Implementing acts and business model of the Wallet

Matteo Panfilo Avatar
Matteo Panfilo
Product Strategy Director

Introduction 

The evolution of the European regulatory framework regarding digital identity is reaching a crucial phase with the gradual implementation of the implementing acts of the eIDAS Regulation. The European Digital Identity Wallet represents a groundbreaking shift in the management of identity and electronic certification, with direct implications for both citizens and businesses. However, the implementation of the wallet also raises questions about economic sustainability and the business models that can be adopted to ensure widespread and effective use. 

State of play on implementing acts 

The first group of implementing acts was approved on November 21, 2024, and came into effect on December 24, 2024. This date marks the beginning of a countdown for the adoption of subsequent regulatory measures, including those expected for May 2025. Among the approved acts are four implementing acts, adopted for Article 5a “European Digital Identity Wallets,” as required by Art. 5a(23): 

  • Regarding the requirements of Art. 5a(4): concerning personal identification data and electronic certificates of attributes issued to European Digital Identity Wallets. 
  • Regarding the requirements of Art. 5a(8): concerning the integrity and core functionalities of European Digital Identity Wallets. 
  • Regarding the requirements of Art. 5a(18): concerning notifications to the Commission related to the ecosystem of European Digital Identity Wallets. 
  • Regarding the requirements of Art. 5a(5): concerning the protocols and interfaces to be supported within the framework of the European Digital Identity. 

The fifth approved implementing act concerns the certification of the EUDI Wallet, as required by Art. 5c(6) for the requirements of Arts. 5c(1), (2), and (3), which establishes norms for the application of Regulation (EU) No. 910/2014 regarding the certification of European Digital Identity Wallets. 

Moreover, with the publication of this first group of acts, a key deadline has been set for December 24, 2027, by which companies that are already using strong user authentication for online identification must integrate the wallet into their processes. This obligation extends to key sectors such as transport, energy, banking, financial services, social security, healthcare, telecommunications, and education. 

The implementing acts currently awaiting approval, expected by March 2025 and recently opened for public consultation, regulate other fundamental aspects of the eIDAS framework, including: 

  • Registration of Relying Parties (Article 5b(11)): definition of the rules for the registration and certification of relying parties, i.e., websites and applications that will use the wallet for authentication. 
  • List of Certified Wallets (Article 5d(7)): creation of an official list of wallet providers at the community level and regulation of their interactions with identification mechanisms. 
  • Management of Security Breaches (Article 5e(5)): norms for the handling of security incidents related to the wallet. 
  • Management of Qualified Attributes (Articles 45d(5), 45e(2), 45f(6), and 45f(7)): regulation of the processes for assigning and certifying qualified attributes. 
  • Cross-border Identity Matching (Article 11a): rules for the secure recognition and identification of citizens for cross-border identifications. 

This will be followed by a third batch, likely to be opened for public consultation in March and subsequently approved by May 21, 2025, for a total of about twenty new acts. The consultation of the first two groups has represented a fundamental moment to gather contributions from associations and stakeholders, including Assocertificatori, the Italian association representing qualified trust service providers and certification bodies, and banking associations represented by European Credit Sector Associations (ECSAs). 

These feedbacks are extremely valuable not only for refining the regulatory framework but also for understanding the concrete impacts of the regulation outside the legislators’ chambers. Listening to the market allows for identifying practical challenges that may arise during the implementation phase and adapting regulatory measures to ensure they are truly effective and applicable. Moreover, the active involvement of stakeholders ensures greater acceptance and adoption of the system, facilitating the transition to the new digital model and strengthening user and business trust. 

Sustainability and business models: a cultural challenge 

The creation of the wallet entails high costs and a limited number of certified providers. Thus, the economic sustainability of this ecosystem becomes a central issue. The balance between privacy, security, and remuneration models has been the subject of intense discussions during the negotiation phase of the eIDAS Regulation. In Italy, we are well aware of this issue, given what happened with SPID, and we hope that a sustainable solution can be found for the new model, which must be structurally supported well beyond the phase financed by the PNRR (National Recovery and Resilience Plan). 

Article 5a of the regulation establishes the non-traceability of user transactions when using attributes, thereby limiting monetization opportunities. This principle deviates from existing digital identity models adopted in Europe, such as SPID and CIE in Italy, BankID in Nordic countries, and Itsme in Belgium and the Netherlands, which have allowed a balance between privacy and economic sustainability through transaction traceability. 

However, the European wallet will not be limited to managing digital identity but will also include the use of attributes and payments, opening up new business possibilities. 

According to statements from the European Commission: 

  • The use of the wallet for individuals will be free and voluntary. 
  • Businesses may have to pay for the use of the wallet services, depending on the business model chosen by member states. 
  • Some service providers, such as telecom operators or credit card companies, may be required to pay a fee for user identification via the wallet. 
  • Sharing digital documents could generate costs for the providers of those documents. 

Who pays for the attributes? 

The central question revolves around the remuneration for the management of digital attributes, a crucial theme that is emerging in the ETSI standardization tables. In particular, new solutions are being explored to ensure a sustainability model that does not compromise the privacy and security principles established by the eIDAS Regulation. Some attributes, like degree certificates, are static and used infrequently, while others, such as professional qualification verification, are dynamic and require frequent updates. This implies that the cost of managing attributes may vary significantly based on their nature and frequency of use. 

In the context of ETSI, one of the most promising paths has recently been initiated by Namirial, which is exploring new monetization modalities for attributes, proposing innovative solutions that can ensure a balance between accessibility and economic sustainability for the involved parties. The main challenge is to find a model that covers operational costs without excessively burdening end-users or relying parties while preserving trust and widespread adoption of the European digital wallet. 

The Commission clarifies that “some certificates shared via the wallet may require a payment to the provider, similar to what occurs with paper certificates.” Consequently, the cost could fall on both citizens and relying parties depending on the use case. 

The Wallet in business contexts: the role of the European Business Wallet

The adoption of the wallet in the business context represents an unprecedented opportunity to reform and modernize administrative processes, making them simpler and more efficient, as highlighted in the Draghi and Letta reports. The European Business Wallet has the potential to revolutionize document management for European businesses. Through its implementation, companies will be able to access certified services more quickly and securely, eliminating the need for repeated paper checks and significantly reducing bureaucracy. The interoperability between different economic and institutional actors will streamline document flows, reducing time and operational costs, thus contributing to the competitiveness of the European market. 

Conclusions 

The introduction of the European wallet marks an important evolution in the landscape of digital identity, with challenges and opportunities involving citizens, businesses, and institutions. Major players are already mobilizing to offer solutions that ensure interoperability and support clients during this transition phase, which will be complex and relatively brief.

Last modified:

March 20, 2025

Read the Content Integrity Policy

Share Post

Matteo Panfilo Avatar
Matteo Panfilo
Product Strategy Director

With many years of experience in B2B software and venture capital, Matteo Panfilo is currently the Director of Product Strategy at Namirial. In his previous roles, he spearheaded product development strategies, guided investment decisions, established technology partnerships, and managed pre-sales activities and service P&L. He collaborated closely with sales and delivery teams to drive digital transformation initiatives and deliver software-as-a-service solutions to enterprise customers. Earlier in his career, Matteo built and led a digital sales team focused on providing ERP and accounting SaaS solutions to a diverse customer base. He also spent six years in venture capital, where he invested over €30 million in 20 European tech companies, with a primary focus on SaaS, Fintech, and B2B sectors.