December 2026 is the date everyone in the sector keeps repeating. That’s when all 27 EU Member States must make at least one EUDI Wallet (European Digital Identity Wallet) available to their citizens. December 2027 is the next milestone: the point at which banking, telecom, insurance, and other regulated entities will be required to accept it as a valid means of identification.
There’s a self-serving interpretation we’ve heard more than once lately: “Once the European wallet arrives, companies like Mobbeel’s solutions won’t be needed anymore.” Wrong. That’s the wrong read. And it’s worth explaining in detail why, because understanding the exact role each player in the ecosystem plays — wallets, credential issuers, or relying parties — is essential to being properly prepared for the changes coming in the next few months.
What actually changes with the EUDI Wallet
eIDAS 2.0 Regulation (EU Regulation 2024/1183) creates a free, voluntary digital identity wallet for every European citizen. It stores the PID (Person Identification Data) — the minimum set of attributes that identify you: name, date of birth, nationality — along with other credentials such as driver’s license, degrees, professional certifications, or health data.
The user decides what to share and with whom, thanks to selective disclosure. They can prove they’re of legal age without revealing their exact birth date, or confirm their identity without showing their full ID photo. This is a major leap in privacy compared to the current model, where verifying age today often means showing your full home address on an ID card.
![]()
The wallet doesn’t replace identity verification. It shifts it to a different point in the process.
Even so, identity verification remains inescapably necessary — and that’s the idea that’s hardest to grasp from outside the sector, and the one we’re most interested in explaining clearly.
The wallet isn’t born verified: someone has to check who you are before you get in
Here’s the nuance that gets lost in almost every generic explanation of EUDI Wallets: the wallet is a container. Before the PID reaches that container, someone has to verify, with legal and technical guarantees, that the person requesting that credential is who they claim to be.
Implementing Regulation (EU) 2024/2977 spells this out explicitly: PID providers must carry out identity verification of the wallet user before issuing the PID, and that enrollment process must meet the high assurance level defined in Implementing Regulation (EU) 2015/1502. This isn’t a minor or optional assurance level — it’s the most demanding of the three that eIDAS defines.
In practice, that means robust document checks, facial biometrics, document fraud detection, and injection attack (deepfake) detection — all under controls that must later be auditable. This is exactly the ground we’ve worked on for years with MobbScan: document + biometrics + liveness + fraud analysis.
Each Member State will decide which entity issues the PID within its country (in Spain, presumably the FNMT, with the wallet led by the State). But the official wallet is only one front. The other — larger in volume and real opportunity — sits on the side of whoever receives those credentials.
![]()
We’re going to be on both sides of that equation: helping verify identity so the wallet ecosystem can issue trustworthy credentials, and helping our clients accept those credentials without having to rebuild their onboarding platform from scratch.
Where the real opportunity lies: not in building wallets, but in accepting them well
The business isn’t in building a country’s official wallet. Each State will have its own (or several banks and large companies will create their own wallets for more limited purposes). That ground is, by definition, reserved for whoever the State itself designates or authorizes.
The ground where the whole digital identity ecosystem competes — and where we continue to play a central role — is the relying party: the company that receives that credential from the wallet and has to verify it, validate it, and connect it to its business flow.
Implementing Regulation (EU) 2024/2982 defines the technical protocols (OpenID4VP for presentation, OpenID4VCI for issuance) through which a wallet communicates with whoever is requesting the credential. But implementing that protocol correctly — certified, auditable, integrated with your onboarding system, with assurance-level management, with event logging for AML — is real integration work and requires real effort.
For our clients (banking, telecom, retail, insurance…) this translates into a very concrete decision they’ll need to make before 2027: who connects them to the wallet, validates the credential received, manages the required assurance level, and keeps legal traceability of the process? That piece — the connector, the integration, the compliance layer around the credential — is exactly where we play.
That’s why we’ll be enabling wallet acceptance as an onboarding mechanism through MobbScan, the same way we already do today with the Spanish digital ID (DNIe) — as one more identification channel within the same platform that already manages physical documents, NFC, and biometrics.
Current verification mechanisms will coexist with the wallet
There’s an additional nuance worth keeping in mind: the wallet will be voluntary for citizens. The regulation requires entities to accept it if the user presents it, not to require it as the only method. That means for years it will coexist with physical ID cards, DNIe, certificate-based signatures, and classic document-based onboarding.
And above all: every new person who wants to obtain their PID for the first time has to go through a high-assurance identity verification process — just like every new device, every lost-wallet recovery, or every credential renewal. The wallet doesn’t eliminate the need to verify identity. It shifts it to the enrollment moment, and keeps it alive in every subsequent process where the credential needs to be revalidated, linked to a new device, or recovered after loss.
That initial friction (the one we solve today with MobbScan in banking, retail, or telecom onboarding) doesn’t disappear with the arrival of the wallet. It just moves. And someone still has to resolve it with the same robustness the regulated sector demands today.
What a company selling to banking, telco, or retail needs to do before 2027
If your business falls within the scope regulated by Article 5 septies of the eIDAS 2.0 Regulation — banking, telecom, insurance, energy, healthcare, education, large platforms — the question isn’t “will this affect us?” It already is. The timeline is set in the legal text; it isn’t a forecast.
So the real priorities to keep in mind are:
- Audit your current identity stack. What methods you use today to verify identity, where they generate friction or drop-off, and which part of that flow will also need to accept a wallet credential.
- Don’t treat wallet acceptance as a standalone project. It needs to integrate into the same onboarding/KYC platform that already handles physical documents and biometrics — not as one more parallel system to maintain.
- Watch the assurance level required in each case. For AML, only substantial or high level will do. A low-assurance wallet doesn’t meet due diligence requirements.
- Plan with real lead time. The difference between preparing in 2026 versus 2027 isn’t just about timing — it’s about your ability to influence how the standard gets integrated into your operations, and the cost of integrating under pressure.
Conclusion
The EUDI Wallet doesn’t make digital identity companies unnecessary. It shifts where the work is concentrated: less on repeating document verifications for users who already have their PID issued, and more on properly building the layer that connects that PID to each real business flow — with its compliance requirements, its assurance levels, and its legal traceability.
Get in touch if you want to see how to prepare your onboarding to accept the EUDI Wallet without slowing down your current roadmap.

I’m a Software Engineer with a passion for Marketing, Communication, and helping companies expand internationally—areas I’m currently focused on as CMO at Mobbeel. I’m a mix of many things, some good, some not so much… perfectly imperfect.
Whitepaper
Digital identity in the University of Murcia
The beginning of any relationship between a university and its users whether students, staff, or collaborators requires precise and secure verification to ensure data protection and the integrity of its systems.



