Connect to the European Digital Identity Wallet ecosystem

As defined in the EUDI Architectural Reference Framework: “intermediaries form a special class of Relying Party. Article 5b (10) of the [European Digital Identity Regulation] states "Intermediaries acting on behalf of relying parties shall be deemed to be relying parties and shall not store data about the content of the transaction". Such an intermediary is a party that offers services to Relying Parties to, on their behalf, connect to Wallet Units and request the User attributes that these Relying Parties need. The intermediary then sends the presented attributes to the intermediated Relying Party. This implies that an intermediary performs all tasks assigned to a Relying Party in this ARF on behalf of the intermediated Relying Party.”

In short: intermediaries unburden you from the complexity of the ecosystem, by performing the obligations required (to be eIDAS 2.0 compliant) on your behalf.

An EUDIW intermediary connects organisations to the European Digital Identity Wallet ecosystem, handling trust, interoperability, and compliance requirements so parties can exchange identity data securely and efficiently. The itsme EUDIW Intermediary Service is a managed service that connects your organisation to the European Digital Identity Wallet ecosystem through a single integration. It abstracts the complexity of interacting with multiple wallets, protocols, PID formats, and issuers across Europe.

Direct integrations require managing multiple wallet specifications, protocols, and attribute formats that won’t be fully standardised. The itsme intermediary simplifies this by:

• Providing one standardised integration
  Handling protocol translation and validation

• Centralising compliance and trust management

This significantly reduces development effort and operational complexity.

While the regulatory intermediary role focuses on protocol-level interaction, itsme goes further by:

• Providing end-to-end integration support, and 24/7 support.

• Offering lifecycle management of attestations

• Enabling advanced services like delegated EAA issuance and fraud risk support

This positions itsme as a full-service identity partner, not just a technical broker.

If you are already integrated with itsme, you can continue using your existing OIDC integration, while gaining extra access to all accredited EUDI wallets.
Minimal changes will be required to support the use cases enabled by the EUDIW. Contact us for more information.

Absolutely, you can use the EUDIW Intermediary service as a standalone identity solution. The principle remains the same: you only need one integration to reach the whole EUDI Wallet ecosystem. Contact us and we will find together the right solution tailored to your needs.

Yes, the service is explicitly designed to align with eIDAS 2.0 roles, principles, and trust requirements, and to evolve alongside upcoming implementing acts.

• The intermediary service is built in alignment with the eIDAS 2.0 Architectural Reference Framework and implementing acts. It manages amongst others:

• Access and registration certificates
  Attribute validation and policy enforcement

• Consent and data minimisation requirements

All accredited wallets are supported. The service is designed to integrate all accredited (and to-be accredited at any point in time in the future) European Digital Identity Wallets via a single interface. For upcoming accredited wallets, we aim to always integrate them in their pre-production sandbox environment, so that there is the least amount of time between their accreditation and being supported through our interface to you (read: days and not months). By working with an intermediary, you won’t need to integrate each wallet separately and deal with the continuous operational cost. The list of accredited EUDI Wallets is available here.

The service supports key EUDIW-driven use cases, including:

• Customer onboarding (KYC / identification)

• Secure login (Strong Customer Authentication)

• Attribute sharing (PID, attestations)

• Qualified electronic signatures (where supported)

itsme acts as a trust and interoperability layer. You remain in control of which data is requested, shared, or provided, within the boundaries of user consent and regulation.

It works by requesting a presentation of the verified Personal Identification Data (PID) in the wallet of the user. It is very similar as the Identification service that itsme offers today.

It will work with a new type of attestation called the Strong Customer Authentication (SCA) attestation (also referred to as the Strong User Authentication (SUA) attestation). Your organisation will issue this attestation to the wallet of the user with our help where itsme acts as delegated issuer. We foresee endpoints for the (re)issuance, revocation, and verifying the status of the attestations of this attestation.

The same SCA attestation supports login, validation of sensitive operations, and payments per PSD2 regulation.

Login: presentation request for issued SCA

Validation of sensitive operation: SCA + signing a risk-action Transactional Data Object with user the wallet

Validation of payment: signing and linking of a payment TDO to the SCA attestation in the wallet per TS12. Please note that the standards of how Wallet implementations should handle payment transactions are still under construction.

Upcoming additions of instrument-level SCA to support third-party-requested flows:

• Payment Card

• IBAN attestation