The Expanding Digital ID Landscape

The eIDAS 2.0 regulation represents the most ambitious digital identity infrastructure project in human history. By the end of 2026, every EU citizen, resident, and registered business will have access to at least one government-approved Digital Identity Wallet.

What Will Be Stored in EUDI Wallets?

• National ID cards and driving licences (electronic versions)
• Educational credentials (diplomas, certificates)
• Health records (vaccination status, medical history)
• Payment details and financial identifiers
• Employment information and professional qualifications
• Travel documents and residency status
• Any additional certificates or attributes issued by public or private entities

Timeline for Mandatory Acceptance

Key Risks: EU Perspective

• Centralization of identity data: While wallets are device-based, the issuance, revocation, and audit trails are centralized at the national level.
• Interoperability as surveillance risk: Seamless cross-border identity sharing creates opportunities for profiling and tracking.
• Government mandate with no exit: Once EUDI becomes required for banking, employment, and travel, citizens have little choice but to participate.
• Future scope creep: Political pressure could expand EUDI to include health status, financial transactions, location data, or political affiliations.

What Changed (And What Didn't)

Civil Liberties Groups' Position

Organizations like Liberty, Big Brother Watch, and the Open Rights Group continue to argue that digital identity infrastructure — even if technically "optional" — creates a surveillance skeleton key. Once built, it is nearly impossible to dismantle and invites repurposing for political control, immigration enforcement, or social credit systems.

Current State of mDL Adoption

Federal Standardization: ISO/IEC 18013-7

The international standard for mobile driver's licenses (ISO/IEC 18013-7) was finalized in 2024. This creates a common framework for all US states and international travelers. The US NIST (National Institute of Standards and Technology) has aligned federal guidance with this standard.

Federal Funding and Expansion

• NIST Digital Identity Grants: The federal government has allocated funding for state digital ID programs aligned with NIST Cybersecurity Framework and eIDAS interoperability standards.
• TSA Acceptance: TSA PreCheck kiosks at airports already accept certain mDLs for verification. Broader airport adoption is in pilot phase.
• Age-Verification Push: Federal legislation proposals (e.g., AMIR Act) that mandate age verification for age-restricted purchases online will likely accelerate mDL adoption once standards mature.
• Private Sector Integration: Payment processors and financial institutions are exploring mDL integration for customer onboarding and fraud prevention.

Key Risks: US Perspective

• Fragmented surveillance: Each state runs its own infrastructure, but interoperability means a holistic profile is constructible at federal or corporate level.
• No federal privacy floor: Unlike GDPR, there is no US equivalent regulating how mDL data can be used or retained long-term.
• Police surveillance: Law enforcement agencies can potentially access mDL data at checkpoints without warrants or proper oversight in many jurisdictions.
• Contractor lock-in: Private companies (Idemia, Thales, etc.) building mDL infrastructure have incentives to lobby for broader adoption and data monetization.