verified_user
Standardful
Homechevron_rightStandardschevron_righteIDAS 2.0
ActiveInternational Standardupdate Standard Updated: April 2024fact_check Fact checked: Jun 28, 2026

eIDAS 2.0

European Digital Identity Regulation (EU) 2024/1183 — amending Regulation (EU) No 910/2014

apartmentPublishing Organization:European Union

Standard Introduction

eIDAS 2.0 is an active standard published by European Union. It is commonly used across Technology, Finance & Banking, Government, Telecommunications, Services and applies in European Union, European Economic Area.

Use this page to review the official documentation, current status, and the certification or assessment bodies most commonly associated with eIDAS 2.0.

Implementation Roadmap

1
Phase 1schedule Duration: 3-6 weeks

Define European digital identity and trust services scope

Identify the products, services, systems, entities, jurisdictions, teams, vendors, data flows, and stakeholders covered by eIDAS 2.0. Confirm owners, boundaries, applicable obligations, documentation, and evidence expectations for European Digital Identity Wallets, electronic identification schemes, qualified trust services, relying party registration, attributes, interoperability, security, privacy, user control, certification, supervision, and cross-border recognition.

2
Phase 2schedule Duration: 4-10 weeks

Assess obligations and gaps

Compare current practices with the expected European digital identity and trust services approach. Review wallet scope planning, trust-service classification, identity proofing, cryptographic key management, relying party onboarding, consent and disclosure controls, interoperability testing, certification planning, incident reporting, supervision readiness, and audit trails, then prioritize gaps by legal exposure, safety or security impact, customer commitments, operational dependency, reporting deadlines, and assurance readiness.

3
Phase 3schedule Duration: 8-24 weeks

Implement controls and evidence

Deploy required procedures, technical controls, review gates, training, supplier workflows, reporting paths, and operational records. Maintain scheme documentation, wallet specifications, risk assessments, identity proofing records, cryptographic control evidence, relying-party records, consent logs, interoperability test results, conformity files, incident records, audit logs, and supervisory communications as traceable evidence.

4
Phase 4schedule Duration: Ongoing

Review, report, and improve

Run management reviews, internal checks, testing or independent assessments where applicable, corrective actions, and change reviews. Refresh the program when products, vendors, laws, incidents, reporting cycles, or stakeholder expectations change.

Compliance Checklist

0 / 12

checklist Scope and accountability

checklist Controls and records

checklist Monitoring and assurance

Frequently Asked Questions

Who needs eIDAS 2.0?

expand_more

eIDAS 2.0 is most relevant to EU member states, wallet providers, qualified trust service providers, relying parties, identity proofing providers, and digital service providers integrating EUDI wallets. The exact scope depends on products, services, jurisdictions, reporting duties, customer commitments, technical requirements, and the organization's role in the relevant ecosystem.

Is eIDAS 2.0 certifiable?

expand_more

eIDAS 2.0 is an EU legal framework, not a single certification. Wallets and trust services rely on implementing acts, conformity assessment, certification, supervision, and trust-list mechanisms.

What should implementation focus on first?

expand_more

Start by defining scope, obligations, accountable owners, and the evidence expected by regulators, customers, auditors, assurance providers, certification bodies, or governance bodies. Then perform a gap assessment against current controls and prioritize remediation by risk and deadline.

What evidence is useful for eIDAS 2.0?

expand_more

Useful evidence includes scheme documentation, wallet specifications, risk assessments, identity proofing records, cryptographic control evidence, relying-party records, consent logs, interoperability test results, conformity files, incident records, audit logs, and supervisory communications. Evidence should be version-controlled, attributable to owners, linked to obligations and controls, and retained for the required review or audit period.

How often should the program be reviewed?

expand_more

Review it at planned intervals and whenever laws, standards, products, vendors, incidents, reporting cycles, customer commitments, technical requirements, or assurance expectations change.

Official Documentation

View All

Related Categories