Estonia, a widely recognized pioneer in digital governance, is once again setting the pace for Europe’s digital future. The Estonian Information System Authority (RIA) is actively seeking input for its public procurement of the European Digital Identity (EUDI) Wallet. This initiative goes beyond mere compliance with the eIDAS 2.0 framework; it’s an opportunity to solidify Estonia’s role in shaping a secure, user-centric, and interoperable digital identity for the entire continent.
I’ve been thinking a little about it while formulating strategic proposals and feedback for this project. Community contributions, and the broader vision for the Estonian EUDI Wallet, aim to transcend regulatory checkboxes and establish a new gold standard for digital identity in Europe.
Let’s dive into some of the key technical and strategic proposals that will make Estonia’s EUDI Wallet a blueprint for the EU.
A Modular Future: Six Layers of Innovation
Estonia’s approach is a six-layer modular architecture, meticulously designed for flexibility, security, and interoperability. This “composable design” ensures that individual wallet components can be upgraded, replaced, or extended without disrupting core functionality, effectively preventing vendor lock-in and enabling continuous innovation.
This modularity directly addresses RIA’s Question regarding Architecture type and WSCA (Wallet Secure Cryptographic Application) location strategies. The proposed architecture supports a hybrid approach, ideally leveraging Trusted Execution Environments (TEEs) and Secure Enclaves for hardware-level protection primarily within the user’s phone, while also allowing for remote Hardware Security Modules (HSMs) or external tokens for high-assurance scenarios. This ensures both convenience and top-tier security for sensitive cryptographic keys and data.
Privacy by Design, Zero-Knowledge Proofs and Selective Disclosure
Estonia’s EUDI Wallet should be engineered with “Privacy by Design” at its core. This means privacy considerations are embedded into every stage of development, not as an afterthought.
A key technology enabling this is Zero-Knowledge Proofs (ZKPs). ZKPs allow users to prove a statement (e.g., “I am over 18” or “I have a valid driving license”) without revealing any additional personal information, thus enhancing privacy during verifications. Complementing this is selective disclosure, which gives users granular control over precisely which attributes of their identity or credentials they share, eliminating unnecessary oversharing. This approach ensures that individuals maintain explicit control over their data, aligned with GDPR and Self-Sovereign Identity (SSI) principles.
Future-Proofing with Quantum-Resistant Cryptography
Looking ahead, the EUDI Wallet is being built to withstand emerging threats, including the advent of quantum computing. A dedicated post-quantum cryptography (PQ) roadmap is being developed, which includes hybrid algorithm approaches.
This directly addresses RIA’s Question regarding Cryptographic algorithms and post-quantum migration plans. The strategy involves supporting established algorithms like Elliptic Curve Digital Signature Algorithm (ECDSA) and RSA signatures for current compatibility, while a clear roadmap and timetable for migrating to PQ algorithms like CRYSTALS-Dilithium and CRYSTALS-Kyber are defined. The hybrid approach during the transition period combines classical and PQ algorithms, ensuring security and compatibility. The modular architecture of the wallet allows for these algorithm updates without disrupting core functionality, providing inherent resilience against potential vulnerabilities, drawing lessons from past incidents like the Roca 2017 vulnerability in Estonia’s ID-card system.
Open Source Leadership. The Estonian Digital Identity Foundation (EDIF)
Transparency and collaborative development are central to Estonia’s vision. To ensure sustainable open-source governance for digital identity technologies, the proposal includes establishing the Estonian Digital Identity Foundation (EDIF).
This directly ties into RIA’s Question on open source licensing and community development. EDIF would act as a non-profit organization stewarding the core wallet software, publishing API specifications, providing reference implementations, and coordinating community development efforts. The primary licensing approach for core components would utilize the Apache License 2.0, promoting broad compatibility and shared improvements across the community. Active participation in the Linux Foundation’s Open Wallet Foundation (OWF) and significant contributions to the European Blockchain Services Infrastructure (EBSI) are also recommended, reinforcing Estonia’s commitment to global open-source standards and collaboration.
Seamless Integration with Estonia’s Digital Backbone
A key strength of Estonia’s approach is its commitment to integrating the EUDI Wallet into its existing, highly successful digital ecosystem with minimal disruption.
- Seamless TARA, SiGa, and DigiDoc compatibility The wallet is designed to maintain existing workflows and minimize migration effort for Relying Parties (RPs). For instance, authentication in the public sector is expected to be mediated via the existing TARA framework, and QES (Qualified Electronic Signature) support via SiGa. Compatibility with the DigiDoc client, which is used for digital signing and verification, is also ensured.
- X-Road connectivity Estonia’s X-Road infrastructure, which securely connects 99% of its government services and handles billions of transactions annually, serves as a direct blueprint for EU-wide interoperability. The EUDI Wallet will integrate with X-Road, extending Estonia’s “once-only” principle and enabling seamless access to over 1,000 government services.
Comprehensive Mobile OS Support and User Experience
Ensuring broad accessibility and a consistent user experience across various mobile devices is paramount. The Estonian EUDi Wallet aims to achieve this through a well-defined mobile OS support policy.
This addresses RIA’s Question regarding Mobile OS support policies and version management. The wallet will support a wide range of mobile OS versions, aligning with Estonia’s current practice of long-term support for mobile operating systems (e.g., Smart-ID on Android 8 and iOS 14 as minimum in May 2025). This must update, these are not secure environments anymore. A predictable annual schedule for advancing minimum OS requirements by one major version will be implemented, providing users with clear expectations and sufficient time for upgrades. This approach balances the need for security updates with broad accessibility for Estonia’s diverse user base. Ideally the government only builds the platform and standard with supportive legislation and mobile applications are done by the private sector or in cooperation.
Intuitive Wallet Actions and Biometric Integration
User convenience and security go hand-in-hand. The EUDI Wallet proposes flexible and robust methods for confirming wallet actions.
This tackles RIA’s Question on Wallet action confirmation methods and biometric integration. In addition to traditional PINs (PIN1 for authentication, PIN2 for digital signatures, mirroring current Estonian practice), the wallet will support mobile phone platform biometrics such as fingerprint and face recognition for action confirmation, while still preserving a LoA (Level of Assurance) High. For higher-risk transactions, the system is designed to initiate additional, explicit biometric verification (e.g., re-authentication with biometrics even if a PIN was recently used), coupled with clear user awareness of the transaction context. This multi-layered approach enhances security without compromising usability.
Leveraging the EU Digital Identity Wallet Reference Implementation
Estonia plans to extensively leverage the EU Digital Identity Wallet Reference Implementation (RI) as a foundational layer.
This directly responds to RIA’s Question regarding Reference Implementation utilization and update management. The Estonian EUDI Wallet will extensively reuse the RI to ensure compliance and interoperability with EU standards, while reducing development costs and time-to-market. Future code updates from the RI are planned to be integrated through a continuous integration/continuous deployment (CI/CD) pipeline, leveraging the modular design to incorporate regular updates for security patches, UX improvements, and new features orchestrated by the European Commission. This collaborative approach ensures alignment with the evolving EU ecosystem and allows Estonia to contribute its own innovations back to the broader RI project. Usually running costs are higher that estimated and often heavily underestimated too. Maintenance must be a vital part of the process and here the proposed EDIF institution can play a crucial role.
Estonia’s Vision: A Gold Standard for Digital Europe
Estonia aims to not only meet the eIDAS 2.0 mandate but to define the “gold standard” for Europe’s digital identity. This holistic approach combines Estonia’s proven expertise in digital governance with cutting-edge technologies to deliver a solution that prioritizes citizen needs, ensures long-term sustainability, protects privacy, and delivers significant economic and social benefits across the EU.
I believe that this comprehensive and forward-thinking approach will transform the EUDI Wallet from a mere compliance tool into a dynamic, empowering platform for all Estonian citizens.
Want to discuss the future of digital identity, e-commerce, AI, or other tech innovations? I’d love to connect! Find me on LinkedIn or visit our company website.
Written as response to RIA call to action -> https://www.ria.ee/uudised/kutsume-turuosalisi-osalema-eesti-digikukru-hanke-ettevalmistavas-uuringus
This article originally appeared on my Medium. You can also read all of my articles here on my web.