Notifications
Clear all
Topic starter
06/06/2026 11:25 am
TL;DR: European banks are being pushed by eIDAS 2.0, AMLR, and draft PSR/PSD3 toward EUDI Wallet support for customer onboarding and strong authentication, with 24 December 2027 emerging as the key operational deadline, according to OneSpan. The real issue is not wallet availability but how banks govern assurance, liability, and third-party dependence when authentication becomes wallet-mediated.
NHIMG editorial — based on content published by OneSpan: Why European banks must act now on EUDI Wallets
By the numbers:
- 24 December 2027: The above-mentioned relying parties need to support EUDI Wallets for strong user authentication.
- The draft PSR is expected around May 2026.
Questions worth separating out
Q: How should banks prepare for EUDI Wallet support in onboarding and authentication?
A: Banks should map EUDI Wallet use cases to specific journeys, then separate assurance, legal, and operational controls by use case.
Q: Who is accountable when wallet-mediated authentication fails?
A: Accountability depends on whether the bank is acting as the relying party, the issuer, or the verifier of the credential elements involved.
Q: What do banks get wrong about EUDI Wallets and strong authentication?
A: The common mistake is treating wallet support as a simple interface change.
Practitioner guidance
- Map wallet acceptance to regulated assurance levels Document which EUDI Wallet flows satisfy strong customer authentication, which satisfy customer due diligence, and where evidence must be supplemented with additional checks.
- Classify outsourcing boundaries before implementation Decide whether wallet verification is an external dependency, a delegated control, or a bank-owned decision path so legal, risk, and architecture teams use the same model.
- Define issuer trust criteria for QEAAs Create rules for accepted issuers, attribute freshness, revocation handling, and evidence retention so onboarding teams do not improvise trust decisions at runtime.
What's in the full article
OneSpan's full article covers the regulatory detail this post intentionally leaves at a higher level:
- Article-by-article discussion of eIDAS 2.0, AMLR, and draft PSR requirements for wallet acceptance
- Detailed interpretation of Article 87 outsourcing implications for banks and technical providers
- Specific discussion of QEAAs, assurance levels, and how banks may evidence compliance
- Timeline and deadline breakdown for 2026 and 2027 readiness planning
👉 Read OneSpan's analysis of EUDI Wallet requirements for European banks →
EUDI Wallets for banking authentication: what changes for teams?
Explore further
06/06/2026 12:13 pm
EUDI Wallet support is becoming a human identity governance problem, not just a payments issue. Banks are being asked to accept a user-held credential inside regulated onboarding and authentication journeys, which means identity assurance, legal obligation, and transaction context now intersect. The control model is broader than MFA replacement, because the programme must govern how third-party assurance is accepted, verified, and audited across customer journeys. Practitioners should treat this as an identity architecture change with regulatory consequences.
A few things that frame the scale:
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which is why identity governance breaks when control ownership is unclear.
A question worth separating out:
Q: What is the difference between customer due diligence and strong customer authentication here?
A: Customer due diligence proves who the customer is and what attributes they possess, while strong customer authentication proves the user is present and authorised for the transaction. EUDI Wallets may support both, but the controls, evidence, and liability questions are different. Teams should not assume one control automatically satisfies the other.
👉 Read our full editorial: EUDI Wallet regulation is reshaping European bank authentication
