Your passport, driving licence, bank card, health insurance number, and university degree all live in a drawer or a wallet made of leather. The world is spending 2026 figuring out how to move every one of those documents into a smartphone app — and who controls the infrastructure that makes that possible.

Two forces are driving this shift simultaneously: government mandates from Brussels and quiet feature rollouts from Cupertino. The result is a global realignment of how identity is stored, shared, and verified — with deep consequences for privacy, sovereignty, and the architecture of digital services everywhere.

What a Digital Identity Wallet Actually Is

A digital identity wallet is an app that holds cryptographically signed credentials. Unlike a username-and-password login or a simple photo of your ID card, a verifiable credential is a structured data object issued by a trusted authority — a government, a university, an employer — and signed with that authority’s private key. The holder stores it locally on their device. When a service asks for proof, the wallet presents the credential (or a selective disclosure of it), and the service verifies the signature without calling back to the original issuer.

The critical distinction is selective disclosure. A traditional age verification check at a liquor store requires showing your full driving licence — name, address, date of birth, licence number. A well-designed digital wallet can prove “this person is over 21” by revealing only a single boolean derived from the birth date, nothing more. The issuer never knows where or when you used the credential. That is the privacy promise at the heart of modern identity wallet design.

Three layers make this work: the wallet app (user-facing, holds credentials), the issuer infrastructure (governments, banks, registrars that sign and issue credentials), and the verifier ecosystem (the shops, hospitals, websites, and border checkpoints that accept them). Getting all three layers interoperating across jurisdictions and commercial interests is the hard part — and it is exactly what eIDAS 2.0 is trying to solve.

EU eIDAS 2.0: The Regulatory Forcing Function

The EU’s revised Electronic Identification, Authentication and Trust Services regulation — eIDAS 2.0 — entered into force in May 2024. It gives member states until mid-2026 to provide at least one European Union Digital Identity Wallet (EUDIW) to any citizen who wants one. By 2030, the European Commission expects the wallets to cover 80 percent of EU citizens.

The mandate is technically unprecedented in scope. eIDAS 2.0 requires that EU member states not only issue wallets but ensure they are accepted by any service that currently requires strong authentication — online banking, public services, regulated professions, and large platforms classified under the Digital Services Act. For the first time, Big Tech cannot opt out: platforms with more than 45 million EU monthly users must accept EUDIW as a login method alongside (and eventually instead of) their own identity systems.

The Commission’s Architecture Reference Framework (ARF) defines the technical core. Credentials must conform to the W3C Verifiable Credentials Data Model. Presentation uses ISO/IEC 18013-5 — the mobile driving licence standard — adapted for a broader document set. Cryptographic binding ensures a wallet cannot be cloned: a credential is tied to a device-held key pair, so presenting it proves possession of the device, not just knowledge of a password.

Member states are taking different implementation paths. Germany’s EUDI wallet pilot, run under the government’s SPRIND agency, is open-source and uses the OpenID for Verifiable Credentials (OID4VC) protocol. Italy and Spain have launched their own pilots. The Large-Scale Pilots programme — four consortia funded by the Commission — has been testing wallets for travel, banking KYC, education credentials, and health data since 2023, generating real interoperability data across borders.

The timeline pressure is real. With the mid-2026 deadline approaching, several member states remain behind schedule. Critics argue the Commission underestimated the complexity of national identity system migrations. Proponents counter that the pilots have already demonstrated cross-border verification working in production — a German EUDIW recognised by a Spanish pharmacy, for instance — making the regulatory deadline credible rather than aspirational.

Apple Wallet ID: The Consumer Layer

While Brussels works through legislative machinery, Apple has been quietly building consumer adoption through a different channel: the mobile driving licence (mDL).

Apple Wallet supports ISO 18013-5-compliant identity cards in an expanding list of US states. Arizona, Colorado, Georgia, Maryland, and Hawaii were among the early adopters; the list has grown steadily as state DMVs sign integration agreements. The feature allows users to present their ID at TSA checkpoints at participating airports and at participating retailers for age verification — all without handing over a physical card.

The Apple implementation has notable limitations. Acceptance remains patchy: most physical retailers, police stops, and government offices still require the physical licence. The wallet is siloed within Apple’s ecosystem, with no published open interoperability protocol for third-party app integration. Privacy advocates have noted that Apple’s architecture routes presentation requests through Apple’s servers in some flows, creating a potential observation point that contradicts the decentralised promise of the ISO standard.

Google is following a similar path. Google Wallet added mDL support on Android, and Google has worked with several state DMVs on direct integration. The competitive dynamic between Apple and Google in this space mirrors their broader platform rivalry — both want to own the identity layer that sits between citizens and services, which carries substantial long-term commercial value in payments, authentication, and data.

Advertisement

Verifiable Credentials and DIDs: The Open Standards Layer

Beneath the proprietary wallets and government mandates sits a set of open standards that could, in principle, allow any wallet to interoperate with any issuer and any verifier.

The W3C Verifiable Credentials Data Model (VC Data Model 2.0, finalised in 2023) defines how credentials are structured and signed. A credential is a JSON-LD document containing claims about a subject, signed by an issuer using a cryptographic key. The key is resolved via a Decentralised Identifier (DID) — a self-sovereign identifier that resolves to a public key without relying on a central registry. DID methods exist for blockchains (did:ethr, did:ion), domain-based systems (did:web), and government PKI (did:key).

The practical debate in 2026 is not about whether VCs are a good idea — there is near-universal agreement on the data model — but about which presentation protocol to standardise. OID4VC (OpenID for Verifiable Credentials) has the broadest industry support. ISO 18013-5 dominates the government mDL space. SD-JWT VC (Selective Disclosure JWT) is gaining traction for its simplicity. The risk of fragmentation is real: a verifier ecosystem built around one protocol cannot easily accept credentials presented via another without additional translation layers.

The EUDIW Architecture Reference Framework currently mandates support for OID4VC and ISO 18013-5, hedging on the fragmentation question. The US federal government, through NIST SP 800-217, is developing guidance that leans toward OID4VC without mandating it. Convergence is happening, but slowly.

Privacy Concerns and Real Tradeoffs

The selective disclosure promise of digital identity wallets is technically achievable but practically complicated. Several live deployments have fallen short of the ideal.

The correlator problem is the hardest one. Even if a credential reveals only “age over 21,” if the cryptographic presentation format is not carefully designed, the verifier can correlate multiple presentations from the same wallet — building a profile of where and when a person uses their ID, even without knowing their name. Cryptographic techniques like BBS+ signatures (which enable unlinkable presentations) address this, but they are computationally heavier and not yet widely deployed.

Government access is a second concern. eIDAS 2.0 includes provisions for law enforcement access to wallet data under existing national legal frameworks. Civil liberties organisations, including European Digital Rights (EDRi), have criticised the wallet as a potential surveillance infrastructure — not because of what the technical specification says, but because of what national implementation laws may permit. The distinction between the privacy-preserving protocol and the politically determined access rules is crucial and often lost in public debate.

Exclusion risk rounds out the concerns. Any system requiring a smartphone to access government services implicitly excludes the 15-20 percent of the adult population in high-income countries who do not own one, a percentage that rises sharply in lower-income contexts. Designing offline fallbacks and physical card equivalents is a policy requirement, not a technical afterthought.

The Global Landscape

Digital identity wallet programmes are proliferating well beyond the EU.

India’s DigiLocker — predating eIDAS 2.0 by nearly a decade — has over 300 million registered users and stores documents ranging from driving licences to university certificates. The Aadhaar biometric identity system underpins it, enabling strong identity binding. DigiLocker’s openness to third-party app integration has created a developer ecosystem absent from most government wallet deployments.

The UAE’s UAE Pass, launched by the Telecommunications and Digital Government Regulatory Authority (TDRA), now serves as the national digital identity for government service access. It has been extended to banking KYC and is accepted for physical identity verification at several private sector points.

Nigeria’s NIMC (National Identity Management Commission) digital ID system covers over 100 million registered citizens and has been integrated into SIM card registration and financial inclusion programmes. Mobile integration for credential presentation is at an earlier stage than the EU or Gulf models but is advancing rapidly under the Nigerian government’s digital economy agenda.

What is emerging globally is not a single standard but a set of compatible approaches converging around W3C VC, ISO 18013-5, and OID4VC — with national sovereignty layers determining which identity data lives where and who can access it.

You May Also Like

Advertisement

Decision Radar (Algeria Lens)

Dimension Assessment
Relevance for Algeria High — Algeria’s e-government initiative (ANJE) and national digital ID programs align directly with this trend
Infrastructure Ready? Partial — National ID card exists; digital wallet infrastructure missing
Skills Available? Partial — Government IT capacity exists; digital identity engineering skills scarce
Action Timeline 6-12 months
Key Stakeholders MICLAT (Interior Ministry), ANJE (digital government agency), ARPCE, banks
Decision Type Strategic

Quick Take: Algeria has the national ID infrastructure foundation — the next step is a digital wallet layer that enables online service access, banking KYC, and cross-border verification aligned with emerging global standards. Early engagement with eIDAS 2.0’s Architecture Reference Framework and the W3C VC standard would allow Algeria to build interoperable rather than isolated infrastructure.

Sources & Further Reading