Regulation (EU) 2024/1183 of the European Parliament and of the Council of 11 April 2024 amending Regulation (EU) No 910/2014 as regards establishing the European Digital Identity Framework, commonly referred to as eIDAS 2 or the European Digital Identity Regulation, is a regulation of the European Union that establishes a comprehensive legal framework for a European Digital Identity ecosystem, with the EU Digital Identity Wallet (EUDI Wallet) at its centre.^[1] The regulation amends its predecessor, Regulation (EU) No 910/2014 (known as eIDAS), which had governed electronic identification and trust services for electronic transactions in the internal market since 2014.^[1][2]

The regulation was signed on 11 April 2024, published in the Official Journal of the European Union on 30 April 2024, and entered into force on 20 May 2024.^[1][3] It is directly applicable in all EU member states without requiring transposition into national law.^[4]

The original eIDAS Regulation (Regulation (EU) No 910/2014) entered into force on 17 September 2014 and applied from 1 July 2016, establishing the first EU-wide legal framework for electronic identification and trust services including electronic signatures, seals, time stamps, and website authentication certificates.^[5] The framework allowed notified national electronic identification schemes to be used to access public services online across borders within the EU.^[6]

However, a review carried out by the European Commission in 2020 and 2021 found that the original regulation had significant shortcomings. Only 14 of the then-27 Member States had notified at least one electronic identification scheme, meaning that only approximately 59 percent of EU residents had access to trusted and secure cross-border electronic identification. The framework was inherently limited to the public sector and lacked flexibility to support a variety of use cases. Identity solutions falling outside its scope, such as those offered by social media providers and financial institutions, raised concerns about privacy and data protection, and the regulation did not allow users to limit the sharing of identity data to what was strictly necessary for the provision of a specific service.^[7] The original regulation also did not cover electronic attributes such as medical certificates or professional qualifications, creating difficulties for pan-European legal recognition of such credentials.^[7][5]

The proposal for the new regulation was closely linked to the EU's broader digital policy objectives. The 2030 Digital Decade policy programme set targets requiring that all key public services be available online and that all EU citizens have access to a digital identity by 2030.^[3] The initiative was one of the six priorities of the von der Leyen Commission (2019-2024).^[3]

On 3 June 2021, the European Commission put forward its proposal (COM(2021) 281 final) for a revision of the eIDAS Regulation, introducing the concept of a European Digital Identity Wallet as the central mechanism of the updated framework.^[6][3]

Trilogue negotiations between the European Parliament, the Council of the EU and the European Commission began on 21 March 2023. A provisional political agreement was reached on 8 November 2023 during the Spanish Presidency of the Council of the European Union, concluding the trilogue phase of the legislative process.^[8] The European Parliament's Committee on Industry, Research and Energy (ITRE) endorsed the agreed text on 7 December 2023, and the Committee of Permanent Representatives (COREPER) confirmed the Council's position on 6 December 2023.^[8][3]

The European Parliament adopted the regulation at first reading on 29 February 2024, by 335 votes in favour, 190 against and 31 abstentions.^[8][3] The Council of the European Union formally adopted the text on 26 March 2024.^[1] The Presidents of the European Parliament and the European Council signed the final text on 11 April 2024. It was published in the Official Journal of the European Union (OJ L 2024/1183) on 30 April 2024, and entered into force on 20 May 2024.^[8][1]

The central innovation of the regulation is the European Digital Identity Wallet (EUDI Wallet), a secure mobile application allowing EU citizens, residents and businesses to store, manage and share digital credentials such as identity documents, professional certificates and other personal attributes.^[5] The regulation affirms that everyone in the EU has the right to a digital identity under their sole control, enabling participation in the digital economy and exercise of rights in the digital environment.^[9]

Member States are required to make available at least one EUDI Wallet to citizens, residents and businesses who request one within 24 months of the date of entry into force of the relevant implementing acts. The wallet must be offered free of charge to natural persons. Use of the wallet is entirely voluntary, and alternative identification measures must remain available for those who choose not to use it.^[5][10] Member States may provide the wallet directly, mandate a third-party provider, or recognise private providers.^[10]

The wallet enables citizens to prove their identity across EU member states, to share digital versions of documents such as driving licences, professional or educational diplomas, and prescriptions, and to prove specific personal attributes such as age without revealing their full identity or other personal details, through a mechanism known as selective disclosure.^[10][5]

Public bodies that require electronic identification and authentication to access an online public service must accept the EUDI Wallet as a valid means of identification. Very Large Online Platforms designated under the Digital Services Act, such as Amazon, Booking.com and Facebook, and private services that are legally required to authenticate their users must also accept the wallet for user authentication at the user's request, with a deadline of late December 2027.^[10][5]

Public bodies that issue electronic attestations of attributes (EAAs) derived from authentic sources within the public sector, such as civil registers or educational records, are required to make those EAAs verifiable at the request of a wallet user, irrespective of the Member State in which the wallet is provided. This allows wallet users to present trusted credentials directly to relying parties without repeated manual verification processes across member states.^[5]

The regulation expands the list of qualified trust services defined in the original eIDAS Regulation. Three new qualified trust services are introduced: electronic archiving services, electronic ledgers, and the management of remote electronic signature and seal creation devices.^[4] The regulation also upholds and strengthens rules for existing trust services including qualified electronic signatures, electronic seals, time stamps, registered electronic delivery services, and qualified certificates for website authentication (QWACs).^[4]

The regulation includes specific provisions designed to reinforce the privacy of wallet users. EUDI Wallet providers are required to ensure the unobservability of user transactions, meaning they must not collect data about or have insight into the transactions carried out by users. Access to transaction data by providers is permitted only in specific cases, on the basis of explicit prior consent by the user in each individual case, and in full compliance with the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679).^[11] Providers of electronic identification means and electronic attestation of attributes are prohibited from combining personal data obtained when providing other services with personal data processed to provide wallet services.^[11]

The regulation required the European Commission to adopt implementing acts specifying technical and operational standards for the wallet. By 21 November 2024, the Commission was required to establish reference standards and specifications for the implementation of the EUDI Wallet. A first set of five implementing regulations was published on 4 December 2024 and entered into force on 24 December 2024, specifying: the integrity and core functionalities of wallets; person identification data (PID) and electronic attestations of attributes, including issuance and revocation rules; protocols and interfaces for interoperability; and notification and certification requirements. A second round of implementing regulations was adopted on 7 May 2025, covering wallet registration, certification rules, and relying parties.^[10][3]

Provisions in Articles 45 and 45a of the amended regulation, which relate to qualified certificates for website authentication (QWACs), attracted sustained criticism from internet security researchers, browser vendors and civil society organisations. Under the framework, government-endorsed certificate authorities issue QWACs to websites. Critics argued that if a browser company detected a security issue with such a certificate, the regulation's structure could effectively prevent it from distrusting the certificate in question, potentially creating security vulnerabilities exploitable by governments or malicious actors.^[12] The R Street Institute, in a 2024 assessment, rated the regulation as "cyber negative" on this basis, arguing that "removing website authentication from capable organizations with a successful history and giving that authority to government entities is misguided."^[12]

Civil society organisations urged the European Commission to strengthen privacy safeguards in the implementing rules for the EUDI Wallet, expressing concerns that the regulation as adopted did not provide sufficient protections against user tracking and profiling.^[13]

A 2025 article published in the Nordic Journal of Human Rights (Taylor & Francis) analysed the regulation from a human rights perspective, examining both the rights to digital access and digital identity referenced in the regulation and the potential risks associated with the EUDI Wallet for fundamental rights.^[14]

Analysts noted that integrating the new EUDI Wallet infrastructure with existing national digital identity systems would require substantial investment, as many member states and businesses operate legacy systems that may be incompatible with the new standards. The Digital Decade Country Reports published by the European Commission in 2024 identified digital skills gaps in several member states, including Bulgaria, Cyprus, Hungary, Romania, Italy, Latvia and Poland, as a structural challenge for uptake of the wallet.^[14]

• eIDAS
• EU Digital Identity Wallet
• General Data Protection Regulation
• Digital Services Act
• Electronic signature
• European Commission

• Full text of Regulation (EU) 2024/1183 on EUR-Lex
• European Commission - EU Digital Identity Regulation page
• European Parliament Legislative Train - eIDAS revision dossier