Every EU member state must deploy a compliant EUDI Wallet by Dec 31, 2026. What fintechs must do now and why Zyphe is already aligned.
Table of contents
Key highlights
- Every EU member state must make at least one compliant EU Digital Identity Wallet available to citizens by December 31, 2026, and that deadline is legal, not aspirational.
- The EUDI Wallet is built on three rules that reshape KYC: selective disclosure, no centralised data system, and user-controlled access.
- Institutions that want to accept wallet credentials must register as a relying party with their national authority and support ISO/IEC 18013-5, W3C Verifiable Credentials, and the EUDI ARF specifications.
- Selective disclosure lets a user prove they are over 18 or a licensed professional without handing over their date of birth, name, or address.
- Zyphe already runs on these principles in production: a reusable KYC Passport, sharded storage across 60,000+ nodes with a 29-of-100 threshold, selective disclosure, and native SPID, CIE, and EUDI Wallet support.
- Reusable credentials cut the cost of every periodic refresh and review, and combined with Zyphe's AI Compliance Agents they deliver 85% less manual review.
The EU Digital Identity Wallet is a mobile app that lets EU citizens store government-issued credentials and share only specific attributes on request, with the citizen in control. It is mandated by eIDAS 2.0, which requires every member state to offer a compliant wallet by December 31, 2026. Three design rules define it: selective disclosure, no centralised data system, and user-controlled access. Each one has direct consequences for how fintechs run KYC.
By December 31, 2026, every EU member state must make at least one compliant EU Digital Identity Wallet (EUDI Wallet) available to citizens. That deadline is legal, not aspirational. The regulation is eIDAS 2.0. Interoperability testing between member states was running in Romania just last week.
For most citizens, this will look like a smartphone app. For fintechs, it is a structural change to how identity gets verified and shared across the EU, and it has direct consequences for KYC infrastructure decisions being made right now.
This post covers what the EUDI Wallet actually requires, where traditional KYC stacks fall short, and why Zyphe is already built to what the regulation demands, not catching up to it.
What is the EUDI Wallet actually?
The EUDI Wallet is a mobile app that lets EU citizens store government-issued identity credentials, passports, driving licences, professional certifications, and share specific attributes on request. Think of it as a secure container for verified identity that the citizen controls, not the government, not a provider.
Three design rules define how it works, and all three matter for KYC.
Selective disclosure
A user can prove they are over 18 without sharing their date of birth. They can prove they are a licensed professional without revealing their name or address. They prove the attribute; nothing else transfers.
This feature is not a UX convenience. Data minimisation is enforced at the technical level, not just required by policy. The wallet will only release data that was explicitly requested and consented to.
No centralised data system
Identity data lives on the user’s device. No government database accumulates wallet contents. No provider holds a central repository. Each citizen’s credentials are theirs, held locally.
This is the design principle that IDMerit, Aura, and most of the high-profile 2026 breaches illustrate in reverse: a central repository is a target. The EUDI Wallet removes the target by deleting the repository.
We unpack why a central store keeps getting breached in why centralized identity verification is a ticking time bomb.
The same lesson applies to your vendor: read why your KYC vendor is your biggest data breach risk.
User-controlled access
Citizens decide what they share, with whom, and for how long. A bank can request specific attributes. The user consents. Access can be scoped to a single transaction and revoked afterward. Under GDPR, the data controller for identity data becomes the citizen, not the institution.
This is the same shift toward minimal, user-controlled sharing we describe in zero-knowledge proofs in production KYC.
How real are the eIDAS 2.0 deadlines?
The EUDI Wallet is not a pilot program. Deployment is already in progress.
The Romania tests (March 17-18) demonstrated working cross-border credential exchange in a live environment with multiple member states. The infrastructure is not theoretical. For fintechs serving EU customers, the compliance question has shifted from ‘Will this happen?’ to ‘Are we ready?’.
What does eIDAS 2.0 require from financial institutions?
Register as a relying party
Institutions that want to accept EUDI Wallet credentials must register with their national authority as a relying party. Without registration, they cannot request credentials from wallets. Getting registered takes time; it is not an overnight process.
Support selective disclosure requests
Institutions must be able to request only the attributes a given transaction actually requires. Requesting a full identity record when only age verification is needed is not compliant. This means redesigning KYC data request flows, not just updating a vendor contract.
Meet the technical standards
The EUDI Wallet uses ISO/IEC 18013-5, W3C Verifiable Credentials, and EUDI-specific ARF specifications. Relying party systems must support them. For most institutions, that means integration through a platform that already handles the standards rather than building compliance from scratch internally.
How does traditional KYC compare to what eIDAS 2.0 requires?
The table below is worth reading in full. The gap between these two columns is what most fintechs need to close before the end of 2026.
Why is Zyphe already aligned with eIDAS 2.0?
Here is what most fintechs have not yet worked through: the design principles of the EUDI Wallet, reusable credentials, selective disclosure, no central repository, and user-controlled access are not new ideas. They are the principles Zyphe was built on. The regulation did not create the model. It validated it and made it law.
KYC Passport: reusable identity, in production
Zyphe’s KYC Passport is a reusable verified identity credential. A user verified once through Zyphe’s KYC process, with documents checked, liveness verified, and AML screened, does not re-verify with every new institution. They present the passport. The institution gets a cryptographic proof of verified status. No new document upload, no new manual review, no new copy of PII entering a new database.
We explain how reusable verification works in what a KYC passport is.
This is what the EUDI Wallet does for government-issued credentials. The KYC Passport extends the same model to the KYC verification layer that the EUDI Wallet itself does not cover but financial compliance requires.
Decentralised sharded storage: no central repository
Zyphe’s PII storage is AES-GCM-256 encrypted, split into shards, and distributed across 60,000+ independent nodes in 60 countries. Reconstructing any record requires 29 of 100 shards. Zyphe itself cannot access user PII. The EUDI Wallet mandates no central repository by design. Zyphe’s architecture has operated that way from day one.
The full breakdown of how this sharded model works lives in decentralised KYC, what it is and how it works.
Selective disclosure: already built
Zyphe supports sharing proof of specific attributes without exposing the underlying document data. When eIDAS 2.0 makes this mandatory for relying parties, Zyphe-integrated institutions will already be compliant. Institutions running traditional full-document KYC collection will face an architecture rebuild.
SPID, CIE, and EUDI Wallet: native support
Zyphe has native support for SPID (Italian digital identity), CIE (Italian electronic ID card), and the EU Digital Identity Wallet framework. Not on the roadmap. In production now. Institutions integrating Zyphe get EUDI Wallet compatibility without managing the technical standards themselves.
190+ countries, one platform
eIDAS 2.0 covers the EU. Zyphe covers 190+ countries and 360+ document types. The same infrastructure handling EUDI Wallet credentials for a German customer handles passport verification in Brazil and AML screening in Singapore. One integration, global coverage.
Why does moving early matter?
Conversion rate
EUDI Wallet users will expect wallet-native onboarding. The institutions that support it will convert faster than those still requiring manual document uploads. The window where the price is a competitive differentiator rather than just a compliance baseline is narrow. It closes as rollout accelerates in Q3-Q4 2026.
Compliance cost
Reusable credentials cut the cost of every periodic KYC refresh, every change-of-address check, and every enhanced due diligence review. The user’s verified status persists and updates rather than being rebuilt from scratch each time. Combined with Zyphe’s AI Compliance Agents, the operational savings are significant: 85% less manual review is measurable, not theoretical.
The numbers behind those savings are in our decentralized KYC cost analysis.
Regulatory relationship
AMLA’s CDD standards are being set right now. Public hearings are this week. The standards will reflect eIDAS 2.0 principles on data minimisation and user control. Institutions already operating on those principles will have simpler compliance conversations. Those that have not adapted will be explaining why.
For the wider EU crypto picture, see MiCA KYC requirements in 2026.
Trust
The EUDI Wallet exists because EU citizens experienced years of breaches, data misuse, and privacy failures. Institutions that truly embrace its principles, as opposed to merely adhering to legal requirements, gain an intangible asset: the trust of users in the safety of their data.
We walk through the breach math behind that distrust in the 2026 identity breach epidemic.
What belongs on your eIDAS 2.0 readiness checklist?
Use this before the end of Q2 2026.
- Register (or plan to register) as a relying party with your national eIDAS 2.0 authority
- Audit your KYC data collection flows for what is actually required vs. what is currently collected by default
- Evaluate your technical stack for ISO/IEC 18013-5, W3C Verifiable Credentials, and ARF compatibility
- Assess whether your PII storage architecture has a single point of failure (if yes, that is incompatible with eIDAS 2.0 principles and with 2026 breach reality)
- Identify where reusable credential models (KYC Passport, EUDI Wallet) can eliminate re-verification overhead
- Map your customer base against member state rollout timelines to identify early-adopter populations
- Ask your KYC vendor directly: what is your EUDI Wallet integration status, and is it in production or still planned?
- Plan your UX for wallet-native onboarding flows for users who already have EUDI Wallets
When is wallet-native KYC not the right call yet?
If your customer base sits mostly outside the EU, eIDAS 2.0 only covers the EU, so wallet-native onboarding will not reach most of your users yet. The wallet matters where your customers actually live, and member state rollout timelines vary. Mapping your base against those timelines tells you whether early-adopter populations are large enough to justify reordering your roadmap around the wallet today.
The wallet also does not cover the full KYC verification layer that financial compliance requires. It handles government-issued credentials, not the document checks, liveness, and AML screening that sit underneath them. So treating EUDI Wallet support as a complete KYC stack is a mistake. You still need a verification layer behind it, which is exactly the gap the KYC Passport is built to fill.
The Short Version
The EUDI Wallet is the EU encoding privacy-by-design into law: minimum data, held by users, reused without re-collection, and distributed without central repositories. The deadline is December 31, 2026. That is nine months from now.
Fintechs waiting for the deadline will spend 2027 in catch-up mode, rebuilding data collection flows and explaining gaps to regulators.
Fintechs already running on these principles are not catching up. The KYC Passport, decentralised sharded storage, selective disclosure, and EUDI Wallet support are in Zyphe’s production infrastructure today. Early integration is the advantage. The question is how much of the window you want to use.
Sources
- EU Digital Identity Wallet moves closer to rollout after interoperability tests in Romania
- Authologic: EU is facing 'cold start' with EUDI Wallet
- eIDAS 2.0 timeline and EUDI Wallet implementation status
- Digital rights groups warn EU over privacy risks in new eIDAS rules
- AMF invites financial market participants to AMLA consultations on draft AML/CFT implementing technical standards
- AML regulatory developments in 2026: fragmentation or unification?
Edoardo Mustarelli(Sales Development Representative)Edoardo Mustarelli, fintech/Web3 strategist at Zyphe, driving sales growth and partnerships with global expertise across technology, finance, and strategy.