When most people think of digital identity, they imagine passwords, passkeys, or maybe a corporate login screen. But in Europe, that model is already starting to shift. With the introduction of eIDAS 2.0, the EU has committed to making digital identity wallets available to every citizen, transforming the way identity is issued, verified, and used online. These wallets won’t be the niche or experimental concepts that have made the occasional news cycle in the past few years – they will be government-backed, state-provided, and legally binding, with credentials sourced directly from public authorities. For the 400 million EU citizens who will soon hold one, the digital identity wallet will not only be a universal log-in tool, but more importantly, it will serve as a cross-border trust mechanism, a vehicle for legal assurance, and establish a new foundation for how individuals interact with both public and private services.
As expected, the implications of this bold new initiative are already filtering through enterprise workflows. Under the new rules, organizations will be required to accept these wallets as a form of authentication. This changes the starting point of trust, moving it from internal systems to externally held credentials, and introduces a new dynamic for identity and access management. While adoption will be voluntary, more than 63% of EU citizens are already expressing interest in holding a digital ID. The onus is now on organizations to prepare for a world where identity is verified at the edge, governed by new legal frameworks, and shaped by user-held sovereignty.
One small step for Europe…
The introduction of eIDAS 2.0 is more than just a policy update. Rather, it’s a structural redesign of how identity works across the entire European Union. For the first time, all member states are required to offer a secure, interoperable digital identity wallet to their citizens, containing credentials issued directly by national authorities, and these wallets aren’t just limited to government services. They’re intended to function across borders and sectors, enabling everything from healthcare access in another EU country to logging into a bank or proving professional qualifications. Notably, any organization operating in the EU will be required to accept the wallet as a valid authentication method once the implementing acts are finalized, making this a de facto baseline for digital trust. That means enterprises can no longer rely solely on in-house identity systems. They must now account for legal identities that arrive from outside their own perimeter, with all the assurance and liability that entails.
Naturally, this has major ramifications for compliance, user experience, and system design. A wallet issued by a national government comes with a higher assurance level than most enterprise-managed identities, but integrating it into existing workflows is not quite as simple as “plug-and-play.” Verification models, consent frameworks, and data handling practices must evolve to align with the wallet’s legal underpinnings. At a minimum, organizations will need to build policies that recognize credential origin, manage wallet interactions, and navigate the complexity of sovereign trust chains. The high levels of citizen interest noted above suggest that this isn’t a slow-moving trend. It’s an imminent shift that will reshape how access is granted, how identity is verified, and how digital services are architected across the continent. It’s one small step for Europe, but potentially a giant leap for identity verification across global economies if the EU gets it right.
The Atlantic divide
While the EU moves forward with a clear, unified framework for digital identity, the US remains typically fragmented – in part due to the devolved nature of its state-based government architecture. There is no federal equivalent to eIDAS 2.0, no coordinated strategy for wallet-based authentication, and no mandate for cross-state or cross-sector interoperability. Identity in the US still depends heavily on a patchwork of commercial providers, state-level systems, and legacy authentication models that lack consistency and legal assurance. Some states like Arizona, California, and Ohio have launched digital driver’s license pilots, but these remain isolated initiatives with limited reach, and in most cases are tied to Apple’s digital ID ecosystem. Without a national standard or regulatory push, progress remains uneven, and enterprises that operate across both regions will soon start to feel the tension.
It might sound academic at this stage, but it has on-the-ground consequences for global businesses trying to standardize user experiences, align compliance obligations, and manage risk. As wallets become the norm in Europe, expectations around privacy, control, and assurance are likely to rise in other jurisdictions. Just as the EU set the bar for data protection with GDPR, inspiring models like CCPA and CDPA in California and Virginia respectively, this could be the start of a similar movement. Users will increasingly expect to present verified credentials, not just usernames and passwords, when accessing services.
Aside from demand and user expectation, there are also cross-border considerations. Organizations based in the US but serving European users will need to meet the expectations of digital IDs, even if domestic regulation hasn’t caught up. This asymmetry puts pressure on identity systems to be more flexible, more interoperable, and more responsive to external trust sources, regardless of where they originate. In other words, the ecosystem must be secure, but also as compatible and “open” as possible when it comes to designing the platforms that underpin it.
The ripple effect
The rise of digital identity wallets naturally introduces new variables into how trust is established, maintained, and audited, and that means enterprise Identity and Access Management (IAM) needs a rethink. When users authenticate with a wallet, they’re not just presenting a login token, they’re asserting a legal identity issued by a sovereign authority. This shifts the center of gravity away from internal identity stores and toward external, independently verified credentials. As a result, identity governance systems must be capable of recognizing and processing third-party assurance levels, mapping externally issued attributes to internal access policies, and accommodating new forms of credential lifecycle management that don’t originate within the organization itself.
This reshapes everything, from onboarding flows to privileged access provisioning. If an individual presents a government-issued credential verifying their role, certifications, or security clearance, how is that information validated, logged, and monitored over time? Does the organization have a chain of custody for identity assertions that didn’t originate in its HR system or IT directory? This is just scratching the surface of the immediate challenges that IAM and compliance teams will need to resolve. As more jurisdictions move toward wallet-based identities, the ability to reconcile multiple trust models – internal, federated, and sovereign – will become a defining feature of modern identity architecture. And the consequences won’t be limited to public-facing applications. Admin rights, developer access, and sensitive system permissions may soon depend on externally verifiable credentials rather than internal assertions alone.
Make no mistake, the adoption of digital identity wallets marks a turning point in how identity is issued, trusted, and used at scale. As these wallets move from policy to practice, they will introduce new expectations around assurance, interoperability, and user control. For enterprises, the priority is no longer just managing who has access, but how that access is established and governed – and they need to start building the systems and processes to meet these challenges today.
Stuart Sharp
Stuart Sharp is VP of Product Strategy at One Identity.
