Notifications
Clear all
Topic starter
04/06/2026 6:48 pm
TL;DR: The governance question is no longer whether wallets work in principle, but whether regulated identity controls, assurance, and acceptance rules are ready for production use, as OneSpan says it is participating in the WE BUILD and Aptitude European Digital Identity Wallet large-scale pilots, which are testing real-world use cases for banking, payments, travel credentials, and cross-border identity flows under eIDAS 2.0 and AMLR.
NHIMG editorial — based on content published by OneSpan: OneSpan joins digital identity wallet pilots with WE BUILD and Aptitude Authentication
By the numbers:
- By the end of 2027, regulated industries like banking must be ready to accept the EUDI wallet.
Questions worth separating out
Q: How should banks prepare for EUDI wallet acceptance in regulated journeys?
A: Banks should classify which journeys can rely on wallet-presented evidence and which still require additional verification.
Q: What breaks if an EUDI wallet is treated like a generic login method?
A: What breaks is the distinction between authentication, identity proofing, and transaction authorisation.
Q: When should organisations require step-up verification instead of wallet-only trust?
A: Organisations should require step-up verification when the transaction has high fraud impact, higher regulatory scrutiny, or a weak assurance chain from issuer to relying party.
Practitioner guidance
- Define wallet acceptance policy by transaction type Separate low-risk identity presentation from high-risk regulated actions such as payment authorisation and customer due diligence.
- Align assurance levels to relying-party decisions Map wallet attribute claims to the exact decisions they will drive, then verify that assurance, provenance, and revocation handling match the decision’s risk level.
- Build exception handling for cross-border differences Create a fallback process for markets, products, or partners that do not yet support the same attribute semantics or consent model.
What's in the full analysis
OneSpan's full article covers the operational detail this post intentionally leaves for the source:
- How OneSpan frames its role in the WE BUILD and Aptitude large-scale pilot consortia.
- The specific banking use cases tied to customer due diligence and strong customer authentication.
- The article's explanation of how eIDAS 2.0 and AMLR shape wallet acceptance requirements.
- The source's own view of why regulated industries must be ready by the end of 2027.
👉 Read OneSpan's analysis of EUDI wallet pilots and regulated identity acceptance →
EUDI wallet pilots: what they mean for IAM teams?
Explore further
04/06/2026 7:00 pm
EUDI wallet programmes are a governance test for regulated identity acceptance, not a branding exercise. The significance is that banks and other regulated institutions are being asked to accept a new presentation model for customer identity evidence while preserving assurance, auditability, and fraud resistance. That forces IAM leaders to decide which controls move from pre-authentication into the wallet trust layer and which remain in the relying party. The practical conclusion is that acceptance policy must be designed before production rollout, not after.
A few things that frame the scale:
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to Ultimate Guide to NHIs.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
A question worth separating out:
Q: Who is accountable when wallet-based customer due diligence fails?
A: Accountability usually sits with the relying party that accepted the wallet evidence, but it is shared with the issuer, the wallet ecosystem, and the control owner who defined acceptance policy. Teams should pre-assign responsibility for assurance, revocation, logging, and exception handling so incidents do not become governance gaps after the fact.
👉 Read our full editorial: EUDI wallet pilots shift digital identity governance in Europe
