.svg)
.svg)
.svg)
.jpg)
If you work in financial services, compliance, or any regulated industry in Europe, the words "Know Your Customer" are not new to you. KYC has been the backbone of identity verification for decades. The problem is that the way it has always worked is slow, expensive, and increasingly out of step with how people actually live and move across borders.
The European Union has introduced a regulation that fundamentally changes the equation. eIDAS 2.0, formally known as Regulation (EU) 2024/1183, entered into force in May 2024 and sets a legally binding deadline: by December 31, 2026, every EU Member State must make at least one compliant EU Digital Identity Wallet available to its citizens. For KYC teams and compliance officers, this is not a future concern. It is a present one.
This guide explains what eIDAS 2.0 actually requires, how it changes KYC from the ground up, and what businesses in regulated industries need to understand before the deadline arrives.
eIDAS stands for Electronic Identification, Authentication, and Trust Services. The original eIDAS regulation, adopted in 2014, created a framework for recognizing electronic identities and trust services across EU Member States. It was a meaningful step forward, but a decade of technological change and accelerating digitalization exposed its limits.
eIDAS 2.0 is the upgrade. It introduces three major additions that did not exist before: reusable digital identities, an expanded set of trust services, and the EU Digital Identity Wallet. Together, these changes shift the EU from a patchwork of 27 different national digital identity approaches toward a single, interoperable, privacy-first framework.
The regulation is already in motion. Interoperability testing between member states ran in Romania in March 2026, validating cross-border credential exchange in a live environment with multiple countries participating. This is not a theoretical exercise. The infrastructure is being built and tested right now.
Traditional KYC operates on a simple but inefficient model: collect as much identity data as possible at onboarding, store it in a provider or institutional database, and repeat the process from scratch every time the customer engages with a new service. The result is slow onboarding, duplicate verification, high operational cost, and large centralized databases that become attractive targets for breaches.
eIDAS 2.0 inverts this model entirely. The three design principles at its core have direct consequences for KYC infrastructure.
Selective disclosure means a user can prove a specific attribute, such as being over 18 or holding a valid professional license, without revealing any other personal information. Under eIDAS 2.0, data minimization is not just a compliance target. It is technically enforced at the wallet level. A financial institution cannot request more data than a transaction actually requires.
User-controlled access means the citizen, not the institution, becomes the effective data controller for their identity. They decide what to share, with whom, and for how long. Access can be scoped to a single transaction and revoked afterward. This has direct implications for how GDPR obligations are distributed between service providers and their customers.
No centralized data repository means identity data lives on the user's device. There is no government database accumulating wallet contents, and no single point of failure that exposes all stored records if compromised. The architecture eliminates the target by removing the repository.
For KYC teams, the practical shift is this: instead of collecting identity documents and running manual verification at each onboarding event, a compliant institution requests specific verified attributes from a customer's EUDI Wallet, receives a cryptographic proof signed by the issuing authority, and completes verification in a fraction of the time. The customer does not re-verify from scratch. Their government-issued Person Identification Data (PID) is already verified. They simply present it.
eIDAS 2.0 also expands and clarifies the range of trust services that underpin secure digital transactions. These include:
Electronic signatures, which are legally equivalent to handwritten signatures and are already widely used in contracts, loan agreements, and official documents. Under eIDAS 2.0, qualified electronic signatures carry the highest legal standing across all Member States.
Electronic seals, used by organizations rather than individuals, provide legal assurance for the origin and integrity of official documents, certificates, and public records.
Electronic time stamps, which create a tamper-proof record of when a document was created or transmitted, are particularly valuable in intellectual property protection and legal proceedings.
Certified electronic delivery services provide legally verifiable proof that a document was sent and received, replacing physical registered mail in legal and regulatory communications.
Website authentication certificates verify the legitimacy of online services, protecting users and businesses from phishing and fraudulent platforms.
All of these services are recognized and enforceable across EU borders, which matters significantly for businesses operating in multiple Member States who currently navigate different national legal requirements for each.
The regulatory milestones are binding, not aspirational.
The regulation entered into force on May 20, 2024. By December 31, 2026, every EU Member State must provide citizens, residents, and businesses with at least one compliant EUDI Wallet. By 2027, the Anti-Money Laundering Authority (AMLA) Single Rulebook takes effect, replacing 27 separate national AML frameworks with a unified standard that reflects eIDAS 2.0 principles on data minimization and user control.
For financial institutions specifically, AMLA's Customer Due Diligence technical standards are being finalized right now. Public hearings ran in March 2026. The standards being set today will shape compliance requirements for years. Institutions already operating on eIDAS 2.0 principles will have far simpler conversations with regulators than those arriving late to the framework.
There are concrete steps that financial institutions and other regulated organizations need to take before the end of 2026.
Register as a relying party. Institutions that want to accept EUDI Wallet credentials must register with their national authority. This process takes time and is not something that can be done in the final weeks before a deadline.
Redesign KYC data request flows. Requesting a full identity record when only age verification or address confirmation is needed will not be compliant. KYC flows need to be rebuilt around the principle of minimum necessary data, not maximum data collection.
Assess technical stack compatibility. The EUDI Wallet uses ISO/IEC 18013-5, W3C Verifiable Credentials, and the EU Digital Identity Architecture and Reference Framework (ARF) specifications. Relying party systems must support these standards. For most organizations, this means integrating through a platform that already handles the technical layer rather than building compliance from scratch.
Evaluate your storage architecture. Any KYC infrastructure that relies on a centralized PII database is architecturally misaligned with eIDAS 2.0 principles and, as recent breach patterns have demonstrated, with operational security reality.
Plan for reusable credentials. The core efficiency gain of eIDAS 2.0 is that customers verify once and reuse that verified status across services. KYC refresh cycles, change-of-address checks, and enhanced due diligence reviews all become faster and cheaper when built on reusable verified credentials rather than repeated from-scratch document collection. Alternatively, organizations can work with a provider like Hovi and delegate the infrastructure, compliance, and technical complexity entirely focusing on their core business while the integration layer is handled end to end."
The practical impact of these changes spans multiple sectors.
Banking and Financial Onboarding. Account opening and loan applications that currently take days of manual document review can complete in minutes when a customer presents their EUDI Wallet credentials. The bank receives a cryptographic proof from the issuing government authority, not a photograph of a passport that needs to be manually inspected.
Cross-Border Services. A customer verified in Germany can access services from a Finnish bank without repeating the KYC process. Their verified identity travels with them, recognized across all Member States.
Periodic KYC Refresh. Ongoing due diligence reviews, which currently require customers to resubmit documents and institutions to re-run verification processes, become significantly lighter when the underlying credentials are already verified and held in a wallet that the customer controls.
Enhanced Due Diligence. For higher-risk customer categories, the wallet's selective disclosure capability allows institutions to request specific additional attributes, such as proof of professional status or beneficial ownership information, without requiring the customer to submit entirely new documentation.
Because this regulation touches both legal and technical domains, misunderstandings are common in compliance conversations.
Myth 1: "eIDAS 2.0 is just a login upgrade."
Reality: eIDAS 2.0 restructures the legal and technical foundation of how identity is verified, stored, and shared across the EU. It changes compliance obligations, data architecture requirements, and the economics of customer verification at scale.
Myth 2: "We have until 2026, so we have time."
Reality: Registering as a relying party, rebuilding KYC data flows, integrating compliant technical standards, and updating storage architecture all take time. Organizations that begin this work in late 2026 will not be ready by late 2026.
Myth 3: "Our current KYC vendor will handle it."
Reality: The question to ask your vendor directly is whether EUDI Wallet integration is in production today or still on a roadmap. Roadmap promises are not the same as working infrastructure.
Myth 4: "This only affects citizen onboarding."
Reality: eIDAS 2.0 also introduces the European Business Wallet, extending the same verifiable credential logic to company identities. KYB (Know Your Business) processes will be affected by the same shift toward reusable, cryptographically verified credentials.
eIDAS 2.0 is the EU encoding privacy-by-design into law at scale. Minimum data, held by users, reused without re-collection, distributed without central repositories. When combined with the AMLA Single Rulebook arriving in 2027, it creates a regulatory environment where the competitive advantage goes to institutions that have already rebuilt their identity infrastructure around these principles, not those scrambling to retrofit compliance onto legacy systems.
For businesses that rely on identity verification, the shift from manual KYC to wallet-based verified credentials is as significant as the shift from paper forms to digital onboarding was a decade ago. The institutions that led that transition built durable advantages. The same dynamic is at play now.
At Hovi, we work with organizations across regulated industries who are navigating this transition. Whether you are a financial institution preparing your systems to accept EUDI Wallet credentials, a service provider looking to issue verifiable attestations, or a compliance team trying to understand what eIDAS 2.0 actually requires of your existing KYC stack, our infrastructure is built to bridge that gap. The regulation is in force. The deadline is fixed. The organizations that move now will be in a fundamentally stronger position than those that wait.
Here’s our live demos of real-world EUDI Wallet use cases from age verification and healthcare identity to AI agents interacting with verified credentials.
.svg)
