The European Digital Identity wallet (EUDI wallet) is proposed by the European Commission to provide a secure, safe and standardized digital identity for all EU citizens. It is based on the European Standard for Electronic Identification and Trust Services (eIDAS) and part of the proposed eIDAS 2.0 regulation. The EUDI wallet will be made available to its users as a mobile app that allows them to securely store and selectively share, locally or remotely, on request and under their sole control, identification data based on their national electronic IDs (eIDs), as well as other attestations of attributes such as digital travel credentials (ePassports), driver’s licenses, university diplomas, and also personal information including medical records or bank account details. The wallet should also allow them to access a variety of online services and sign documents with qualified electronic signatures and seals (QES).
With such valuable data stored on an app, the threats to the EUDI wallet will come from multiple diverse sources, all with varying motives. This article explores the threat landscape and considerations for protecting the digital wallet's sensitive data against threats.