Digital identity wallets and eIDAS 2.0: what changes for IAM teams?

TL;DR: Digital identity wallets are gaining momentum as governments and standards bodies push beyond passwords, with Belgium’s itsme showing high adoption, monthly transaction volumes, and eIDAS 2.0 setting a broader European direction according to 1Kosmos. The governance problem is no longer just authentication, but how to prove who is acting online without centralising more personal data than security programmes can safely protect.

NHIMG editorial — based on content published by 1Kosmos: digital identity, Belgium, and the path to self-sovereign identity

By the numbers:

• More than 80% of the population has used it, making 25 to 35 million transactions per month.
• Belgium accounts for 35.5% of all cross-border e-commerce.
• Over 24 billion recently-compromised login credentials and personal identity files are available on the dark web.

Questions worth separating out

Q: How should organisations move beyond password-based digital identity?

A: They should start by replacing passwords only where the business risk is highest and the identity proofing requirement is strongest.

Q: Why do digital identity wallets matter for IAM governance?

A: Digital identity wallets matter because they shift governance from storing all identity data centrally to controlling how claims are issued, shared, and expired.

Q: What do security teams get wrong about self-sovereign identity?

A: They often assume SSI is mainly a privacy feature.

Practitioner guidance

• Reassess password-centric trust paths Inventory where your current authentication model still relies on reusable credentials as the primary proof of identity.
• Map identity proof to data minimisation rules Define which attributes must be verified, which can be selectively disclosed, and which should never be retained beyond the transaction.
• Build claim-level lifecycle controls Track issuance, expiry, revocation, and reuse of identity claims instead of treating identity as a one-time login event.

What's in the full article

1Kosmos's full article covers the operational detail this post intentionally leaves for the source:

• How Belgium's itsme scheme maps to real-world citizen authentication and service access patterns
• The specific role of eIDAS 2.0, GDPR, and PSD2 in shaping wallet-based identity adoption
• Why distributed ledger concepts matter for immutable identity records and selective disclosure
• The vendor's view of how biometric liveness and certification requirements affect digital identity assurance

👉 Read 1Kosmos's analysis of digital identity wallets and eIDAS 2.0 →

Digital identity wallets and eIDAS 2.0: what changes for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →