4. Governance and Business Value of the Wallet
4.1 New Capabilities
Implementing the wallet as an EUDIW component gives government a concrete, citizen‑facing asset. With one application, a person can authenticate to public services, prove attributes such as age or professional status, and trigger legally valid signatures. The same application can work with services in other Member States because it follows a common profile.
For public services, the wallet becomes a predictable entry point. A tax portal, a municipal service, a student enrolment system, and a cross‑border ePrescription service all see the wallet through the same protocol lens. They request credentials, receive presentations, and verify them using the same trust framework.
From a policy perspective, the wallet bridges abstract rights and daily life. Data‑minimisation becomes visible through selective disclosure screens. Unobservability turns into a guarantee that the wallet provider does not learn where citizens log in. Transaction history and data‑rights tools are exposed in a way that ordinary users can grasp without reading legal text.
4.2 Governance model
GovStack Wallet BB specifications are the following:
Issuer - Wallet - Holder - Verifier with the Wallet Provider behind the wallet, and a Supervisory Body sitting off to the side as the oversight channel.
eIDAS and ARF define a broader governance structure for EUDIW with core actors being:
Users of Wallet Units
Wallet Providers
Person Identification Data (PID) Providers
Qualified Electronic Attestation of Attributes (QEAA) and EAA Providers
PuB‑EAA Providers
Relying Parties – services that consume PID/attestations and rely on them to identify or authorise the user (banks, portals, merchants, etc.).
Mapping Wallet BB actors to EUDIW core actors the following would emerge:
User of Wallet Unit / Holder
Wallet Provider / Wallet Provider
PID/QEAA/EAA/PuB‑EAA Providers / various Issuers
Relying Party / Verifier
4.2.1 EUDIW actors that are missing or only implicit in GovStack
GovStack Wallet BB has only a generic Issuer and the concept of an Electronic Attribute Attestation (EAA), but no separate provider roles. Hence what is missing as distinct actors:
PID Provider – “high LoA identity” issuer
QEAA Provider – qualified attribute attestations (QTSP)
PuB‑EAA Provider – public‑sector attestations from authentic sources
EAA Provider – non‑qualified attribute attestations
Authentic Source – the actual authoritative registry behind many attributes
GovStack Wallet BB mentions Supervisory body, yet does not define responsibilities at large. EUDIW adds:
Conformity Assessment Body (CAB) – evaluates wallet solutions and trust services against the technical/legal profile.
National Accreditation Body (NAB) – accredits CABs.
Supervisory Body – continuous supervision of providers and enforcement.
In addition, trust layer in GovStack Wallet BB is assumed, hence trust actors are not defined. EUDIW adds several concrete actors:
Trusted List Provider (TLP)
Access Certificate Authority (Access CA)
Registrar
Provider of Registration Certificates
GovStack Wallet BB requires secure storage and “trusted hardware / TEE” generically, but doesn’t define the providers around it. EUDIW infrastructure specifies:
Remote qualified e‑signature creation service (QTSP operated).
Device Manufacturers & related subsystems providers
Attestation Scheme Provider
4.3 Financial Considerations
The wallet is not a product that can charge citizens a fee. eIDAS 2.0 requires issuance and basic use, including authentication and non‑professional QES initiation, to be free for natural persons. That rule eliminates certain revenue models and pushes the wallet into the category of public infrastructure. Budgeting for the wallet therefore belongs in multi‑year digital‑government programmes rather than in small, project‑level initiatives. Costs include development or adaptation of the app, backend services for trust and status, WSCD integration work, certification, app‑store distribution, citizen support, and continuous security updates.
Was this helpful?