The European Digital Identity (EUDI) is changing how companies verify identity and age. With an EUDI gateway, you can accept wallet credentials securely, in compliance with standards and in a user-friendly manner. Get started now to secure a head start in compliance and time-to-market.
1. What is an EUDI Gateway?
An EUDI gateway is the central technical component that enables companies to accept credentials from a European Digital Identity Wallet securely and in compliance with standards. It acts as a bridge between your service (relying party) and the user’s wallet, performing several critical tasks:
- Secure communication: The gateway establishes the connection between your application and the wallet and ensures encrypted data transmission.
- Protocol handling: It implements the relevant standards such as OpenID4VP (Verifiable Presentation) and OpenID4VC (Verifiable Credential), which are mandatory for interoperability within the EUDI infrastructure.
- Credential verification: The gateway verifies signatures and detects revoked or invalid credentials via trust lists.
- Consent management: It ensures that credentials are only transferred with the user’s express consent. Selective disclosure is supported – the user only releases the data that is necessary for the respective process.
- Audit and compliance: All transactions are logged in a traceable manner to meet regulatory requirements such as eIDAS 2.0, BSI TR-03147 and GDPR.
Without a gateway, companies would have to implement complex wallet protocols themselves, perform security checks and comply with regulatory requirements. The gateway takes on these tasks and reduces integration effort, risks and time-to-market.
2. Who is affected by EUDI acceptance?
The introduction of the European Digital Identity (EUDI) affects not only public authorities, but also a wide range of companies. There are two categories: mandatory and optional.
2.1 Obligation: Who must accept EUDI?
Certain industries will be legally required to accept EUDI credentials from the end of 2027. These include:
- Financial service providers and banks: Wallet acceptance will be mandatory in future for processes such as account opening, lending and strong customer authentication (SCA). This is due to regulatory requirements such as eIDAS 2.0, the Money Laundering Act (GwG) and the PSD2 Directive.
- Insurance and healthcare: This concerns the secure identification of patients and insured persons as well as the transfer of sensitive data. The wallet offers a standardised solution for data protection and interoperability.
- Public sector and authorities: The wallet will become mandatory for digital administrative services in order to offer citizens a uniform identity solution.
These obligations arise because the EU wants to create a harmonised identity infrastructure that guarantees security, data protection and interoperability.
2.2 Optional: Who can accept EUDI?
In addition to the industries that are required to do so, there are numerous companies that can (and should!) voluntarily integrate EUDI certificates in order to optimise processes and gain competitive advantages:
- Retail and e-commerce: Age verification for products subject to youth protection laws, simplified identity verification for express checkout and loyalty programmes
- Mobility and travel: driving licence verification for car sharing and rental cars, ticketing for public transport or events
- Platforms and digital services: access control, secure registration and fraud prevention through verified identities, secure pseudonymised access and anonymous age verification.
- Telecommunications and media: Contract conclusions, youth protection and secure authentication for premium services.
Why act now? The wallets will be available from the end of 2026. Those who integrate early will secure a head start in compliance, UX and time-to-market – and avoid expensive last-minute implementations. Start your EUDI pilot now and be first in line.
3. How an EUDI gateway works
1. Selection of the wallet by the user
The process begins as soon as the user selects the ‘EUDI Wallet’ option in your service (e.g. when logging in, onboarding or completing a purchase). This selection indicates that the identity or authorisation check should be carried out via the wallet.
2. Consent and verification release
The wallet opens on the user’s device. There, the user can see which data is being requested (e.g. name, date of birth, driving licence status). Via a clear consent flow, the user decides whether and which information is released. Thanks to selective disclosure, only the attributes required for the process are transferred. For example, if only the person’s age is being verified, only this attribute is transferred.
3. Secure connection and data transfer
The gateway handles the technical communication between your service and the wallet. It uses standardised protocols such as:
DCQL for requesting credentials from the wallet
OpenID4VP (Verifiable Presentation) for presenting credentials
SD-JWT VC for the actual credential
In addition to these protocols, an EUDI gateway must also support other alternative technology stacks in parallel. The data is transmitted in encrypted form so that neither manipulation nor unauthorised access is possible.
4. Verification and validation
The gateway verifies the received credentials in real time:
Signature verification: Was the credential issued by a trusted source?
Trust list comparison: Is the issuer on the official EU trust list?
Revocation check: Has the credential been revoked or is it still valid?
Only after successful validation is the result forwarded to your service.
5. Result and continuation of the process
Your system receives confirmation that the identity or authorisation has been verified and, if necessary, a regulatory-compliant document record. The process can continue seamlessly – e.g. account opening, age verification, driving licence check for car sharing or car rental booking.
Technical highlights:
- Interfaces: API integration for easy connection to existing systems
- Compliance: Complies with eIDAS 2.0, GDPR and BSI requirements
- Auditability: All transactions are logged to enable regulatory evidence
4. Integration: fast, secure, user-centred
Introducing an EUDI gateway does not have to be a mammoth project. With the right architecture and a clear roadmap, the connection can be made efficiently and without unnecessary complexity. The focus is on three dimensions: speed, security and optimal user experience.
4.1 Prerequisites for getting started
Registration as a relying party:
Companies must register with the relevant authority in order to be able to technically retrieve wallet credentials. In Germany, an interface for direct processing is planned for this process in the medium term.
Basic technical requirements:
An existing online platform or app that can be expanded via APIs forms the basis.
4.2 Implementation steps
API integration:
The gateway is connected via standardised interfaces. This allows the solution to be integrated into existing systems without having to rebuild the entire infrastructure.
UX design & consent flows:
User-friendliness is crucial. The integration includes clear consent screens that transparently show which data is being requested. Selective disclosure ensures trust.
Data protection & compliance:
GDPR-compliant data processing and security checks are an integral part of the solution. The gateway handles audit logging and validation in accordance with eIDAS 2.0 and BSI specifications.
4.3 Pilot operation in the SPRIN-D sandbox
Why a sandbox?
The SPRIN-D sandbox (the official test and reference environment for the implementation standards of the German EUDI wallet implementations) makes it possible to test processes under realistic conditions before wallets are widely available.
Pilot phase (approx. 3 months):
Setup, integration workshops, test transactions and UX optimisation. Companies can gain experience at an early stage and minimise risks.
4.4 Rollout & scaling
After successful pilot operation, the transition to productive operation takes place. The gateway is scalable and can be used for multiple use cases.
5. Roadmap & timing: Why start now?
Companies can test initial integrations and processes in sandboxes such as SPRIN-D. This test environment offers the opportunity to run through real-life scenarios under controlled conditions – including consent flows, credential checks and UX optimisation. This allows technical issues to be clarified before wallets are widely available.
In January 2027, EUDI wallets will be rolled out and available for end users. From this point on, regulated industries must be prepared, and other companies can also reap the benefits.
Why early movers benefit:
- UX advantage: Those who pilot early can optimise the user experience and remove conversion barriers.
- Process reliability: Early testing reduces risks and avoids expensive last-minute implementations.
- Compliance-ready: Companies that start now will meet regulatory requirements on time and without time pressure.
5. KPIs & business effects: Making success measurable
To ensure that the introduction of an EUDI gateway is not only technically convincing but also economically viable, companies should define clear key performance indicators and monitor them regularly. The most important performance indicators can be:
5.1. Conversion rate
Wallet selected vs. completion: How many users who select the wallet as their identity method actually complete the process? A high conversion rate indicates that the integration is working smoothly.
5.2. Time to verification
Processing time from start to confirmation: The shorter the verification time, the better the user experience and the lower the abandonment rate.
5.3. Drop-off in the consent step
Abandonment rate during data release: Transparent consent flows and selective disclosure reduce scepticism and increase acceptance.
5.4. Support tickets for identity or age verification
Number and type of requests: Fewer support cases mean lower costs and higher customer satisfaction.
5.5. Error rates in credential checks
Technical validation: Low error rates show that the gateway is working reliably and that standards are being implemented correctly.
5.6 Business-Effekte im Überblick
- Geringere Onboarding-Kosten: Automatisierte Prüfungen ersetzen manuelle Prozesse und sparen Personalaufwand.
- Schnellere Freigaben: Echtzeit-Verifikation beschleunigt Kontoeröffnungen, Alterschecks und Mietprozesse.
- Weniger manuelle Prüfungen: Reduziert Fehlerquellen und steigert Effizienz.
- Höhere Sicherheit: Standardisierte Protokolle und Trust-Listen minimieren Betrugsrisiken und stärken Compliance.
Ready to start? Get to know more about EUDI pilot projects with Verimi and be one of the first.
