EBA eIDAS 2.0 Wallets: Verifiable Credentials Deep Dive

eIDAS 2.0 RevolutionThe EBA's push for eIDAS 2.0 identity wallets marks a significant shift towards self-sovereign digital identities and verifiable credentials, enhancing user control and privacy across the EU's financial sector and beyond.

Verifiable Credentials (VCs) ExplainedVCs are cryptographically secured digital attestations that enable trusted, selective disclosure of identity attributes, moving beyond traditional, all-or-nothing data sharing.

Issuance and Presentation FlowUnderstanding the lifecycle of VCs, from secure issuance by trusted authorities to their privacy-preserving presentation by users, is crucial for implementing compliant and effective eIDAS 2.0 solutions.

Didit's Foundational RoleDidit, with its AI-native, modular identity platform, provides the essential tools for issuing and verifying VCs, offering robust ID Verification, AML Screening, and a developer-first approach to integrate seamlessly with eIDAS 2.0 wallet ecosystems.

The Dawn of eIDAS 2.0 Identity Wallets and the EBA's Mandate

The digital identity landscape is undergoing a profound transformation, spearheaded by the European Union's eIDAS 2.0 regulation. This updated framework introduces the concept of a European Digital Identity Wallet, a secure, user-centric repository for digital identity attributes. The European Banking Authority (EBA) has been particularly vocal about the implications for the financial sector, emphasizing the need for robust, verifiable digital identities to combat fraud, streamline Know Your Customer (KYC) processes, and enhance compliance.

At the heart of these wallets are Verifiable Credentials (VCs) – cryptographically secure, tamper-evident digital attestations of attributes. Imagine a digital driver's license, a university degree, or proof of address, all issued by trusted entities and stored securely in your personal digital wallet. This paradigm shift empowers individuals with greater control over their personal data, allowing for selective disclosure of information, rather than the current all-or-nothing approach. For financial institutions, eIDAS 2.0 and VCs promise a future of more efficient, secure, and privacy-preserving onboarding and transaction verification. Didit's platform is designed to seamlessly integrate with and facilitate this new standard.

Understanding Verifiable Credentials: Issuance and Presentation

Verifiable Credentials operate on a simple yet powerful principle: trusted third parties (Issuers) digitally sign attestations about an individual (Holder), which can then be presented to relying parties (Verifiers) who can cryptographically confirm the authenticity and integrity of the credential. This process involves several key actors and stages:

1. Issuer: An entity that creates and issues VCs. This could be a government agency issuing an ID, a bank issuing proof of account, or an educational institution issuing a degree. Issuers use their cryptographic keys to sign the VC, making it tamper-evident.
2. Holder: The individual who receives and possesses the VC in their digital wallet. The holder has full control over their credentials and decides when and to whom to present them.
3. Verifier: An entity that requests and verifies VCs from a holder. This could be a financial institution needing to verify a customer's identity for KYC, a website requiring age verification, or an employer checking qualifications.

The issuance process typically involves the Issuer obtaining consent from the Holder and then creating a digital credential containing specific attributes (e.g., name, date of birth, address). This credential is then cryptographically signed and securely transmitted to the Holder's digital wallet. When the Holder needs to prove an attribute, they select the relevant VC from their wallet and present it to the Verifier. The Verifier then uses cryptographic methods to check the Issuer's signature and the integrity of the VC, often cross-referencing with a public ledger or directory of Issuers. This entire flow is designed to be privacy-preserving, allowing for minimal data disclosure.

Technical Deep Dive: The Mechanics of VC Issuance

Issuing a Verifiable Credential is a multi-step, cryptographically secured process. First, the Issuer must establish the identity of the Holder. This often involves robust ID Verification, leveraging technologies like OCR, MRZ, and barcode scanning for document authentication, and Passive & Active Liveness detection to prevent impersonation and deepfakes. Once identity is confirmed, the Issuer generates the VC, which is essentially a data model containing claims about the Holder. This data model is then cryptographically signed using the Issuer's private key, typically following standards like W3C Verifiable Credentials Data Model and JSON Web Signatures (JWS).

The signed VC is then sent to the Holder's digital wallet. This transmission must be secure and often involves encrypted channels. Key technical components include:

• Decentralized Identifiers (DIDs): These are globally unique, persistent identifiers that are cryptographically verifiable and control-agnostic. Both Issuers and Holders can have DIDs, enabling secure communication and verification without relying on centralized authorities.
• DID Methods: These define how DIDs are created, resolved, and managed on various underlying decentralized networks (e.g., blockchains, distributed ledgers).
• Credential Schemas: Standardized formats that define the structure and semantics of different types of VCs, ensuring interoperability.

Didit's ID Verification and 1:1 Face Match capabilities are crucial at the identity establishment phase, ensuring that the initial claims made by the Issuer are based on a verified real-world identity. This foundational security is paramount for the trustworthiness of the entire VC ecosystem.

Technical Deep Dive: VC Presentation and Verification

When a Holder presents a VC to a Verifier, they are essentially creating a Verifiable Presentation (VP). A VP is a collection of one or more VCs, often accompanied by a proof that the Holder controls the DIDs associated with those VCs. The process unfolds as follows:

1. Presentation Request: The Verifier sends a request to the Holder's wallet, specifying the type of information needed (e.g., proof of age over 18, proof of address).
2. Selective Disclosure: The Holder's wallet retrieves relevant VCs and allows the Holder to choose which specific attributes to disclose. This is a key privacy feature, preventing oversharing of data.
3. Presentation Generation: The wallet generates a VP, which includes the selected VCs and a cryptographic proof that the Holder is indeed the subject of those VCs.
4. Verification: The Verifier receives the VP and performs several checks:
   • Signature Verification: Checks the Issuer's cryptographic signature on each VC to ensure it hasn't been tampered with and was issued by a trusted entity.
   • Holder Proof Verification: Confirms that the Holder presenting the VP is the legitimate owner of the VCs.
   • Revocation Status: Checks if the VC has been revoked by the Issuer (e.g., if a driver's license expires or is suspended).
   • Schema Validation: Ensures the VC conforms to its defined schema.

Didit's modular architecture and AI-native approach are perfectly suited to act as a Verifier in this ecosystem. Our platform can consume VCs, perform the necessary cryptographic checks, and integrate these results into broader compliance workflows, such as AML Screening and Proof of Address verification. This allows businesses to leverage the trust established by VCs while still performing their due diligence.

How Didit Helps Implement eIDAS 2.0 Identity Solutions

Didit is uniquely positioned to assist organizations in navigating the complexities of eIDAS 2.0 and Verifiable Credentials. Our AI-native, developer-first identity platform provides the foundational building blocks required for both issuing and verifying VCs, all with a focus on ease of integration and global scalability.

• Robust ID Verification: Before any VC can be issued, a strong identity foundation is critical. Didit's ID Verification, featuring advanced OCR, MRZ, and barcode reading, coupled with NFC Verification for ePassports/eIDs, ensures the highest level of assurance for initial identity binding. This is essential for Issuers to confidently attest to an individual's identity.
• Fraud Prevention with Liveness: Our Passive & Active Liveness detection prevents deepfake and presentation attacks during the initial identity verification, ensuring that the person obtaining the VC is who they claim to be. This strengthens the integrity of the entire VC lifecycle.
• AML Screening & Monitoring: As a Verifier, integrating VCs into your compliance framework is crucial. Didit's AML Screening & Monitoring capabilities can consume VC data, screen against global watchlists, and provide ongoing monitoring, ensuring that even with new digital identities, regulatory obligations are met.
• Modular and Developer-First: Didit offers a modular architecture and clean APIs, allowing businesses to plug-and-play the exact identity checks they need. This makes it incredibly easy for developers to integrate VC issuance and verification into their existing systems, supporting the open and interoperable nature of eIDAS 2.0.
• Free Core KYC & Cost-Effective: With Didit's free tier for Core KYC and a pay-per-successful check model with no setup fees, organizations can experiment with and implement eIDAS 2.0-compliant solutions without prohibitive upfront costs, making advanced identity verification accessible to all.

Didit empowers organizations to be trusted Issuers of attributes or reliable Verifiers of VCs, building a more secure and privacy-centric digital future in line with EBA's vision for eIDAS 2.0. Our platform’s ability to programmatically register and obtain API credentials in just two calls, as highlighted by our programmatic registration for AI agents, underscores our commitment to developer-friendliness and automation.

Ready to Get Started?

Ready to see Didit in action? Get a free demo today.

Start verifying identities for free with Didit's free tier.