UPDATE ......From Tuesday 8 April 2025 we have changed the way that Single Sign-on works on this wiki. Please see here for more information:
Update
1. Technical Purpose:
This regulation defines how EU Member States must register and communicate metadata about each officially notified EUDI Wallet to:
-
The European Commission
-
The Cooperation Group under the eIDAS 2.0 framework
The regulation ensures technical consistency, interoperability, and public verifiability of wallet registration across the EU.
2. Key Technical Requirements:
2.1. Data to Be Transmitted
Each Member State must prepare and submit a machine-readable dataset that includes:
-
Wallet identifier (e.g., UUID or other persistent ID)
-
Country code
-
Legal issuer (organization issuing the wallet)
-
Issuance date / Validity period
-
Status of the wallet (e.g., active, revoked)
-
Compliance details:
-
Reference to technical specifications used (e.g., eIDAS-compliant modules)
-
Security assurances (certification paths, conformance to ETSI/ISO/W3C standards)
-
2.2. Format and Transmission Protocol
-
The dataset must be provided in a machine-readable format: likely JSON, XML, or a defined structured schema (e.g., based on CEF Building Blocks).
-
It must comply with a standard data model (to be maintained by the Commission), likely part of the broader EUDI Wallet Registry schema.
Example (conceptual JSON structure):
{
"wallet_id": "urn:eu:wallet:abc123",
"issuer": "DigitalID Authority of CountryX",
"country": "X",
"status": "active",
"valid_from": "2025-10-01",
"standards": ["ETSI TS 119 461", "W3C Verifiable Credentials"],
"signature": "<digital signature>"
}
3. Notification and Updates
-
Wallet data must be transmitted to the Commission:
-
Upon initial notification
-
Any time a wallet is updated, suspended, or revoked
-
-
The information must be sent without undue delay, ensuring real-time registry integrity
3.1. Central Wallet List
-
The European Commission will maintain a central machine-readable list of all notified EUDI Wallets
-
This list will be:
-
Publicly accessible
-
Regularly updated
-
Published in the Official Journal of the EU and stored in structured, queryable formats
-
4. Security Considerations:
-
Submissions are expected to be digitally signed to ensure authenticity and integrity
-
Trust frameworks like PKI, Qualified Certificates, and/or EU Trust Lists (LOTL/TL) may be required to validate sources
5. Deadlines:
-
Regulation becomes applicable 20 days after publication in the EU Official Journal (OJEU)
-
Member States must comply immediately after that date
6. Summary Table:
| Aspect | Details |
|---|---|
| Scope | Cross-border registration of notified EUDI Wallets |
| Submitted by | EU Member States |
| Submitted to | European Commission & Cooperation Group |
| Format | Machine-readable (e.g., JSON, XML) |
| Includes | Issuer, country, validity, compliance specs, status |
| Use | Public registry, verification, trust infrastructure |
| Enforcement start | 20 days after OJEU publication |
7. Challenges in Research and Education Sector