eIDAS 2.0, a turning point for digital trust

For Banks and Insurers, managing identification and authentication and their associated evidence has become a central security issue. These efforts complement work related to the accelerated digitalisation of customer journeys, the implementation of regulatory compliance (KYC/AML), and anti-fraud initiatives. In this context, the eIDAS 2.0 regulation marks a major turning point for digital trust in Europe by redefining how citizens can prove their identity and sign documents online, thereby opening the way to new customer relationship models. 

While the first version of eIDAS had mainly laid the groundwork for electronic signatures and trust services, eIDAS 2.0 goes further with the generalisation of a European Digital Identity Wallet (EUDI Wallet) and the concept of Verifiable Credentials. For regulated players, it is no longer simply a matter of achieving compliance, but of deciding how to leverage these new building blocks to simplify customer onboarding, secure transactions, and improve the customer experience across all channels. 

Overview of the eIDAS “1.0” framework 

The eIDAS regulation, which entered into force in July 2016, harmonised the rules governing electronic identification and trust services for electronic transactions across the European Union. It defined and introduced a new legal framework for electronic signatures, including the creation of three levels — simple, advanced, and qualified — each corresponding to different levels of security, identity verification, and evidentiary value. 

Simple signatures cover low-risk use cases, whereas advanced signatures rely on stronger identification of the signatory and a firmer link to the document. The qualified signature, issued by a Qualified Trust Service Provider (QTSP), benefits from a presumption of equivalence with a handwritten signature within the EU, which is decisive for legal or financial acts of significant importance. 

Beyond signatures, eIDAS 1.0 also governed services such as timestamping, electronic seals, website certificates, and signature preservation, which underpin the entire chain of digital evidence. Many players, including Banks and Insurers, relied on these building blocks to digitalise contract signing, the dispatch of endorsements, claims, and loss management, through signature solutions integrated into customer journeys. 

What eIDAS 2.0 changes 

eIDAS 2.0 aims to go beyond the sole framework of electronic signatures to establish a genuine European digital identity, usable in a cross-cutting and interoperable manner across public and private services. The stated objective is for every citizen to have a recognised means of identification and a digital identity wallet accepted in all Member States, and reusable with players such as Banks, Insurers, Public Services, or major digital platforms. 

Among the key developments, eIDAS 2.0 introduces the European Digital Identity Wallet (EUDI Wallet), the concept of verifiable electronic attribute attestations (identity documents, driving licences, diplomas, financial data, various certificates, etc.), and an extended list of trust services including the electronic register, qualified electronic archiving, and qualified timestamping, thereby strengthening the role and strategic positioning of Qualified Trust Service Providers (QTSPs) within this ecosystem. 

The regulation also opens the door to new use cases, where a customer can prove certain attributes (age, address, income, professional status) without disclosing all their data, through selective presentation mechanisms. 

The Digital Identity Wallet (EUDI Wallet) 

The digital identity wallet is at the heart of eIDAS 2.0: it is a mobile application that allows citizens to store, manage, and present identity proofs and credentials in a verifiable digital format. In practice, the wallet aggregates attributes issued by trusted entities (government bodies, financial institutions, universities, etc.) and allows the holder to share them in a controlled manner with a third party wishing to verify them within an encrypted ecosystem. 

For a regulated player, this represents a major shift: instead of reconstructing the client’s identity from physical documents or images that must be scanned, they can rely on digitally signed attestations automatically verified by a Third Party. This approach promises to reduce KYC friction, improve data quality, and limit document fraud, while giving customers greater control over the information they share. 

Government actors, with a deployment deadline of December 2026 in their sights, are already working on eIDAS 2.0‑compliant digital wallets. This is the case, for example, of France Identité, which shares its progress within initiatives such as EUDIW Unfold. With an ambition to achieve adoption by more than 80% of the population by 2030, the vision behind this EUDI Wallet is to become an accelerator of secure omni-channel services. 

Challenges for Banking and Insurance 

For Banks and Insurers, eIDAS 2.0 affects the most sensitive processes: account opening, remote product subscription, credit granting, life insurance journeys, claims management, and signing of high-stakes documents. In each of these journeys, the combination of verified digital identity and qualified signature enhances security and evidentiary value, while reducing the number of steps and supporting documents to be collected. 

The potential benefits are manifold: 

• Reduced onboarding costs and timeframes thanks to faster and reusable identity verifications between institutions. 

• Reduction in document fraud through the use of verifiable electronic attribute attestations at source and qualified signatures. 

• Improved customer experience, with 100% digital journeys that are more streamlined, more fluid, and better suited to mobile, while being less intrusive. 

These gains must, however, be weighed against increased complexity in terms of data governance, integration, and IT architecture, all of which will need to be addressed. 

A complex integration 

Technical integration is key: incorporating EUDI Wallets and enabling the exchange of electronic attestations and attributes requires rethinking the openness of one’s systems, repositories, access controls, and interactions between the various technical components of partners to enable the interoperability of this ecosystem. Within an eIDAS 2.0‑compliant journey, the identification and authentication module as well as the signing tool must interact with the client wallet, the front-to-back IT system, and attribute management systems according to OpenID protocols. Furthermore, transaction logging, evidence preservation, and consent management must be designed end-to-end, in order to demonstrate process compliance in the event of an audit or dispute. 

The parties concerned must also monitor the maturity of technical standards and the capacity of the associated ecosystem (wallets, providers, authorities) to deliver robust and interoperable solutions. Excessive dependence on a limited number of suppliers or an overly complex architecture can create operational and business continuity risks. 

The management of identity data, which is particularly sensitive, demands a high level of cybersecurity and privacy protection. Banks and Insurers will need to establish their legal criteria, clarify the allocation of responsibilities with their service providers, document the controls put in place, and ensure that the consent and transparency mechanisms offered to customers meet regulatory expectations. For a Bank or an Insurer, it will be necessary to revisit the relationship with established trusted third parties to ensure that the services offered meet the new regulatory requirements, and to verify that all necessary authorisations are held with the relevant authorities for both the reading and issuance of electronic attribute attestations. 

For regulated players, eIDAS 2.0 marks the transition from a logic of digitalising signatures towards a genuine overhaul of digital identity management and Proof. Those who can anticipate and experiment with this opportunity from now on will hold a competitive advantage in terms of service quality and customer attractiveness, risk management, and regulatory agility. The challenge is therefore not merely to achieve compliance, but to transform this new framework into a lever for simplification, trust, and differentiation in an increasingly competitive banking and insurance market. Not to mention that the European Union and the players of the eIDAS 2.0 ecosystem are already preparing the next steps: a professional wallet, the Business Digital Wallet. 

The adoption of eIDAS 2.0 is therefore undeniably an opportunity for the players concerned and must be addressed as a genuine corporate project whose deadline is now fast approaching. eIDAS 2.0 compliance requires a dedicated transformation programme involving Business, Legal, the Transformation Directorate, and the IT Department, in order to successfully complete the transformation before the compliance deadline imposed by the European Union in December 2027. 

With its first eIDAS 2.0 deployments, Valthena is well positioned to support you in this major transformation and to structure an approach tailored to your organisation’s context.