Banks will have to propose to their customers the EU Digital Identity Wallet (EUDIW) as an alternative for Strong Customer Authentication (SCA) in online payments by December 2027. This statement marks a significant regulatory milestone under the eIDAS 2.0 legislation. One that has proven to be less than popular among banks and Payment Service Providers (PSPs) located in the EU.
An article written by Jim Hartsema
Banks will have to propose to their customers the EU Digital Identity Wallet (EUDIW) as an alternative for Strong Customer Authentication (SCA) in online payments by December 2027. This statement marks a significant regulatory milestone under the eIDAS 2.0 legislation. One that has proven to be less than popular among banks and Payment Service Providers (PSPs) located in the EU.
From PSD2 to eIDAS 2.0: A Pattern of Technical Complexity
The Payment Service Directive (PSD) 2, combined with the requirements of Article 4 of Delegated Regulation (EU) 2018/389 (the ‘RTS on SCA’), represented a massive technical burden for financial institutions to implement. Now, with the mandatory acceptance of EUDIWs as an alternative method for Strong Customer Authentication, another significant technical burden looms on the horizon for PSPs.
However, this new challenge extends beyond mere technical implementation. Banks, payment- and electronic money institutions are obliged to accept all acknowledged EUDIWs for authentication purposes by December 2027. But this mandate introduces both technical and compliance complexities that weren’t fully anticipated during the initial regulatory design phase.
The Industry Response: Two Critical Challenges
According to The Dutch Payments Association and its specialized taskforce ‘TFeIDAS’, the implementation of EUDIWs as an SCA alternative faces two significant challenges that threaten successful deployment:
Challenge 1: Loss of Control Over Security Credentials
The Problem: Banks do not have the ability to control EUDIWs effectively. The RTS on SCA contains stringent requirements mandating that PSPs must ensure the safety, security, and confidentiality of personalized security credentials. This creates a fundamental conflict when EUDIWs fall outside of their operational domain.
The Impact: PSPs find themselves in the impossible position of being held responsible for security standards over systems they cannot directly manage or monitor, creating unfavorable liability and operational risk concerns.
Challenge 2: Functional Limitations of Current EUDIW Architecture
The Problem: EUDIWs lack certain critical functionality required by existing regulations. The RTS on SCA contains specific requirements such as dynamic linking that cannot be fulfilled by EUDIWs in their current form, as they lack the necessary technical capabilities to meet these compliance requirements.
The Impact: This creates a regulatory gap where banks must accept a technology that cannot fully satisfy the same security standards applied to their existing authentication methods.
Understanding the Limited Obligation
While banks and PSPs must accept the EUDIW as an optional two-factor authentication (2FA) tool for Strong Customer Authentication by December 2027, the scope of this obligation is deliberately constrained. The revised eIDAS 2.0 regulation, along with its implementing acts, establishes clear boundaries:
What’s Required:
. Acceptance of EUDIWs for basic SCA as a 2FA alternative
. Integration for authentication purposes only
What’s Not Required:
. Full payment initiation support
. Support for qualified electronic signatures
. Issuance of such credentials by PSPs themselves
Future Regulatory Uncertainty
Even when certain EUDIWs or pilot initiatives explore advanced use cases, such as full payment authorization flows, these remain outside the scope of mandatory acceptance unless explicitly covered by future eIDAS implementing acts.
The European Commission’s upcoming Payment Services Regulation (PSR) and PSD3 may introduce additional changes, but their timelines create a problematic gap. The regulatory technical standards (RTS) from the European Banking Authority (EBA) will arrive too late to provide necessary clarity ahead of the 2027 deadline, leaving PSPs to navigate implementation with incomplete guidance.
Balancing Innovation with Compliance
Any broader ambitions for EUDIW integration, such as full payment enablement or advanced wallet functionalities, remain beyond current compliance requirements and should be treated as voluntary innovation initiatives. However, the European Credit Sector Associations re-iterate their concern on the persistent lack of a clear indication on whether the strong customer authentication (SCA) obligations apply to payments, highlighting ongoing regulatory uncertainty.
These voluntary use cases hold significant potential for future innovation, but their successful implementation depends on the evolution of both legal frameworks and technical standards that align with existing security requirements.
Conclusion: Navigating the Road Ahead
The mandatory acceptance of EUDIWs by December 2027 represents both a compliance challenge and an opportunity for the European financial sector. While the immediate burden focuses on limited SCA integration, the long-term potential for digital identity innovation remains substantial.
Success will require PSPs to maintain a delicate balance: meeting the minimum compliance requirements efficiently while positioning themselves for future opportunities as the regulatory and technical landscape continues to evolve. The key lies in understanding that this initial implementation phase is not the final destination, but rather the first step in a longer journey toward comprehensive digital identity integration in European finance.
As the December 2027 deadline approaches, clear communication between regulators, technology providers, and financial institutions will be essential to address the fundamental challenges identified by industry associations and ensure that the promise of digital identity innovation can be realized without compromising the security and reliability that customers expect from their financial services.
Banking 4.0 – „how was the experience for you”
„To be honest I think that Sinaia, your conference, is much better then Davos.”
Many more interesting quotes in the video below:
