Source: French to English Tester Published on: 2026-04-07
Source: The Conversation – in French– By Maryline Laurent, Professor Director of the RST Department, Télécom SudParis – Institut Mines-Télécom
The European Digital Identity Wallet, or EDIW, is intended to facilitate procedures for citizens and residents throughout the European Union. Like other digital applications, these wallets are not without risks, and their deployment is regulated. They must also be controlled.
Many of us have already heard of France Identité, or even use it. This service offers a national sovereign digital identity which, by the end of 2026, will be able to be used throughout the European Union – once it has been made compliant with the European regulation.eIDAS 2, which establishes the European framework for a digital identity.
End of 2026,France Identitywill become a European Digital Identity Wallet (EDIW). It will allow every European citizen and resident to benefit from simplified access to various digital services in Europe, whether they are governmental (establishing a power of attorney for voting, for example) or commercial (sending their vehicle registration document to their mechanic).
The objective is to combat the constant increase in identity thefts and cyberattacks, such asphishing(or phishing) which consists of sending fraudulent SMS messages or emails intended to deceive the victim and to encourage them to disclose their personal and/or banking data.
To this end, the PEIN will allow its user to exercise control over their identity and data, and to access cross-border public and private digital services. Like most digital applications, the introduction of these wallets also carries risks, notably identity theft, digital divide, or foreign interference.
To remember
- A digital identity wallet can contain civil status data and electronic documents (driver’s license, health insurance card, medical prescription, transport tickets, invoices, diplomas, etc.) to facilitate procedures and information exchanges within the EU.
- The countries of the European Union must offer at least one digital identity wallet to their citizens and residents by the end of the year 2026. These can be public or private, with features such as free electronic signatures.
- Before being put into service at the European level, the portfolios must be certified by the Member State issuing them, which should limit risks in terms of cybersecurity.
- As always, these guarantees cannot be absolute: effective controls and deterrent sanctions will have to be implemented. It will remain essential to have a physical alternative to digital documents in order to preserve the resilience and sovereignty of a State in the event of a cyberattack, but also to allow each citizen to choose whether or not to use a PEIN.
A wallet, for what use?
The PEIN will allow its user to identify themselves to public or private services, including commercial ones, throughout the European Union (EU). A French citizen equipped with this wallet will thus be able to interact with the German administration on the same terms as a German citizen, without having to carry out additional procedures.
Depending on the needs of its holder, the PEIN may contain information including their civil status data (first name, last name, date of birth, place of birth, and nationality) as well as electronic supporting documents (driver’s license, health insurance card, medical prescription, transport tickets, invoices, etc.).
The user will be able to eventually present this type of certificate to a service, for example, send their diploma and proof of address to their future employer or present a medical prescription issued by their French doctor at a Belgian pharmacy. This genuine digital keychain will allow them to cross borders by presenting their electronic documents (passport, visa, or even plane tickets).
The wallet will also allow electronic signing of documents with so-called “qualified” signatures. The signature, notably affixed on a bank account opening contract or a car rental agreement, will then have the same legal value as a handwritten signature.
Finally, two people will be able to interactviatheir respective wallets. Alice, traveling in Italy, will thus be able to transmit her electronic voting proxy to Florian.
A portfolio, for whom and when?
All citizens and residents of the EU will be able to have a PEIN which will not be mandatory, the ambition of the European Commission being toequip 80% of people by 2030.
2026 is a pivotal year, as each Member State will have to issue at least one European Digital Identity Wallet (PEIN) by the end of the year. For this, the wallet will have to provide mandatory functionalities (simple and qualified electronic attestations, qualified signatures, pseudonym generation, etc.), be certified by each Member State in accordance with the established requirements, and be listed on a public European list. The PEIN provider will be free to offer additional services, such as payment, timestamping, or document archiving.
By the end of 2027, all businesses and administrations that require astrong authenticationthe client, such as banks and Social Security, must accept that a person proves their identity using a PEIN.
How will one use a wallet?
The PEIN mainly takes the form of a mobile application downloaded onto a smartphone. It works both online and offline (without connection).
If we base ourselves on the example ofFrance Identité, you must have a chip identity card containing the identification data and an NFC-compatible smartphone running at least Android 11 or iOS 16.6, and set a six-digit code. The user then has a low security level, which allows accessing services such asImpots.gouv.fr,Amelie.fror their retirement account.
To obtain the high security level, the PEIN holder must go to the town hall for a face-to-face verification. This verification is essential for the most sensitive online procedures, which were previously only possible in person, such as the establishment of a voting proxy or a request for social assistance.
An opening to a private market for European digital identity wallets
In the coming years, it is possible that member states will issue wallets provided by private actors.
This is already the case for Belgium, which should notify the European Commission of the PEIN MyGov.be, which already allowsBelgian citizens to access their administrative documents online, as well as thePEIN Itsme, provided by a consortium of private actors.
A wallet, at what price?
The issue of free access is an important point. The issuance and use of the wallet are therefore free for an individual. As for qualified electronic signatures for non-professional purposes, they will also be free, with each Member State free to decide on the modalities. For example, thePoland offers five free signatures per month per citizen.
The use of electronic signatures for professional purposes may be chargeable. In Belgium, the private provider of the walletItsme charges 4.95 euros excluding VAT per qualified signature.
A portfolio, for what benefits?
The PEIN is designed as a response to the numerous identity thefts and phishing attacks. It is intended to help service providers combat fraud and false declarations, particularly concerning the minimum age required to access pornographic websites or online gaming sites. Procedures that currently require sending a photocopy of one’s identity card and driver’s license to rent a car could be fully digitized.
Another advantage, conditioned by the implementation of appropriate technical means, is the increased control of the user over theprocessing of his personal data)Â: he will be able to freely choose and use pseudonyms and use them, if strong authentication is not required. Thanks to a mandatory dashboard, he will be able to view the history of transmitted data, request the deletion of his data, and report suspicious data requests to the National Commission on Informatics and Liberty (CNIL) – which will strengthen the effectiveness of controls. He will also be able to select the data that will or will not appear in a document to be presented to a third party, thus protecting his privacy.
The wallet should also integrate privacy protection technologies. For example, a minor will be able to prove to a social network that they are under 15 years old, and an adult that they are over 18 years old, without having to provide their first name, last name, and date of birth, thanks to somezero-knowledge proof technologies(or ZKP, forZero-Knowledge Proofin English).
Furthermore, only public and private service providers registered on a public list will be able to interact with the PEIN. These “user parties” will notably have to specify the data they request. Providers of attestations and qualified signatures, for their part, will have to obtain a prior qualification (issued in France bythe National Cybersecurity Agency, or ANSSI) and will also appear on a public list. It is therefore a true ecosystem of digital identities that is taking shape.
According to some estimates,at least forty walletsshould participate in this new market, which, despite thereassuring speeches from the European Commission, does present no fewer than a certain number of risks.
What are the risks of a digital identity market?
From the user’s side, the first risk is being practically forced to use a PEIN designed as a genuine digital gateway to access numerous public and private services. This situation could lead to leaving aside a portion of the population who, due to lack of money or skills, will not be able to have a PEIN to access the provided services.
Another risk concerns users’ privacy, as it is feared that the digital wallet will increase the amount of personal datacollected without their knowledge. Indeed, while we have emphasized the advantage represented by the fight against abusive data collection (thanks to the possibility of generating pseudonyms), the wallet must still be implemented in compliance with the General Data Protection Regulation (GDPR). It is therefore necessary to ensure, for example, that a wallet provider does not insert a unique number into each transaction, which would allow tracking the user despite all the precautions taken to avoid revealing their identity and data.
To counter this threat, EU law requires that wallets be certified before their notifications to the European Commission and their market launches. This certification will therefore provide certain guarantees that will not be absolute, as several past events have demonstrated, for example the affairPEGASUS in 2021and that ofelectronic ID cards in Estonia in 2017.
In fact, cyberattackers may seek to steal not only a person’s identity but also the data associated with that identity. Some of this data, such as names, first names, and diplomas, will be of high quality because their authenticity will have been verified with authentic sources, such as the civil status register.
On the side of the EU States, the PEIN questions their sovereignty, becauseThese are the only ones today capable of establishing a person’s identity with a high level of reliability..
The provision of PEIN by non-European private companies increases the risks of foreign interference, which are far from being a mere hypothesis. For example,Nicolas Guillou, a French judge at the International Criminal Court, has been subject to US sanctions since August 2025. LikeThierry Breton, former European Commissioner, he is banned from staying in the United States due to his involvement in the case of the arrest warrant targeting Israeli Prime Minister Benjamin Netanyahu. He is denied access to U.S. digital services, from Airbnb to Amazon. His Visa card has even been revoked.
To avoid this type of sanctions, theEuropean project APTITUDEworks on the integration into the PEIN of a sovereign payment solution provided byWERO.
What remains to be done: choices to make, audits, alternatives
The PEIN could be a tremendous everyday tool. However, many choices still need to be made, particularly regarding implementation, enrollment, revocation, and cybersecurity to effectively combat identity theft. To fulfill the promise of a safer digital world, effective controls (such asPEIN supplier audits) and deterrent sanctions against the actors (European and non-European) will have to be put in place.
However, it remains essential to have a physical alternative to digital documents. Maintaining physical documents will not only preserve the resilience and sovereignty of a State in case of a cyberattack, but also allow each citizen to choose whether or not to use a PEIN.
The projectsTraceability for trusted multi-scale data and fight against information leak in daily practices and artificial intelligence systems in healthcare – TracIAandMore on the adoption of a healthy Mediterranean diet – MoreMedDietare supported by the National Research Agency (ANR), which funds project-based research in France. The ANR’s mission is to support and promote the development of both fundamental and applied research across all disciplines, and to strengthen the dialogue between science and society. For more information, please visit the agency’s website.ANR.
![]()
Maryline Laurent received funding from the Mines-Télécom Foundation, the National Research Agency (ANR), and several industrial partners such as EDF and Orange.
Claire Levallois-Barth received funding from the Mines-Télécom Foundation. The partners of the VP-IP Chair that she coordinates are BNPP, IN Groupe, France Titres, Orange.
–ref. What is a European digital identity wallet? What will be its uses, advantages… and risks? –https://theconversation.com/what-is-a-european-digital-identity-wallet-what-will-be-its-uses-benefits-and-risks-278837
