EUDI wallet-relying party registration

A guide for Member States and organizations, illustrated by the Procivis One implementation

Digital identity promises to simplify life for citizens and make credential sharing frictionless, but the official Architecture and Reference Framework (ARF) for the mandated EUDI Wallet can look overwhelming at first glance, especially since the eIDAS 2.0 law adds a layer of requirements and provisions for user privacy.

However, this is only half of the story. The other half is the organizations on the receiving end. Without a way to verify that these organizations are legitimate and authorized to request what they're asking for, the convenience of digital identity opens the door to fraud and abuse. The regulation mandates member states to protect wallet users precisely from that.

This is where wallet-relying party registration comes in: a framework that enables EUDI Wallet users to know and trust who they are sharing data with. By requiring organizations to register publicly before they can interact with EUDI wallets, the system provides transparency about who is asking for data, what they are authorized to request and why they need it.

Whether you are a Member State planning a national register, an organization preparing to register, or simply trying to understand how the system works, we've got you covered: Procivis One already includes wallet-relying party registration as part of its end-to-end, production-ready infrastructure. This Insight walks you through the fundamentals and shows how our wallet-relying party implementation functions within the EUDI framework.

1. What is a wallet-relying party?

A wallet-relying party is any organization that interacts with EUDI wallets to provide digital services. In practice, this broad category splits into two main types of actors.

EUDI wallet ecosystem of roles (European Digital Identity Wallet)
a)     Service providers (verifiers)

These organizations ask users to prove something about themselves, then rely on that information to deliver a service. Think of:

  • Government portals and e-government services
  • Banks
  • Retailers and online platforms
  • Hospitality
  • Employers

They might need you to prove that you are over 18 to buy an age-restricted product, that you are the person you claim to be when opening a bank account, or that you live in a certain municipality to access local services.

b)     Attestation providers (issuers)

These organizations issue digital credentials that go into the wallet, such as:

  • Governments
  • Universities and other education providers
  • Professional bodies
  • Employers

Instead of asking for proof, they give you something you can later present: a digital diploma, a mobile driver's license, a residence or work permit, a professional license. Some organizations are both. A university, for example, might first verify your enrolment status (as a verifier) before issuing you a student ID credential (as an issuer).

All of these roles fall under the umbrella of wallet-relying parties in the EUDI ecosystem. A few concrete journeys make this tangible: a bank that opens an account using PID from the wallet instead of scanned passports, a streaming service that only needs an “over 18” attribute instead of a full ID document, a university that accepts a digital diploma and person identification data for enrollment, or a public service portal that uses the wallet for strong authentication rather than passwords.

In every one of these journeys, the relying party is effectively asking the wallet: “Who are you, and may I see just enough data to serve you?”

2.   Why is wallet-relying party registration needed?

The EUDI Wallet ecosystem will involve millions of users sharing sensitive data with thousands of organizations across 27 countries. Without a standardized registry system, users would have no easy way to check if an organization is legitimate, what it is authorized to request or where to turn if something goes wrong.

Wallet-relying party registration solves this by creating transparent, publicly auditable directories that enable:

  • User protection
    Users can verify organizations before sharing data and understand what each organization is authorized to request
  • Automated verification
    Wallets can automatically check authorization, so users are not left to “Google” every organization themselves.
  • Cross-border trust
    A German user can trust a French bank or a Spanish university because the wallet can query that organization’s registration in its home Member State.
  • Accountability
    Member States can oversee and enforce rules for organizations operating under their jurisdiction.
  • Transparency
    Anyone can inspect which organizations are registered and what they are authorized to do.

The eIDAS framework introduces more than just a wallet. It also answers a very practical question: who is allowed to talk to wallets, and on what terms? The European Commission and ETSI (the European Telecommunications Standards Institute) translated the legal requirements into specifications and diagrams, addressing how the Member State, registrar, national register and certificate providers fit together into a single framework for the EUDI wallet-relying party registration.

Following these standards[1], any service that wants to use the EUDI Wallet for digital interactions must go through wallet-relying party registration in the Member State where it is established. The result is a national register of wallet-relying parties.

During this registration of wallet-relying parties, an organization must:

  1. Prove its legal identity as a company or public body
  2. Describe the services it will offer as a wallet-relying party
  3. List the attributes it plans to request and/or issue
  4. Explain the purposes for which those attributes will be used
  5. Provide contact information and website, so wallet holders can know who stands behind the service

Once accepted, the organization becomes an official EUDI wallet-relying party and appears in the national register. Wallets and intermediaries can query this register automatically before trusting a data request.

Wallet-relying party registration is the main safeguard that answers the user’s basic question: “Who is asking my wallet for data, and are they allowed to ask for this data?”

3.   How does registration of wallet-relying parties work for Member States?

From a Member State perspective, EUDI wallet-relying party registration introduces three core building blocks:

  • A national register of wallet-relying parties, which is the approved list in signed, machine-readable form
  • A registrar, which receives applications, checks conditions and approves wallet-relying parties to be added to the register and maintains it
  • Certificate providers (entities responsible for issuing certificates attesting to the data on the list)
Wallet relying party architecture

4.   Cross-border operations

Each Member State must have at least one registry, but they all follow common technical specifications and data models.

Conceptually, the picture looks like this: each individual country provides national registries that lists all its organizations as relying parties. All national registries expose APIs that use shared formats, identifiers and semantics.

For the EUDI wallet, this means:

  • A German user shopping at a French online retailer can have their wallet automatically query the French registry
  • The registry confirms that this retailer is a legitimate, registered wallet-relying party and indicates what it is authorized to request
  • The wallet can display this to the user in clear terms before any data leaves the device

The same applies when a French student enrolls at a Spanish university or an Italian citizen opens an account with a German bank. The wallet does the heavy lifting of calling the correct registry and checking the correct entry, based on shared specifications.

In principle, a relying party registers once in the Member State where it is established, and that registration then becomes visible to wallets and services across the EU. The exact handling for complex groups, multiple legal entities and multinational structures will depend on national implementation, but the underlying model is federated: each Member State is responsible for the list being available and being maintained (by a third party), and wallets can work with all of them.

5.    eIDAS 2.0. legal basis for wallet-relying parties, timeline, who must comply

The legal backbone for wallet-relying party registration sits in the eIDAS 2.0 Regulation, in particular Article 5b on European Digital Identity Wallet-Relying Parties:

Article 5b – “European Digital Identity Wallet-Relying Parties”

1 – “Where a relying party intends to rely upon European Digital Identity Wallets for the provision of public or private services by means of digital interaction, the relying party shall register in the Member State where it is established.”

2 – “[…] The relying party shall provide at least:
[…] the name of the relying party
[…] b) the contact details of the relying party
[…] c)  the intended use of European Digital Identity Wallets, including an indication of the data to be requested by the relying party from users.”

5 – “Member States shall make the information referred to in paragraph 2 publicly available online in electronically signed or sealed form suitable for automated processing.”

Timeline

The regulations apply from 24 December 2026. By then:

  • Member States must have operational national registers with infrastructure, policies and designated authorities in place.
  • Organizations must be registered as wallet-relying parties before they can interact with EUDI Wallets in a compliant way.
  • Wallet providers must implement verification mechanisms to check relying parties against registries and interpret their authorizations.

This is a tight but clear timeline. It turns “we should think about this” into “we need concrete architecture and procurement”.

Who must comply?

The obligations around wallet-relying party registration apply broadly across the ecosystem:

  1. Member States
    All EU Member States must establish at least one national register for wallet-relying parties in their territory, designate registrars and set up the required APIs and trust lists.
  2. Organizations using EUDI Wallets
    Any organization providing digital services via EUDI Wallets must register, including public sector bodies, private service providers, attestation providers and trust service providers.
  3. Wallets and intermediaries
    Wallet implementations and intermediaries must integrate with the registration infrastructure and use it to check who they are talking to.

Registration is not optional. An organization that is not on the register should not be treated by wallets as a valid wallet-relying party.

6.    Conclusion: How does Procivis One support wallet-relying party registration and infrastructure?

Wallet-relying party registration is one of the more complex parts of the European Digital Identity Framework. It touches regulation, standards, registries, certificate policies and real services, and it has to work across borders from day one. Procivis One is built to sit exactly in that space: it turns this regulatory complexity into an eIDAS 2.0-ready trust infrastructure that governments, QTSPs and enterprises can build on.

Procivis One covers the full path from issuers and wallets to relying parties and trust services. On the wallet-relying party side, it provides concrete components that map to the architecture described in eIDAS and ETSI:

  • Wallet-Relying Party Registry
    A registry component that lets authorities register and manage organizations authorized to interact with EUDI Wallets. It implements the required data model and technical specifications, supports registrar workflows and publishes a machine-readable register of wallet-relying parties that wallets and intermediaries can query.
  • Certificate Issuance integration
    Infrastructure for working with authorized providers to issue and manage wallet-relying party registration certificates and wallet-relying party access certificates. This turns registration and certificate issuance into one coherent flow instead of a bespoke patchwork for each project.

In short: Procivis One gives you a wallet-ready trust infrastructure that already fits the EUDI and ETSI frameworks, consolidates what would otherwise become many parallel developments and brings in long term, security focused expertise backed by Swiss Security printing group Orell Füssli. Wallet-relying party registration is just one of the difficult pieces we take on, so programmes can move faster, stay compliant and still focus their energy on the services citizens and businesses actually see.

Check our infrastructure in the Desk environment below:
1. Intended use

2. Provide attestation

3. Legal entity
Footnotes

[1]CIR 2025/848 (Commission Implementing Regulation EU 2025/848); ETSI TS 119 475: Data model for the national register and structure of registration certificates; ETSI TS 119 411-8: Policy requirements for access certificates

Share on LinkedIn
Author
Sven Stucki
Sven Stucki
Date
03
.
12
.
2025
Relevant links
No items found.

Weitere Insights

Wir teilen unsere Perspektive auf Trends im Bereich der dezentralen digitalen Identitäten und Nachweise und informieren über die Weiterentwicklung unserer Produkte.

Performance & Scalability: Procivis One Key Advantage #5
Products

Performance & Scalability: Procivis One Key Advantage #5

Andreas Freitag
Privacy by Design: Procivis One Key Advantage #4
Products

Privacy by Design: Procivis One Key Advantage #4

Procivis One embeds privacy at every layer, empowering users with control over their data while meeting stringent compliance requirements through selective disclosure and minimal data retention.

An ORELL Füssli company