only the necessary credentials, improving privacy and control over personal data.

3. Buy Now, Pay Later (BNPL) & Credit Providers

Instant identity verification will speed up approvals for BNPL services like Klarna and other short-term credit offerings while reducing fraud risk.

4. E-commerce & Subscription-Based Merchants

Online retailers and subscription services, such as Netflix or Spotify, will use digital identity to verify users, comply with age-restricted sales laws, and reduce fraudulent chargebacks.

5. Cryptocurrency & DeFi Platforms

Digital identity will improve compliance with regulatory frameworks such as the Travel Rule, making it easier for crypto exchanges, such as Binance, and decentralized finance (DeFi) platforms to verify users while maintaining privacy.

The reality here is that we are still some way off witnessing many of these businesses make the significant investments into digital identity technology first. We anticipate that they will study the development of eIDAS 2.0 throughout public entities before committing too many resources to this cause. However, we do also expect the public mentality on digital identity to shift and adoption to rise quickly throughout the European continent. Ultimately, any payments businesses that fail to keep up will run the risk of being left behind and not meet evolving consumer expectations.

The Future of Payments & Digital Identity

Looking ahead, payment credentials and digital identity are likely to merge, making verification as seamless as tapping a card. This evolution will impact everything from online shopping to peer-to-peer payments and lending solutions. Existing payment wallets, the leading examples being Google Wallet & Apple Pay, may soon incorporate digital identity for more secure and efficient transactions, reducing fraud and improving compliance.

International examples, such as India and Switzerland, have demonstrated the effectiveness of integrating digital identity with payments. India’s Aadhaar-based authentication system has transformed financial services by enabling instant KYC and seamless digital payments- either via the Unified Payments Interface (UPI) or via Aadhaar Enabled Payment System (AePS). Meanwhile, in Switzerland, they are soon to launch their own e-ID wallet called SWIYU. This wallet will allow Swiss citizens to identify themselves online and make payments too. If similar models are to be adopted elsewhere Europe, which eIDAS 2.0 is trying to push, this could lead to rapid adoption of digital identity in payments.

There are some final remarks that do need to be raised with regards to eIDAS 2.0 and their corresponding EUDI wallets:

The first is with regards to Registers and the associated risks. Without getting too technical, the regulation introduces the idea that there will need to be entities called ‘Registers’. These Registers will act as a sort of guarantor within information flows between EUDI wallets, merchants, banks and other entities. In the payments space, it is almost identical to the role that the card networks play today – such as Visa and Mastercard. Importantly, the Registers will host detailed ID information and payment details. There will be one Register per country, meaning 27+ registers that each new wallet will have to be able to check. This itself is a complexity, but the main issue arises around the security and potential risks associated with any breaches of these Registers. If a Register is hacked, or a DDOS attack is successful, this could result in a either a huge breach of information or inoperability of the Register.

Secondly, and this is more a comment on the wider payment ecosystem dynamics, are EUDI wallets to be seen as enablers or competitors? What are Google and Apple’s view on this development – they may well view it as the EU attempting a land grab within the payment wallet space. The same can be said of the card schemes and networks, who already feel threatened by the prospect of wide-spread Open Banking payments. These are ultimately questions which only select few people have answers to at present – but they are certainly worth pondering.

‍

Overall, the introduction of eIDAS 2.0 marks a transformative moment for the technology and payments industries in Europe and beyond. From a numerical perspective, the market opportunity is expected to reach a value of $30B USD by 2030. Who will capture the lion’s share of this opportunity – well that is yet to be decided. Should a company view digital identity as a driver for cost reduction, or for revenue growth? EDC are poised and ready to assist in answering these questions and more, by helping payment companies asses their different options within the growing digital identity ecosystem and choose the right path forward.

By enabling seamless authentication, reducing fraud, and ensuring compliance, digital identity will unlock new opportunities for banks, fintechs, merchants, and payment service providers. As adoption grows, it will become an integral part of payments, making transactions faster, safer, and more efficient. Whilst we do still have a bit of time, payments industry must act now to integrate digital identity solutions and prepare for this inevitable shift.

‍

The content of this article does not reflect the official opinion of Edgar, Dunn & Company. The information and views expressed in this publication belong solely to the author(s).