Skip to content

German EUDI Wallet Ecosystem Governance and Operating Model Fundamentals

This section presents the core principles and foundational concepts for the design and implementation of the German EUDI Wallet ecosystem governance and EUDI wallet infrastructure operating model based on the EU eIDAS 2.0 regulation adopted to the German context. This document is created iteratively and is continuously expanded and adapted. We value your feedback and suggestions and will integrate them into our FAQ and future updates.

Empowering Citizens and Residents: Real Choices for Self-Determination with Safeguards in the Digital Realm

The aim of this chapter is to provide an overview about the value proposition of the EUDI Wallet ecosystem for citizens and residents.The European Digital Identity Wallet (EUDIW) empowers users by simplifying access to services, reducing administrative burdens, and offering full control over personal data, while ensuring privacy, security, and legal recognition of electronic attestations and signatures across the EU. The EUDI Wallet ecosystem provides the following value for citizens and residents:

Comfort and efficiency

  • Wallet as digital assistant for managing all kind of attestations in one place
  • Leaving physical documents at home
  • Good user experience
  • Simplified onboarding process for new services
  • Reduce administrative hurdles for users

Better access to services

  • Non-discriminatory access for all actors
  • Access to wide range of public and private services across the European Union both online and offline
  • Opportunity to providing fully digitized business processes
  • Enable powers of representation (e.g. natural and legal persons)
  • Support of cross-border mobility
  • Interoperable e-government services

Control and transparency over personal data

  • Exercise their rights in the digital economy/society
  • Decide what personal data is shared with whom (digital identity under their sole control)
  • Identify the Relying Party the personal data is shared with (accountability of the RP)
  • Identify the PID or (qualified) EAA provider from which the PID/EAA was issued
  • Access a summary of personal data exchanged with Relying Parties and PID/(Q)EAA providers, along with details of electronic signatures generated

Enhanced privacy for sharing personal data digitally

  • Enable privacy preserving techniques which ensure unlinkability, where the attestation of attributes does not require the identification of the user
  • Relying Parties are not allowed to force the identification of users without legal basis and shall not refuse the use of pseudonyms, where the identification of the user is not required by Union or national law
  • Support the pseudonymous use of services:Relying parties shall not refuse the use of pseudonyms, where the identification of the user is not required by Union or national law
  • Data minimization: only personal data that is absolutely required for the business process is shared with Relying Parties
  • Compared to presenting physical documents, only data that is strictly needed is shared within the use electronic attestations
  • Unobservability – ensuring that neither the wallet provider nor the (qualified) EAA providers can monitor user activities.

High security level

  • High level of security and trustworthiness
  • Decentralized architecture with no single eID database for all users reducing impact of data breaches (German eID/ EUDI Wallet Ecosystem)
  • Protection against cybersecurity risks and cybercrime, identity theft and online fraud19
  • Safeguarding personal information from unauthorized or fraudulent use
  • Support Strong User Authentication to replace user name/password authentication

Legal recognition and harmonization

  • The use of the EUDI Wallet is entirely voluntary, and individuals are free to choose whether or not to use it, without facing any negative consequences
  • Every citizen and resident has the right to get access to and to use EUDIW free of charge across all member states
  • Electronic attestations of attributes issued by the public sector have the same legal value as paper attestations across the Union (for PubEAA)
  • Empower citizens and residents to fully benefit from digitalization

Free Qualified Electronic Signatures for non-professional use

  • Provide citizens and residents with a reliable and legally recognized means to sign documents digitally
  • Provide citizens and residents with free of charge qualified electronic signatures for non-professional purposes
  • Sign self-claimed assertions or attributes
  • Sign a power of attorney statement
  • Relying Parties will be able to sign through the EUDIW, making it easier for them to use QES

Unlocking Value Creation: How the EUDI Wallet Ecosystem Benefits Public and Private Organizations

This chapter aims to provide an overview of the value proposition of the EUDI Wallet ecosystem for organizations. The EUDI Wallet ecosystem offers significant value for both public and private organizations by providing a secure, interoperable and user-centric framework to utilize the standardized EUDI wallet features. By integrating the EUDI Wallet into their processes, organizations can drive efficiency, reduce fraud, and improve user experience, all while ensuring compliance with the eIDAS 2.0 regulation. The EUDI Wallet ecosystem provides the following value for public and private organizations in roles where they provide and consume attestations through the EUDI wallet ecosystem:

Value proposition for organizations that act as relying parties and consume attestations

Better customer satisfaction

  • Higher conversion rates facilitate market reach through optimized UX
  • Streamline the onboarding process for customers in a recognizable way by using the wallet for multiple processes
  • Digitized processes simplify access to goods and services

Electronic attestations Incentivize digitization of business processes

  • Digitize the full business process: enable Relying Parties to utilize multiple EAAs issued by public and private (Q)EAA Providers
  • Reduce fraud: attested data signed by a trusted authority hinder manipulation of data provided by the user
  • Automated processing by Relying Parties due to standardized format for the provision of EAA (schema), esp. reduce data entry errors
  • Opportunity to create value added services requiring secure user identification and authentication

Efficiency and cost reduction

  • Reduce operational costs by achieving significant efficiency gains
  • Drive down costs for identification and ID verification
  • Reduce administrative burden
  • Reduce inconsistencies by minimizing the need for repeated data submissions

Secure and trusted transactions

  • Reduce risks associated with cybercrime like identity theft and online fraud
  • Protect against unauthorized or fraudulent use
  • Build trust among users and service providers
  • Each organisation that wants to interact with an EUDI Wallet, needs to be authenticated before.

Harmonization and interoperability

  • Guarantee availability and reach in the EU and aim for global reach
  • One technical interface for all wallets
  • Digital identities are accepted regardless of the Member State
  • Ensure secure transactions across borders: The EUDI Wallet is a harmonized approach to trust, security, and interoperability for electronic identification and authentication:

Wallet-Relying Parties in the role of EAA Providers

  • Manage assets and related access rights through EAA loaded into the user wallet
  • Increasing the usage frequency of the wallet by issuing EAA for multiple domains triggers network effects

Legal and regulatory compliance

  • Assure compliance with Union data protection and security laws: data minimization, purpose limitation, and data protection by design and by default
  • Reliable expression of will by the User
  • Take informed decisions on trust level according to risk level of transaction

Value proposition for organizations that act as relying parties and provide attestations

Non-discriminatory, interoperable access to EUDI wallets enable EAA Providers to issue electronic attestations to all users, enhancing trust, privacy, and fraud prevention while reducing manual effort. Private EAA Providers from different business domains augment the value of the whole ecosystem, public stakeholders included.

Value creation through attestation issuance

  • Reduce costs for issuing paper based attestations, especially with higher security requirements
  • Reduce costs for issuing and maintaining card based attestations, e.g. door keys, without the need to develop and maintain an own app
  • Minimize manual labor by automating the issuance process
  • The more EAA are issued and requested by relying parties the more the wallet is attractive for the users (network effect)

European Digital Identity Wallets create a level playing field for EAA Providers

  • Legal framework guarantees non-discriminatory access to all EUDI wallets for all EAA Providers (no restrictions to specific wallets)
  • Interoperability assures a maximum reach to EUDI wallets for EAA Providers

Registered EAA Providers establish trust for the common ecosystem

  • The authenticity of the EAA Provider is controlled by the EUDI wallet, assuring that only registered EAA Providers can issue attestations to the EUDI wallet
  • Relying Parties can assure that a certain EAA Provider is registered by a member state

Relying Parties/Domains in the role of EAA Providers

  • Use EAA for sharing personal customer data with third parties: get explicit customer consent, avoid insecure transmission channels
  • Manage assets and related access rights through EAA loaded into the user wallet
  • Augment the usage frequency of the wallet by issuing EAA for multiple domains

Value proposition for organizations that act as EUDI wallet providers to serve citizens

For Germany, the decision has been taken by the government that conditions for non-governmental providers will be created allowing them to have their own EUDI Wallets certified and recognized. In addition, the German government has taken the decision to become a Wallet Provider itself. Therefore, there might be different EUDI Wallets from the private sector competing with the wallet provided by the government.

Here, you can find more details about the decision that has been made.

To support the development of non-governmental wallets, the German government will open-source its own wallet as a foundational implementation. Additionally, as part of the EUDI wallet ecosystem orchestration, a shared open-source EUDI wallet development will be maintained to enhance synergies, foster trust, and reduce overall costs for ecosystem actors.

The major reasons for the German government to become a Wallet Provider are:

  • Guarantee the availability of at least one EUDI Wallet by end of 2026 / beginning of 2027
  • Strengthen the digital sovereignty of the Federal Republic of Germany itself
  • Offering citizens an EUDI wallet without commercial interests as part of the “öffentliche Daseinsvorsorge" (service provision in the public interest)

Becoming a non-government EUDI wallet provider offers e.g. the following opportunities for organizations:

  • Offer value added services for natural persons on top of the EUDI wallet scope
  • Improve/retain customer relationship by integrating EUDI Wallet functions into existing customer apps
  • Bundling services and maximizing synergies as a Qualified Trust Service Provider (QTSP) by offering EUDI Wallet, Qualified Electronic Signature (QES), and Qualified Electronic Attribute Attestation (QEAA) while leveraging economies of scale.

Driving Societal Progress: The EUDI Wallet Infrastructure is a Foundational Digital Public Infrastructure for Society

This chapter aims to provide an overview of the value proposition of the EUDI Wallet ecosystem for the German society and explains why the German government should investing and drive the implementation of the EUDI wallet ecosystem.

The digital transformation of German Society shall empower the sovereignty of citizens and residents in a digital space that is less prone to fraud and enables the creation of economic value. To establish the underlying ecosystem a level playing field shall be created for all EUDI wallet ecosystem actors - such as public and private service providers.

Enable the digital transformation of German Society

  • Deploy wallet ecosystem as facilitator for the digital transformation
  • Provide at least one wallet solution independent of commercial success criteria
  • Foster innovations as basis for a reliable digital infrastructure
  • Create a level playing field for all stakeholders in the ecosystem (fair competition)
  • Enable freedom of choice regarding the EUDI Wallet for citizens and residents to foster trust and innovation

Improve the sovereignty of citizens and residents

  • Empower citizens and residents to act independently and confidently in their digital lives
  • Bridge the digital divide in our society through inclusive design
  • Avoid surveillance by design

Establish an interconnected ecosystem between all EU member states

  • Seamless and secure digital interactions across the EU for all ecosystem participants, esp. Users, Relying Parties and EAA Providers
  • EU wide non-discriminatory ecosystem access to all EUDI wallets for EAA Providers and Relying Parties

Improve security and trust for the digital space

  • Harmonized oversight and trust infrastructure
  • Ensure accountability of all stakeholders in the ecosystem
  • Reduce fraud and cybercrime
  • Protect users against unauthorized or fraudulent use of their digital identities

Foster economic value creation

  • Enable public administrations and private organizations to make their processes more user friendly, transparent and efficient
  • Enable Relying Parties to reduce their operational costs linked to electronic identification and authentication
  • Promote the secure digital transformation of SMEs
  • Facilitate easier access to services across borders, reduce administrative burdens
  • Enable commercial business models on top of the infrastructure

Splitting Responsibilities: Differentiation between a Government, Cooperative and Competitive Space for Efficient Collaboration

The emergence of the German EUDI wallet ecosystem requires a division of responsibilities between government tasks (government space), public-private cooperation (cooperative space) and individual differentiation and specialization (competitive space). Figure 1 provides an overview of the conceptual framework for the three responsibility spaces.

Responsibility Spaces.

Figure 1: Mapping the responsibilities of the government, cooperative and competition space

The government domain is dedicated to establishing the essential trust infrastructure for the EUDI wallet ecosystem. It ensures regulatory oversight, certification, enforcement, and the provision of public credentials, such as the Person Identification Data (PID) or a mobile Driving License, to boost credential sharing through the EUDI wallet ecosystem. The cooperative space between diverse public and private ecosystem actors aims to generate network effects through an acceptance network by offering a variety of domain-specific credentials and integrating multiple organizational use cases. This approach ensures a broad reach and drives widespread adoption of the public-private EUDI wallet ecosystem. In this context, "public-private" means that the EUDI Wallet ecosystem extends beyond the public sector, encompassing the private sector, academia, and civil society. Furthermore, collaboration is needed to create common standards that ensure interoperability, foster ease of use and lead to a harmonized ecosystem beyond technical and organizational silos. In addition, co-creation is essential to reducing barriers through an open process aimed to develop fundamental ecosystem components that serve shared interests (e.g., the core EUDI wallet). This approach helps lower overall costs for the EUDI wallet ecosystem and its individual actors.

The integration of the government and cooperative spaces within the EUDI wallet ecosystem leads to an unified governance of the EUDI wallet ecosystem, grounded in European and national legislation that establishes the rules, responsibilities, and incentives necessary for effectively orchestrating an ecosystem comprising diverse independent organizations and individuals. It ensures the effective utilization of the underlying trust infrastructure, promotes value creation for both citizens and organizations, and minimizes misuse through preventive measures and appropriate sanctions. Additionally, a key aspect of orchestration involves communicating and educating stakeholders and the broader public about the EUDI wallet ecosystem. These efforts aim to ensure that the ecosystem is visible and operates in alignment with its objectives, fostering a sustainable and trusted environment.

The competition space defines the area where ecosystem actors engage in competition and differentiation, fostering choice, innovation, and resilience through multiple offerings within the EUDI wallet ecosystem. The competition space is an integral part of the overall EUDI wallet ecosystem governance, which establishes rules and incentives to ensure fair competition and public accountability. At the same time, it strives to maximize market-driven mechanisms for the participating actors. In the competition space, three key opportunities emerge for innovation in products, services, and business/operating models. Organizations can leverage all three options to develop offerings that deliver value for, through, and on top of the EUDI Wallet ecosystem:

EUDI Wallet Providers

EUDI Wallet Providers offer a EUDI Wallet solution to users, representing a product and service owned and managed by the eIDAS 2.0 certified wallet provider. This offering can be provided as a standalone product or extended beyond the certified EUDI Wallet solution that can be characterized as the Wallet Infrastructure scope. The flexibility of the chosen architecture, which complies with certification requirements and supports additional features and services beyond the core EUDI Wallet instance, allows EUDI Wallet Providers to differentiate (e.g. through UX, user related features) themselves and offers users a range of choices.

Illustrating Examples:

  • Instead of offering a standalone app, the EUDI Wallet solution can be integrated into existing consumer-facing applications, such as insurance´s, bank’s, airline’s or platform provider branded apps. In doing so, the EUDI wallet feature scope and interfaces must be the same to fulfill the upcoming certification requirements and interoperability. To meet upcoming certification requirements and ensure interoperability, the EUDI Wallet's feature scope and interfaces must be the same, regardless of whether additional features beyond the EUDI wallet core are implemented. Features specific to the insurance, banking or airline services that extend beyond the core EUDI Wallet instance are not subject to the eIDAS EUDI wallet certification process. This approach also allows EUDI Wallet providers the flexibility to offer additional, potentially chargeable services for users on top of the certified wallet functionality. These added value services are not part of the EUDI wallet certification process but might be subject to other regulations (e.g. financial services).

  • An existing identity and trust service providers can transition into an EUDI Wallet Provider, benefiting from the ecosystem's reach and economic synergies with existing services, such as the provision of Qualified Electronic Signatures (QES) or Qualified Electronic Attestation of Attributes (QEAA). From the perspective of existing identity and trust services, the EUDI Wallet ecosystem serves as both a sales channel for established offerings and an opportunity to expand business activities through the EUDI wallet, particularly by engaging directly with users (2C market).

Ecosystem (Technology) Service Providers

Ecosystem (Technology) Service Providers offer products and services that help organizations comply with EUDI Wallet ecosystem requirements, ensuring active participation while maximizing value for individual stakeholders. While these providers do not hold an official role within the EUDI Wallet ecosystem, they have a critical support function by empowering organizations to effectively fulfill their roles (e.g. become a provider or relying party) within the EUDI wallet ecosystem. They provide their products and services directly to individual organizations and receive financial compensation for the value they deliver. Here, market mechanisms define the success as these actors need to convince other organizations that they provide value.

Illustrating Examples:

  • Conformity Assessment Bodies (CABs) are accredited organizations, authorized by the German National Accreditation Body, responsible for conducting assessments that support the certification process for entities such as (possible) EUDI wallet providers. By ensuring compliance with the certification scheme, CABs enable organizations to become part of the EUDI wallet ecosystem. In return for their services, CABs are financially compensated by the organizations utilizing their service.

  • Technology Service Providers offer organizations products and services to ensure technical compliance and an easy and quick integration with the EUDI wallet ecosystem requirements. For example, they might offer products and services to help organisations to register and onboard in the EUDI wallet ecosystem. Each organization evaluates the value of these offerings and, if deemed beneficial, compensates the technology service provider for the products or services they utilize.

  • Consulting Service Providers assist organizations in strategically aligning with and leveraging the EUDI Wallet ecosystem to benefit their customers. This support may include optimizing existing business processes through the integration of EUDI Wallets and utilizing the advantages offered by the ecosystem. For their advisory and consulting services, they are compensated by their customers.

Domain organization and governance

For the functioning of the EUDI Wallet ecosystem, various attestations are of great importance. The provision of these attestations is carried out by individual organizations operating in specific domains. Domains are formed by groups of similar or industry-specific use cases. For example, e-prescriptions and health insurance applications are part of the "Health" domain, account openings and bank transfers are part of the "Banking" domain. Organizations and domains are responsible for managing their own trust frameworks. These domain-specific trust management mechanisms determine whether a domain-specific EAA provider is authorized to issue certain EAAs that are universally accepted within the domain. This includes defining the requirements for providing EAAs within the EUDI wallet ecosystem in alignment with domain-specific schemas, which may be mandated by specific disclosure policies to ensure their seamless integration and usage within the ecosystem. Domain-specific trust management may be shaped and defined by regulations specific to each domain, making compliance the responsibility of the respective domains and the organizations involved. For example, regulations such as PSD2 in the banking sector or AML requirements impose specific obligations that influence how banks interact with the EUDI Wallet ecosystem.

The interplay between the cooperation and competition space highlights the need for individual organizations and domains to develop their own strategy on how to interact with the EUDI wallet ecosystem. This includes defining to aim for an active role within the ecosystem, such as acting as a Relying Party, EAA provider or an EUDI Wallet provider, or focusing more on a supporting role as e.g. an Ecosystem (Technology) Service Provider that empowers other organizations to leverage the ecosystem effectively. Furthermore, it emphasizes the critical importance of fostering a cooperative space, particularly by establishing a broad public-private acceptance network with diverse use cases. This necessitates contributions from various domains (e.g. financial services, healthcare, mobility and ecommerce) to provide (Q)EAA credentials to the ecosystem, enabling users to access and utilize them through their EUDI wallets. It also empowers relying parties to optimize existing online and offline business processes while driving the development of innovative new offerings.

The responsibilities within the EUDI wallet ecosystem can be split into I) responsibilities of the ecosystem, II) domain responsibilities and III) responsibilities of individual organizations:

I) Ecosystem responsibilities

  • Provide EUDI wallet infrastructure including trust management
  • Harmonize the regulatory framework to ensure the legal operation of the EUDI wallet ecosystem
  • Provide orchestration capabilities to develop and expand the EUDI wallet ecosystem while facilitating engagement with ecosystem stakeholders and the broader public

II) Domain responsibilities

  • Develop domain specific strategies to interact with the EUDI wallet ecosystem
  • Define trust mechanisms and requirements to offer (Q)EAAs to the EUDI wallet ecosystem

III) Organization responsibilities

  • Develop organization specific strategies how to interact with the EUDI wallet ecosystem as relying party and/or EUDI wallet provider

Ecosystem Orchestration: A Critical Capability for Stakeholder Alignment and Continuous Testing and Development

Ecosystem orchestration is a resource-intensive and critical capability for ensuring effective stakeholder alignment between the ecosystem vision, the regulatory and governance framework and the successful EUDI wallet ecosystem operationalization that steers the adoption through collaborating with public and private organizations and society. Germany has so far missed the opportunity to fully harness the potential of digital identities and credentials for the benefit of citizens, the economy, and society. The reasons are manifold, ranging from fragmentation caused by numerous initiatives and inconsistent solutions to regulatory barriers, a lack of user-centric approaches, and limited interoperable acceptance among businesses and public authorities. In summary, the current status quo is characterized by inefficiency, high costs, and minimal value generation for stakeholders from an individual and societal perspective. This is largely due to the absence of a shared vision and effective cross-sector orchestration. Addressing these challenges requires close collaboration across national and international boundaries, between public and private sectors, and among governments, public administration, businesses, civil society, and academia. Achieving this transformation demands not only coordinated efforts and collective commitment but also proactive and strategic political and operational orchestration to ensure the EUDI wallet ecosystem success. The development, piloting, and scaling of the German EUDI Wallet ecosystem are progressing simultaneously and must align with existing legal, economic, organizational and technical realities. Executing an ambitious vision for the EUDI Wallet ecosystem necessitates an iterative, small-scale, and experimental approach, integrated within a well-structured and coherent strategy.

Key Requirements for an Ecosystem Orchestrator Organization

An ecosystem orchestrator plays a pivotal role in developing the essential orchestration capabilities required for the successful implementation of the German EUDI Wallet ecosystem. This effort requires strong collaboration with political decision-makers, regulatory authorities, public and private sector organizations, as well as national and international expert communities and professional and individual stakeholders. Figure 2 provides an overview of the stakeholder ecosystem that the orchestrator must engage and collaborate with.

EUDI Wallet Ecosystem
Orchestration.

Figure 2: Ecosystem orchestration as a key activity to align various stakeholders

Note: The blue arrows indicate that the ecosystem orchestrator must engage with a wide range of stakeholders, extending beyond the EUDI Wallet Ecosystem in Germany.

German EUDI Wallet ecosystem orchestrator responsibilities

Development and Implementation of the Ecosystem Vision, Requirements and being the Owner of the Development Roadmap:

  • The Ecosystem Orchestrator should collaborate with legislators, regulators, ecosystem actors, domain governance bodies, and the wider public to shape and realize the ecosystem vision for the EUDI wallet ecosystem. This involves defining the requirements for the German EUDI Wallet ecosystem, contributing to national and international regulatory and certification updates as well as standardization activities. In doing so, it should maintain a comprehensive roadmap for the ecosystem development.

Public Communication and Community Engagement:

  • Leading communication and marketing initiatives to enhance the visibility and trust into the German EUDI wallet ecosystem. Actively involving the EUDI wallet community (e.g. in permanent working groups, various events etc.) in the ecosystem development activities to ensure participatory engagement.

Education and Empowerment of Ecosystem Actors:

  • Educating and empowering ecosystem actors, domains, and other stakeholders to actively participate in the EUDI wallet ecosystem while ensuring interoperability across central components (e.g., national playground and sandbox testing between PID provider/EAA providers, EUDI wallets, and relying parties).

Active Collaboration with Academia and Experts:

  • Engaging with academic institutions and experts to explore emerging technologies and assess the technological, economic, legal, and social impacts of the EUDI wallet ecosystem. This includes monitoring, experimenting, standardizing, testing, and adjusting regulatory frameworks to facilitate ecosystem adoption.

Contributing to Standardization and Shaping the Technical Discourse

  • By actively collaborating with standardization bodies, industry experts, and technical communities, the orchestrator organization ensures interoperability, compliance, and technological advancement within the ecosystem. These efforts address challenges related to technical standards, including security, privacy, scalability, interoperability, economic implications, and user experience, while aligning with societal and regulatory requirements.

Organizing Innovation Challenges and a Shared Open Wallet Development Process:

  • Orchestrating and maintaining a shared open wallet development approach in collaboration with other EUDI wallet providers, technology service providers, and the technical expert community, aiming to leverage synergies, foster innovation, minimize overall costs and increase trust and security of central ecosystem components.

Responsibility for the Development and Operation of Continuous Testing Spaces:

  • This responsibility involves the design, implementation, and management of continuous testing spaces of the German EUDI wallet ecosystem. The “Wallet Innovation Lab” serves as a collaborative innovation space for regulators and innovators to explore technological advancements, use cases, and policy innovations that support ecosystem development and may later become integral to it. The “Sandbox” serves as a controlled production-ready environment where new features, updates, and integrations can be safely tested without impacting the live ecosystem. Passing it will be a mandatory step for rollout, and access to it will be integrated into the ecosystem onboarding process.

Single Point of Contact for Ecosystem Actors, Regulatory Authorities and the Public:

  • The Ecosystem Orchestrator serves as a centralized point of contact to address siloed information and operations to mitigate national fragmentation. In collaboration with registrars and national regulatory authorities, the orchestrator ensures that issues such as complaints are effectively processed and enforced, fostering EUDI wallet ecosystem compliance and trust building. The aim of the orchestrator is to bring the relevant actors of the ecosystem together.

Aggregating Ecosystem Information as a Single Source of Truth in a Public Dashboard:

  • The Ecosystem Orchestrator is tasked with promoting transparency by maintaining a public, machine-readable ecosystem dashboard. This dashboard delivers comprehensive, non-privacy-related ecosystem data, promoting accountability and providing valuable insights to stakeholders such as policy-makers, civil society, academia, and the broader public. It serves to enhance transparency and reinforce confidence in the ecosystem's operations.

In order to successfully fulfill the ecosystem orchestrator responsibilities, the following organizational conditions and governance requirements should be ensured:

Public Organization:

  • The ecosystem orchestrator should be an organization under public control to ensure public accountability and ownership of the federal government.

Agile Organization:

  • The ecosystem orchestrator organization should operate as independently as possible from governmental structures and processes. It should maintain an autonomous budget funded through public subsidies and ecosystem revenues based on the ecosystem operating model. Furthermore, the ecosystem orchestrator should have the ability to offer competitive contracts to specialists and managers from the private market and academia, enabling it to attract top experts and talent to support its organizational mission. This requires an exemption from the principle of equal treatment known in the public sector ("Freistellung vom Gleichstellungsgebot"). In return, the ecosystem orchestrator will be responsible for organizing, strategically guiding, and driving the entrepreneurial development of the ecosystem, ensuring its effective operation.

Open Organizational Governance:

  • The ecosystem orchestrator organization should have an organizational governance that enables broad EUDI wallet ecosystem actors and expert stakeholder participation. In addition to establishing a supervisory board, the inclusion of specialized advisory boards - such as those with scientific, regulatory or market expertise - could be a valuable option. These boards would complement the activities and formats (e.g. public working groups, community events, expert conferences) designed to fulfill the orchestrator's responsibilities.

Public Tendering:

  • The ecosystem orchestrator should issue public tenders for all services related to the ongoing development and operation of the EUDI wallet ecosystem and its core components. It should be empowered to design and implement agile, legally compliant procurement models - such as pre-commercial procurement - to promote transparent, flexible, and sustainable partnerships. All ecosystem components developed through tenders should be licensed as open source to enhance trust, enable reuse, and encourage contributions.

Ensuring the sustainable support and safeguarding of non-commercial ecosystem activities:

  • The ecosystem orchestrator should establish mechanisms to compensate stakeholders who actively contribute to the EUDI wallet ecosystem on a non-commercial basis. This approach aims to encourage voluntary participation and support contributions from civil society actors and academia, e.g. to review the registered intended use for RP in order to fight over identification. Furthermore, the orchestrator should provide robust support for maintainers involved in the shared open wallet development process and related activities.

Ecosystem Onboarding: Consolidating Information, Centralizing Access, and Enhancing Transparency to Prevent Misuse

The eIDAS 2.0 regulation mandates the registration of organizations interacting with the EUDI Wallet ecosystem. This requirement fosters transparency, helps prevent misuse, and serves as a mechanism for co-financing the EUDI Wallet ecosystem and the underlying digital public wallet infrastructure. The ecosystem registration concept centers on the registration of specific use cases and the declaration of intended uses.

The German EUDI Wallet Ecosystem prioritizes robust governance to ensure trust, security, and accountability among all ecosystem actors. A key aspect of this governance requirement is a streamlined ecosystem onboarding process, which is essential for gaining access to the EUDI Wallet ecosystem. In line with eIDAS 2.0, a "relying party" refers to any legal or natural person intending to interact with the EUDI Wallet. This term applies universally to organizations that need to register, regardless of whether their intended use involves receiving a PID, obtaining an (Q)EAA, or issuing an (Q)EAA to the ecosystem for use by other actors on behalf of the user.

The ecosystem onboarding process occurs online through a central web portal hosted by the ecosystem orchestrator. This portal will also provide a third-party API, enabling the integration of its functionalities into various user contexts by e.g. ecosystem technology service providers as part of their offerings. The ecosystem orchestrator’s website that includes the organization portal serves as the central information hub for the public, including citizens, organizations, and policymakers. The Figure 3 illustrates the concept of the EUD Wallet Ecosystem Web Portal.

EUDI Wallet Ecosystem Webportal
Functionalities.

Figure 3: Component overview of the EUDI Wallet Ecosystem Webportal and Onboarding

Note: The arrows indicate that all (potential) relying parties—such as public, private, research, and civic organizations—interacting with the EUDI Wallet Ecosystem access the EUDI Wallet Ecosystem Web Portal. This also applies to the general public, which includes a broad range of stakeholders (e.g., citizens, academia, civil society, and media), as well as entities performing regulatory roles, such as RP registrar and EUDI Wallet registrar.

The ecosystem web portal provides information and transparency through the following requirements:

  • General public information on the web portal for multiple user groups (e.g. citizens, organizations, academia or media). The primary focus of the public information is to explain the EUDI wallet ecosystem, highlight its value, and provide educational content for various stakeholders.

  • As part of the public information available on the web portal, all intended uses of EUDI Wallet RPs must be published in an aggregated, searchable, and machine-readable format, enabling the public to identify potential misuse.

  • A public ecosystem dashboard collects and visualizes key performance indicators (KPIs) in a machine-readable format, ensuring transparency without negatively impacting privacy for the general public, civil society, and academic experts. A public ecosystem dashboard concept will outline the details and define the requirements in greater depth at a later project phase.

  • To streamline ecosystem onboarding, including declaring the intended use and other related activities, the ecosystem web portal will offer an API for third-party integration.

The ecosystem orchestrator web portal enables the EUDI wallet ecosystem onboarding through the following requirements:

  • The ecosystem web portal provides the registration process and access to the German EUDI wallet ecosystem (including test enviroments)

  • The ecosystem web portal requires organizations the opportunity to declare their intended use when interacting with the EUDI Wallet. Organizations joining as relying parties, (Q)EAA providers or EUDI wallet providers have the possibility to open an organization account to manage their activities efficiently. The onboarding steps are defined in an later update and may include intended use declaration, payment and legal issues.

The described ecosystem onboarding process is consistent across various use cases and organizations seeking access to the EUDI Wallet ecosystem. The following examples illustrate this process:

  • KYC for Financial Services: A bank seeking to receive a PID (Personal Identification Data) for a KYC (Know Your Customer) process must register as a relying party and declare its intended use as “KYC for Anti-Money Laundering,” specifying the required data attributes necessary for its operations. Once the registration process is complete, the bank receives an access certificate for the authentication and a registration certificate for the intended use. During the use case (e.g., opening a bank account), the declared intended use is displayed to the new customer through his or her EUDI Wallet. If the requested data exceeds the declared intended use, the user is alerted and the process is aborted. This mechanism not only informs users but also helps identify potential misuse by relying parties.

  • Pseudonym Login: An eCommerce platform requiring a pseudonymous login from the EUDI Wallet must register as a relying party to obtain an access certificate.This intended use are displayed to the users, ensuring transparency and enabling informed consent.

  • QES/Payment authorization: For payment authorization or qualified electronic signature (QES) providers, the process involves registering to request a transaction authorization for authorizing signing contracts or payments. These intended uses are displayed to users, ensuring transparency and enabling informed consent.

  • Issuing a Diploma: An educational institution, such as a university, aiming to issue a diploma to a student after graduation, must register as a relying party and declare its intended use as “Providing a University Diploma.” The issuing process must comply with the requirements defined in the institution's or domain disclosure policy. This policy specifies the credential requirements and is the responsibility of the issuing organization, often influenced by regulatory or domain-specific standards. For instance, the education sector may define harmonized issuing requirements to standardize policies across institutions. This approach applies to other credentials as well, whether they are long-term and static (e.g., diplomas) or short-term and dynamic (e.g., credit scores).

The ecosystem registration process facilitates collective oversight by ecosystem actors and regulators, leveraging transparency by design. Registered participants are subject to public monitoring and enforcement processes, ensuring swift and effective responses to violations. This collective approach strengthens trust within the ecosystem and promotes broader adoption by ensuring secure and reliable ecosystem interactions. The following examples illustrate how maximizing transparency effectively balances the flexibility required for ecosystem adoption with robust safeguards against misuse:

  • Ecosystem orchestrator website and organization web portal as single information and ecosystem access point: A centralized public frontend for various ecosystem user groups including citizens, organizations, and regulators streamlines access to information and interaction within the EUDI wallet ecosystem. The orchestrator plays a key role in connecting these user groups while hosting central components such as the orchestrator website that includes the organization web portal. This ensures that information remains easily accessible, consistent, and trustworthy.

  • Use-case restriction and user warnings: The EUDI Wallet only permits relying parties to offer use cases that are explicitly registered after receiving the access and registration certificate. If a mismatch occurs, users are proactively warned. However, users retain the ability to proceed based on their individual decisions, provided they make an active and informed choice.

  • Public transparency through the need of declared intended uses and an ecosystem dashboard: Registered relying parties (organizations) and their declared use cases are publicly listed on an ecosystem dashboard managed by the Ecosystem Orchestrator. This machine-readable data provides critical insights for regulators, civil society, and researchers, enabling the identification of misuse, linked to registered use cases. For instance, organizations seeking access to regulated PIDs must pay a fee, increasing the threshold for potential abuse. This fee is not only tied to the organization’s registration but also scaled to reflect the value the specific use case provides within the EUDI wallet ecosystem. This approach ensures that relying parties are both identified and financially accountable for their declared use cases.

Ecosystem Access Fees: Enabling Public-Private Co-Financing and Sustaining the EUDI Wallet Infrastructure Operating Model

The operating model of the ecosystem orchestrator should prioritize public oversight, efficient management, and adequate funding that after the establishment of the organization is based on revenues from the ecosystem. Emphasis should be placed on maintaining a streamlined and straightforward structure to minimize unnecessary costs on governance and compliance processes. This approach ensures that resources are directed toward the effective delivery and operation of the ecosystem, maximizing its value and impact. The core belief of the ecosystem operating model is that the initial provision of the EUDI Wallet infrastructure that leads to the emergence of the EUDI wallet ecosystem can only be financed by the federal government, with costs being recovered through refinancing during operation after a successful launch period. To encourage adoption, it is essential to waive the ecosystem access fee initially, as many organizations must invest in compliance with the EUDI wallet ecosystem. Once the launch is successful, the access fee can be gradually introduced to support the refinancing of the EUDI wallet infrastructure. Figure 4 summarizes high-level the operating model of the ecosystem orchestrator organization.

EUDI Wallet Ecosystem Operating
Model.

Figure 4: Operating Model of the EUDI Wallet Ecosystem

After the initial investment and orchestrator establishment, the EUDI Wallet Infrastructure and ecosystem components need to be provisioned and operated. Since the EUDI Wallet Ecosystem creates value for multiple organizations, they are either obliged by the eIDAS 2.0 regulation or might decide to join it voluntarily. To refinance, at least the operations of the EUDI wallet infrastructure organizations that interact with the EUDI wallet ecosystem must pay an access fee as part of the onboarding process.

Access Fees Based on the Ecosystem Onboarding Process to Enable Co-Financing and Promote Broad Ecosystem Adoption

The provision of the EUDI Wallet Ecosystem and the underlying digital public wallet infrastructure generates value for various public and private ecosystem actors. Given the significant investment needed for the initial provision, the sustainable operation, and further development, it is not only fair but also recommended to share the costs between the government and the ecosystem actors that utilize the value from the offering. Therefore, a co-financing mechanism needs to be implemented, and here the ecosystem onboarding process can be leveraged to enable a simple and digital payment of an ecosystem access fee. Following the ecosystem onboarding process, in the last step, payment details for billing must therefore be filled out.

The ecosystem access fee structure is designed to balance co-financing responsibilities based on the generated value for an organization (relying party) while promoting ecosystem adoption. This approach aims to trigger network effects that attract additional interactions with the EUDI Wallet ecosystem, leveraging the foundational wallet infrastructure. The more organizations interact with the EUDI wallet ecosystem, the lower the costs for an individual organization to refinance the provision and operation of the EUDI wallet ecosystem. Therefore, adoption is essential for reducing costs and ensuring a sustainable operating model.

For designing the ecosystem access fee we aim to balance and fulfill the following requirements:

  • The ecosystem access fee should be simple, transparent and stimulate adoption
  • The more value the EUDI wallet ecosystem provides for an organization, the higher should be the financial contribution
  • Economically larger organizations should contribute financially more, than non-profit or smaller organizations to increase adoption
  • The ecosystem access fee should incentivize the provision of EAAs in the ecosystem, as these provide the foundation for demand of other organizations

The ecosystem access fee could be theoretically determined through the following building blocks:

The organization type, determined by factors such as size, status, or regulatory obligations, can influence differentiated access fees. For example, variations may apply based on whether an organization is large or small, for-profit or non-profit, or subject to specific regulatory requirements.

  • Challenge: How to differentiate the organizational type fairly?

The value of the EUDI wallet for an organization depends on its feature set and declared intended use. For example, variations may arise depending on whether an organization consumes attestations such as a PID, provides EAAs, or utilizes functionalities like pseudonym login or payment authorization.

  • Challenge: How to determine which EUDI wallet feature leads to which price tag?

The consumption base can be measured by the number of credentials used within a specific time period and may be calculated based on the previous year's consumption. For example, organizations with higher consumption, based on their declared intended use, incur higher costs. A key prerequisite for this model is the ability to track transactions within the ecosystem, enabling accurate measurement of consumption, which serves as the basis for pricing.

  • Challenge: The prerequisite for measuring consumption is the tracking of transactions, which is subject to regulatory restrictions and has privacy implications. For instance, a credential provider should not be aware of where a user is using credentials from an EUDI wallet. Similarly, an EUDI wallet provider should not be aware of which relying party a user is interacting with when utilizing the EUDI wallet.

  • Challenge: A transaction-based charging model would require an EU-wide scheme, which is challenging to establish and would introduce additional complexity to the EUDI Wallet ecosystem.

Based on the described building blocks the ecosystem access fee could be centered around the value of the EUDI wallet for an organization as the following model in Figure 6 proposes:

Ecosystem Access Fee Modell.

Figure 5: Ecosystem Access Fee Model for Organizations

The fundamental assumption of the outlined model is that an organization has multiple applications that interact with the EUDI Wallet ecosystem. These can include one or more websites or mobile applications. Once these applications have been declared, the planned interaction with the EUDI Wallet must be specified for each one. Depending on the type of interaction, different costs apply. For example, a pseudonymous login is a function that provides organizations with less direct value but is crucial for user acceptance and engagement with the EUDI Wallet. Therefore, it may be offered free of charge.

However, consuming attestations—such as requesting a PID, a school certificate, or proof of membership—incurs an annual flat usage fee. To simplify value determination, this is a flat fee and allows unlimited interaction with the EUDI Wallet ecosystem. The same model applies to the use of a Qualified Electronic Signature (QES) or payment authorization. The exact fee amounts still need to be determined, balancing the need to generate revenue with minimizing adoption barriers. Therefore, ecosystem access fees should only be applied once the EUDI Wallet ecosystem demonstrates adoption and delivers tangible value to the participating organizations ("nachgelagerte Finanzierung").The EUDI Wallet ecosystem benefits when a large number of attestations are available, which can be utilized by other ecosystem participants.

Organizations can reduce their interaction costs with the EUDI Wallet ecosystem through a flat incentive credit by providing attestations. Depending on the use case, organizations can lower their costs to a maximum of zero by supplying attestations for which either they or another organization has declared an intended use. The annual access fee per organization is calculated by multiplying the number of declared applications by the number of declared EUDI wallet interactions, then subtracting the total flat incentives from the total flat fees.

Illustrating Examples: Organization A operates both a web portal and a mobile application that interacts with the EUDI wallet ecosystem. The organization plans to enable for both applications a pseudonym login via the EUDI, obtain a PID credential, and issue an attestation.

In this scenario:

  • The pseudonym login is free.
  • The organization pays a flat fee for consuming the PID attestation.
  • The organization receives a flat incentive for providing an attestation.

In summary, the organization has three declared interactions with the EUDI Wallet, which determine the annual access fee until a change in the organization's declaration occurs (e.g., the organization requests an additional tax ID which leads to a higher fee). The fee may be regularly adjusted based on ecosystem KPIs, the detailed concept of which will be incorporated into the EUDI Wallet Ecosystem Blueprint at a later stage.

Please note: The outlined process serves as an initial model for designing the operating model, and we welcome community feedback to refine and improve it. Its effectiveness will be maximized if many—or ideally all—EU member states adopt the model and mandate that ecosystem participants contribute an access fee, thereby minimizing the risk of regulatory arbitrage. To avoid negatively impacting adoption, it is essential that the access fee be introduced only after the successful launch and initial adoption of the EUDI ecosystem—once tangible value has been demonstrated for participating organizations and early investments have been recouped.

Avoiding Micro-Transactions and Applying an Open Data Exchange Model Reduces Complexity and Fosters European Interoperability

The described ecosystem access fee adopts a value-based pricing model, chosen based on the core assumption that organizations may take on multiple roles within the ecosystem, such as EAA providers or relying parties. This approach emphasizes the collective value generated through the ecosystem while operating under an open data exchange model that connects the roles of (P)EAA providers, Wallets, and relying parties.

By streamlining processes and ensuring European interoperability, it eliminates the need for complex scenarios such as roaming between the member states ecosystems and micro-transactions between the mentioned roles. Furthermore, its lower complexity reduces bureaucracy and avoids privacy concerns, such as preventing issuers from knowing where a credential is used by a relying party via the EUDI Wallet. It also addresses standardization challenges, as adopting a non-open data exchange model would necessitate uniform requirements for all actors, adding significant complexity since every ecosystem actor would need to support these functionalities. Additionally, the likelihood of some Member States opting for a single, government-provided EUDI Wallet ecosystem further complicates the scalability of a micro-transaction-based data exchange model as in such a scenario the approach only adds complexity. The EUDI Wallet can be used in situations like showing credentials to a police officer during a control check. It also works for peer-to-peer cases, such as proving age to a security guard at a club or interacting with other individuals. In these situations, charging transaction fees would be impractical, highlighting the limitations of a micro-transaction-based approach. For the ecosystem to scale, a unified and user-centric approach is crucial, resulting in two key credential-issuing scenarios: either the issuer provides credentials for free, or the user pays through a service fee as part of a business relationship (e.g., paying for an eID from the government, issued either as a physical card or a digital credential). In the latter case, issuers can adjust service fees to recover the investments needed to comply with the ecosystem requirements. At the end, offering a credential is just another channel to offer a citizen or customer e.g. an attestation. Furthermore, wallet-to-wallet transactions are not subject to any fees.

In the user-centric EUDI wallet ecosystem, scenarios where a relying party pays another EAA credential provider fall outside the ecosystem's scope. For example, when a credit score provider offers its service to banks, the value lies directly with the bank, creating a business relationship outside the EUDI Wallet ecosystem. The bank, as the beneficiary of the credit score service, has no incentive to support a scenario where a user, after obtaining the credit score payed by the bank, could use the same credential for other purposes—such as opening a depot with a competing bank. Offering such credentials directly into the EUDI Wallet based on a business relationship with a user could enable users to leverage credit scores in a privacy-preserving manner without disclosing sensitive information to relying parties. Mixing user and business contexts would require managing complex economic relationships across the ecosystem, adding compliance burdens and potentially diminishing its value proposition. Furthermore, directly linking issuers and relying parties introduces privacy and unlinkability risks. Therefore, it is advisable to distinguish between user-centric relationships within the EUDI wallet ecosystem and business relationships, where a beneficiary organization pays a fee to a service provider. In such cases, the EUDI wallet may be used to facilitate user-centric use cases for the beneficiary organization.

This approach mirrors how business relationships are structured today, where the bank pays for access to the valuable information e.g. credit score information and the user needs to agree either through agreeing with the terms and conditions or through using an EUDI wallet. In conclusion, the EUDI Wallet ecosystem benefits from lower complexity, enhanced European interoperability, and greater scalability and adoption potential when adopting an open data exchange model. Potential (Q)EAA Providers have the option, within the framework of their business relationship with the user, to adjust existing service fees as needed to offset potential refinancing costs associated with the EUDI wallet ecosystem compliance. The open data exchange model means that no transactions are collected for payment processing across the EUDI wallet ecosystem.

Level-Playing Field Regulation: The Foundation for User Choice and Fair Competition Among Ecosystem Actors

The EUDI Wallet ecosystem comprises multiple actors that must be aligned and interconnected. A critical factor for creating value is scaling the acceptance network within the cooperative space to expand the ecosystem's reach. Establishing this acceptance network is essential for overcoming fragmentation, which often impedes user choice, fair competition, and scalability. For instance, EUDI wallet providers face challenges in sourcing credentials from diverse providers and ensuring that relying parties effectively utilize these credentials in various business use cases. This is crucial for creating value for users who hold the credentials and for convincing them that the EUDI Wallet provider’s offering delivers tangible benefits. Therefore, alongside the technical and organizational development of the EUDI Wallet acceptance network, a regulatory cornerstone is essential: an “Level-Playing Field.”

This framework ensures non-discriminatory access for all ecosystem actors, including EAA providers, EUDI Wallet providers, and relying parties. This regulatory principle enhances the acceptance reach by ensuring that all ecosystem actors benefit from each other's individual activities, which align with collective interests of the cooperative space. It also lays the groundwork for fair competition within the ecosystem by preventing any dominant player—whether the government or a powerful non-government actor—from monopolizing the acceptance network. This safeguard ensures that the EUDI Wallet ecosystem, built on the digital public wallet infrastructure and its acceptance network, cannot be exploited for private value capture at the expense of competitors and users. Therefore, it ensures the collective public interest by preventing monopolization attempts that could arise from the “winner-takes-all” dynamics of the EUDI Wallet ecosystem. These dynamics are driven by the underlying network effects and are well-known from network infrastructures (e.g. telecommunication) and digital platform markets (e.g. mobile payments)

As outlined in Section 4: Splitting Responsibilities for defining the boundaries of the “Level-Playing-Field” regulation a differentiation in the ecosystem operating model and individual business models of Ecosystem Technology Service Providers and Qualified Trust Service Providers is needed. The “Level-Playing-Field” regulation applies to the ecosystem operating model, while the business relationships of Ecosystem Technology Service Providers/Qualified Trust Service Providers and actors that participate in the EU wallet ecosystem are governed by market mechanisms and fall outside the scope of the EUDI Wallet ecosystem's governance. The business model for Ecosystem Technology Service Providers and Qualified Trust Service Providers focuses on delivering products and services that enable organizations to engage with and participate in the EUDI Wallet ecosystem. These providers are compensated for their offerings by the individual organizations with whom they have established business relationships. Figure 2 illustrates these interrelationships.

Level-Playing-Field
Regulation.

Figure 6: Differentiation Between Level-Playing-Field Regulation and Market Mechanisms

Illustrating Exemples of the "Level-Playing Field" regulation

Part of the “Level-Playing Field” regulation is that all EAA providers, EUDI wallet providers and relying parties need to register to get access to the ecosystem (more details in section 7: Ecosystem Access Fees). To demonstrate the concept of the "Level-Playing Field" three illustrative examples are described:

A Bank is using a PID for a KYC to enable users to open a bank account:

  • In this case, the “Level-Playing-Field” regulation ensures that all EUDI wallet providers have equal acceptance network reach. A bank uses a PID (Personal Information Data) for KYC (Know Your Customer) purposes to enable users to open a bank account. In the context of the EUDI Wallet ecosystem, the bank interacts with all certified EUDI Wallet providers. From an integration and user experience perspective, a "Do it with my EUD Wallet" button will be available to seamlessly initiate the process. This ensures that users have the freedom to choose their preferred wallet provider, granting them ecosystem access through the acceptance network. Unlike the current reality where banks often select a specific identity service provider as their KYC partner, the EUDI Wallet ecosystem shifts this power dynamic. Here, users bring their chosen "EUDI Wallet provider" to the bank, reflecting the user-centric approach. The bank can rely on the EUDI Wallet certification and the accompanying ecosystem governance to ensure that all providers meet the necessary regulatory requirements for KYC compliance. According to the principles of the "Level-Playing-Field" regulation, banks are prohibited from exclusively partnering with specific EUDI Wallet providers. This also helps prevent scenarios where a bank that is also an EUDI wallet provider could favor its own offering and effectively “privatize” the public ecosystem. Therefore, this restriction is vital to maintaining fair competition among wallet providers and safeguarding user choice, fostering a balanced and open ecosystem.

An EAA Provider is issuing an Airline ticket or an Education diploma to enable users to hold the credential in their EUDI wallet:

  • In this case, the “Level-Playing-Field” regulation ensures that users can hold and manage their credentials in their EUDI Wallet, regardless of the specific wallet provider they choose. EAA Providers, such as airlines or educational institutions, are required to interact with all certified EUDI Wallet providers. They are prohibited from selecting or favoring a preferred partner, as this decision lies solely with the user. This approach prevents ecosystem fragmentation and monopolization while guaranteeing interoperability, which is essential for fostering fair competition and preserving user choice. From the user’s perspective, the “Level-Playing Field” ensures that EAAs issued by any provider can be seamlessly utilized, enabling a consistent and user-friendly experience across the ecosystem. However, as outlined in Section 7: Ecosystem Access Fees, it is the responsibility of the EAA providers to establish their issuing policies and define their business conditions for providing an EAA.

An EUDI Wallet Provider needs to accept all EAAs from all providers and serve all relying parties that are part of the EUDI wallet ecosystem:

  • In this case, the “Level-Playing-Field” regulation ensures that users can trust their EUDI wallet provider to service all EAA Providers and Relying Parties that are part of the EUDI wallet ecosystem and the underlying acceptance network. This ensures a seamless and inclusive experience for users, regardless of the source of their credentials or the relying party they wish to interact with. This obligation prevents exclusivity and favoritism, upholds user choice and fair competition, and ensures that all ecosystem actors operate on an level-playing field. However, based on eIDAS 2.0 regulation the EUDI wallet providers only get access to the PID of the Member State they are certified in.

Implementing the “Level-Playing-Field” Regulation and Implications for EUDI Wallet Provider Business Models

The “Level-Playing-Field” Regulation is a core principle of the EUDI wallet ecosystem and all ecosystem actors (public and private) and all ecosystem roles (Provider, EUDI wallet provider, Relying Party) are obliged to the requirement.

Implication for potential providers to offer the EUDI Wallets free of charge

The eIDAS 2.0 legislation mandates that EUDI wallets must be provided free of charge to natural persons. To ensure an level-playing field while promoting differentiation and competition among EUDI wallet providers, the regulatory-defined scope of the wallet plays a pivotal role (see Section 4: Splitting Responsibilities). This scope establishes the foundational features and interoperability requirements necessary to uphold the principles of the "Level-Playing Field" regulation. While the core scope of the EUDI wallet falls under the eIDAS 2.0 requirement for free access, providers are permitted to develop additional services and features beyond this core. These value-added offerings are not subject to the eIDAS regulation and its corresponding certification and may form the basis of chargeable services, enabling providers to establish sustainable business models. From the user’s perspective, wallet applications will include the regulated core features to ensure security and privacy but may also offer enhanced functionalities and services beyond the EUDI wallet scope, tailored to specific needs and use cases. More details and examples are described in Section 4: Splitting Responsibilities.

Implication for legal relationships between ecosystem roles The outlined "Level-Playing-Field" regulation principles necessitate defining legal relationships between roles at the ecosystem level. This ensures that legal issues are not determined on a case-by-case basis between individual organizations and roles. Instead, the EUDI wallet ecosystem will operate under a harmonized legal framework, which requires further detailed definition.

Implication for potential EUDI wallet providers to provide Qualified Electronic Signatures (QES) for non-professional use free of charge

The eIDAS 2.0 legislation mandates that EUDI wallets must provide Qualified Electronic Signatures (QES) free of charge for non-professional use. This applies to an EUDI Wallet-centric QES scenario, where the management of qualified certificates is integrated into the EUDI Wallet.The regulatory responsibility for covering the costs will lie with the EUDI Wallet providers, who will have the flexibility to determine their implementation and partnership strategy. Differentiating between professional and non-professional usage presents a challenge and requires further clarification.

Implication for smartphone manufacturers to ensure fair competition with third party EUDI wallet providers

From the perspective of EUDI wallet providers, the "Level-Playing-Field" regulation must prioritize ensuring the visibility and accessibility of wallet options for potential users. Smartphone manufacturers, who can pre-install an (EUDI) wallet offering as part of their operating system, gain a significant competitive advantage, as these wallets are readily available during the initial device setup. To uphold the "Level-Playing-Field" principle, it is crucial to prohibit exclusive bundling practices that unfairly benefit smartphone manufacturers at the expense of third-party competitors. Users must have the freedom to select their preferred EUDI wallet provider, following a model similar to the browser choice approach in the European Union. Additionally, competing EUDI wallet providers must be granted access to critical smartphone infrastructure functions and user features utilized by the incumbent EUDI wallet (e.g. double tap on iPhones). Achieving this requires proactive action from national and European regulators to establish fair competition within the EUDI wallet ecosystem. Through industry dialogue and regulatory instruments, such as the Digital Markets Act, these measures must be achieved to ensure fair competition and lay the foundation for a balanced and open ecosystem where all EUDI wallet providers have fair opportunities to compete leading to choice for citizens.