The European Union launched the European Digital Identity Wallet (EUDIW) initiative, which has become a significant development for consumers and Original Equipment Manufacturers (OEMs). NXP Semiconductors plays an active role in supporting this transformative initiative, which promises to reshape how digital identity is managed and secured across Europe and potentially beyond.
Under the electronic Identification, Authentication and Trust Services (eIDAS) 2.0 regulation the European Digital Identity Framework officially came into force in May 2024 and rollout is scheduled to be completed by 2027. Described as “a mobile app enabling users to identify themselves to public and private online services, all over Europe”, every EU Member State must provide at least one EUDIW version built according to common specifications.
Alongside secure ID functionality, the EUDIW enables users to store and share digital documents such as passports, driving licenses, university qualifications, health records and travel documents. Beyond serving as a digital ID and a secure container for digital credentials, the EUDIW also supports Qualified Electronic Signatures and Seals (QES). These digital signatures hold the same legal validity as handwritten signatures, enabling fast and secure authentication of documents and transactions.
The role of the Secure Element in EUDIW
Given the high sensitivity, confidentiality and value of the data involved, the EUDIW is designed to have the strictest security standards. eIDAS 2.0 mandates the use of a Wallet Secure Creation Device (WSCD ), a certified component providing trusted storage and isolation for sensitive data. In mobile devices, the Secure Element (SE) fulfils this critical role, providing a tamper-resistant environment for cryptographic data storage.
Typically, SEs are robust microcontrollers engineered to resist tampering and protect cryptographic operations. Unlike cloud solutions, they ensure that identity data is physically isolated on the user’s device, with access strictly controlled by the user. Furthermore, SEs enable secure offline identity verification, enhancing reliability in any scenario.
Security measures built in
SEs are certified to Common Criteria EAL5+ with the highest level of security evaluation (AVA_VAN.5). This certification demonstrates advanced protection against tampering, side-channel analysis, fault injection and other sophisticated attacks. Collectively, there measures deliver the highest level of security, meeting eIDAS requirement security level high.
Supporting unique use cases
Embedded Secure Elements (eSE) support use cases that cannot be matched by cloud solutions. Hardware-based security ensures that even without connectivity or when the device has no battery, users can securely access identity credentials and complete verification tasks. That guarantees both privacy and availability regardless of network connection.
User control and privacy
SEs ensure that identity data is physically isolated and protected on the user’s device, with access strictly controlled by the user. This local data management ensures privacy and gives individuals greater confidence and autonomy over their credentials. In contrast, remote cloud solutions store data outside the user’s control and doesn’t offer a security level that matches the protection provided by SEs.
NXP’s expertise in secure identity
NXP stands at the forefront of secure identification and mobile connectivity, offering OEMs a trusted foundation for integrating NFC services into smartphones, wearables and other connected devices. With a legacy rooted in secure identity technologies – spanning electronic passports and national ID programs – NXP brings decades of expertise to the digital realm. Our eSE solutions, deployed globally in hundreds of millions of devices, deliver proven security and reliability for mobile payments, transit and authentication. NXP’s mobile wallet extends into an end-to-end solution for a myriad of security applications such as NFC-based payments, mobile ticketing, eSIM and spatial-aware applications enabled by UWB.
This greatly simplifies development and accelerates time-to-market for secure embedded services. And as a key contributor to GlobalPlatform standards, NXP ensures its solutions meet stringent security and interoperability requirements.
Looking ahead, NXP is leading the way in Post-Quantum Cryptography (PQC). Embedding next-generation cryptography directly into the hardware root of trust. This strategic integration enables secure boot, encrypted communications and crypto agility across mobile, IoT, automotive and industrial applications. Ensuring long-term resilience in an increasingly complex landscape.
Driving innovation and standards together
Through continuous innovation in standardization, certification and secure hardware, NXP is supporting the EU’s mission to establish a trustworthy, interoperable infrastructure for digital trust and identity. Contributing both technical leadership and practical expertise to ensure alignment with eIDAS 2.0 regulations.
That includes actively participating in GlobalPlatform, the international standards body for securing digital services and devices. GlobalPlatform sets the specifications that determine how SEs operate in diverse environments. For the EUDIW, these standards govern secure applet deployment, offline credential verification and remote lifecycle management.
For more information, read GlobalPlatform’s positioning paper co-authored with NXP outlining how SEs can satisfy the EUDIW’s most stringent security requirements.
