EUDI Wallet in financial services: what banks and fintechs need to know?

Payment fraud in the European Economic Area (EEA) reached €4.2 billion in 2024, up 17% from the year before, according to the joint EBA-ECB Report on Payment Fraud published in December 2025. The European Union’s answer to that escalation is not just stronger authentication requirements. The Electronic Identification, Authentication and Trust Services Regulation (eIDAS 2.0), in force since 20 May 2024, introduces a government-backed digital identity credential that every EU bank must accept by December 2027. This article breaks down what the European Union Digital Identity (EUDI) Wallet means for KYC, AML compliance, and fraud prevention, and what financial institutions need to do before the deadline arrives.

The EUDI Wallet is a government-issued digital identity credential that EU citizens and residents use to authenticate themselves with registered service providers. It stores verified attributes, including name, date of birth, address, and national ID number, each confirmed at issuance against official state registries and cryptographically signed by the issuing authority.

What does the EUDI Wallet mean for KYC in financial services?

Standard KYC processes start from scratch at every institution. A customer who verified their identity with one bank re-uploads documents, completes a new liveness check, and resubmits proof of address when opening an account elsewhere. The EUDI Wallet changes that. A wallet-holder shares verified, government-backed attributes directly with the institution’s onboarding flow without re-uploading anything. For KYC teams, the credential arrives pre-verified and with an auditable chain of custody.

The once-only principle and reusable identity

The EUDI Wallet is built on what the European Commission calls the once-only principle. Identity is verified once by a competent authority and then reused across services without re-verification. For banks, this has a direct operational consequence. A prospective customer can share their verified name, date of birth, and address from their EUDI Wallet directly into the bank’s onboarding flow. The data carries a cryptographic signature confirming it came from the issuing authority, unmodified, meeting the evidentiary standard for customer due diligence without additional document capture.

Large-scale pilot projects across 26 EU member states are already testing this in live conditions, involving more than 350 companies and government agencies, according to the European Commission’s EUDI Wallet programme. The programme carries an adoption target of 80% of EU citizens having access to and actively using a EUDI Wallet by 2030. For banks currently reviewing their digital KYC infrastructure, the pilot results provide early performance data on wallet-based onboarding in practice.

Relying-party registration and what it means in practice

Before a bank or fintech can request credentials from an EUDI Wallet, the institution must register with its national competent authority as a relying party. That registration is not automatic and varies by member state. As of April 2026, institutions that have not started the process are unlikely to be operationally ready when member state wallets come online in December 2026. The compliance preparation clock starts at wallet availability, not at the acceptance deadline. Waiting until December 2027 to begin registration is not a realistic timeline for most KYC teams.

The EUDI Wallet timeline every financial institution needs to know

Three dates structure the entire compliance effort for financial institutions. The practical work, relying-party registration, and technical integration with national wallet schemes, needs to begin in 2026 so institutions are ready when the acceptance window opens. Teams that treat December 2027 as the start date, rather than the deadline, will find the integration work compresses into a period that was never designed to absorb it all at once.

The sequence runs from 20 May 2024, when eIDAS 2.0 entered into force and established the legal framework. Every EU member state must deploy a compliant national EUDI Wallet by December 2026. All EU banks, payment institutions, and e-money issuers must accept the EUDI Wallet for processes requiring Strong Customer Authentication (SCA) by December 2027. The European Commission’s broader adoption target runs to 2030, with 80% of EU citizens using an EUDI Wallet as their primary digital identity credential.

How does the EUDI Wallet strengthen AML compliance?

AML compliance depends on the quality of identity evidence at the base of every customer record. A forged document that passes verification creates a customer profile built on false information, making ongoing transaction monitoring less reliable against that account. The EUDI Wallet changes the upstream condition. Credentials drawn from a government-issued wallet are cryptographically bound to the issuing authority and cannot be altered without breaking the signature. That is a different evidentiary baseline than a document image processed through an optical character recognition engine.

Cryptographic credentials and the AML evidence trail

When a customer shares attributes from their EUDI Wallet, those attributes carry a cryptographic signature proving they came from a competent authority. For AML teams, this matters at two points in the compliance lifecycle. At onboarding, the identity evidence supporting customer due diligence carries an auditable chain of custody back to the issuing state authority, replacing a document scan with a state-level assertion. At review, the credential metadata, including the issuing authority, verification date, and attributes checked, gives compliance teams a clear record without having to reconstruct source documents.

The EU Anti-Money Laundering Regulation (AMLR), which applies from July 2027 under Regulation EU 2024/1624, arrives in the same compliance window as mandatory EUDI Wallet acceptance. Both take effect together, and AML screening processes built before that window should account for wallet credentials as a valid form of identity evidence from day one.

Identity fraud prevention through government-level assurance

Payment fraud in the EEA is rising, and a portion of that fraud enters through compromised or fabricated identities at onboarding. EUDI Wallet credentials remove one route fraud typically takes at the door. A credential cryptographically signed by a state authority and bound to a specific holder is considerably harder to misrepresent than a photographed passport. The risk does not disappear entirely, but the fraud surface shifts away from document fabrication and toward transactional and behavioral patterns that AML monitoring is better positioned to detect after a clean identity is established.

Is EUDI Wallet acceptance mandatory for financial institutions?

For EU-licensed banks, payment institutions, and e-money issuers, acceptance of the EUDI Wallet for SCA-required processes is mandatory by December 2027 under eIDAS 2.0. The obligation covers acceptance as one valid authentication method, not exclusive use. Existing authentication methods remain valid alongside the wallet. Non-EU fintechs serving EU-licensed customers will need to assess their position based on their specific licensing jurisdiction and the services they provide.

The mandate does not require banks to migrate all customers to wallet-based authentication. It requires the wallet to be accepted when a customer presents it. The eIDAS 2.0 identity verification guide and the overview of eIDAS and electronic IDs in the EU set out the regulatory obligations in detail, including which use cases trigger the acceptance requirement.

How Shufti helps banks navigate the EUDI Wallet transition?

The move to EUDI Wallet-based identity verification does not happen in a single step. Between now and December 2027, banks and fintechs will run two tracks simultaneously, meeting existing KYC and AML obligations with current verification infrastructure while building the integration layer that accepts wallet credentials. The transition period is where operational gaps tend to open.

Shufti’s electronic identity verification platform reaches 85+ countries through database verification and connects to 30+ national eID schemes, including those coming online under eIDAS 2.0, through a single API. A bank currently running database checks for its European onboarding can accept verified wallet credentials as national schemes come online in 2026 without rebuilding its verification stack. The AML screening layer sits on the same API, so the stronger identity evidence from wallet credentials feeds directly into existing monitoring workflows.

For compliance teams preparing for the 2027 mandate, the practical starting point is mapping where wallet-based verification fits within each KYC risk tier and identifying which customer journeys need to be updated to handle relying-party credential requests.