From digital identity to business: EIDAS 2.0 opens up new opportunities for businesses.

David Ottolenghi

On July 30, 2025, the publication of the new package of implementing regulations for Regulation (EU) 2024/1183, known as eIDAS 2.0, was completed.

These eight key acts establish common technical standards, minimum requirements, and interoperability criteria for the operation of EUDI Wallets (European Digital Identity Wallets), laying the groundwork for the widespread adoption of secure, certified, and interoperable digital services throughout the Union.

The goal is clear: to provide citizens and businesses with a simple, reliable, and compliant tool to identify themselves online and manage their personal, professional, or business information in a verifiable manner.

In this context, identities, qualifications, and personal or corporate attributes —such as legal age, possession of certain certifications, professional requirements, or corporate authorizations—are, in a sense,“tokenized,” that is, transformed into verifiable digital certificates that can be easily used in multiple contexts, including with Zero-Knowledge Proof (ZKP) tools—technologies that allow one to demonstrate possession of an attribute (e.g., legal age) without revealing further details (e.g., name or date of birth).

This enables the automation of checks and access in a secure, selective, and GDPR-compliant manner, facilitating interaction between public entities, businesses, and private users across Europe.

In this post, we aim to provide some practical insights, specifically:

- for technology companies that wish to develop solutions compatible with the new European framework; and

- for businesses interested in simplifying access to services, products, and contracts reserved for specific customer groups, in part through the use of tools such as zero-knowledge proofs.

What do the implementing regulations for eIDAS 2 provide for?

The new legislative package adopted on July 30, 2025, defines the essential technical and operational requirements for the implementation of the European Digital Identity. In particular, the regulations establish common security and interoperability rules for EUDI Wallets, the digital identity wallets that each Member State must make available to its citizens. Standards are also introduced for qualified attestations of attributes—digital certifications that verify specific characteristics of an individual or business—such as legal age, possession of a VAT number, registration in professional registers, or the existence of a corporate power of attorney—even in a selective manner, to protect privacy.

The regulatory package also governs how wallets will be able to interact with trust service providers and with public and private digital services, thereby ensuring interoperability across different countries and sectors. It also establishes technical standards for third-party access to data contained in the wallet, so that verification processes can be integrated into business systems in a secure, traceable, and transparent manner. Finally, the regulations impose specific obligations on digital wallet providers and trust service providers, establishing common criteria for the protection of personal data, the transparency of transactions, and the auditability of digital interactions.

Where are we at, and what's left to do?

With the adoption of the new package of regulations, the basic framework of the European regulatory infrastructure can be considered complete, although several key steps remain before the EUDI Wallet can be fully implemented on a large scale:

• Digital wallets are not yet widely used: each Member State will have to authorize at least one official EUDI Wallet, and private providers will have to complete the certification processes (in Italy, the IT-Wallet project, managed by PagoPA, is currently underway).

• Public and private services will have to adapt: the technical and organizational implementation within current systems will require updates and new interfaces.

• Attribution and verification standards must be tested in practice: particularly in regulated sectors (e.g., banking, e-commerce, healthcare), it will be necessary to validate the effectiveness of certifications and integrated solutions in the field.

The first fully operational services in a production environment are likely to emerge between 2026 and 2027, but concrete opportunities are already emerging today to develop compatible solutions and prepare for integration.

What opportunities are there for commercial and technology companies?

The practical implications of eIDAS 2 are numerous. Among the most interesting are:

1. For technology companies, there is room to develop:

or attribute verification and wallet integration services, to be offered to public entities or private companies;

o compatible document management or business management systems that natively read EUDI attributes;

or specialized applications in the legal, healthcare, academic, and financial sectors.

2. For businesses, eIDAS 2 can simplify access to products or services subject to specific requirements, such as:

or products that may only be sold to adults;

o medications or devices available only by prescription;

or services reserved for professionals, businesses, and public entities;

o contracts or documents that require verification of signing authority or ownership of the company.

All of this will be possible without having to process personal data that is not strictly necessary for providing the service: attributes can be verified once and displayed on request using zero-knowledge proofs.

Clovers assists technology companies, startups, and commercial operators:

• in analyzing the opportunities offered by the new European eIDAS 2 regulatory framework,

• in designing solutions compatible with digital wallets and

• in managing legal matters related to compliance, privacy, and interoperability.