The ENISA Trust Services and eID Forum, held together with CA Day in Split, once again served as a central platform for discussion on the future of digital identity, trust services, and regulatory developments across Europe. Stakeholders from industry, regulators, conformity assessment bodies, and user representatives debated the opportunities and challenges of eIDAS 2.0 implementation, wallet adoption, and supervisory practices.
This year’s discussions also reflected on international developments in the United States, Japan, and beyond, while expanding into new domains such as the European Business Wallet.
Below are the ten most important insights customers, partners, and industry observers should retain from the two conferences.
1. Cross-Border Collaboration Is Non-Negotiable
A recurring theme of the Forum was the recognition that success in the European digital identity ecosystem depends on cooperation across borders. No Member State or private provider can succeed in isolation. Strong case studies demonstrated how national governments and private sector actors can accelerate adoption by coordinating on pilots, governance, and user education. This cooperative model should serve as a blueprint for other Member States as the European Digital Identity Wallet (EUDI Wallet) approaches its mandatory deadlines in 2026 and 2027.
2. Different Starting Points Shape National Strategies
One observation was the diversity of approaches taken by Member States. Some countries already have mature, widely adopted eID schemes, while others are starting almost from scratch. In advanced markets, providers are leveraging high adoption rates to test wallet functionality independently, sometimes even outside of strict EUDI Wallet alignment. Less advanced markets look to EU-wide frameworks for guidance. This disparity highlights the need for flexible implementation strategies and underscores why harmonisation across Europe is both complex and essential.
3. The Elephant in the Room: Monetisation of Attributes
Debate continued how to make wallets financially sustainable. Technical feasibility has largely been proven through large-scale pilots such as DC4EU, EWC, NOBID, and POTENTIAL. The real challenge is building viable business models. Attribute monetisation remains central to this discussion: attribute issuers and relying parties must see clear benefits, or wallets risk remaining compliance tools with little incentive for broader adoption. Regulators were encouraged to provide clarity on permissible models and incentives to ensure wallets do not impose unnecessary costs on end users.
From Namirial’s perspective, it was underlined that the ecosystem urgently needs practical models to demonstrate how attribute monetisation can work in practice. Particular attention was given to privacy-preserving approaches, including the standard for attribute monetisation (ETSI TR 119 479-2) initiated by Namirial, which aims to balance business sustainability with strict compliance to data protection principles. This contribution highlighted that monetisation, if properly designed, can reinforce trust while providing incentives for issuers and relying parties.
4. Identity Proofing: Complex but Essential
Identity proofing is one of the most resource-intensive aspects of digital identity. ETSI TS 119 461 v2 and related standards set requirements for assurance levels, but operational implementation remains challenging. Providers must manage fraud prevention, regulatory compliance, and smooth user experience simultaneously. Excessive complexity risks discouraging adoption. Many stakeholders argued that Europe should aim for simplification without undermining trust, ensuring that identity proofing remains robust but manageable.
5. Certification and Supervision Require Agility
Supervisory bodies and ENISA highlighted that certification frameworks are evolving, but gaps remain. Conformity Assessment Bodies (CABs) are technically prepared to audit new trust services but cannot issue reports until accredited under the revised framework. As of September 2025, not a single CAB had completed this process, raising concerns about rollout delays. ENISA has convened an Ad-hoc Working Group (AHWG) to draft a Conformity Assessment Scheme (CAS), with peer review expected in 2026 and implementation foreseen from 2028. Until then, national schemes must bridge the gap, and mutual recognition across countries will be essential.
6. Data and User Perspectives Matter
Research presented at the Forum underlined that adoption will only happen if users perceive tangible value. Benefits such as faster onboarding, reduced fraud, and access to new digital services drive uptake. Giorgia Dragoni of the Digital Identity Observatory of the POLIMI School of Management in Milan provided valuable insights into adoption dynamics. However, communication remains critical: users need to understand not just the availability of wallets but why using them makes their daily lives easier. Without user-centric design and messaging, regulation alone will not secure adoption.
7. Competitiveness and Overregulation
The future of the European digital identity ecosystem hinges on balancing regulatory ambition with competitiveness. While regulations are necessary to ensure trust and security, too much rigidity risks harming innovation. Industry voices reminded that Europe must maintain globally competitive private operators to succeed. Consolidation in the market is expected as compliance requirements increase, with cross-border scale becoming a decisive advantage. Overregulation could hinder this competitiveness at a time when international players in the U.S., Japan, and elsewhere are advancing rapidly.
8. Security and Resilience: NIS2, DORA, CRA
Trust service providers now operate under multiple layers of regulation: eIDAS 2.0, NIS2, the Cyber Resilience Act (CRA), and the Digital Operational Resilience Act (DORA). These overlapping frameworks create risks of duplicated audits and fragmented reporting. Regulators are exploring harmonisation so that compliance with eIDAS requirements can also satisfy NIS2 obligations. Providers must adopt comprehensive risk management and cybersecurity strategies to remain compliant, while preparing for consolidation pressures driven by the high cost of compliance.
9. Large-Scale Pilots Show Feasibility but Not Incentives
EU-funded pilots have demonstrated that wallet interoperability works in practice. Cross-border credential exchange has been proven across sectors such as finance, healthcare, and mobility. Yet these pilots also highlighted that technical feasibility is not enough: the ecosystem lacks incentives. Attribute issuers, relying parties, and wallet providers must all see a clear business case. Without this, wallets risk stagnating despite successful technical demonstrations. Policymakers were urged to ensure incentives are embedded into the framework, not left as an afterthought.
10. The Road Ahead: Adoption, Business Wallet, and PQC
Looking forward, three strategic priorities emerged. First, adoption: wallet usage is voluntary, so uptake depends on clear user value, supported by education and communication. Second, the European Business Wallet (EUBW): by the end of 2025, the European Commission is expected to publish a proposal to enable businesses to hold and present credentials such as legal entity identifiers, mandates, and company attestations. This represents a significant extension of the wallet concept beyond individuals. Third, post-quantum cryptography (PQC): the community recognises the urgent need for algorithmic agility. Providers must prepare migration paths today, even though final PQC standards are still stabilising.
Global Context: Developments Beyond the EU
The Forum also addressed global digital identity trends. In the United States, over 18 states now issue ISO/IEC 18013-5 compliant mobile IDs, with the Transportation Security Administration (TSA) accepting them at airports. A U.S. digital ID solution integrated into passports is expected in late 2025. The United Kingdom has advanced its Digital Identity and Attributes Trust Framework (DIATF) and announced mandatory digital identity for proof of right to work. On 28 September, Swiss citizens voted in favour of introducing an electronic identity in Switzerland. Japan, Canada, and Australia are expanding wallet pilots, while the OpenWallet Foundation continues to promote open-source wallet infrastructure. GLEIF’s verifiable LEI (vLEI) is gaining traction as a trusted global corporate credential. European stakeholders are actively engaging in these discussions to ensure interoperability and cross-recognition in the future.
Namirial’s Perspective
For Namirial, the Forum reaffirmed three strategic messages:
- Adoption First: Wallets will succeed only if users and businesses see clear benefits, in any case the regulators .
- Consolidation Ahead: Requirements for QTSPs are rising, and Namirial is actively building the largest QTSP in Europe to meet these demands.
- Incentivising Attributes: Attribute monetisation should be an opportunity for issuers and relying parties, not a burden for users.
These priorities are not just strategic positions—they are reflected in Namirial’s positioning, products and solutions. With Namirial we are building the largest pan-European QTSP. On the product side with Namirial Onboarding, organisations can streamline customer identity verification while meeting the highest regulatory standards. With Namirial Sign, individuals and businesses benefit from secure, scalable, and accessible electronic signatures. And with the Namirial Wallet Platform, we are shaping the next generation of digital identity, enabling both consumers and enterprises to participate fully in the EUDI Wallet and forthcoming European Business Wallet ecosystems.
The 2025 Forum reinforced that Europe stands at a critical juncture. Regulatory foundations are advancing, pilots demonstrate feasibility, and new services like the European Business Wallet are emerging. Yet uncertainties remain: aligning certification, ensuring authentic source connectivity, and creating incentives for adoption. International comparisons show that other regions are moving fast, and Europe must remain agile. Collaboration across regulators, providers, and users remains the decisive factor. Only through coordinated action can Europe deliver digital identity and trust services that are secure, competitive, and widely adopted.
As Namirial, we were present and are proud to be on the front line of this ongoing process of innovation and change. Being part of these discussions confirms our commitment to driving the future of trust services and digital identity together with the wider ecosystem.