5. Legal and Policy Context for the Wallet

5.1 eIDAS 2.0 Requirements

eIDAS is the European Union’s legal framework for electronic identification and trust services. Spelled out, it stands for “Electronic Identification, Authentication and Trust Services” and it started as Regulation (EU) 910/2014. The regulation does two big things. It creates a common legal basis for electronic signatures, seals, timestamps, website certificates and electronic registered delivery services across all EU Member States. A “qualified electronic signature” under eIDAS, for example, must be treated the same as a handwritten signature in every Member State. Second, it sets the ground rules for electronic identification schemes that countries notify to the EU, so that a citizen who logs in to a service in another Member State using their national eID can be recognised with a predictable level of assurance.

The recent revision, specifically eIDAS 2.0 and related implementing acts, extends this framework by adding the concept of the European Digital Identity Wallet (EUDIW).

5.2 GDPR and Data Protection

GDPR brings general data‑protection rules into this picture. For the wallet, the most visible effect is that data‑minimisation and transparency must be reflected in user interfaces and flows. Approval screens should clearly explain what attributes are requested and for what purpose. Default choices should lean towards less data sharing, not more. Clear documentation is required so that roles and responsibilities are not ambiguous. Technical features such as local storage of transaction history on the device, limited backend logging, and privacy‑preserving crash reporting help reduce risk and support data‑protection impact assessments.

5.3 National Legislation

Each Member State layers its own laws on top of eIDAS and GDPR. Before committing to a specific wallet design, teams should check local legislation that touches on:

• national data‑protection acts and guidance from data‑protection authorities;

• electronic communications and consumer‑protection law;

• national trust‑service regulations;

• sectoral rules in health, justice, finance, and other regulated domains.