Digital Identity

From Digital Identity to Business. Eidas 2.0 Opens New Paths for Companies

 

David Ottolenghi

On 30 July 2025, the European Commission completed the publication of a new package of implementing regulations under Regulation (EU) 2024/1183, better known as eIDAS 2.0.

This set of eight key regulations defines common technical standards, minimum requirements, and interoperability criteria for the functioning of European Digital Identity Wallets (EUDI Wallets), laying the foundation for secure, certified, and integrable digital services across the EU.

The goal is clear: to provide citizens and businesses with a simple, reliable, and compliant tool to identify themselves online and manage verifiable personal, professional, or business attributes.

In this framework, identity, qualifications, and attributes – such as age, certifications, professional licenses, or corporate delegations – are essentially "tokenised" into verifiable digital credentials. These credentials can be easily used in various contexts and validated with Zero-Knowledge Proof (ZKP) technologies, which allow a person to prove possession of a certain attribute (e.g. being over 18) without disclosing any additional personal information (e.g. name or birth date).

This enables secure, selective, and GDPR-compliant automation of checks and access controls, facilitating smoother interactions between public entities, businesses, and individuals at the European level.

In this post, we aim to provide practical insights for:

  • Tech companies looking to build solutions aligned with the new EU digital identity framework;

  • Commercial businesses interested in simplifying access to products or services reserved for specific customer categories, using advanced tools such as zero-knowledge proofs.

What do the eIDAS 2 Implementing Regulations Cover?

The new regulatory package adopted on 30 July 2025 sets out the technical and operational requirements for deploying the EU digital identity system. It includes rules on the security and interoperability of EUDI Wallets, which each Member State must make available to its citizens.

The regulations also introduce standards for qualified attestations of attributes, which are digital certificates proving certain personal or corporate characteristics — such as legal age, VAT registration, membership in professional associations, or delegated authority — including in selective formats that protect user privacy.

The regulations further define how wallets will interact with trust service providers (TSPs) and digital public and private services, ensuring cross-border and cross-sector interoperability. They also regulate third-party access interfaces, so that EUDI Wallet verifications can be smoothly integrated into business systems in a secure, auditable, and transparent way.

Finally, the regulations impose clear obligations on wallet providers and TSPs concerning data protection, transparency, and auditability.

Where Do We Stand, and What’s Next?

With this regulatory package, the core legal infrastructure of eIDAS 2 is now in place. However, several steps are still needed for full-scale adoption of the EUDI Wallet system:

  • Digital wallets are not yet in use: each Member State must authorise at least one official EUDI Wallet. Private providers must also complete the certification process (in Italy, the IT-Wallet project led by PagoPA is underway).

  • Public and private services need to adapt: technical and organisational updates will be required to integrate wallet verification mechanisms into current systems.

  • Attribute schemes must be tested in practice: particularly in regulated sectors (e.g. banking, e-commerce, healthcare), real-world testing will be necessary to validate the effectiveness of attestations and integrations.

It is likely that the first fully operational services will emerge between 2026 and 2027, but now is the right time to design compatible solutions and prepare for integration.

What Opportunities for Tech and Commercial Companies?

The practical implications of eIDAS 2 are wide-ranging. Here are some of the most promising:

  • For technology companies, eIDAS 2 opens up the opportunity to develop:

    • Attribute verification services and wallet integration tools for public or private stakeholders;

    • EUDI-compatible document and identity management systems;

    • Specialised applications in the legal, healthcare, academic, and financial sectors.

  • For commercial companies, eIDAS 2 can simplify access to products and services subject to legal or contractual restrictions, such as:

    • Products restricted to adults (e.g. alcohol, tobacco);

    • Medicines or devices requiring prescriptions;

    • Services reserved for licensed professionals, companies, or public entities;

    • Contracts requiring proof of signature authority or corporate ownership.

All this can be achieved without processing unnecessary personal data: attributes can be verified once and selectively revealed only when needed, through Zero-Knowledge Proof mechanisms.

 

Clovers.law assists tech providers, startups, and commercial operators in exploring the opportunities created by the eIDAS 2 regulation, including:

  • Legal analysis and strategic assessment of business models;

  • Design of wallet-compatible solutions;

  • Legal support in areas such as compliance, privacy, and interoperability.