eIDAS 2.0 Compliance: Timelines and What Businesses Must Prepare

eIDAS 2.0 — the revised EU regulation on electronic identification, authentication, and trust services — requires every EU member state to make an EUDI (EU Digital Identity) Wallet available to its citizens and legal entities. It is the largest structural change to digital identity in Europe since the original eIDAS regulation in 2014, and it creates real acceptance obligations for private-sector services across the bloc.

The rollout is phased and timed precisely to member-state implementation progress, which varies. What is unambiguous is the direction: EUDI Wallets are coming, acceptance will be mandatory for named service categories, and the businesses that understand the framework now will integrate more smoothly than those that wait.

Key takeaways

• eIDAS 2.0 requires all 27 EU member states to make EUDI Wallets available to citizens and legal entities, enabling electronic identification and credential presentation across borders.
• Three LoA (Level of Assurance) tiers — Low, Substantial, and High — define how rigorously a credential was established; the appropriate level depends on the risk of the service relying on it.
• Acceptance obligations for private-sector services are phasing in, with banks, telcos, and large online platforms among the sectors named for mandatory acceptance.
• By around 2026, member states are expected to have EUDI Wallets operational, with broad private-sector acceptance obligations phasing in thereafter — though deployment timelines vary by member state.
• Didit is the only identity provider formally attested by an EU member-state government — Spain's Tesoro / BdE / SEPBLAC / CNMV — as safer than in-person verification, providing a compliance-ready foundation aligned with eIDAS 2.0's High assurance standard.

What eIDAS 2.0 is

The original eIDAS regulation, adopted in 2014, created a framework for mutual recognition of national electronic identification schemes across EU member states. It worked for large national eID programmes — Germany's Online-Ausweis, Belgium's eID card — but left significant gaps: no common wallet format, limited coverage of private-sector services, and cross-border interoperability that worked better in principle than in operational practice.

eIDAS 2.0 — formally Regulation (EU) 2024/1183, amending the original — replaces that fragmented national-scheme model with a single European approach. Every member state must make a EUDI Wallet available to every citizen and legal entity that wants one. Every wallet must meet common technical standards. And crucially, specified service providers must accept wallet presentations from any EU citizen, regardless of which member state issued the wallet.

The wallet holds verifiable credentials: government-issued identity documents, educational qualifications, professional licences, bank account proof — any attribute formally issued by a trust service provider and electronically presentable and verifiable. A German citizen presenting their EUDI Wallet to a Spanish bank, or a Polish freelancer presenting professional credentials to a French marketplace, should work as seamlessly as a domestic presentation.

Levels of assurance: Low, Substantial, and High

eIDAS 2.0 inherits the LoA framework from the original regulation and extends it to the wallet context. Three levels define how confidently a credential has been established:

Low — the credential was established through a process that provides limited confidence in the claimed identity. Suitable for low-risk services where the cost of error is minimal and friction should be as low as possible.

Substantial — the credential was established through a process that substantially reduces the risk of identity misuse. Document-based verification with automated checks typically meets this level. Most KYC (Know Your Customer) grade checks are designed for Substantial assurance.

High — the credential was established through a process that prevents misuse with very high confidence. Document verification combined with biometric liveness at iBeta Level 1 or higher — the equivalent of in-person verification or demonstrably superior to it — meets this level.

The LoA framework matters for businesses because it maps the assurance level a service needs to the verification method that satisfies it. A payment account opening may require Substantial; access to a regulated financial product may require High. eIDAS 2.0 codifies these expectations and makes them portable across the entire EU.

What the EUDI Wallet means for businesses

Today, a user presents their identity to your platform by uploading a document image and taking a selfie — and your platform verifies it in real time. With the EUDI Wallet, the model changes: the user holds a pre-verified credential issued by a member-state trust service provider, and presents that credential to you. You verify the credential's cryptographic signature and the issuer's trustworthiness — not the underlying document from scratch.

For regulated businesses, the wallet presentation model offers concrete benefits. The user's identity has already been verified by a trusted issuer at a known assurance level, reducing the verification burden at your end. The user's credential carries a specific LoA that you can map directly to your risk requirements. And reusable credentials mean users do not re-upload documents to every service they interact with — reducing onboarding friction for legitimate users.

The obligation side is equally concrete: certain service categories cannot decline wallet-presented credentials once acceptance obligations are in force. A bank or large online platform that falls within the mandatory-acceptance categories must be capable of accepting EUDI Wallet presentations — which requires API integration with the wallet ecosystem and LoA-mapping logic in your identity pipeline.

Acceptance obligations and the phasing timeline

eIDAS 2.0 identifies categories of service providers subject to mandatory acceptance of EUDI Wallet presentations: very large online platforms under the Digital Services Act, providers of banking and payment services, providers of electronic communications services, providers of transport and energy services, and providers of professional qualifications services.

The acceptance obligation phases in as member states deploy their wallets. Large-Scale Pilots — multi-member-state test programmes covering healthcare, education, travel, finance, and government services — have been running since 2023 and are generating production-ready technical specifications. Member states are expected to have EUDI Wallets operational in the period around 2026, with mandatory private-sector acceptance obligations phasing in as infrastructure matures.

The exact month-by-month calendar depends on each member state's implementation progress and the implementing acts the European Commission issues. What is clear is that the direction is settled and the technical architecture is real — pilot-programme learnings are being incorporated into the final technical specifications now.

What businesses should prepare

Map your assurance level requirements. For each service you offer, identify the LoA a presented credential needs to satisfy. A low-risk content service may need Low; a regulated financial account requires High. This mapping determines what credential presentations you need to accept and how you validate them.

Assess your mandatory-acceptance exposure. If your service falls within the named categories — banking, telco, large online platform — your obligation to accept EUDI Wallet presentations is regulatory, not optional. Start the technical assessment before the obligation is in force, not after.

Audit your identity verification architecture. eIDAS 2.0 acceptance does not mean removing your existing verification pipeline — it means extending it. Users who have a EUDI Wallet present it; users who do not complete the standard document-and-biometric flow. Both paths need to converge on the same compliance record and LoA classification.

Build on already-attested infrastructure. Credentials issued at High assurance require a verification pipeline that meets the High LoA standard — including biometric verification comparable to or better than in-person identification. Building on a provider with existing supervisory attestation reduces your compliance surface and simplifies regulatory dialogue.

What eIDAS 2.0 means for identity verification providers

The EUDI Wallet does not displace traditional document-and-biometric verification — it adds a new presentation path alongside it. In the short term, most users will not have EUDI Wallets. In the medium term, wallet adoption will grow as member states roll out their implementations and the user experience matures. In the long term, reusable wallet credentials will reduce the per-onboarding verification burden for users, while the LoA framework standardises how businesses understand and communicate what they verified.

For identity verification providers, this creates a two-track landscape: traditional on-demand verification for users without wallets, and credential-acceptance infrastructure for users who present EUDI Wallet credentials. The LoA framework is the bridge between the two tracks — a business with a High-assurance requirement can satisfy it through either path.

Use cases

Banks and payment institutions — named in mandatory-acceptance scope from the outset. EUDI Wallet integration alongside existing KYC pipelines enables seamless onboarding for wallet-holding users while the existing flow handles non-wallet users. LoA mapping replaces the per-onboarding verification decision for high-assurance wallet credentials.

Telecom providers — named in the mandatory-acceptance categories. Subscriber identity verification via EUDI Wallet at High assurance is the direction of travel for regulated SIM registration in the EU.

Large online platforms and regulated marketplaces — very large online platforms under the DSA face mandatory-acceptance obligations. Seller and user verification at Substantial assurance using wallet credentials is a concrete eIDAS 2.0 use case.

Cross-border financial services — a Spanish user onboarding with a Dutch neobank today faces a full document-and-biometric flow. With EUDI Wallets, their pre-verified Spanish government-issued credential transfers directly at the appropriate assurance level, reducing friction for a legitimate user while maintaining the compliance record.

How Didit helps

Didit is the only identity provider formally attested by an EU member-state government — Spain's Tesoro / BdE / SEPBLAC / CNMV — as safer than in-person verification. That attestation is the High assurance standard in practice: document verification plus biometric liveness assessed and approved by a national financial supervisory authority, not a self-certification.

For businesses building toward eIDAS 2.0 compliance, that means:

• ID Verification at High LoA-grade standard via Didit ID Verification — document check plus passive or active liveness plus face match, all iBeta Level 1 PAD certified and EU government-attested.
• Reusable KYC (free) — once a user is verified by Didit, that verification is portable. The user does not re-verify for every service; the credential and its assurance level are trusted downstream.
• EU-attested infrastructure — building your eIDAS 2.0 compliance posture on a provider with existing national supervisory attestation reduces both your compliance burden and your explainability burden with regulators.

As EUDI Wallet acceptance obligations phase in, Didit's verification pipeline serves as the complement: non-wallet users verify through the standard document-and-biometric flow; wallet-presenting users complete the wallet acceptance path; both converge on the same compliance record in your Business Console.

Frequently asked questions

When exactly must businesses accept EUDI Wallets?

The regulation sets a direction and names mandatory-acceptance categories; precise deadlines vary by member state, service category, and the implementing acts the Commission issues. Member states are expected to have wallets operational around 2026, with private-sector acceptance obligations phasing in as wallet deployment matures. Track your national implementation authority and the relevant EU implementing acts for the authoritative timetable.

What is the difference between eIDAS 1.0 and eIDAS 2.0?

eIDAS 1.0 (2014) created a cross-border mutual recognition framework for national eID schemes. eIDAS 2.0 adds a common EUDI Wallet format available to every EU citizen and legal entity, extends coverage to the private sector with mandatory acceptance obligations, introduces Qualified Electronic Attestations of Attributes (QEAAs) as a new portable credential type, and broadens the scope of the trust services regulated.

Does accepting EUDI Wallets replace KYC verification?

No. Accepting a wallet-presented credential is one input into your identity programme. The credential's assurance level tells you how reliably the identity was established. Your compliance programme still determines what level is sufficient for each service, and other checks — AML (Anti-Money Laundering) screening, ongoing monitoring, transaction monitoring — still apply.

How much does Didit ID Verification cost?

The core flow — ID document ($0.15) + passive liveness ($0.10) + face match ($0.05) + IP analysis ($0.03) — is $0.33 per verification. 500 free checks per month. No minimums, pay per call.

What is the Didit EU government attestation?

Spain's Tesoro (Treasury), BdE (Bank of Spain), SEPBLAC (anti-money laundering supervisory authority), and CNMV (securities regulator) formally attested that Didit's verification process is safer than in-person identification. This is an assessment by a national supervisory authority — not a self-certification or industry award. Full details at the Trust hub.

Ready to get started?

Read the ID Verification documentation to understand the verification pipeline, see the full product on the ID Verification product page, and check per-call pricing on the pricing page. When you're ready, start free — 500 free verifications per month, no contract, no minimums.