1. Introduction
Across the European Union, the race to deploy the European Digital Identity Wallet (EUDIW) is well underway. Member states, regulatory bodies, and wallet providers are working toward achieving the ambitious goal of launching compliant, secure, and interoperable wallet solutions by the end of 2026. Implementation acts are progressing in phases, public consultations are ongoing, and technical standards are being formalised.
This is a pivotal moment not only to track progress but also to reflect on strategic questions that have emerged over recent months. One question stands above the rest: how do we ensure the security and trustworthiness of EUDI wallet systems, at scale, across the Union?
While technical teams are diligently developing security protocols and writing secure code, and while end-users must remain alert to phishing and misuse, much of the system's resilience will hinge on the secure management of cryptographic key pairs: the digital foundation for all identity credentials held within the wallet.
Crucially, what we often call “verifiable credentials” must be more precisely understood as Qualified Electronic Attribute Attestations ((Q)EAAs). These are digitally signed claims that prove aspects of an individual’s identity and enable secure, paperless verification across borders. The security of these attestations begins with how private keys are stored and protected.
Although this principle has been clearly recognised since the release of the Architecture and Reference Framework (ARF) v1.0 in 2023, the time has come to re-evaluate the technical options available, their current maturity, and their alignment with eIDAS2 and other key regulatory frameworks.
As policymakers and public-sector decision-makers begin selecting or certifying national wallet solutions, the choices made now will have long-term implications for digital sovereignty, cybersecurity assurance, and interoperability across Europe.
2. Reassessing the three current approaches to key protection
Mobile platform key storage (KeyStore/Keychain)
Mobile devices from Apple and Google offer built-in cryptographic key storage solutions, namely KeyStore (Android) and Keychain (iOS). These options are readily available, cost-effective, and well-supported by developers, making them attractive from an operational standpoint.
However, these mechanisms fall short in two critical areas:
- Sovereignty: These are proprietary, non-EU-controlled technologies.
- Compliance: They have not undergone EU-recognized certification (e.g., Common Criteria or EUCC at EAL4+/“High” level) and therefore cannot satisfy the assurance requirements of eIDAS2-compliant wallets.
Even where Apple, for example, has obtained FIPS validation for certain cryptographic components, such certifications are not directly applicable within the EUDI regulatory framework.
Efforts are underway to address this through the EU5G cybersecurity certification scheme, and these initiatives deserve strong institutional support. But they are not yet operationally ready.
External smart cards or FIDO tokens
Smart cards are a familiar and trusted component of national eID schemes. The EU has extensive experience producing, certifying, and deploying these hardware-based solutions.
From a security perspective, they offer the highest level of assurance. However, they introduce significant usability challenges. Requiring citizens to physically connect a smart card or FIDO token to a mobile device each time they use their wallet is impractical for most real-world scenarios.
Consequently, while smart cards may remain a viable option for niche or high-security use cases, they are unlikely to serve as the default solution for mass-scale digital wallets.
Remote hardware security modules (HSMs)
Remote HSMs are well-understood and widely used in regulated industries, with clear certification frameworks and market maturity. They offer a promising avenue for managing wallet keys securely, particularly when local device trust cannot be guaranteed.
However, current standards (e.g., CEN EN 419241-1:2018) only specify that key activation must occur in a secure manner, with high confidence that the user controls the key. Yet the Signer Interaction Component (SIC), the software on the user’s mobile device that enables this interaction, remains outside the scope of mandatory security evaluation.
This reveals a critical insight: securing the backend alone is not enough. The trust model must be distributed, spanning both the user’s device and the remote infrastructure that supports it.
3. A strategic alternative: threshold cryptography-based WSCA
Cybernetica has long been a pioneer in advanced cryptographic solutions, including secure multiparty computation, post-quantum cryptography, and Zero-Knowledge Proofs (ZKPs). Our 2022 work on ZKPs for mobile documents, commissioned by DARPA, has since influenced global players like Google.
Our proven SplitKey architecture, used for over five years in the eIDAS “high” level-certified Smart-ID scheme, is now being adapted for use in digital identity wallets. This approach, based on threshold cryptography, offers a distributed method of key protection that aligns with EU sovereignty and security objectives.
Key advantages include:
- Support for multiple key pairs: EUDI wallets must manage hundreds of keys (at least one per credential), unlike traditional eIDs, which require only two or three. SplitKey technology is designed for this scale.
- Decoupled user authentication: Wallets require centralized authentication mechanisms, not per-key PINs. SplitKey supports seamless, unified control.
- Post-Quantum Readiness: Cybernetica’s WSCA architecture supports RSA, EC, and post-quantum cryptographic algorithms, ensuring long-term viability as existing algorithms are phased out.
- Importantly, our software-based distributed WSCA, deployable on general-purpose hardware, offers wallet providers greater flexibility, vendor neutrality, and digital sovereignty enabling governments to retain full control over national infrastructure without dependency on foreign firmware or closed hardware solutions.
This model has been tested at scale: the Smart-ID system currently supports 3.5 million users, conducting millions of secure transactions daily.
4. Advancing standards: Protection Profiles (PP) for WSCA
To enable consistent security across national deployments, Cybernetica is collaborating with other European vendors through CEN/CENELEC TC224 WG17, the standards body behind existing SSCD/QSCD certifications.
The working group is now drafting a PP for WSCA components within EUDI wallets. It defines uniform security requirements for a class of products, enabling manufacturers to develop certified components, labs to independently evaluate them, and public authorities to procure them with confidence.
A formal New Work Item Proposal has already been approved by eight member states and drafting is underway. Cybernetica is contributing its expertise to ensure that software-based distributed WSCAs are fully aligned with CEN/CENELEC standards and European regulatory expectations.
We encourage public-sector actors and industry leaders to engage with this process. The broader the participation, the stronger and more inclusive the resulting certification framework will be.
5. Conclusion
As EUDI wallet projects progress across the EU, decisions about cryptographic key protection will shape not only the security of the solution but also its compliance and usability.
We urge government bodies and policy decision-makers to choose a solution that is certified, scalable, resilient, and future-proof: a solution that supports long-term digital autonomy while meeting the highest levels of assurance under EU law.
At Cybernetica, we are proud to offer a fourth alternative: a software-based, distributed, standards-compliant WSCA, built on decades of cryptographic research and operational success.