epicenter.works Proposes Amendments to the EUDI Wallet
A new paper from digital rights group epicenter.works takes an engineering-centred look at the European Commission’s draft eIDAS implementing acts for the European Digital Identity (EUDI) Wallet 1. Rather than debating the policy goals, it focuses on whether the technical rules will actually let wallets enforce privacy and security in real time—when a user is about to share data. The proposed amendments cover three areas: relying-party registration, electronic attestations of attributes (EAAs), and the technical specifications intended to make the ecosystem interoperable.
One of the paper’s headline concerns is relying-party registration. It argues that registration certificates should be mandatory because without them a wallet has no clean cryptographic handle for checking whether a request is legitimate and within scope. In other words: if a service asks for an attribute, the wallet should be able to automatically verify what that service is authorised to request, and flag ‘over-asking’ before anything is disclosed. The paper also pushes for machine-readable registries, so wallets can reliably fetch and validate relying-party metadata across Member States, including authorisations and whether a relying party has been revoked.
Subscriber content
Read the full article
Full access to ID & Secure Document News articles, newsletters and archives.