Skip to content
Deutschland Flagge

Official Website – Federal Republic of Germany

Security and data protection – technical standards of the EUDI Wallet

Legal background: eIDAS 2.0 and architecture and reference frameworks

The amended EU Regulation “eIDAS 2.0” establishes the legal framework for the European Digital Identity. Its primary objective is to enable secure digital participation for all citizens and residents starting in 2027. The regulation mandates that Member States provide the EUDI Wallet in a way that legally guarantees privacy and data sovereignty for every user across Europe. To enforce this protection in everyday digital life, all service providers are subject to strict regulations. Companies and public authorities (referred to as Relying Parties) that wish to integrate the EUDI Wallet for services such as banking or government procedures must enroll in an official register. In this register, they are required to transparently disclose exactly which user data they intend to request. A strict principle of purpose limitation applies: data may only be used for the specific service specified.

This ensures that users can always verify which information is required for what purpose, allowing them to make fully autonomous decisions regarding the sharing of their data. This approach effectively prevents misuse and unnecessary data collection. This legal protection is technically enforced by the “Architecture and Reference Framework” (ARF). This framework is far more than just a technical standard; it mandates architectural requirements (Privacy by Design) to ensure that user privacy remains technically protected at every single step. Through encryption and the principle of data minimization, the framework ensures that digital identities not only function seamlessly but also that users are technically shielded from unauthorized third parties or providers receiving more data than is absolutely necessary.

These defined standards offer many advantages for users:

  • Selective disclosure for every data request

    Only the information that is actually required is shared, following the principle of Data Minimization. For example, age verification can be performed without revealing additional personal details like a full date of birth. This ensures that sensitive data remains protected and under the user's exclusive control.

  • Full transparency before every disclosure

    Before any data is requested, it is clearly visible who is making the request and for what specific purpose. Only registered and verified services – officially known as Relying Parties – are permitted to request data, and only for their stated purposes. The wallet automatically validates every request before any data disclosure can occur.

  • Protection against unnecessary data requests

    Only the data that is strictly necessary for a specific service will be requested. If a service attempts to obtain more information than required, the EUDI Wallet detects this and halts the process. In such cases, a report can be filed directly through the wallet interface.

  • Voluntary and free of charge

    The use of the wallet is free of charge and voluntary for all citizens and residents. The state-issued EUDI Wallet complements existing physical credentials and provides an additional digital option for secure identity management.

Backbone of the EUDI Wallet – the technical documentation of the state EUDI Wallet

The following documents provide an overview of the professional, technical and organizational basis of the project

Blueprint for the EUDI Wallet ecosystem

The Blueprint is based on the eIDAS 2.0 Regulation and the European Architecture Reference Framework (ARF). It acts as the primary strategic guide for a secure and interoperable rollout across Germany. It contains:

  • Proposals for the technical architecture
  • Governance and operating models for the ecosystem
  • Detailed concepts for national implementation

The document clarifies structures and provides a comprehensive description for the implementation of the German EUDI Wallet ecosystem.

Architecture documentation of the state EUDI Wallet

The German government has decided to provide a state EUDI Wallet. The implementation is carried out by an interdisciplinary team under the leadership of SPRIND – with a focus on user-friendliness and data security. The architectural documentation describes:

  • The current state of development of the state wallet
  • Detailed information on the system architectures developed
  • Updates based on feedback from the expert community and stakeholders

This documentation ensures technical transparency and follows the Open Source principle to build public trust in the digital infrastructure.