The EUDIW is coming. The hard part is getting people to care.

The tech is ready, but will citizens use it? John Erik Setsaas explains the critical adoption challenges facing the European Digital Identity Wallet.

The European Digital Identity Wallet is coming. The technical frameworks are in place, large-scale pilots are underway, and some countries will have certified wallets by the end of 2026. But technology being ready and people actually using it are two very different things. 

John Erik Setsaas, Principal Advisor and Founder of Setsaas Trust Advisory, explains why. 

John Erik, it’s great to speak again. When we last spoke during cyberevolution 2024, we discussed topics such as: 

• The European Digital Identity Wallet and its implications for privacy and security 

• Evolving fraud threats, such as romance scams and safe account fraud 

• Balancing instant payments, GDPR, and cybersecurity 

• The use of AI and behavioural monitoring in fraud prevention.

Looking back, what has changed over the past year in these areas? 

Looking forward to going back to EIC this year, as I unfortunately had to skip 2025. 

The EUDIW is moving forward. Many countries have set up sandboxes, and many organisations are involved in the Aptitude and WeBuild large scale pilots. The architecture frameworks are in place, and some countries may actually be able to certify and release a wallet by the end of the year. The question that still remains is: Will users be using it? Which is what I will be talking about at EIC. 

We’re also seeing that there is movement in the digital business wallet, which I think has a lot of potential. There are a lot of business processes that can be simplified, including opening bank accounts in other countries. 

The deepfake technology is improving on a weekly basis, and people and systems are being fooled. With these tools, fraud is continuing to increase, especially long-time frauds, like romance and investment fraud. There was a case in April where one individual had created 46 bank accounts in ABN Amro Bank, using a combination of stolen IDs and deepfake technology. Deepfake detection should now be part of any identity verification solution, which is what I am talking about in my second presentation at EIC. 

To be more efficient in catching criminals, it is essential that banks and other organisations share data. The upcoming AMLR and PSR regulations mandate and permit data sharing. In addition, the Multi-Party Computation technology allows for sharing intelligence without sharing data, by splitting and encrypting data across servers. So, I think the future will become brighter in this space. 

In the same way that new deepfake models are improving, so are the models for identifying and detecting fraud, and we see that the majority of the financial institutions are using AI for fraud detection today.   

This year you will be presenting ‘EUDIW – Why Should People Care?’ What are the main arguments you plan to bring to the stage? 

I try to take the people’s perspective. We identity nerds think this is so great, but what do normal people think? Do they really care about digital identity? And what will it take to get people to use new technology? Can we make people really excited, so that they cannot wait to get the wallet? 

The classic example is proving your age, without revealing anything else. While this is a good and necessary use case, we didn’t create the EUDIW to help people buy booze and watch porn. We need to create great use cases, which people often use, as part of their daily lives. 

To be able to do this, we need to understand what causes people to adopt new technology, and the culture and digital maturity of the various countries. 

What are the biggest challenges in driving the adoption of the European Digital Identity Wallet? 

I think there are several reasons that we need to consider. Without adoption, nothing else really matters. 

• Culture. The technology maturity varies a lot across the different countries, as does the trust. In some countries, people use their eID on a daily basis, while in others it is almost absent. People in countries with a high adoption and usage are more likely to see the value of and adopt the EUDIW. 

• Use cases. We need understandable and valuable use cases. If you can prove that you are of age and pay at the same time in a store, this will simplify things for both the user and the store employees. Checking in to a hotel, where a lot of information is exchanged, can be reduced to simple interactions, with sharing info (ID, payment details, address etc.), receiving vouchers and a room key, and signing the agreement. 

• Trust. There is varying degree of trust in the government in different countries, which will be ultimately responsible for the wallet. In countries where this trust is low, people will be more reluctant to use the wallet, in fear of being monitored. 

• Messaging. The biggest challenge with working with messaging is understanding that the recipients do not know what the writer does. People cannot adopt what they do not understand, and explaining the EUDIW to someone who has never heard of it requires starting much further back than most practitioners expect. 
  It is important to communicate the reasoning behind the EUDIW and communicate that it is privacy by design. The intention is NOT for the government to monitor or control you. 

From a financial services perspective, how can banks actively participate in the EUDIW ecosystem? 

The challenge for banks is that they have so many upcoming regulations to adapt to, which are (from the bank’s point of view) much more important. And many struggle to see the EUDIW as more than yet another login mechanism. 

The banks need to build up knowledge and expertise to be able to see the valuable use cases. One example is digital onboarding, which is a time-consuming and costly process, especially for business customers, and can be simplified because a lot of verifiable information can be retrieved directly from the wallet. 

There could also be fraud prevention measures. All the existing eID solutions are one-way verification only, meaning that if the bank contacts me, e.g., by a phone call or text message, there is no way for me to verify them. The wallet could play an important role in this. With banks building up more knowledge, I am very sure that new use cases will appear. 

What are some of the practical challenges banks might face when implementing or integrating these wallets, whether regulatory, technical, or business-related? 

Implementing EUDIW will take resources to implement, but there will also be benefits and cost savings in the future. The bank needs to develop a strategy for where it wants to go with the wallet. I think one challenge is who will own this strategy. As the EUDIW potentially may be a game changer in the way we operate, it should be as high up in the organisation as possible. 

Will the banks view the EUDIW as yet another regulation to implement, or as a way to become more efficient and attractive? EUDIW is yet another regulation, and will ‘compete’ with the other upcoming regulations for banks. Non-compliance with the AMLR or PSR will have much bigger consequences for the banks, and will obviously be prioritised from the regulation angle. 

One practical challenge in some countries is that opening a personal bank account requires a national NIN (National Identification Number), which is issued by the government. This means that it may not be a smooth process to onboard a foreign citizen. NIN issuance is not necessarily instant, and will disrupt the onboarding process, which may give banks in other countries and an unfair advantage.  

Which information does a bank have about its customers that they are willing to share in the EUDIW? What are the risks and benefits for the bank and the user? Could the bank be held responsible at some point in the future? 
I think the jury is still out on these. 

How can financial institutions begin to address or mitigate these challenges? 

Many countries have already created sandboxes to test out the technology, together with other players. I would encourage banks to get involved, test it out, share their ideas, and together come up with good solutions. Here, they can test use cases with test data in a safe environment, as well as provide showcases for new ideas. 

Thinking back more than 20 years, this is how BankID got started in Norway. The banks worked together to make a common framework for identity. 

Let’s imagine we are in 2030, and a bank is reflecting on how it approached the EUDIW transition. What decisions would they be proud of,  and what mistakes might they regret?