TL;DR: Faster digital signature adoption, a renewed focus on identity authentication, and expanding data protection pressure are emerging as eIDAS 2.0, PSD3, and digital identity wallets reshape trust models across the EU and beyond, according to GlobalSign’s 2023 predictions. The shift is less about new tools than about governance, assurance, and policy alignment across identity programmes.
NHIMG editorial — based on content published by GlobalSign: 2023 cybersecurity trends, including eIDAS 2.0, identity authentication, and digital signatures
By the numbers:
- 92% of organisations expose NHIs to third parties, raising concerns about supply chain security.
Questions worth separating out
Q: How should security teams govern digital identity wallets in an existing IAM programme?
A: Treat digital identity wallets as part of the human identity control stack, not as a separate pilot.
Q: Why do digital signatures need governance beyond cryptography?
A: Because cryptography only proves that a key signed something, not that the right person or system was allowed to use that key.
Q: How do data protection rules affect identity and trust services?
A: They shape what evidence can be collected, how it is stored, and which verification processes are defensible.
Practitioner guidance
- Assess digital identity wallet integration points Identify where wallet-based authentication would touch federation, step-up checks, signing, and recovery flows.
- Review certificate lifecycle governance Inventory certificate issuance, renewal, revocation, and ownership across all trust services.
- Align identity assurance with regulatory change Map eIDAS 2.0 and related data protection developments to the controls used in onboarding, authentication, and electronic signing.
What's in the full article
GlobalSign's full article covers the operational detail this post intentionally leaves for the source:
- Predictions and examples behind the expected growth in digital signatures across the EU and UK.
- The article's discussion of eIDAS 2.0, PSD3, and data protection reform as overlapping policy signals.
- GlobalSign's perspective on how authentication, trust services, and CA perception may change across markets.
- The source article's examples of email security, PKI, and emerging technology trends beyond the identity-specific focus of this post.
👉 Read GlobalSign's predictions on eIDAS 2.0, identity authentication, and digital trust →
eIDAS 2.0, digital identity wallets, and what IAM teams should expect?
Explore further
Digital identity policy is becoming an IAM governance issue, not just a legal one. eIDAS 2.0 and related digital identity changes move assurance decisions into the centre of trust architecture. That means identity proofing, signing, and federation controls have to align with policy and operational reality. Practitioners should expect more cross-functional ownership, but IAM teams still need to own the control plane.
A question worth separating out:
Q: What should organisations re-evaluate when digital trust regulations change?
A: Re-evaluate assurance levels, certificate governance, federation dependencies, and cross-border trust assumptions. The main risk is not a missing feature, but a mismatch between policy, operating controls, and the claims made by the trust service.
👉 Read our full editorial: eIDAS 2.0 and digital identity authentication are reshaping trust