eIDAS 2.0 & Procivis One
eIDAS 2.0 is a core focus of Procivis One. Flexibility is another, as every situation is different. With Procivis One, you can:
- implement a complete (end-to-end) solution
- extend existing systems and apps
- seamlessly combine our solution with other components – such as the EUDI Wallet and our Reference Implementation Integration Kit (RIIK)
- establish interoperability with other EUDI implementations using our Country Profiles
Whether you need individual components or a complete solution, we have what you need – eIDAS 2.0 compliant.
Situation
The amended EU Regulation 910/2014 – also known as eIDAS 2.0 – requires all member states to provide at least one digital identity wallet (EUDI wallet) and the necessary infrastructure (PID issuance, trust management, wallet unit attestation, etc.) by the end of 2026. Companies must accept these from the end of 2027.
Challenges
eIDAS 2.0 offers great opportunities for public authorities and companies, but at the same time presents them with a challenge. Technological and architectural decisions must be made under time pressure, based on existing systems and many legal requirements:
- the regulation itself (EU) 910/2014
- 20 implementing acts (not all published yet)
- the Architecture Reference Framework (ARF) – not legally binding and not yet final
- local requirements and regulations
Solution
Procivis One was developed with a focus on eIDAS 2.0.
We already support all requirements that are clear and can be met technically. In addition, we will continuously adapt our solution to new requirements of the eIDAS 2.0 regulation.
With Procivis One, you can:
- implement a complete (end-to-end) solution
- extend existing systems and apps, or
- seamlessly combine our solution with other components, such as the EUDI Wallet and our Reference Implementation Integration Kit (RIIK)
- establish interoperability with other EUDI implementations using our Country Profiles
Whether you need individual components or a complete solution, we have what you need – eIDAS 2.0 compliant.
Procivis One is already suitable for productive use and offers the flexibility needed to respond to future changes in regulatory requirements. This means that public authorities can already implement the necessary eIDAS 2.0 infrastructure for issuers (providers), verifying entities (relying parties), and holders (wallets), saving time and money.
eIDAS 2.0 Interoperability Using Country Profiles
Procivis expects that there will be up to 27 different eIDAS 2.0 implementations. Therefore, interoperability has been a focus from the beginning. Our architecture allows us to create and manage different "country profiles."
As soon as eIDAS 2.0 profiles are available, Procivis will implement and maintain all eIDAS 2.0 country profiles. For testing purposes, we currently support EU reference implementation and the Swiss swiyu sandbox.
Country profiles enable providers/issuers to issue credentials to different EU wallets or to verify credentials from other EUDI wallets.
EU Reference Implementation + Procivis One =
Procivis One EU Reference Implementation Integration Kit (RIIK)
It is important to distinguish between the EUDI reference implementation (EUDI RI) and a production system for eIDAS 2.0 infrastructure. The EUDI reference implementation is not a production-ready solution. It is a collection of over 60 repositories based on:
- different programming languages
- significant differences in the quality of documentation
- code quality
- coding style
- test coverage
- the range of functions
The EUDI reference implementation provides a good basis for the EUDI wallet itself, but its backend components for issuing and managing digital credentials have the following weaknesses:
- no database support/connection
- no credential management with audit trail, history, or revocation – required for GDPR
- no setup/management functionalities – configurations are implemented in the code (hard coded)
- not scalable – no simple horizontal scaling possible
- low flexibility – new protocols or functions are difficult to integrate
- very low test coverage
- no user or client management
- no SBOM (Software Bill of Materials), partial use of third-party libraries for main EUDI functions
- limited API layer (~20 interfaces)
Our solution:
Procivis One RIIK
We have a solution for this problem – Procivis One EU Reference Implementation Integration Kit (RIIK). RIIK supplements the EUDI reference implementation with all missing functions and capabilities – for both providers (issuers) and relying parties (verifiers). With RIIK, you can implement your eIDAS 2.0 infrastructure quickly and efficiently without the time and personnel required to develop additional components based on the EUDI reference implementation.
RIIK offers all the functions required for productive eIDAS 2.0 operation, including:
- database support
- configuration options
- over 100 documented APIs – powerful and extensible API layer
- management of keys, PKIs, credentials, and revocation
- user and organization management – multi-tenantcapable
- OpenID Connect support
- defined integration layer for external systems
- flexible connection of PKI systems
- future-proof architecture – modular, expandable, maintainable
Trust Management, Wallet Unit Attestation & Other Important Topics
eIDAS 2.0 is more than just credential formats and signatures. For example, the regulation provides trust management for relying parties and providers as well as wallet unit attestation for valid wallet installations.
Both components will be managed by government agencies in the future. Even though trust management and wallet attestation are not yet fully defined in technical terms, we have already implemented initial functional implementations based on the available information from the regulation, the Architecture Reference Framework (ARF) and relevant standards.
Our solution is continuously adapted to new developments, standards, and regulatory requirements within the framework of eIDAS 2.0 – in a proactive and compliant way.
Open Source & more
Open source alone is not enough. We take the following measures to ensure that the quality of the software is also guaranteed:
- ISO 27001 and ISO 9001 certified
- external code audits and penetration tests
- documentation on 3 levels (documentation, GitHub documentation, and in-code documentation)
- uniform coding guidelines
- high test coverage
- real-time software bill of materials (SBOM)
- strict code governance
GDPR & Procivis One
GDPR compliance is not optional. Procivis One enables a fully GDPR-compliant implementation. Our solution offers you all the technical capabilities you need to either store, not store, or completely delete personal data, audit logging, data encryption of personal data at rest and in transit.
Data sovereignty – without compromise. There are no dependencies on external systems or third-party providers. All data remains completely under your control. You decide where you want to run your instance:
- in your own data center
- at a local hosting partner
- in a cloud of your choice
Make your processes digital, secure and efficient
We support you with our technology and expertise – from an initial pilot to the final implementation.