An update on EU Digital Wallets and the potential of Global eID Schemes

Yet, as Europe moves toward a universal digital identity app, the question of security looms large. In “What Happens If Your Digital ID is Stolen? A Viewpoint From Norway,” we took a close look at how identity theft plays out in a country already accustomed to robust digital IDs, specifically BankID. Norway’s experience underscores a key reality: when online identification becomes woven into so many aspects of daily life—opening loans, enrolling in public services, or even unlocking an automated tanning booth—the stakes are extraordinarily high if those credentials are compromised. The Norwegian data shows that most fraud arises from people abusing the login information of someone they know, often a family member or close acquaintance. The consequences can be devastating, particularly as financial institutions see the “owner” of those stolen credentials as liable for unpaid debts. While new authentication factors, like mobile-based biometrics, reduce the risk of sharing passwords or physical dongles, the underlying issue remains: eID theft can leave victims with far more than just an emptied bank account—it can saddle them with fraudulent loans, misused personal data, or legal entanglements that take years to resolve.

These insights from Norway reveal why the European Commission and member states are taking great pains to ensure that the new EU Digital Identity Wallet system is built on secure, privacy-focused foundations. As part of that effort, each national government will be required to offer an identity wallet that meets Europe-wide interoperability standards. The wallets must comply with a consistent security approach, undergo rigorous testing through pilot projects, and align with existing cybersecurity legislation. Thanks to an open-source reference implementation, countries and approved private entities can adapt the baseline code for their local context, provided they uphold key requirements for data protection, anti-tampering measures, and user consent. The EU wants this new form of identification to become an optional but widely accepted credential—useful whether you are opening a new bank account, signing up for utilities in a different country, or simply proving your age for an online purchase. Over time, we can expect more specialized features: perhaps a digital attestation of educational or professional qualifications that can be instantly verified anywhere in the EU.

Beyond Europe, similar projects are emerging worldwide. Canada has been experimenting with national digital ID pilots, while countries across Africa and Asia are exploring eID to streamline public services. These global efforts, though not uniform in design, share common challenges: how to protect citizens from identity fraud, how to ensure data minimization and privacy, how to prevent big tech or third-party intermediaries from accumulating too much personal data, and how to make the on-boarding process frictionless enough to encourage widespread adoption. As soon as digital IDs go mainstream, they effectively become a critical part of daily life—meaning any security lapse, however rare, can have a serious societal impact.

Nevertheless, the potential benefits are vast. Relying on digital identities can reduce the cost and complexity of KYC checks, both for financial institutions and for new digital services. It can empower citizens to prove their identities across borders without having to rely on bureaucratic paper processes. It may even spur the creation of new business models or services that were once impossible because of verification constraints. At the same time, governments can more efficiently tackle issues like fraud or benefit abuse by linking transactions to identities that are verified at a high level of assurance.

The key to success will be balancing these innovations with robust consumer protections, ensuring that in cases of fraud, victims are not simply left to fend for themselves. Norway’s BankID experience highlights how tricky it is to establish responsibility when stolen credentials are used for malicious ends. If a user inadvertently hands over a password—or if a family member borrows a phone—should the bank be liable, or is the user at fault? These issues become even more complex in an EU-wide identity system, where cross-border transactions and multiple legal jurisdictions intertwine. Policymakers are therefore focused not just on building bulletproof technology but also on clarifying legal liability, standardizing security protocols, and educating citizens about safe authentication practices.

From our vantage point in 2025, it seems likely that many of these threads—EU-wide digital identity, global eID schemes, and advanced security measures—will continue to intertwine. The process might be uneven, with different member states, banks, and third-party providers adopting the new wallet system at different paces. But with each successful pilot and each new wave of user adoption, the idea of a single, universally recognized digital ID will inch closer to reality. For those of us who have followed the journey from PSD2 to open banking, and from basic eIDAS certificates to comprehensive digital wallets, it is fascinating to witness the emergence of this next step in identity verification. Much like Norway’s BankID, the EU Digital Identity Wallet aspires to be woven into everyday life in a way that makes tasks simpler, faster, and (hopefully) more secure.

Moving forward, we will continue to keep an eye on how the EU Digital Identity Wallet’s standards evolve, how member states integrate them into their services, and how other regions of the world adopt or adapt similar solutions. We remain keenly aware that no matter how advanced the technology, the human factor—decisions about sharing credentials, unforeseen use cases, or cunning social-engineering attacks—remains the biggest challenge. In an age where a single digital ID can unlock countless government and commercial services, vigilance and secure design are paramount. If you are curious about the intersection of digital identity, security, and user experience, stay tuned to our blog and keep an eye on ongoing regulatory developments. The future of identity is unfolding fast, and it promises to redefine not just how we log in to our banks, but how we participate in a more interconnected digital society.