eIDAS 2 and payments

The revised EU regulation eIDAS 2.0 regulates digital identity and trust services in Europe. An important part of this legislation is the European Digital Identity Wallet (EUDI Wallet). This digital wallet has implications for payments.

Mandatory acceptance of the EUDI Wallet

The eIDAS 2.0 regulation requires various private service providers to accept the EUDI Wallet as a means of identification. This applies to organizations in education, healthcare, and financial services, among others.

Service providers that apply ‘strong user authentication’ by law or contract must be able to accept all recognized EUDI Wallets for online identification. This means that payment service providers may also be subject to this obligation.

More information about eIDAS 2.0 and EUDI Wallet

Unclear impact on payments

Payment service providers fall within the scope of eIDAS 2.0 and must therefore, in principle, accept the EUDI Wallet. However, the impact on payments is still unclear, particularly due to the overlap between eIDAS 2.0 and existing legislation for payment services.

PSD2 has guidelines for strong customer authentication (SCA), while eIDAS 2.0 refers to strong user authentication. Although the concepts are related, their technical and legal interpretations differ. As a result, it is not yet clear:

In which payment processes the EUDI Wallet must be supported;
Whether and how the EUDI Wallet can be technically integrated into existing payment flows;
How payment service providers can comply with both PSD2 and eIDAS 2.0.

Read more about Strong Customer Authentication (SCA)

Taskforce eIDAS 2.0 (TFeIDAS)

To clarify these issues, the Dutch Payments Association, together with its members, has set up the Taskforce eIDAS 2.0 (TFeIDAS). This taskforce assesses the impact of eIDAS 2.0 and the EUDI Wallet on other legal obligations and on payment processes.

In collaboration with INNOPAY, TFeIDAS has drawn up an English-language industry view, which analyzes the interpretation of the legislator and the practical feasibility.

The document helps members and stakeholders to better understand the consequences of eIDAS 2.0.

Download the industry view Opent in een nieuw venster

Key findings of TFeIDAS

Intent of the legislator
The legislator’s intention is that the EUDI Wallet will be accepted as an alternative means of two-factor authentication (2FA) when ‘strong customer authentication’ is required for online payments. It should be noted that SCA under PSD2 encompasses more than just 2FA. The EUDI Wallet can, however, function as part of that process.
Doubts about feasibility
Under current regulations, it seems difficult for payment service providers to integrate the EUDI Wallet as an alternative 2FA tool, as this conflicts with PSD2 and regulatory technical standards (RTS). More clarity is needed on how the EUDI Wallet can be used in accordance with PSD2.
Scope of obligations
eIDAS 2.0 only imposes an acceptance obligation on payment service providers for the EUDI Wallet as a means of authentication. There is no obligation to support other functions of the wallet, such as electronic signatures or Electronic Attestations of Attributes (EAAs).

Role of the Dutch Payments Association

The Dutch Payments Association is working with stakeholders, regulators, and European authorities on:

A secure and interoperable framework for digital identity in payments;
A practical implementation of eIDAS 2.0 that fits within existing payment standards;
Clear communication about the implications of the EUDI Wallet for banks and payment service providers.