Ecosystem Vision & Fundamentals¶

EUDI Wallet Ecosystem Overview¶

The EUDI Wallet ecosystem comprises a set of clearly defined roles and systems that together enable the secure issuance, management, and use of digital identity data across Europe. These roles interact to deliver value to users, relying parties, and public administrations, while ensuring trust, legal certainty, and fundamental rights protection.

While the ecosystem is inherently complex, not all interacting entities are part of the operational EUDI Wallet ecosystem itself. Some actors act as authoritative sources, governance bodies, or supervisory entities that enable or oversee the ecosystem without participating in credential transactions.

Figure 1 provides an overview of the EUDI Wallet ecosystem roles and their interactions. Stacked boxes indicate that multiple instances of a role may exist.

Figure 1: EUDI Wallet Ecosystem Roles and Components

Scope

This chapter focuses exclusively on defining the roles within the EUDI Wallet ecosystem and their responsibilities. Trust relationships, certification mechanisms, and interaction flows between roles are defined in dedicated chapters and are intentionally not depicted here.

The following sections first describe the individual roles of the ecosystem. These roles are subsequently grouped into functional categories to provide a clearer understanding of responsibilities, governance, and oversight.

Core Operational Roles¶

This section describes the roles that directly participate in credential issuance, storage, presentation, and verification.

PID Provider¶

A PID Provider is a trusted entity responsible for:

verifying the identity of the user in compliance with Level of Assurance (LoA) high requirements,
issuing a Person Identification Data (PID) credential to the EUDI Wallet, and
making available, in a privacy-preserving manner, information that allows Relying Parties to verify the validity of the PID.

The PID Provider ensures that person identification data—such as name and date of birth—is securely generated, validated, and made available to the wallet. The PID Provider forms part of the core infrastructure of the German EUDI Wallet ecosystem. The current ecosystem vision foresees a single PID Provider, while allowing for future evaluation of additional issuance methods that meet the defined functional and security requirements.

(Q-, Pub-) EAA Provider¶

An (Qualified or Public) Electronic Attestation of Attributes (EAA) Provider is an entity responsible for issuing Electronic Attestations of Attributes at the user’s request.

EAAs allow users to prove specific attributes in a secure, standardized, and legally recognized way.

Qualified EAA (QEAA) Providers meet the highest eIDAS 2.0 trust and security requirements and issue legally binding attestations recognized across borders.
Public EAA (Pub-EAA) Providers are trusted public entities issuing legally recognized, but non-qualified, attestations.

EAA Providers may originate from various domains such as mobility, telecommunications, education, or healthcare. They are typically supervised by competent authorities within their respective domains. The EUDI Wallet ecosystem envisions multiple (Q-, Pub-) EAA Providers.

QES Provider / Qualified Trust Service Provider (QTSP)¶

EUDI Wallet Providers must offer users free Qualified Electronic Signatures (QES) for non-professional use within a wallet-centric QES approach.

To fulfil this requirement, Wallet Providers may collaborate with Qualified Trust Service Providers (QTSPs). A QTSP is a trust service provider that has received qualified status from a supervisory body in an EU Member State, allowing it to provide qualified trust services with legal effects equivalent to handwritten signatures across the EU.

The EUDI Wallet ecosystem interacts with multiple QES Providers / QTSPs.

EUDI Wallet Provider¶

An EUDI Wallet Provider develops and operates wallet solutions that store, manage, and present credentials on behalf of users. Wallet Providers ensure the secure handling of sensitive cryptographic material (e.g. private keys) and guarantee that users retain sole control over their PID, EAAs, and other personal data.

Wallet Providers deliver certified interfaces that enable secure data management, selective disclosure, pseudonymous authentication, payment authorizations, and qualified electronic signatures. The ecosystem vision foresees multiple EUDI Wallet Providers to foster competition and user choice.

Relying Parties¶

A Relying Party (RP) is an entity—public or private—that interacts with EUDI Wallets to verify identity data or attributes for authentication, authorization, or service access.

Both public and private Relying Parties must register and declare their intended use of EUDI Wallet data to ensure compliance with eIDAS 2.0 and ecosystem rules. The ecosystem envisions multiple public, civic, and private Relying Parties.

Governance & Trust Infrastructure Roles¶

This section describes roles responsible for defining rules, onboarding participants, and establishing trust relationships.

EUDI Wallet Ecosystem Orchestrator¶

The EUDI Wallet Ecosystem Orchestrator is an operational coordination role responsible for enabling, structuring, and supporting the development and operation of the EUDI Wallet ecosystem.

The orchestrator does not introduce new regulatory powers beyond those defined in eIDAS 2.0. Instead, it performs and coordinates ecosystem functions on the basis of mandates from competent authorities or Rule-Setters. These functions may include operating the WRP Registrar, facilitating onboarding processes, providing testing and sandbox environments, coordinating stakeholder engagement, and ensuring transparency of ecosystem activities.

The orchestrator exists to bridge the gap between regulatory requirements and practical ecosystem operation and may be implemented by a public entity, a delegated body, or a consortium acting under public mandate.

Note

eIDAS 2.0 defines required roles and responsibilities but does not prescribe how Member States operationally organize ecosystem coordination. The Ecosystem Orchestrator role reflects a national implementation choice to ensure coherent onboarding, testing, and ecosystem growth without extending regulatory authority.

WRP Registrar¶

The WRP Registrar is a governance function required by the EUDI Wallet ecosystem and may be operated by the Ecosystem Orchestrator or by a separate mandated entity, depending on national implementation.

The Relying Party Registrar (WRP Registrar) is responsible for the registration, validation, and administration of Relying Parties and EAA Providers interacting with EUDI Wallets.

It ensures that participants declare their intended uses, comply with eIDAS 2.0 requirements, and operate transparently to maintain trust and security. The EUDI Wallet ecosystem envisions a single WRP Registrar.

EUDI Wallet Conformity Assessment Bodies¶

EUDI Wallet Conformity Assessment Bodies are independent entities responsible for evaluating whether EUDI Wallets comply with the applicable security, interoperability, and regulatory requirements under eIDAS 2.0.

They perform assessments and audits as part of the EUDI Wallet certification process. Initially, certification is based on national schemes and later transitions to a harmonized European certification scheme. These bodies ensure that Wallet Providers meet all required standards before being authorized for operation.

Oversight & Public Control Roles¶

This section describes entities that provide independent, ex-post oversight of the ecosystem.

(State) Data Protection Supervisory Authorities (outside ecosystem)¶

Federal and State Data Protection Supervisory Authorities supervise compliance with data protection regulations within the EUDI Wallet ecosystem. They investigate complaints, enforce corrective measures, and protect the rights of wallet users. Multiple supervisory authorities interact with the ecosystem.

Consumer Protection Organizations and the Public (outside ecosystem)¶

Consumer protection organizations and the general public may access information on declared Relying Party uses registered with the WRP Registrar. This information is published in machine-readable formats to ensure transparency and enable public scrutiny.

External Systems & Sources¶

Authentic Sources (outside ecosystem)¶

Authentic Sources are public or private systems recognized or required by law that contain authoritative attributes about natural or legal persons. Examples include civil registries, education databases, licensing authorities, or company registers.

Authentic Sources provide the factual basis for attribute issuance but are outside the scope of the German EUDI Wallet ecosystem.

German eID Card Infrastructure (outside ecosystem)¶

The German eID Card (nPA) serves as the primary source for PID issuance. It includes the eID for German citizens, the Unionsbürgerkarte for EU citizens, and the electronic residence permit for non-EU citizens. The technical architecture is specified in BSI Technical Guideline TR-03127.

Functional Grouping of Roles¶

For architectural clarity, the roles described above can be grouped into functional categories:

Providers¶

Entities that issue credentials, attestations, or signatures based on authoritative sources and are responsible for their correctness and legal validity.

EUDI Wallet Providers¶

Entities that operate certified wallet solutions and act as the technical interface between users, providers, and relying parties.

Consumers¶

Public and private Relying Parties that request and verify credentials to deliver services.

Rule-Setters¶

Entities that define rules, onboard participants, certify components, and establish trust relationships before participation. This group includes competent authorities and mandated operational bodies such as the Ecosystem Orchestrator acting on their behalf.

Oversight Bodies¶

Independent authorities and public actors that supervise compliance, detect misuse, and protect fundamental rights during operation.