Skip to content
All about technology.All about cybersecurity.

EUDI wallet poses life-threatening risks

European Union's digital wallet initiative poses significant security risks, potentially causing detrimental outcomes for millions, as outlined in an opinion piece.

 and  Administrator
3 min read
EUDI wallet poses potential risks to users' lives
EUDI wallet poses potential risks to users' lives

EUDI wallet poses life-threatening risks

The European Digital Identity (EUDI) Wallet, set to be rolled out across EU member states by 2027, promises a secure and user-controlled digital identity and payment system. However, concerns regarding data security and privacy have arisen, necessitating close collaboration between authorities and private sector stakeholders.

The wallet must meet stringent security standards to protect sensitive personal and financial data, with robust hardware security and software certifications posing significant challenges. The complexities involved in implementing these measures have proven to be a significant hurdle for private providers aiming to participate in the ecosystem.

Ensuring data privacy and user control is another concern. While the EUDI Wallet is designed to allow users to manage their personal data, such as identity details, payment data, proof of income, and biometric authorisations, maintaining this privacy in practice is difficult. The wallet stores numerous credentials and personal attestations, and if compromised, could expose users to identity theft or misuse.

Regulatory and liability concerns also loom large. With varying rates of implementation among EU member states and complicated cross-border regulatory compliance, providers and users face uncertainties around liability and risk monitoring, especially in fraud prevention and operational scalability. This fragmented rollout could impact data protection.

The risk of identity fraud and non-compliance is another issue. Delays and technical integration challenges could increase risks of identity fraud. Enforcement of compliance to the eIDAS 2.0 framework and related regulations is critical to preventing misuse of digital identity data.

The EUDI Wallet's reliance on cooperation with operating system and hardware providers, such as Apple and Google, for trusted and transparent APIs to secure hardware elements, also presents a challenge. Without open cooperation, security implementations might be hindered, potentially affecting privacy guarantees.

Extensive data access requirements are another concern. The digital wallet is designed to interact with various public and private services, including payments subject to Anti-Money Laundering (AML) and Strong Customer Authentication regulations, implying extensive data sharing and potential exposure surfaces.

Tensions with crypto privacy are another issue. Concurrent tightening of crypto regulations in the EU, including banning anonymous wallets and mandating government access to account data, could set precedents influencing privacy expectations and enforcement around digital wallets, affecting user anonymity and data confidentiality.

Lilith Wittmann, a renowned IT security expert, has uncovered vulnerabilities in the ID-Wallet of the Federal Ministry of the Interior, leading to its postponement. Wittmann, who writes an exclusive column "Data Leakage" for Payment & Banking about IT security in the financial industry since 2025, also exposed vulnerabilities in the IT infrastructure of the company Bonify in 2023, enabling her to download Jens Spahn's tenant information.

Rafael Laguna de la Vera, CEO of SPRIND, has expressed that there is not enough research on the topic of "guaranteed real state data and their risks." This sentiment is echoed by the previous failures of digital identification systems in Germany, such as the ID card and ID wallet app, which have been complicated and ultimately unsuccessful for various reasons.

Solutions for handling data flows of state identity data were proposed during the consultation process by various civil society actors, the Federal Office for Information Security (BSI), and the Federal Commissioner for Data Protection and Freedom of Information (BfDI). Starting from 2023, the Federal Ministry of the Interior attempted a new iteration of the wallet app, aiming to address the issues of previous solutions and comply with the European eIDAS regulation.

As the EUDI Wallet moves towards implementation, it is crucial that authorities and private sector stakeholders collaborate closely to solidify technical foundations, regulatory clarity, and trust frameworks before large-scale deployment. Ensuring the security and privacy of users' data is paramount in gaining widespread acceptance and adoption of this innovative technology.

[1] European Commission. (2022). European Digital Identity Wallet: Addressing Data Security and Privacy Concerns. Retrieved from

  1. The European Digital Identity Wallet, presented with assurances of strong security and user-controlled digital identity and payment systems, faces complexities in achieving stringent security standards, especially in terms of hardware security and software certifications, due to robust challenges.
  2. As the European Digital Identity Wallet moves towards implementation, collaboration between authorities and private sector stakeholders is crucial to address the concerns of maintaining data privacy, ensuring regulatory clarity, and establishing trust frameworks, with the ultimate goal of securing widespread acceptance and adoption of this technology.

Read also:

    Related

    Latest