EUDI Wallet ecosystem context

The EU Digital Identity Wallet (EUDI Wallet) ecosystem represents a fundamental shift in how European citizens prove their identity and share verified information online. This page explains the key roles, terminology, and architecture patterns that make up this ecosystem, and shows how Truvity EUDIW Connector fits into the broader digital identity landscape.

The digital identity triangle of trust

The EUDI Wallet ecosystem builds on the concept of the Triangle of Trust—a model that defines how trust is established between three key parties in digital identity interactions.

Background

If you're familiar with Self-Sovereign Identity (SSI) concepts (a model where individuals control their own digital identity data without relying on a central authority), the EUDI ecosystem extends the traditional Triangle of Trust with EU-specific regulations, standards, and infrastructure.

Core roles

Every credential exchange in the EUDI ecosystem involves three fundamental roles and one optional role.

1. PID and attestation providers (issuers)

Issuers are government agencies, banks, universities, and other trusted organizations that issue digital credentials. They create and digitally sign verifiable credentials containing verified attributes and cryptographic proofs of authenticity.

Examples include:

• A government issuing Personal Identification Data (PID), the digital equivalent of a national ID card containing attributes like name, date of birth, and nationality.
• A university issuing educational qualifications (diplomas, certificates).
• A bank issuing proof of account ownership or creditworthiness.
• An employer issuing professional licenses or certifications.

In the EUDI context, credentials issued by qualified or non-qualified attestation providers (such as educational or financial institutions) are called Electronic Attestations of Attributes (EAA).

2. Wallet holders (users)

Wallet holders are EU citizens and residents who own and control an EUDI Wallet app. They store credentials received from issuers, decide what information to share, and present credentials to verifiers.

Key characteristics of wallet holders:

• User control: They decide when and with whom to share credentials.
• Privacy protection: They can use selective disclosure to share only required attributes.
• Device-based: Wallets run on their personal devices (smartphones, tablets).
• Multi-credential: Wallets can hold PIDs, educational credentials, professional licenses, and more.

3. Relying Parties (verifiers)

Relying Parties (RPs) are organizations that need to verify user credentials to provide services or grant access. They request specific credentials, verify their authenticity and validity, and make decisions based on the information.

Examples include banks verifying identity for KYC, airlines checking identity for boarding, government services determining benefit eligibility, and employers verifying qualifications.

When you integrate the EUDIW Connector, your organization acts as a Relying Party.

4. Relying Party Intermediaries (RPIs)

The Architecture Reference Framework (ARF) defines the Relying Party Intermediary (RPI) role as a specialized service provider that acts on behalf of a Relying Party to handle the technical complexity of wallet interactions. RPIs provide infrastructure for verification, trust evaluation, and protocol implementation.

According to eIDAS 2.0 Article 5b(10), RPIs "shall not store data about the content of the transaction." They verify and forward credential data but cannot persist user attributes. Under the regulation, intermediaries are deemed to be Relying Parties themselves and must register with a Registrar.

note

The RPI role is defined by eIDAS 2.0 and the Architecture Reference Framework. It is described here for ecosystem context. The EUDIW Connector's current deployment models do not use the RPI role—your organization acts as the Relying Party directly.

Trust framework

The trust framework ensures verifiers can trust credentials without prior knowledge of the issuer:

1. Issuers and RPs are registered: Attestation providers and Relying Parties register with a Registrar designated by their member state. Registrars maintain the official list of registered entities.
2. Credentials are signed: Each credential contains a cryptographic signature from the issuer.
3. Wallets prove possession: Key binding proves the presenter legitimately holds the credential.
4. Verifiers check everything: Relying Parties verify signatures, check revocation status, and validate trust chains.

Deep dive

For detailed explanation of trust establishment mechanisms, certificate chains, cross-border trust, and comparison to other trust models, see Trust establishment.

Where Truvity fits in the ecosystem

Truvity is a solution provider. The EUDIW Connector is available as a Dedicated deployment (managed by Truvity on your behalf) or Self-managed (operated by you). In both models, the connector handles the complexity of protocol implementation, cryptographic operations, and compliance requirements, acting as the bridge between your app and the EUDI Wallet ecosystem.

Your organization is the Relying Party. You own the RP registration with a Registrar designated by your member state, manage your access certificates and registration certificates, and control all data processing. The connector handles trust evaluation, signature validation, credential verification, and delivers verified data to your callback. Wallet users always see your organization as the Relying Party.

For detailed architecture diagrams, trust chains, and deployment patterns, see Connector architecture.

Key terminology

The EUDI Wallet ecosystem uses specific terminology. For complete definitions, see the Glossary.

Further reading

• What is the EUDIW Connector?—product introduction
• Compliance and regulations—eIDAS 2.0, ARF, and your compliance responsibilities
• Use cases—real-world scenarios for credential verification
• Connector architecture—system components, data flow, and security design