Eurosmart Perspectives on EUDIW Certification and Deployment in the EU

Eurosmart Perspectives on EUDIW Certification and Deployment in the EU

Introduction

The European Digital Identity Wallet (EUDIW), established by Regulation (EU) 2024/1183, is the cornerstone of the EU Digital Identity Framework. It aims to provide every EU citizen with a trusted, interoperable digital identity solution, based on decentralized identity principles and usable across borders, both online and offline, under the sole’s control of every citizen.

Beyond initial deployments, the long‑term success of the EUDIW depends on its ability to deliver sustainable trust, user privacy, and operational resilience in the face of evolving threats and usage scenarios. In that perspective, this paper explores future‑proof security foundations for decentralized digital identity wallets, rather than short‑term implementation choices.

To ensure trust, security, and scalability, certification must address the wallet as a system and not as isolated components. The Architecture and Reference Framework (ARF) defines two critical sub systems:

  • Wallet Secure Cryptographic Device (WSCD) – the hardware anchor for cryptographic keys and sensitive operations
  • Wallet Secure Cryptographic Application (WSCA) – the secure application layer interfacing with the WSCD to deliver wallet services

This paper focuses on security architectures capable of supporting strong guarantees on privacy, resilience, and user control over time. In particular, hardware‑backed security mechanisms based on Secure Elements are examined as a future‑proof step for high‑assurance EUDIW implementations. Secure Elements enable decentralized identity models where cryptographic keys remain under the exclusive control of the user, while supporting critical capabilities such as offline operation, battery‑off use cases, and increased resistance to large‑scale or high‑potential attacks.

A coherent certification approach should therefore enable an evolution towards such architectures where higher level of assurances are required, preserving interoperability, certifiability and deployment flexibility across the EUDIW ecosystem and resistant to the highest level of attacks.