eIDAS 2.0 Is Here: How the EU Digital Identity Wallet Changes KYC Forever

By December 31, 2026, every EU member state must make at least one compliant EU Digital Identity Wallet (EUDI Wallet) available to citizens. That deadline is legal, not aspirational. The regulation is eIDAS 2.0. Interoperability testing between member states was running in Romania just last week.

For most citizens, this will look like a smartphone app. For fintechs, it is a structural change to how identity gets verified and shared across the EU, and it has direct consequences for KYC infrastructure decisions being made right now.

This post covers what the EUDI Wallet actually requires, where traditional KYC stacks fall short, and why Zyphe is already built to what the regulation demands, not catching up to it.

1. What the EUDI Wallet Actually Is

The EUDI Wallet is a mobile app that lets EU citizens store government-issued identity credentials, passports, driving licences, professional certifications, and share specific attributes on request. Think of it as a secure container for verified identity that the citizen controls, not the government, not a provider.

Three design rules define how it works, and all three matter for KYC.

Selective disclosure

A user can prove they are over 18 without sharing their date of birth. They can prove they are a licensed professional without revealing their name or address. They prove the attribute; nothing else transfers.

This feature is not a UX convenience. Data minimisation is enforced at the technical level, not just required by policy. The wallet will only release data that was explicitly requested and consented to.

No centralised data system

Identity data lives on the user’s device. No government database accumulates wallet contents. No provider holds a central repository. Each citizen’s credentials are theirs, held locally.

This is the design principle that IDMerit, Aura, and most of the high-profile 2026 breaches illustrate in reverse: a central repository is a target. The EUDI Wallet removes the target by deleting the repository.

User-controlled access

Citizens decide what they share, with whom, and for how long. A bank can request specific attributes. The user consents. Access can be scoped to a single transaction and revoked afterward. Under GDPR, the data controller for identity data becomes the citizen, not the institution.

2. The Deadlines Are Real

The EUDI Wallet is not a pilot program. Deployment is already in progress.

The Romania tests (March 17-18) demonstrated working cross-border credential exchange in a live environment with multiple member states. The infrastructure is not theoretical. For fintechs serving EU customers, the compliance question has shifted from ‘Will this happen?’ to ‘Are we ready?’.

3. What eIDAS 2.0 Requires From Financial Institutions

Register as a relying party

Institutions that want to accept EUDI Wallet credentials must register with their national authority as a relying party. Without registration, they cannot request credentials from wallets. Getting registered takes time; it is not an overnight process.

Support selective disclosure requests

Institutions must be able to request only the attributes a given transaction actually requires. Requesting a full identity record when only age verification is needed is not compliant. This means redesigning KYC data request flows, not just updating a vendor contract.

Meet the technical standards

The EUDI Wallet uses ISO/IEC 18013-5, W3C Verifiable Credentials, and EUDI-specific ARF specifications. Relying party systems must support them. For most institutions, that means integration through a platform that already handles the standards rather than building compliance from scratch internally.

4. Traditional KYC vs. What eIDAS 2.0 Requires

The table below is worth reading in full. The gap between these two columns is what most fintechs need to close before the end of 2026.

5. Why Zyphe Is Already There

Here is what most fintechs have not yet worked through: the design principles of the EUDI Wallet, reusable credentials, selective disclosure, no central repository, and user-controlled access are not new ideas. They are the principles Zyphe was built on. The regulation did not create the model. It validated it and made it law.

KYC Passport: reusable identity, in production

Zyphe’s KYC Passport is a reusable verified identity credential. A user verified once through Zyphe’s KYC process, with documents checked, liveness verified, and AML screened, does not re-verify with every new institution. They present the passport. The institution gets a cryptographic proof of verified status. No new document upload, no new manual review, no new copy of PII entering a new database.

This is what the EUDI Wallet does for government-issued credentials. The KYC Passport extends the same model to the KYC verification layer that the EUDI Wallet itself does not cover but financial compliance requires.

Decentralised sharded storage: no central repository

Zyphe’s PII storage is AES-GCM-256 encrypted, split into shards, and distributed across 60,000+ independent nodes in 60 countries. Reconstructing any record requires 29 of 100 shards. Zyphe itself cannot access user PII. The EUDI Wallet mandates no central repository by design. Zyphe’s architecture has operated that way from day one.

Selective disclosure: already built

Zyphe supports sharing proof of specific attributes without exposing the underlying document data. When eIDAS 2.0 makes this mandatory for relying parties, Zyphe-integrated institutions will already be compliant. Institutions running traditional full-document KYC collection will face an architecture rebuild.

SPID, CIE, and EUDI Wallet: native support

Zyphe has native support for SPID (Italian digital identity), CIE (Italian electronic ID card), and the EU Digital Identity Wallet framework. Not on the roadmap. In production now. Institutions integrating Zyphe get EUDI Wallet compatibility without managing the technical standards themselves.

190+ countries, one platform

eIDAS 2.0 covers the EU. Zyphe covers 190+ countries and 360+ document types. The same infrastructure handling EUDI Wallet credentials for a German customer handles passport verification in Brazil and AML screening in Singapore. One integration, global coverage.

6. Why Moving Early Matters

Conversion rate

EUDI Wallet users will expect wallet-native onboarding. The institutions that support it will convert faster than those still requiring manual document uploads. The window where the price is a competitive differentiator rather than just a compliance baseline is narrow. It closes as rollout accelerates in Q3-Q4 2026.

Compliance cost

Reusable credentials cut the cost of every periodic KYC refresh, every change-of-address check, and every enhanced due diligence review. The user’s verified status persists and updates rather than being rebuilt from scratch each time. Combined with Zyphe’s AI Compliance Agents, the operational savings are significant: 85% less manual review is measurable, not theoretical.

Regulatory relationship

AMLA’s CDD standards are being set right now. Public hearings are this week. The standards will reflect eIDAS 2.0 principles on data minimisation and user control. Institutions already operating on those principles will have simpler compliance conversations. Those that have not adapted will be explaining why.

Trust

The EUDI Wallet exists because EU citizens experienced years of breaches, data misuse, and privacy failures. Institutions that truly embrace its principles, as opposed to merely adhering to legal requirements, gain an intangible asset: the trust of users in the safety of their data.

7. eIDAS 2.0 Readiness Checklist

Use this before the end of Q2 2026.

• Register (or plan to register) as a relying party with your national eIDAS 2.0 authority
• Audit your KYC data collection flows for what is actually required vs. what is currently collected by default
• Evaluate your technical stack for ISO/IEC 18013-5, W3C Verifiable Credentials, and ARF compatibility
• Assess whether your PII storage architecture has a single point of failure (if yes, that is incompatible with eIDAS 2.0 principles and with 2026 breach reality)
• Identify where reusable credential models (KYC Passport, EUDI Wallet) can eliminate re-verification overhead
• Map your customer base against member state rollout timelines to identify early-adopter populations
• Ask your KYC vendor directly: what is your EUDI Wallet integration status, and is it in production or still planned?
• Plan your UX for wallet-native onboarding flows for users who already have EUDI Wallets

The Short Version

The EUDI Wallet is the EU encoding privacy-by-design into law: minimum data, held by users, reused without re-collection, and distributed without central repositories. The deadline is December 31, 2026. That is nine months from now.

Fintechs waiting for the deadline will spend 2027 in catch-up mode, rebuilding data collection flows and explaining gaps to regulators.

Fintechs already running on these principles are not catching up. The KYC Passport, decentralised sharded storage, selective disclosure, and EUDI Wallet support are in Zyphe’s production infrastructure today. Early integration is the advantage. The question is how much of the window you want to use.

Sources

• EU Digital Identity Wallet moves closer to rollout after interoperability tests in Romania
• Authologic: EU is facing 'cold start' with EUDI Wallet
• eIDAS 2.0 timeline and EUDI Wallet implementation status
• Digital rights groups warn EU over privacy risks in new eIDAS rules
• AMF invites financial market participants to AMLA consultations on draft AML/CFT implementing technical standards
• AML regulatory developments in 2026: fragmentation or unification?