The Rise of Digital Identity Wallets: What It Means for KYC

eIDAS 2.0 and the EU Digital Identity Wallet#

The revised European Digital Identity framework, commonly known as eIDAS 2.0, mandates that every EU member state offer its citizens a digital identity wallet by 2026. The European Digital Identity Wallet (EUDIW) will allow citizens to store and present verifiable credentials including national identity attributes, driver's licenses, diplomas, professional qualifications, and more. Public services and certain private-sector entities will be required to accept wallet-based identity presentations.

This represents a paradigm shift for identity verification. Today, KYC processes require the customer to present a physical document, which the verifier then authenticates independently. With digital identity wallets, the customer presents a cryptographically signed credential that has already been verified by a trusted issuer, typically a government authority. The verifier can confirm the credential's authenticity and the issuer's signature without re-performing the original verification.

Verifiable Credentials and SD-JWT#

Verifiable Credentials (VCs) are the technical foundation of digital identity wallets. A VC is a tamper-evident, cryptographically signed digital document that makes a claim about a subject. For example, a government might issue a VC asserting that a specific individual has the name "Elena Vasquez," was born on a specific date, and holds a specific nationality.

SD-JWT (Selective Disclosure JSON Web Token) is a format that extends the widely-adopted JWT standard to support selective disclosure. When a holder presents an SD-JWT credential, they can choose which claims to reveal and which to withhold. A KYC verifier that only needs to confirm nationality and age can receive those specific claims without learning the holder's full name, address, or document number.

Mobile Driver's License (mDL)#

The mobile driver's license, standardized under ISO 18013-5, is one of the first widely deployed verifiable credential types. Several U.S. states and countries including Australia, the Netherlands, and South Korea have deployed or are piloting mDL programs. The mDL is stored in a secure element on the user's device and can be presented both in-person (via NFC or QR code) and online.

For KYC platforms, mDL adoption represents a preview of the broader wallet ecosystem. Supporting mDL verification today builds the technical foundation for accepting a wider range of verifiable credentials as they emerge. The presentation protocols, trust framework evaluation, and selective disclosure handling developed for mDL are directly applicable to other credential types.

Selective Disclosure and Zero-Knowledge Proofs#

Selective disclosure allows the holder to present only the minimum information necessary for a specific verification purpose. Zero-knowledge proofs (ZKPs) take this further by allowing the holder to prove a statement about their data without revealing the underlying data at all.

Consider an age verification scenario: traditional KYC requires presenting a full identity document, revealing name, date of birth, address, and document number, far more information than needed. With selective disclosure, the holder reveals only their date of birth. With a zero-knowledge proof, the holder proves "I am over 18" without revealing their actual date of birth. The verifier receives a cryptographic proof that the statement is true, backed by the issuer's authority, without learning any additional personal information.

• Range proofs: Prove a value falls within a range (e.g., age over 18) without revealing the exact value.
• Membership proofs: Prove membership in a set (e.g., nationality within the EU) without revealing which specific member.
• Predicate proofs: Prove arbitrary logical statements about credentials (e.g., income above a threshold AND employment duration above a threshold).

How Wallets Change the Verification Flow#

The introduction of digital identity wallets fundamentally alters the KYC verification flow. In the traditional model, the verifier performs all verification steps: document capture, OCR, authenticity checks, biometric matching, and screening. The verifier bears the full cost and complexity of verification and stores the collected evidence.

In the wallet model, much of this verification has already been performed by the credential issuer. The verifier's role shifts from performing primary verification to evaluating the trustworthiness of the credential, the issuer, and the presentation. The verification flow becomes: request specific credentials from the user's wallet; receive the cryptographically signed presentation; verify the issuer's signature and credential validity (not revoked, not expired); extract the disclosed claims; and perform any additional checks required by regulation (such as sanctions screening).

The transition from document-centric to credential-centric verification will not happen overnight. For the foreseeable future, KYC platforms must support both models simultaneously: traditional document verification for customers without wallets, and credential-based verification for those who have adopted them.

Implications for KYC Platforms#

KYC platforms that want to support digital identity wallets need to develop several new capabilities:

• Trust framework evaluation: The ability to assess which credential issuers are trusted and at what assurance level. This requires integration with trust registries maintained by eIDAS trust anchors or equivalent authorities.
• Credential format support: Parsing and validating multiple credential formats including SD-JWT, mdoc (ISO 18013-5), and potentially W3C Verifiable Credentials in JSON-LD format.
• Presentation request construction: Building specific requests that ask for exactly the claims needed for the verification purpose, enabling data minimization by design.
• Revocation checking: Verifying that credentials have not been revoked since issuance, using status list mechanisms or similar revocation infrastructure.
• Hybrid verification flows: Supporting both traditional document-based verification and credential-based verification within the same case management workflow.
• Evidence model adaptation: Storing credential presentations as verification evidence alongside traditional document images and biometric captures.

Preparing Your Infrastructure#

Even before digital identity wallets reach widespread adoption, platforms can prepare by designing for the future. Build your verification data model to accommodate credential-based evidence alongside document-based evidence. Implement modular verification pipelines where new credential types can be added as plugins. Develop a trust framework management layer that can be configured with new trust anchors as they are established.

Timeline and Adoption Outlook#

The EU mandate for digital identity wallet availability sets a clear deadline, but adoption will be gradual. Early adoption is expected in government services, banking (driven by eIDAS 2.0 mandates for online authentication), and cross-border use cases within the EU such as student mobility and professional qualification recognition.

Outside the EU, adoption timelines are less certain but momentum is building. The United States is advancing mDL deployment state by state. Australia, Canada, and Singapore have active digital identity programs. The convergence of regulatory mandates, improving standards maturity, and growing consumer familiarity with digital wallets for payments suggests that credential-based identity verification will become mainstream within the next three to five years. KYC platforms that begin preparing now will have a significant competitive advantage when that inflection point arrives.