The European Union is building a government-controlled, PKI-anchored identity system. It is also, in the process, formally adopting the same cryptographic and data standards that the decentralised identity community spent years developing. Those two things are not contradictory.
For most of the past decade, standards like Verifiable Credentials, Decentralised Identifiers, and selective disclosure protocols existed primarily in a specific corner of the internet: W3C working groups, self-sovereign identity research papers, privacy coin white papers, and blockchain developer forums. Mainstream institutions largely ignored them. Governments showed little interest.
That is changing. Under Regulation (EU) 2024/1183 — eIDAS 2.0 — every EU member state is legally required to provide a European Digital Identity (EUDI) Wallet to its citizens by the end of 2026. The technical specifications underpinning that wallet draw directly from the same standards the decentralised identity community built. The EU is not building a Web3 system. But it is, at significant institutional scale, confirming that the cryptographic tools Web3 identity proponents championed are the right ones for the job.
That distinction matters and is worth unpacking.
The Standards the EU Chose — and Where They Came From
The EUDI Wallet’s core credential format is the W3C Verifiable Credential (VC) standard. A Verifiable Credential is a structured, cryptographically signed data package — a machine-readable, tamper-evident representation of a claim made by one party about another. The W3C Verifiable Credentials Data Model specification was published as a formal recommendation in 2019, after years of work in the decentralised identity community. Projects like uPort and Evernym were exploring practical VC implementations years before any government mandate existed.
The EU reviewed those efforts explicitly. The Springer chapter on the EUDI Wallet architecture notes that self-sovereign identity pilot projects and the standardisation progress of the W3C Working Group on Decentralised Identifiers were taken into account when defining the EUDI Wallet model. Early projects like uPort and Evernym helped demonstrate that the underlying concepts were workable, but the more direct influence came through the W3C standards and large-scale EU pilot programmes those efforts helped produce. The architecture borrows from a tradition the decentralised identity space helped build — via the standards layer, not project-to-project lineage.
Alongside VCs, the wallet uses Decentralised Identifiers (DIDs) — globally unique identifiers that allow institutions to be represented digitally without relying on a single central registry. DIDs are also a W3C standard, and they emerged from the same community of researchers and developers who were building self-sovereign identity systems before governments were paying attention.
The interoperability protocols — OIDC4VC (OpenID for Verifiable Credentials) and OIDC4VP (OpenID for Verifiable Presentations) — allow the wallet to share specific attributes rather than entire documents. These build on OpenID Connect, a widely used authentication standard, and extend it to handle VC-based interactions. The result is a system where presenting your digital driving licence to a rental company does not require handing over your full date of birth, home address, or any other data the transaction does not need.
Selective Disclosure: The Privacy Primitive That Crossed Over
Selective disclosure is where the overlap with Web3 cryptographic research becomes most visible. The concept — proving a specific fact without revealing the data that supports it — sits at the intersection of privacy engineering and applied cryptography. It is also foundational to some of the most technically interesting work in the blockchain space.
Zero-Knowledge Proofs (ZKPs), which allow a prover to convince a verifier that a statement is true without revealing any underlying information, are used in privacy-preserving cryptocurrencies like Zcash and in Ethereum Layer 2 scaling solutions like zkSync. The mathematical techniques are the same ones now being explored for EUDI Wallet implementations.
Research published in January 2026 proposes combining ZKPs with Trusted Execution Environments (TEEs) to produce verifiable proofs without relying on centralised third parties — and without exposing credential data even to the phone’s operating system. The paper is academic, and the authors note that benchmarking and prototyping remain future work. Not all member state wallet implementations will include ZKP support from day one.
But the direction is clear: the privacy primitives that the blockchain and cryptography research community developed for decentralised, permissionless contexts are now being integrated — selectively, carefully, within a regulated framework — into government identity infrastructure.
For a Web3-native reader, that is a meaningful data point. It suggests the technical instincts of that community were not wrong. The tools were sound. What governments are building now is different in governance and purpose, but it is built on the same cryptographic foundation.
EBSI: Where a Blockchain Actually Appears
The European Blockchain Services Infrastructure (EBSI) is the most direct blockchain component in the EUDI ecosystem. It is a permissioned distributed ledger operated by all 27 EU member states, Norway, Liechtenstein, and the European Commission. Each member runs at least one node.
EBSI functions as a trust registry — a tamper-evident, publicly auditable record of the DIDs and public keys of every authorised credential issuer in the EU. When someone presents a digital diploma, the verifying system checks EBSI to confirm the issuing university is a legitimate, registered authority. No phone call. No central master database. The blockchain is the reference layer that makes cross-border verification possible without centralising the data itself.
Pilot projects testing the wallet in the education sector are already using EBSI in this capacity. The EBSI-VECTOR project has been running production implementations of the Verifiable Credentials framework in education since 2024, with social security use cases following in 2025.
EBSI is not Ethereum. It is not permissionless, and it does not support arbitrary smart contracts or open participation. It is a state-run ledger for a specific, bounded function. But it is a blockchain, and its selection — over alternatives like a traditional centralised database or a federated directory — reflects a deliberate choice to use distributed ledger architecture for a function where tamper-resistance and auditability across multiple sovereign governments matter.
That choice was not inevitable. It reflects accumulated confidence in the approach.
The Pluralistic Model: Not One Stack, But Several
One of the more technically nuanced aspects of the EUDI architecture is that it does not pick a single technology and apply it everywhere. The DC4EU (Digital Credentials for Europe) project, which concluded its final reporting phase in early 2026, confirmed that the EU has adopted what it describes as a pluralistic trust model.
In practice, this means different credential types use different underlying technologies:
-
PKI handles traditional government documents — passports and national ID cards — where established legal frameworks and hardware security modules are already in place.
-
W3C Verifiable Credentials handle the portable credential layer: driving licences, professional qualifications, academic diplomas.
-
DLT manages revocation registries, so that when a credential is invalidated — a licence suspended, a professional certification revoked — that status can be checked in real time across borders without a central authority processing every query.
For someone who has followed decentralised identity closely, this architecture will look familiar. It mirrors the layered thinking that SSI researchers proposed years before governments were listening: use the right tool for each function, maintain user control over what is shared, and avoid single points of failure. The EU did not arrive at this architecture independently. It built on work that was already there.
What This Is Not
Being precise here matters, particularly for a Web3-native audience that will notice overreach.
The EU is validating the tools, not the ethos. Verifiable Credentials, DIDs, and ZKPs are being adopted because they are technically well-suited to the problems of cross-border interoperability and privacy-preserving verification. That adoption does not represent an endorsement of permissionless finance, decentralised governance, or the broader philosophy of trustless systems.
Governmental oversight remains central. Credentials are issued by licensed, regulated institutions. The blockchain component — EBSI — is state-operated and permissioned. Citizens control what they share, but the system operates within a clear legal and regulatory hierarchy. GDPR applies. National data protection authorities have jurisdiction.
Some research has explored whether the eIDAS trust framework might eventually extend to public EVM-compatible chains, potentially enabling institutions to link qualified electronic seals to smart contracts on Ethereum or Polygon. This is an active area of academic inquiry — see Pourtalier & Lamberti (2026) — but it has no confirmed policy backing and no implementation timeline. It should be read as speculative research, not a signal of where EU policy is heading.
Why the 2026 Deadline Is More Complicated Than It Looks
The legal deadline is end of December 2026, anchored by implementing regulations published on 4 December 2024. The practical picture, as of April 2026, is considerably more uneven. ENISA — the EU’s own cybersecurity agency — stated in a recent draft certification scheme that no EUDI Wallet has been deployed or certified, and that no security standard is foreseen to be available by year end. A recent interoperability testing exercise found fewer than one quarter of member states participating with EUDI Wallet-enabled applications.
Readiness varies sharply by country. France, Italy, Poland, Austria, and Germany are the strongest candidates — each upgrading an existing national identity platform rather than building from scratch. At the other end, the Netherlands has signalled it is unlikely to fully meet the deadline, and Bulgaria has not yet begun work on a state-provided wallet.
The result will almost certainly be a staggered rollout rather than a uniform launch. Some member states will deliver a basic, compliant wallet by the deadline; others will arrive late or with reduced functionality. The Commission’s target of 80% active adoption by 2030 adds further pressure — but whether citizens actually use the wallets will depend on usability, service acceptance, and trust in government-issued apps. Privacy advocates have also raised unresolved questions about data retention and profiling safeguards that national implementing laws will need to address.
The Longer View
There is a version of the EUDI Wallet story that is straightforwardly about EU digital infrastructure modernisation. And there is a narrower, more specific story that is worth telling for a technically informed audience: a set of cryptographic and data standards developed in open research communities, driven in part by blockchain and decentralised identity researchers, has now been formally adopted as the basis for the largest government-mandated digital identity system ever attempted.
That does not mean the EU has endorsed Web3. It means the standards were good enough, and the technical arguments behind them sound enough, that a highly cautious regulatory body chose them over the alternatives.
For the Web3 identity community, that is a form of validation worth understanding clearly — not overclaimed, but not dismissed either.
If this article, video or photo intrigues any copyright, please indicate it to the author’s email or in the comment box.