EUDI — European Digital Identity Wallet

Comprehensive chronology of the EU Digital Identity Wallet from eIDAS 1.0 (2014). 4 documented events — laws, security concerns, pilots, German implementation, media. All with sources.

Range: Jun 22, 2023 → Sep 10, 2024

All · 4 ● Security · 4

June 22, 2023 · Security· EU★ kritisch
500+ scientists warn about eIDAS 2.0
Open letter from over 500 cryptographers and IT security researchers (including Cas Cremers, ETH Zurich). Main criticism: Article 45 forces browsers to accept QWAC certificates issued by member states — browser manufacturers lose the ability to immediately remove compromised CAs. Risk of state man-in-the-middle attacks.
eIDAS Open Letter ↗
November 8, 2023 · Security· EU
Mozilla, Cloudflare, ISRG warn again about Art. 45
Manufacturer Alliance publishes Joint Industry Statement against the QWAC requirement in eIDAS 2.0. Argument: Undermines the Web PKI and thus the trust model of the entire World Wide Web.
~June 15, 2024 · Security· DE
CCC criticizes wallet as an “identity block”
Chaos Computer Club warns: Aggregated data storage in a single wallet creates attractive targets for attacks. Central device attestation gives tech companies (Apple, Google) veto rights over state wallets.
~September 10, 2024 · Security· EU
netzpolitik.org: Unlinkability not guaranteed
Research shows: The unchainability of wallet presentations promised in eIDAS 2.0 is not strictly enforced in ARF v1.4 — issuers can theoretically recognize the same citizen across transactions.

500+ scientists warn about eIDAS 2.0

Mozilla, Cloudflare, ISRG warn again about Art. 45

CCC criticizes wallet as an “identity block”

netzpolitik.org: Unlinkability not guaranteed