In January 2027, EUDI will be launched – and with it, wallets and credentials. In this blog, we will discuss exactly what credentials are in this context, what they can do and how they are issued.
EUDI wallets and credentials – what are they?
EUDI wallets are ‘digital wallets’ for verified credentials. These credentials are usually linked to the user’s identity. Wallets enable users to prove their identity and individual authorisations digitally and securely – both online and on site. The wallets are located on the smartphone, where the credentials are stored with a high level of security.
Typical credentials include officially verified documents such as identity cards, driving licences, certificates and confirmations. On the other hand, private sector credentials such as insurance confirmations, proof of income, access authorisations and membership certificates (e.g. for a gym) are also possible.
The use cases are diverse: identification in onboarding processes, age verification or digital proof of driving licence can all be handled with EUDI. For users, it is a convenient way to identify themselves. For authorities and companies, wallets enable digital and efficient processes. 
Why should proof of identity now also become digital?
IIn today’s everyday life, copies, photos and PDFs of ID cards or documents are still made, stored and sent for many processes – for example, for identification, car rental bookings, hotel check-ins, job applications, construction financing or rental agreements. The creation and validation of such evidence involves considerable effort on all sides, resulting in significant transaction and processing costs. There is also a high risk of forgery and misuse, which causes further processing costs for verification and risk premiums. In addition, users often disclose more information than is necessary for the application.
In future, EUDI wallets will bundle citizens’ proof documents in a completely secure and trustworthy manner – and fully digitally. They enable only relevant information to be shared, thereby reducing the risk of misuse and costs. This is what sets them apart from other digital credentials.
How is it ensured that there is no misuse of digital credentials?
EUDI wallets are the cornerstones of a highly trustworthy ecosystem – which is why evidence from this ecosystem can (and must) be trusted. On the user side, this is ensured by the fact that all users, without exception, are securely identified. In Germany, the ‘eID function’ of the identity card is used to create an EUDI wallet. Anyone who has not activated this function cannot create an EUDI wallet. In other European countries, too, the wallets can only be used with highly secure identification. Although this creates a certain barrier to entry, it is absolutely necessary for sustainable trust in the ecosystem.
Currently, there are also initial concepts in Germany for how the EUDI wallet infrastructure could be used for simple verification purposes without this secure identification. The aim is to promote widespread use through low-threshold usability. What all concepts have in common is that they do not pose a threat to the trust ecosystem, as the levels will be very clearly separated. On the part of the issuers of evidence and for the acceptance partners, misuse in the ecosystem is ruled out by the fact that all participants must clearly identify and register themselves in order to participate. Companies must identify themselves to a public authority (KYB) and register the respective evidence or retrievals for specific use cases. This is technically secured by certificates, and unauthorised requests are blocked by EUDI wallets. This ensures that only trustworthy credentials enter the ecosystem and that only trustworthy acceptance partners receive these credentials or information for defined uses.
How can companies issue credentials?
The process for companies that want to issue credentials themselves is not yet entirely clear. What we already know is that issuers will also have to register. It should also be possible to customise credentials individually: from specifying who is authorised to access them and their content to their validity period and appearance. The big challenge will be to connect the many EUDI wallets of each member state. For most companies that want to issue credentials, it therefore makes sense to use an issuing service such as Verimi. Companies then only have to worry about what data their credentials should contain; the issuing service provider is certified and takes care of the actual issuing, validity checks, updates and delivery to the end users’ wallets.
Interested in what this might look like? We show the first possible applications in our showcase. Try it out now!
How are digital credentials issued technically?
Issuing credentials requires five steps.
-
User authentication
It must be ensured that credentials are issued to the correct person. This can be done in various ways: by sending a link via email, issuing from a secure area (e.g. customer portal) or, for particularly high security, by additionally comparing identity data with the PID.
-
Preparation of attributes
In order for a credential to be issued, the individual data fields (attributes) must be filled in. Seamless integration of the data source is important here: depending on the type of credential, this can be, for example, one or more databases or specific business processes such as the sale of a ticket. If necessary, the data must be adapted to the data format of the credential schema in this step, e.g. if ‘name’ becomes the data fields ‘first name’ and ‘surname’.
-
Creation of the credential
Only in the next step is the actual verifiable credential created in an EUDI-compliant verification format. This is also where the credential is signed; with a qualified certificate if it was issued by a qualified trust service provider (QSTP) or with a normal certificate in the case of non-qualified verification.
-
Entry in the revocation list
An important aspect of the trust model in the EUDI ecosystem is that credentials can be checked for validity at any time. To do this, the status is entered into a revocation list, from which the validity is queried via a special anonymising mechanism when presented, without the issuer knowing where which credential was presented. This allows credentials to be invalidated by the issuer.
-
API & Interoperability Layer
The final step is to transfer the credentials to the EUDI wallet via the wallet interfaces for executing the issuance protocols (OpenID4VCI).
What are the benefits of EUDI credentials for businesses and how can they get started?
The added value of issuing credentials for a company is highly individual and depends on many factors, such as the industry, the customers and the objectives. In any case, it is worthwhile to have a strategy and a specific goal developed by technical experts and eIDAS experts. The most important thing to consider here is whether the issuing of EUDI credentials is part of the innovation strategy, for example, whether it is intended to be a customer service, streamline processes or have a commercial impact, for example through fees for retrieving credentials.
Once these questions have been clarified, the current degree of digitalisation of relevant process stages becomes relevant. This is the only way to estimate the effort involved.
Does this sound interesting for your company? We would be happy to advise you, develop solutions for your company and provide you with the necessary services for issuing EUDI wallet certificates. Find more information about our pilot projects here.
