2 min read

EUDI Wallets & Trust Services: The Future of Digital Identity and Signatures in eIDAS 2

Cryptomathic : 22. April 2025

Digital Signatures Compliance Electronic Signatures eIDAS Signer Trust Service Providers EUDI EUDI Wallet
EUDI Wallets & Trust Services: The Future of Digital Identity and Signatures in eIDAS 2

In our Part 1 blog, we explored how eIDAS 2.0 marks a transformative shift for Trust Service Providers (TSPs) across Europe. In this follow-up, we dive deeper into the key enablers introduced by the regulation - EUDI Wallets and new trust service categories - and how they reshape digital identity, interoperability, and signing workflows. 

This evolution isn't just regulatory. It's architectural - offering an unprecedented opportunity to build flexible, compliant, and scalable digital trust ecosystems. 

The evolution of eIDAS 2 introduces two significant changes that enhance the architecture and scalability of trust services across the EU: 

EUDI Wallets

Under eIDAS 2, identity verification is now handled directly by the European Digital Identity (EUDI) Wallet, removing the reliance on traditional Identity Providers (IdPs). 

This shift is enabled by technologies such as OpenID for Verifiable Credential Presentation and mobile Driving License (mDL) standards. These allow users to present independently verified digital identities both online and offline, securely and efficiently. 

The result is a streamlined identity experience that facilitates frictionless, cross-border digital interactions, giving users more control while promoting consistency across the EU.

Eidas Webinar CTA

Mastering eIDAS 2.0: Stay Compliant, Secure and Future-Ready

WATCH ON-DEMAND NOW

New Trust Service Categories

eIDAS 2 also introduces a new category of qualified trust service dedicated specifically to the management of remote signature creation devices. 

This addition ensures: 

  • Clear separation from Certification Authorities (CAs), Time-Stamping Authorities, and other services
  • Improved auditability
  • Greater flexibility in ecosystem design

This structural update enhances compliance while offering new avenues for trust service innovation

A Generalised Model for Signature Flows

Cryptomathic has defined a flexible and generalised model for digital signature flows, supporting a range of use cases for Trust Service Providers (TSPs). These include five variants directly applicable to potential TSP use cases and two more wallet-centric user cases:

TSP Generates SAD/SCCD

1. Mobile Authenticator - Traditional mobile apps

2. Physical Authenticator - Smartcards and physical tokens

3. Wallet for Identity, Authorisation and Session Interaction - Using an embedded web browser

4. Wallet for Identity and Authorisation; Separate Browser for Session - Separation of context

5. Wallet and Third-Party Mobile App - Collaborative document signing process

Wallet Generates SAD/SSCD (**)

6. Wallet and Third-Party Mobile App - Interact for signed document creation

Local (Wallet) Signing 

7. Wallet and Third-Party Mobile App - Interact for signed document creation

Example 1-5: TSP generates SAD/SCCD (Signing Credentials Creation Data) 

Applicable to: 

Example 1: Mobile Authenticator - Traditional mobile apps 

 

Example 2: Physical Authenticator - Smartcards and physical tokens 

 

Example 3: Wallet for Identity, Authorisation and Session Interaction (via an embedded web browser) 

 

Example 4: Wallet for Identity, Authorisation.  Separate browser for Session Interaction  

 

Example 5: Wallet and third-party mobile app interact for signed document creation 

 

Example 6: Wallet and third-party mobile app interact for signed document creation 

Enables user autonomy but introduces interoperability challenges for TSPs and is less suitable for high-trust regulated environments

 

Example 7: Wallet and third-party mobile app interact for signed document creation. It eliminates remote signature creation all together, is the most useful in self-contained ecosystems, and is not broadly interoperable or scalable in regulated sectors. 

This flexible framework helps assess the suitability of different models for specific business, technical and regulatory constraints.

Recommendations for TSPs

To thrive under eIDAS 2, Trust Service Providers must realign their service design with long-term scalability and compliance in mind. Key recommendations include:

Build for Interoperability

  • Implement open standards such as CSC, OIDC, and the eIDAS eID Profile 
  • Avoid proprietary integrations and vendor lock-in

Minimise Compliance Surface

  • Keep non-TSP elements (e.g., signature portals) out of sensitive workflows like authorisation and identity validation
  • Rely on standards for seamless integration rather than bespoke code

Design for Scalability

  • Architect your solution to support onboarding of new wallets, IdPs, and services with minimal effort
  • Avoid rigid dependencies on identity sources or signing mechanisms

eIDAS 2 provides a unique opportunity to shape a truly interoperable digital trust landscape - one that extends beyond borders and scales with future demands. 

TSPs are well-positioned to lead this transformation, bringing deep expertise, regulatory understanding, and infrastructure maturity. However, the architectural decisions made today will determine your adaptability and competitiveness in a market powered by hundreds of millions of verified identities.

 

Register For Our French Webinar: