eIDAS 2.0: eID update and the EUDI Wallet – implications for banks

Obserwatorium biz » articles

What does implementing the European Digital Identity Framework in Poland involve?

The implementation of the European Digital Identity Framework (eIDAS 2.0) in Poland involves:

  • Amendment of the Act on Trust Services, Electronic Identification, and certain other acts.
  • Evolution of the mObywatel (mCitizen) application to the mObywatel Europa (mCitizen Europe) standard.

The new model, based on EU eIDAS 2.0 regulations, creates a digital wallet that will enable citizens to securely identify themselves, use a free qualified electronic signature, and manage Electronic Attribute Attestations (EAA). According to the eIDAS 2.0 rollout schedule, banks will be required to accept the wallet from December 2027.

Key Stages of the Process

The key stages of this process as set out in the documentation:

  • December 24, 2026: deadline for making the wallet application available to users in Poland.
  • Preparatory period: banks will have approximately 12 months from the wallet’s launch (i.e. from the end of 2026) to adapt their systems to accept it.
  • December 2027: from this point, acceptance of the European Digital Identity Wallet becomes mandatory for banks and other obliged commercial entities in customer identification processes, both online (e.g., remote onboarding) and on-site (branch services).

The evolution from the current mObywatel 2.0 application to mObywatel Europa includes a number of modifications.

Main Differences

The key differences:

  • Recognition and Level of Assurance (LoA): While current version of application (so called mObywatel 2.0) is primarily for domestic purposes, Europe version (so called mObywatel 3.0) will provide a high-assurance electronic identification means(LoA High), recognized and accepted across all EU member states.
  • Identity model: mObywatel 2.0 uses a federated model where identity passes through central nodes (e.g., login.gov.pl). mObywatel Europa is user-centric, allowing the wallet holder to directly control the sharing of data with relying parties, often without intermediaries or central APIs.
  • Electronic Attribute Attestations (EAA): Version 2.0 focuses on digital documents (e.g., mID card, mDriver’s License). Version 3.0 introduces EAA, enabling the sharing of specific attributes (e.g., age, education, professional qualifications) without revealing the full document, while maintaining the same legal validity as traditional attestations.
  • Free Qualified Electronic Signature:mObywatel Europa will allow any individual to issue a qualified electronic signature free of charge for private (non-professional) use.
  • Functional scope: The new wallet will include new services, such as e-payments, receipt of official communications, parental services, and identification of legal entities and entrepreneurs.
  • Relation to commercial entities: Unlike the current version, acceptance of the mObywatel Europa wallet will become mandatory for banks and other key commercial entities in both online and on-site identification (from December 2027).

For banks acting as relying parties (entities accepting the EUDI Wallet), eIDAS 2.0 implements new certification and registration mechanisms:

  • Qualified access and registration certificates: new types of certificates for trust service providers and relying parties.
  • Relying Party Registry: system for monitoring entities, including banks, that accept the European Digital Identity Wallet.
  • Attribute Verification Point: mechanism enabling the verification of data against Authentic Sources.

Implications for banks

The eIDAS 2.0 regulation maintains existing trust services while introducing new ones that banks will be required to recognize and accept. One of the most important is the issuance of Electronic Attestation of Attributes (EAA). These allow for digital confirmation of specific data, such as age, education, qualifications, or employment. An EAA carries the same legal effect as traditional public documents or certificates.

Using EAAs, banks as relying parties can retrieve a wide range of data from the European Digital Identity Wallet (mObywatel Europa). The wallet also enables banks to verify specific information without requiring paper-based attestations and to obtain attribute information for specific procedural purposes.

Basic Identifying Data (PID)

This forms the foundation of a high-assurance digital identity, including:

  • PESEL (national identification number)
  • First and last name
  • Date and place of birth
  • Citizenship
  • Facial image

Detailed attributes from public and private registries

  • Education data: degree, school/university, graduation date
  • Employment data: employer name, type of employment, tax ID (NIP)
  • Address data: city, street, postal code
  • Family information: children’s names and PESEL numbers, relevant for creditworthiness and social benefits
  • Permissions and other credentials: certificates and attestations from trusted sources (e.g., ZUS, CEPIK, banking registries)

Specialized Attestations (EAA)

  • Age verification: confirming adulthood without disclosing the full date of birth when required.
  • Legal entity data: identification of entrepreneurs and representatives of business entities.

All data sharing with banks will occur only with explicit user consent. EAAs carry the same legal effect as traditional public documents or certificates.


Publication date: 7.04.2026