Digital Identity Wallets and the Private Client
The EU Digital Identity Wallet, mandated under eIDAS 2.0, rolls out across member states from 2026 onwards. By 2027 every EU citizen has the option of using the wallet to prove identity to public services and to private-sector relying parties (banks, insurers, telecoms, employers). The wallet is voluntary for the individual but mandatory for relying parties to accept.
For a private client the practical effect is subtler than the headlines suggest.
The wallet does not change what is recorded about an individual; it changes how the recording is verified. A bank onboarding a new private client in 2027 may, instead of asking for certified copies of passport and utility bill, request a cryptographic attestation through the wallet. The attestation conveys the same facts more efficiently and more securely than the paper-based process.
Three consequences follow that bear on an audit.
First, the chain of verification is more readable. Each attestation the wallet issues is signed by the issuing authority (the member state government); the attestation includes timestamps and a verifiable signature. A relying party, asked later why it accepted a given identity, can produce a cryptographic record. From the audit's perspective, what was previously an opaque CDD file is now a verifiable record chain.
Second, the inconsistencies that traditional verification papers over become harder to maintain. A client who has held two passports under slightly different name spellings, or who has a registered residence at one address and a banked residence at another, has historically been able to maintain those inconsistencies through paper-based verification by presenting different documents to different relying parties. A wallet, by contrast, presents a single authoritative attestation. The inconsistency must either be reconciled or be visible.
Third, the audit's standard reading of identity records now includes, where lawful, the wallet-issued attestations. The desk has added the relevant EU eIDAS authority indexes to its source registry; the new sources are read at depth from 2026 onwards.
The UK and Switzerland operate their own identity frameworks (the UK Digital Identity and Attributes Trust Framework, and the Swiss eID being introduced from 2026). The desk reads each at the appropriate access tier.
What this calls for in private clients is, again, hygiene. Where inconsistencies in identity records exist for legitimate historical reasons (a name change on marriage, a relocation that has not been fully reflected in records), the audit identifies them and the client can address them in order. Where they exist for less legitimate reasons, addressing them in advance is materially less costly than having them noticed by a counterparty at onboarding.