The EU Digital Identity Wallet (EUDI): What Non-EU Businesses Need to Know Before 2027

On 20 November 2027, accepting the EU Digital Identity Wallet becomes mandatory for a wide range of businesses operating in or selling into the European Union. That deadline is less than two years away, and the technical infrastructure to comply with it takes time to build. This article explains what the EUDI wallet is, which businesses are in scope, what the regulation actually requires and how to position your organisation now.

What EUDI is and where it comes from

The EU Digital Identity Wallet is the flagship output of eIDAS 2.0 — the revised Electronic Identification, Authentication and Trust Services regulation adopted by the European Parliament in April 2024. The original eIDAS regulation (2014) established a framework for cross-border electronic identification within the EU. eIDAS 2.0 goes considerably further: it mandates that all EU member states offer citizens and residents a free digital identity wallet app by November 2026, and requires large businesses across key sectors to accept it by November 2027.

The reference architecture for EUDI — the open-source technical framework defining how wallets are built and how verifiers interact with them — is maintained by the European Commission and published as the Architecture Reference Framework (ARF). Version 1.4 was published in early 2025; the current iteration defines the cryptographic protocols, data models and trust infrastructure in detail.

The timeline

• 2024–2025: Large-scale pilots across four pilot consortia (POTENTIAL, EWC, DC4EU, NOBID) testing real-world use cases — digital travel documents, university qualifications, healthcare credentials and banking onboarding.
• November 2026: All EU member states must have national wallet solutions available to citizens.
• November 2027: Mandatory acceptance deadline. Large businesses in scope must accept EUDI wallet presentations for identity verification, authentication and attribute disclosure.

Which businesses must accept it

eIDAS 2.0 Article 5b defines the relying parties — businesses and organisations — that must accept EUDI wallet presentations. The scope is broad and includes:

• Banks and financial services: Any institution providing payment accounts, credit or investment services to EU customers must accept EUDI for customer identification and KYC.
• Telecommunications providers: Mobile network operators and internet service providers selling to EU consumers.
• Utilities: Electricity, gas and water suppliers.
• Healthcare: Health insurance providers and major healthcare services.
• Public services: All EU public sector bodies are in scope.
• Large online platforms: Very large online platforms (VLOPs) and very large online search engines (VLOSEs) as defined by the Digital Services Act — broadly, platforms with more than 45 million monthly active users in the EU.

Smaller businesses are not mandated to accept EUDI, but the regulation creates a clear market expectation: if your EU competitors accept digital identity wallets and you do not, the friction differential will become commercially significant.

What the wallet stores

The EUDI wallet is designed to hold a wide range of credentials, each issued by an authorised provider and cryptographically signed. The initial credential set includes:

• National identity documents (equivalent to a national ID card)
• Driving licences (ISO 18013-5 mobile driving licence format)
• Educational qualifications (Europass digital credentials)
• Professional credentials and licences
• Social security and tax identifiers
• Health insurance and prescriptions
• Bank account ownership proofs

The wallet can also hold credentials from private issuers — airlines, universities, professional bodies — once those issuers are registered in the EU trust framework.

The technical standard: ISO 18013-5 and selective disclosure

EUDI wallets implement selective disclosure using a combination of ISO 18013-5 (the mobile driving licence standard, which defines the mDL data model and device engagement protocol) and SD-JWT (Selective Disclosure for JSON Web Tokens) for non-mDL credentials. Both approaches allow a verifier to request specific attributes — name, age, residency — and receive only those attributes, cryptographically signed by the issuing authority.

Zero-knowledge proof approaches are under active discussion for future EUDI versions but are not required in the 2027 mandatory acceptance scope. The immediate requirement is supporting ISO 18013-5 presentation for driving licence credentials and SD-JWT for identity attestations.

How EUDI differs from Apple Digital ID

Apple Digital ID and EUDI share the ISO 18013-5 technical foundation, but they differ significantly in governance and scope. Apple Digital ID is a private-sector wallet (Apple's app, Apple's infrastructure) that carries government-issued credentials from participating US states. EUDI is a government-mandated programme: each EU member state issues its own wallet (or uses an approved national solution) under the European Commission's trust framework.

The practical implication for businesses is that EUDI compliance is a regulatory obligation with legal consequences for non-compliance, not a market choice. Apple Digital ID acceptance, by contrast, is currently voluntary for most business categories in the US.

What non-EU businesses need to know

If your business sells financial, telecommunications or healthcare services to EU consumers — even from outside the EU — you are likely in scope for eIDAS 2.0 acceptance requirements. The regulation applies to the customer's location, not the business's domicile.

The acceptance API for EUDI — the OpenID4VP (OpenID for Verifiable Presentations) protocol — requires integration work. A relying party (your business) needs to register in the trust framework of each member state whose nationals you serve, integrate the OpenID4VP protocol into your authentication flows and handle the cryptographic verification of wallet presentations. This is not a one-week integration; planning should begin now.

GDPR implications are also relevant. EUDI presentations generate data about your customers' identity attributes. The selective disclosure model minimises the data collected, but you still need a lawful basis for processing identity data received through EUDI verification and must handle it according to your data protection obligations.

The link to wallet passes and Issuepass

EUDI is a separate technical system from Apple Wallet and Google Wallet passes. The credentials it carries are issued by government authorities under the EU trust framework, not by businesses using a pass creation platform. Issuepass does not issue EUDI credentials.

What the EUDI rollout does, however, is accelerate the normalisation of the wallet as a trust layer for all types of credentials. As EU consumers become accustomed to presenting their national ID, driving licence and healthcare card from a wallet app, their expectation that other credentials — loyalty cards, membership passes, event tickets — live in the same wallet solidifies. The businesses that are already present in that wallet, with well-designed passes and active push communication, will be the ones who benefit most from this normalisation.

Start free and build your wallet presence ahead of the digital identity wave.