Digital Identity in Europe: The Case for One Wallet, One Trust Model, and One Serious Signature Standard

What eIDAS got right

eIDAS was an important correction to a Europe that had too many national islands of trust and too few common rules. It gave the Single Market a legal framework for electronic identification, signatures, seals, timestamps, and delivery services, and the Commission also provided supporting building blocks such as eSignature tools and technical specifications to improve interoperability [2][4].

This is why the regulation should not be dismissed as a failure. The policy logic was sound: if Europe wants cross-border digital administration and commerce, it needs mutual recognition and predictable trust services [4].

The problem was not the vision. The problem was that legal harmonisation did not automatically produce usable public-sector implementation.

Where execution fell short

The Commission did create tools, but the overall model still left too much burden on Member States to assemble fragmented technical and operational solutions themselves. The eSignature page explicitly notes that the Commission offers open-source libraries, trusted list management tools, and conformance testing to help public administrations and businesses, which is useful but still not the same as a strong, opinionated implementation path for governments [2].

That matters because most governments do not fail on the law; they fail on integration, procurement, user journeys, and service design. In practice, a regulation that allows weak or inconsistent signature approaches often becomes a regulation that is implemented weakly, because the path of least resistance wins.

Why signature levels matter

The Commission’s own explanation is clear: eIDAS defines three levels of electronic signature — simple, advanced, and qualified — with QES having the most requirements [2][6].

Simple signatures can be as weak as an electronic indication of intent, while AdES must be uniquely linked to the signatory, under the signatory’s control, and tamper-evident; QES adds a qualified signature creation device and a qualified certificate issued by a qualified provider [2][6].

Only QES is explicitly recognized as legally equivalent to a handwritten signature across the EU [2][6]. That is the crucial policy point: if governments want a signature model that is robust across borders and resilient under legal scrutiny, QES should be the baseline for serious public-service use, not an optional premium feature.

Estonia as a benchmark

Estonia is one of the strongest practical examples of digital identity in Europe, not because it is perfect, but because it treated identity, authentication, and service delivery as a coherent state capability rather than a collection of isolated projects. The country has repeatedly shown that when the state invests in interoperable digital infrastructure, the result is lower friction for citizens and businesses, and more reliable public services [7][8][9].

At the same time, Estonia is also a useful warning. A mature digital state does not want Brussels to introduce redundant architectures that duplicate already functioning national systems and force governments to pay twice for similar capabilities [5].

That is exactly why Estonia is relevant here: it shows both what excellent digital governance looks like and how quickly even a leading country can react when EU-level architecture appears to add cost without enough additional value [5].

One wallet or two

The case for separate wallets for natural persons and businesses is weaker than it first appears. The Commission describes the EUDI Wallet as a means for citizens, residents, and businesses to store documents, authenticate, and sign, while the separate European Business Wallet proposal is framed as a harmonised digital solution for companies and public sector bodies [1][3].

Architecturally, that creates duplication. The same human being is the actor behind the legal person, and the same trust patterns — identity proofing, credential storage, selective disclosure, authentication, signing, and delegation — are needed in both contexts. A split-wallet design therefore risks splitting the trust model, the developer experience, and the implementation budget.

A more coherent approach would be one wallet logic with role-based credentials and verifiable attributes, rather than two parallel wallet ecosystems with overlapping functions.

EUDI Wallet vs business wallet

The EUDI Wallet is designed as a general-purpose digital identity wallet for citizens, residents, and businesses, with features for authentication, sharing credentials, and binding signatures [1].

The Business Wallet proposal, by contrast, is positioned as a dedicated tool for company identity, business-to-government interaction, delegation, and document exchange, with mandatory acceptance by public authorities but voluntary use by companies [3].

The technology overlap is obvious: both depend on interoperable credentials, secure authentication, trust frameworks, and signature/seal functionality [1][3]. The difference is mainly in the policy layer and intended user journey, not in the underlying trust logic.

Why duplication is costly

The Commission says the business-wallet model should reduce paperwork and deliver large savings, but Estonia’s response shows the other side of the ledger: if a business wallet duplicates existing national infrastructure, the cost can be substantial, with officials estimating a €150 million burden for Estonia alone [5].

That kind of duplication is not just a budget issue. It also creates more governance overhead, more integration work, more user confusion, and more risk that implementation becomes uneven across Member States.

In digital government, every extra wallet, channel, and exception path creates operational drag. If the policy goal is simplification, the architecture should reduce complexity, not repackage it.

What the Commission should have done

The Commission should have been more prescriptive on implementation, not just on legal ambition. For signatures, it should have made QES the clear default for high-value public services and provided stronger reference implementations, reusable components, and practical integration patterns for government systems [2][6].

For wallets, it should have tested whether a unified identity-and-credential model could serve both natural persons and business representation without forcing Member States into parallel stacks. Instead of creating separate branded solutions, the focus should have been on a single trust architecture with different credentials, roles, and use cases.

That would have reduced friction for governments and made the policy easier to defend in technical and budgetary terms.

What a better model looks like

A better European model would rest on four ideas. First, one coherent wallet architecture with support for both personal and organizational roles [1][3].

Second, a stronger default toward QES in public-service scenarios where legal certainty matters [2][6].

Third, EU-provided reference implementations and integration building blocks that actually help governments deploy, rather than merely describe the ideal architecture [2].

Fourth, strict avoidance of duplicate identity layers where existing national systems already work well, especially in advanced digital states such as Estonia [5][7][8].

Policy implication

The policy lesson is simple: digital trust is not created by regulation alone. It is created when the EU combines regulation, technical guidance, reusable software, and a disciplined architecture that respects how governments and businesses actually operate [2][3][6].

If Europe keeps adding parallel constructs, the result will be higher cost, lower clarity, and slower adoption. If it instead insists on one trust model, stronger signature defaults, and implementation support that Member States can actually use, eIDAS 2.0 can become a serious digital public infrastructure programme rather than another compliance exercise [1][5].

Sources

[1] European Commission, European Digital Identity (updated 2026).

[2] European Commission, What is eSignature.

[3] European Commission, European Business Wallets.

[4] European Commission, European Digital Identity Regulation.

[5] ERR News, Minister: EU 'business wallet' would cost Estonia €150 million (2026).

[6] European Commission, eSignature FAQ and related DIGITAL eSignature materials; see also What is eSignature.

[7] European Commission, Estonia leads the way with advanced e-services for citizens.

[8] Eesti e-Residency, Estonia digital identity and business environment.

[9] ACM, Estonia News.