Can you imagine a world where you don’t need physical documents and long, laborious processes to open a bank account, take out a loan, or rent a home? Where you may never need to click “forgot my password” again?

The European Digital Identity Regulation (eIDAS 2.0) is going to be game-changing. By November 2026, all EU countries must offer at least one digital identity wallet, enabling members of the public to store, access, and manage their personal documents digitally.

It will be enabled by the convenience of single sign-on which simplifies the management of multiple digital accounts. This is all made more secure by the data limitation principle, which means that users only share their personal information and data as required for the specific task at hand.

But there are still some issues and inconsistencies that need to be addressed if digital identity wallets are to be implemented smoothly. For this regulation to deliver on its true potential impact, a few things need to be ironed out.

How users are authenticated

For EU digital identity wallets to be used for payments, they will need to support Strong Customer Authentication (SCA), which is defined by the revised Payment Services Directive (PSD2). Yet eIDAS 2.0 refers to Strong ‘User’ Authentication (SUA).

It might seem like the same thing – but where regulation is concerned, clarity in the language is crucial. The European Commission (EC) has stated that SCA is ‘virtually identical’ to SUA, but this must be confirmed, as under PSD2 the payment service provider is responsible for enforcing authentication.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Retail Banker International.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

It is likely that this will be clarified in an amendment of the Regulatory Technical Standards for SCA, but this may not happen before the November 2026 eIDAS 2.0 deadline. This means players in the payments industry will be integrating digital identity wallets without having full certainty over legal obligations – what we need is clarity on the terms well ahead of the deadline.

Where liability falls

Sometimes, payments go wrong. But who is liable in that situation? What liability regime would apply when a payment is authenticated with a digital identity wallet – will it be PSD2 or eIDAS 2.0?

As it stands, this is unclear. Under PSD2, a payment service provider is responsible for reimbursing the payer in the event of an unauthorised or incorrect payment. Yet under eIDAS 2.0, the EU member state is liable for any damage, whether intentional or negligent, due to a failure to comply with its obligations.

The confusion here stems from the fact that payment service providers are required to accept wallet authentication when requested by customers. It raises questions around whether a member state would be responsible when a digital identity wallet is used to authenticate a payer for a transaction which is incorrect or unauthorised.

The EC has confirmed that eIDAS 2.0 will not override the liability regimes already in place, so it’s likely that the updated PSD2 will provide an updated guidance for the relationship between payment service providers and technical service providers – helping to avoid situations where the digital identity wallet provider is liable for fraud.

Yet, for digital identity wallets to achieve widespread adoption across Europe, the Regulatory Technical Standards will need to address the fact that technical service providers handling Strong Customer Authentication must comply with outsourcing agreements and auditing requirements. eIDAS 2.0 must ensure that payment service providers can accept wallets from various EU Member States without being deterred by excessive contractual requirements.

How payments are authorised

There remains some confusion about what digital identity wallets can be used for in payments. According to eIDAS 2.0, EU citizens can use digital identity wallets to authenticate who they are when making a payment, but it’s not clear whether it can be used to authorise the payment itself.

From a consumer’s perspective, authenticating and authorising a payment will seem like the same step – you enter your PIN, and your payment goes through. But behind the scenes, these are two separate and different technical processes, lending eIDAS 2.0 to different interpretations of the difference between digital wallet authentication and authorisation during a remote payment.

All in all, eIDAS 2.0 has the potential to completely transform and streamline the way we think about payments – but for it to be successfully implemented both across the industry and across the entire continent, we need to address these challenges and agree on a path forward.

Jan Van Vonno is Head of Industry and Wallets at Tink