TL;DR: eIDAS 2.0 moves digital identity toward user-controlled EU wallets, qualified attribute attestations, and higher-assurance verification for citizens, organisations, and public authorities, according to GlobalSign. The shift turns identity assurance, signature trust, and attribute validation into governance problems as much as technical ones.
NHIMG editorial — based on content published by GlobalSign: The future of digital identity verification under eIDAS 2.0 and the EU Digital Identity Wallet
By the numbers:
- 92% of organisations expose NHIs to third parties, raising concerns about supply chain security.
- 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation.
- Only 5.7% of organisations have full visibility into their service accounts.
Questions worth separating out
Q: How should organisations accept identity claims from EU digital identity wallets?
A: Organisations should accept wallet claims only through defined trust policies that check issuer qualification, attribute freshness, and revocation status.
Q: Why do digital identity wallets create governance challenges for IAM teams?
A: Digital identity wallets move assurance outside the enterprise boundary, so IAM teams must manage external issuers, verified attributes, and acceptance rules rather than only internal accounts.
Q: What do security teams get wrong about self-sovereign identity?
A: The common mistake is assuming self-sovereign identity removes governance.
Practitioner guidance
- Map trust levels to use cases Classify wallet-presented claims by risk tier and define which transactions require high assurance, qualified attestations, or additional step-up verification before acceptance.
- Define issuer acceptance policy Create an explicit list of approved trust service providers, acceptable attribute sources, and revocation checks before any external claim is used for onboarding or authorisation.
- Integrate claim freshness checks Require expiry, revocation, and time-bound validity checks for credentials, signatures, and attribute attestations before they are consumed by IAM or business systems.
What's in the full article
GlobalSign's full article covers the operational detail this post intentionally leaves for the source:
- How qualified trust services support eIDAS 2.0 attribute attestations in practical identity flows
- The toolbox and pilot structure behind the EU Digital Identity Wallet implementation plan
- The payment-use-case discussions from the EWC and NOBID consortia
- The compliance-oriented rationale for signatures, seals, and high-assurance verification under the regulation
👉 Read GlobalSign's analysis of eIDAS 2.0 and the EU Digital Identity Wallet →
eIDAS 2.0 digital identity wallets: what changes for practitioners?
Explore further
Qualified trust shifts the control problem from credentials to claims. eIDAS 2.0 is not only about digital convenience, it is about turning identity assertions into governed, machine-checkable evidence. That matters because relying parties can no longer treat every attribute as equivalent, even when it arrives through a standardised wallet. The practical conclusion is that assurance policy, not just authentication, becomes the core control surface.
A question worth separating out:
Q: Which compliance controls matter most for digital identity verification under eIDAS 2.0?
A: The most relevant controls are assurance policy, evidence validation, revocation handling, and auditability of trust decisions. Teams need to show not only that a claim was received, but that it came from an accepted issuer and was valid at the time it was used.
👉 Read our full editorial: eIDAS 2.0 digital identity wallets shift trust and control