EUDI Wallets: Enterprise Takeaways from DICE 2026

Key Takeaways

  • The biggest near-term enterprise opportunity is the verifier role: digital credentials can automate KYC flows that are currently slow and manual.

  • EUDI Wallets are anti-tracking by design: each verifier gets distinct keys and identifiers, making cross-service tracking cryptographically infeasible.

  • Digital credentials are primarily tokens for authentication, not authorization; you still need an OAuth 2.0 architecture to issue your own tokens and protect APIs correctly.

  • Wallet adoption is a global trend, not just an EU one — organizations building identity infrastructure should start thinking about wallets now.

On this page

I recently attended the DICE (Digital Identity unConference) event in Copenhagen, where most of the focus centered on rollouts of EU Digital Identity Wallets. Many identity experts bring their knowledge to DICE events, which use an unConference format, where all attendees participate in the design of interactive sessions. Attendees can learn about new identity topics or brainstorm ideas related to problems not yet solved.

The EUDI Wallet Ecosystem

DICE began with a panel discussion on Rollouts of Government Wallets, with panelists representing government agencies from Denmark, France, Germany and Moldova. Although Moldova is not currently in the EU, its participation highlights the wider interest in EUDI wallets.

The panel discussed how each of the 27 member states will first release a compliant wallet. Those states have existing identity infrastructure, so nation-states can use their own strategies to roll out wallets and ensure continuity with existing systems. 

Citizens will use wallets (typically mobile applications) to present cryptographically signed digital credentials (a.k.a. verifiable credentials) to authorized digital services. Digital credentials enable citizens to provide their identity or other attributes with a high level of assurance (LoA). 

Wallets use privacy-preserving patterns to present personal data, since users selectively disclose attributes. Wallets are also anti-tracking, since they use distinct signing keys and user identifiers for each digital service.

Who Can Issue EUDI Wallet Credentials?

The initial issuers of digital credentials will be government agencies like identity card authorities or passport offices within each member state. The first digital credential will be the user’s PID (Person Identification Data), containing attributes like name, nationality, and date of birth.

There are technical and infrastructure costs for member states to become compliant and manage the digital credential ecosystem.  The talk on Scaling Privacy and Security explained the details, where member states must implement Essential Standards and Technical Specifications (STS). 

Once the infrastructure is in place, other organizations will be able to issue their own digital credentials to EUDI citizen wallets. To do so, they may need to pay their national authority or intermediaries. For example, healthcare providers, transport authorities, universities, banks, insurance companies, and private businesses could issue digital credentials. 

To act as Issuers of Digital Credentials, a.k.a Attestation Providers, organizations will need to register with their member state and explain the credential types they will issue, the user attributes they will use, and why. Registration will help to ensure industry-specific best practices, interoperability, and user privacy. 

Many attendees were interested in the presentation on European Business Wallets (EBW). Business wallets will hold organizational digital credentials. They will enable Know Your Supplier (KYS) use cases, like an employee first proving their identity with an EUDI wallet and then using an EBW that proves authorization to sign contracts on behalf of their organization.

The Enterprise Opportunity: Acting as a Verifier

By far the main topic of conversation among attendees, both within sessions and when socializing afterwards, was EUDI wallet use cases for citizens and organizations.

Early use cases for EUDI wallets are likely to be around replacing cumbersome operations, like scanning passports, to prove a user’s identity or age. Citizens will then seamlessly perform operations like presenting proof of age to buy online items. Similarly, enterprises can more easily implement Know Your Customer (KYC) flows when users sign up to their digital services.

To enable these use cases, citizens must be able to present digital credentials to Enterprises who act as Verifiers, a.k.a Relying Parties. The DICE session on Evolving Verifier ID explained how wallets need trusted external context about the party asking the user for their personal information. Therefore, verifiers must also have a cryptographic identity that wallets can trust.

To act as a verifier, enterprises will need to register with their member state to gain access to wallet attributes and explain how and why they consume user attributes. Therefore, EUDI wallets provide built-in data minimization techniques for citizens to help enforce regulations like the General Data Protection Regulation (GDPR).

Discussions often raised the difficulty of industry-specific use cases, which will take longer to materialize due to the need for stakeholder agreement across both nations and industries. Example use cases might be the use of driving licenses across borders or a German citizen using their EUDI wallet as legal proof of ownership of a French property. 

EUDI Wallets Are a Global Trend, Not Just an EU One

You can think of the use of wallets as a global security design pattern. The DICE session on VC’s & Wallets Outside the eIDAS Echo Chamber discussed wider usage, with topics like NIST IR 8112, which defines ways for organizations to work with federated attributes. 

At DICE, there were attendees from many countries outside the 27 EU member states. I spoke or listened to attendees from the United Kingdom, South Africa, and Japan on the desire for technical alignment and interoperability. Over time, the citizen wallets trend will extend to many locations outside the EU.

Wallet-Ready Security Architectures

DICE sessions often dived into the security protocols that EUDI wallets use. These are OpenID4VCI to issue digital credentials to wallets and OpenID4VP to authenticate users who present digital credentials from wallets. You can think of digital credentials as tokens for authentication, where those tokens use an externally defined format that individual organizations cannot control. 

To be wallet-ready, organizations need a strategy to integrate wallets with APIs and API clients, which will need to use attributes from digital credentials. The OpenID4VCI and OpenID4VP protocols are designed to integrate with OAuth 2.0 to enable issuance and verification use cases. In OAuth 2.0, each organization adds its own tokens for authorization, using access tokens, and should be able to fully control access token attributes. 

Curity discussed this topic in our session on AI Agent Access Control. We explained how each organization should design its own access tokens to meet its particular requirements to protect resources. We explored how access tokens enable policy-based access control patterns and least-privilege access to enterprise resources as an architecture that helps to mitigate AI risks.

To use OAuth 2.0 and enable users to authenticate with wallets, clients simply run a code flow that uses a wallet authenticator. The authorization server can verify digital credentials and issue their attributes to access tokens. Clients then send access tokens in APIs, which use the attributes from JWT access tokens to authorize access to resources.

A wallet-ready security architecture should also externalize wallet integration complexity from application and API teams. Instead, an identity team can use the OAuth 2.0 authorization server to implement wallet integrations. When an organization needs to refine wallet integrations, it can do so multiple times without changing code in applications.

wallet integration diagram

Learn More

At Curity, we recommend an end-to-end architecture that starts with API access control and also enables federations, like EUDI wallets. Using this architecture enables you to change security more easily and to provide business agility. To learn more about wallet integrations, check out the following resources on the Curity website. 

Related resources

Frequently Asked Questions

What protocols do EUDI Wallets use?

Credential issuance uses OpenID4VCI (OpenID for Verifiable Credential Issuance). Credential presentation uses OpenID4VP (OpenID for Verifiable Presentations). Digital credentials use the SD_JWT VC format to enable users to selectively disclose attributes to verifiers.

Can non-government organizations issue EUDI Wallet credentials?

Yes. Banks, employers, universities, and other organizations can register as credential issuers with their member states. Registration requires declaring which credential types will be issued and which user attributes will be included.

Can non-government organizations verify EUDI Wallet credentials?

Yes. Any organization can act as a verifier, to authenticate users with a high level of assurance. Verifying organizations must also register with their member state to explain how they will consume user attributes, and so that wallets can trust the verifier.