Case study: how a government launched a national digital identity wallet and what it learned

Why It Matters

By early 2026, more than 160 countries have some form of digital identity programme in place, yet fewer than 20 have achieved adoption rates above 50 percent of their eligible population (World Bank ID4D, 2025). The European Union's revised eIDAS 2.0 regulation, which mandates that all member states offer citizens a digital identity wallet by 2026, has accelerated a global race to build secure, privacy-preserving credential systems. Ukraine's Diia app, launched under wartime conditions, now serves over 19 million users and has processed more than 4.5 billion digital document transactions since 2020 (Ministry of Digital Transformation of Ukraine, 2025). India's Aadhaar system covers 1.39 billion enrollees and facilitates over 100 million authentication transactions daily (UIDAI, 2025). Yet for every success, there are cautionary tales: the United Kingdom scrapped its national ID card programme in 2010 after spending £250 million, and Jamaica's NIDS project stalled for years due to legal challenges over biometric data collection.

This case study traces how the European Union and selected member states designed, piloted, and began rolling out the EU Digital Identity Wallet (EUDIW) under eIDAS 2.0. It examines what worked, what did not, and what other governments and organizations can learn from the process.

Key Concepts

Digital identity wallets. A digital identity wallet is a mobile application or secure hardware element that stores verifiable credentials issued by trusted authorities. Unlike centralized identity databases, wallets give citizens control over which attributes they share with which service. The holder can prove their age, professional license, or vaccination status without revealing unnecessary personal data.

Verifiable credentials and decentralized identifiers. The technical backbone of modern wallets relies on W3C Verifiable Credentials (VCs) and Decentralized Identifiers (DIDs). A credential issuer (a university, government agency, or employer) cryptographically signs a claim. The holder stores it in their wallet. A verifier (a bank, airline, or online service) can check the cryptographic proof without contacting the issuer, reducing single points of failure and protecting user privacy (W3C, 2024).

Trust frameworks. A trust framework defines who can issue credentials, what assurance levels are required, and how disputes are resolved. The EU's Architecture and Reference Framework (ARF) v1.4, published in early 2025, specifies three assurance levels (low, substantial, high) and mandates that wallets support qualified electronic signatures, selective disclosure, and zero-knowledge proof mechanisms for unlinkability (European Commission, 2025).

Selective disclosure. Rather than presenting an entire identity document, selective disclosure allows a user to prove a specific attribute. For example, proving "over 18" without revealing an exact birthdate. This is a core privacy requirement of eIDAS 2.0 and one of the hardest features to implement at scale.

Cross-border interoperability. For the EU, interoperability means a Finnish citizen's wallet must work at a Spanish bank and a German car rental counter. This requires harmonized data schemas, mutual recognition of assurance levels, and technical compatibility across 27 member states' implementations.

What's Working and What Isn't

Working: Large-scale pilots producing real feedback. The European Commission funded four large-scale pilots (LSPs) under the EU Digital Identity Wallet consortium, collectively involving over 360 organizations across 26 member states and 11 use cases including mobile driving licenses, educational credentials, and health prescriptions (EU Digital Identity Wallet Consortium, 2025). The POTENTIAL pilot alone tested cross-border identification and payment authentication with 40,000 users across six countries by mid-2025. These pilots surfaced critical UX and interoperability issues before full-scale deployment, a lesson from India's Aadhaar rollout, where phased pilots in Andhra Pradesh and Jharkhand informed national design decisions (Nilekani, 2024).

Working: Ukraine's Diia as a wartime stress test. Ukraine's Ministry of Digital Transformation launched Diia (the name means "action" in Ukrainian) in February 2020, and the app became indispensable during the full-scale invasion beginning in 2022. By 2025, Diia held over 14 legally recognized digital documents including passports, driver's licenses, and internally displaced person certificates. The app processed 121 million government services in 2024 alone (Ministry of Digital Transformation of Ukraine, 2025). Diia proved that a digital identity wallet can function under extreme stress, including infrastructure destruction, population displacement, and cybersecurity threats. The system's architecture separates identity verification (performed against the national registry) from document storage (encrypted on-device), a design that limited the damage when Russian-linked threat actors attempted DDoS and phishing campaigns.

Working: India's modular identity stack. India's Aadhaar system, administered by the Unique Identification Authority of India (UIDAI), now supports a layered ecosystem. The India Stack combines Aadhaar authentication, Unified Payments Interface (UPI), and DigiLocker (a document wallet) to enable financial inclusion at scale. In 2024, UPI processed 16.6 billion transactions in a single month, and DigiLocker had over 300 million registered users (MeitY, 2025). The modular approach allowed private-sector innovation on top of government infrastructure, a pattern the EU is attempting to replicate with eIDAS 2.0's relying party framework.

Not working: User adoption friction. Despite technical progress, citizen uptake remains a challenge in many EU pilot countries. Germany's pilot of the BundesIdent wallet app achieved only 350,000 downloads in its first six months, far below the target of 2 million (BSI, 2025). Users cited confusing onboarding flows, the need for NFC-enabled ID cards, and unclear value propositions as barriers. Estonia, often held up as a digital identity leader, still sees only 51 percent of citizens using its mobile-ID service regularly despite two decades of investment (e-Estonia, 2025).

Not working: Vendor lock-in risks. Several member states discovered during pilots that proprietary wallet SDKs created dependencies on single technology providers. When one major vendor adjusted its licensing terms mid-pilot, three national implementations faced months of rework. The European Commission responded by mandating open-source reference implementations and publishing the EUDIW Reference Implementation on GitHub, but legacy procurement contracts remain a barrier in several countries (European Commission, 2025).

Not working: Interoperability gaps. Despite the ARF specification, cross-border credential verification remains inconsistent. Credential schemas for educational qualifications vary between countries. A Portuguese university diploma stored as a verifiable credential could not be automatically validated by a Dutch employer's system in one pilot test because field mappings differed. The European Blockchain Services Infrastructure (EBSI) is working on harmonized schemas, but full convergence is expected no earlier than 2027 (EBSI, 2025).

Key Players

Established Leaders

• Thales Group — Provides secure element technology and digital identity solutions to over 30 national ID programmes worldwide, including multiple eIDAS 2.0 pilot implementations
• IDEMIA — Supplies biometric identity systems to more than 180 government agencies globally and is a core technology partner in several EU wallet pilots
• Mastercard — Operates digital identity verification services and partners with governments on wallet-based payment authentication through its ID platform

Emerging Startups

• Procivis — Swiss company developing an open-source digital identity wallet framework adopted by two European government pilots
• SpruceID — Builds open-source decentralized identity tooling including the SpruceKit SDK used in mobile driving license implementations across US states
• Animo Solutions — Dutch startup specializing in verifiable credential infrastructure, contributing to the EUDIW Reference Implementation
• Walt.id — Austrian identity infrastructure startup providing wallet-as-a-service APIs for government and enterprise deployments

Key Investors/Funders

• European Commission (Digital Europe Programme) — Committed over €46 million to the four large-scale EU Digital Identity Wallet pilots between 2023 and 2025
• World Bank ID4D Initiative — Funds identity system development in 49 countries with over $2.4 billion in active lending for digital ID infrastructure
• Bill & Melinda Gates Foundation — Supports open-source digital public infrastructure including MOSIP (Modular Open Source Identity Platform) used by 11 countries

Examples

Estonia's e-Residency and mobile-ID evolution. Estonia pioneered government digital identity in 2002 with its national ID card and expanded to mobile-ID and smart-ID over the following two decades. By 2025, 99 percent of government services are available online, and e-Residency has attracted over 110,000 digital entrepreneurs from 180 countries (e-Estonia, 2025). The key lesson is sustained political commitment: Estonian law mandates digital-first service delivery, removing the "why bother" barrier that plagues voluntary adoption. However, Estonia's small population (1.3 million) means lessons on scaling must be adapted carefully for larger nations.

Singapore's Singpass. Singapore's national digital identity platform, Singpass, serves 5.5 million users (97 percent of eligible residents) and is integrated with over 2,700 government and private-sector services (GovTech Singapore, 2025). Singpass introduced face verification in 2020 and document wallet capabilities in 2022. The system's success rests on aggressive integration: citizens cannot access banking, healthcare, or tax services without Singpass, creating an immediate utility case. Singapore also publishes detailed API documentation and sandboxes that enable private-sector adoption within weeks rather than months.

Nigeria's NIN-SIM integration. Nigeria tied its National Identification Number (NIN) to SIM card registration, requiring all mobile subscribers to link their NIN or face disconnection. By late 2024, over 105 million Nigerians had enrolled, but the programme drew criticism for digital exclusion of rural populations and data protection concerns (NIMC, 2025). An estimated 40 million mobile users faced temporary disconnections during enforcement waves. Nigeria's experience illustrates both the power and peril of coercive enrollment strategies: adoption numbers climb rapidly, but trust erodes when enforcement outpaces infrastructure readiness.

Action Checklist

1. Start with a clear value proposition. Identify 3 to 5 high-frequency services (tax filing, banking onboarding, healthcare access) that will be available exclusively or preferentially through the wallet. Estonia and Singapore show that adoption follows utility.

2. Mandate open standards from day one. Require W3C Verifiable Credentials, DID standards, and published API specifications in all procurement contracts. Avoid proprietary credential formats that create vendor lock-in.

3. Run phased pilots with diverse demographics. Test with elderly users, rural populations, and people with disabilities, not just tech-savvy urban early adopters. Germany's BundesIdent experience shows that NFC-dependent onboarding excludes large user segments.

4. Build privacy architecture before scaling. Implement selective disclosure and unlinkability features from the outset. Retrofitting privacy is technically harder and politically damaging. Ukraine's Diia demonstrates that encrypted on-device storage can withstand adversarial conditions.

5. Publish open-source reference implementations. Transparency builds developer trust and accelerates ecosystem growth. The European Commission's decision to open-source the EUDIW Reference Implementation has drawn contributions from over 200 organizations.

6. Establish an independent governance body. Separate the entity that sets credential policies from the entity that operates the technology. Conflicts of interest emerge when the same ministry both issues credentials and operates the verification infrastructure.

7. Plan for cross-border interoperability early. Harmonize credential schemas with international partners before domestic systems harden around proprietary formats. The EU's experience with inconsistent educational credential schemas warns against delaying this work.

8. Budget for long-term maintenance. Digital identity systems require continuous updates for security patches, evolving standards, and new use cases. Allocate at least 15 to 20 percent of initial build costs annually for ongoing operations.

FAQ

How long does it typically take to launch a national digital identity wallet? Based on recent implementations, the timeline from policy decision to production launch ranges from 18 months (Ukraine's Diia, built under emergency wartime conditions) to 5 or more years (EU member states under eIDAS 2.0, which began regulatory development in 2021 with full deployment expected by late 2026). A realistic planning horizon for a mid-sized country is 2 to 3 years, including legislative framework development, procurement, pilot testing, and phased rollout. Accelerating this timeline typically requires strong executive sponsorship and pre-existing digital infrastructure.

What are the biggest privacy risks with government digital identity wallets? The primary risks include mass surveillance through correlation of wallet usage across services, data breaches of centralized registries, and function creep where identifiers deployed for one purpose are later used for unrelated tracking. Well-designed wallets mitigate these risks through selective disclosure (sharing only the minimum attributes needed), unlinkability (preventing verifiers from correlating interactions), and on-device credential storage (reducing central honeypot risk). The eIDAS 2.0 regulation explicitly prohibits wallet providers from tracking user behavior across relying parties, though enforcement mechanisms are still being finalized (European Commission, 2025).

How do digital identity wallets handle people without smartphones? Most national programmes maintain fallback mechanisms. Estonia offers physical ID cards alongside mobile-ID. India's Aadhaar supports biometric authentication at point-of-service terminals that do not require the enrollee to own a device. The EU's ARF specification requires member states to provide alternative access for citizens who cannot use smartphone-based wallets, though specific implementations vary. Singapore allows in-person Singpass authentication at community centers with assisted digital kiosks. Inclusive design requires planning for offline and device-free scenarios from the start.

What does a digital identity wallet cost a government to build and operate? Costs vary enormously by scope and ambition. Ukraine built Diia for an estimated $35 to $40 million over its first three years, leveraging existing registry infrastructure. The EU's four large-scale pilots received over $50 million in direct funding, supplemented by member-state contributions. India's Aadhaar programme cost approximately $1.5 billion over its first decade but serves 1.39 billion people, bringing the per-capita cost to roughly $1.10 (UIDAI, 2025). Annual operating costs typically run 15 to 25 percent of initial capital expenditure. For a country of 10 to 50 million people, a reasonable budget estimate is $30 to $100 million for initial build and $5 to $20 million annually for operations.

Can digital identity wallets work across different countries? Cross-border interoperability is technically feasible and is a core design goal of eIDAS 2.0, but practical implementation remains challenging. The EU's large-scale pilots demonstrated successful cross-border authentication in controlled environments, but schema mismatches and varying assurance levels created friction. Outside the EU, bilateral agreements between countries (such as Finland and Estonia's cross-border digital identity agreement signed in 2023) provide a path forward but scale slowly. The International Civil Aviation Organization (ICAO) is also developing standards for digital travel credentials that could enable wallet-based border crossing.

Sources

• World Bank. (2025). Identification for Development (ID4D) Global Dataset: Country-Level Digital Identity Coverage. World Bank Group.
• European Commission. (2025). EU Digital Identity Wallet Architecture and Reference Framework v1.4. European Commission.
• EU Digital Identity Wallet Consortium. (2025). Large-Scale Pilot Progress Report: Participation Statistics and Use Case Results. European Commission.
• Ministry of Digital Transformation of Ukraine. (2025). Diia Annual Report 2024: Usage Statistics, Service Delivery and Resilience Metrics. Government of Ukraine.
• UIDAI. (2025). Aadhaar Dashboard: Enrollment and Authentication Statistics. Unique Identification Authority of India.
• MeitY. (2025). India Stack: UPI Transaction Volumes and DigiLocker Registration Data. Ministry of Electronics and Information Technology, Government of India.
• W3C. (2024). Verifiable Credentials Data Model v2.0. World Wide Web Consortium.
• BSI. (2025). BundesIdent Pilot Evaluation: Download Statistics and User Feedback Summary. Bundesamt für Sicherheit in der Informationstechnik.
• e-Estonia. (2025). Digital Society Statistics: Mobile-ID Usage and e-Residency Enrollment. Enterprise Estonia.
• GovTech Singapore. (2025). Singpass: Platform Statistics and Integration Partners. Government Technology Agency of Singapore.
• NIMC. (2025). National Identification Number Enrollment Progress Report. National Identity Management Commission, Nigeria.
• EBSI. (2025). European Blockchain Services Infrastructure: Credential Schema Harmonization Roadmap. European Commission.
• Nilekani, N. (2024). The Aadhaar Effect: Lessons from India's Digital Identity Journey. Oxford University Press.