Welcome to eID Easy Conversations, a series where we sit down with people across (and outside of) eID Easy to talk through the topics shaping digital identity, from regulation and compliance to product and real-world implementation.

Some of these conversations will start with a product update. This one starts with a role that many organisations are about to step into, whether they realise it yet or not…

eID Easy Conversations: Understanding Relying Party Obligations Under eIDAS 2.0

As the EU Digital Identity Wallet (EUDIW) moves steadily from policy discussions into real implementation, one concept keeps coming up in almost every serious conversation: the relying party.

It is a term that sounds technical (and to be fair, I think it is), but it is also one that will soon affect a lot more organisations than many might expect.

To unpack what this really means in practice, I (virtually) sat down with Andrea, Chief Compliance Officer at eID Easy, to talk through the relying party role under eIDAS 2.0, the obligations that come with it, and where the real challenges lie.

What follows is Andrea’s perspective, thoughtful, precise, and grounded in how this will actually work:

Let’s start at the beginning. What exactly is a relying party under eIDAS 2.0?

Andrea:
Under eIDAS 2.0, a wallet-relying party is any entity that requests or uses identity data or attestations from a user’s EU Digital Identity Wallet in order to deliver a service.

This definition is clearly set out in Commission Implementing Regulation (EU) 2025/848 of 6 May 2025, which lays down the practical rules for participation in the wallet ecosystem.

→ So, put simply, if an organisation uses data from an EUDI Wallet, whether that is identity information, specific attributes, or attestations, it is acting as a relying party?

Andrea:
Exactly! 

Why do relying parties matter so much in the wallet model?

Andrea:
Because the EU Digital Identity Wallet is designed as a pan-European system, interoperability is essential.

For interoperability to work, all participants, and relying parties in particular, must follow harmonised rules. The implementing regulation makes this explicit. Relying parties are not passive recipients of data. They are accountable actors within the trust model.

That accountability is what allows the system to function consistently across borders.

What is the first concrete obligation for a relying party?

Andrea:
The starting point is registration.

Relying parties must register in a national register in the Member State where they are established. The framework is designed to prevent duplication. National registers are expected to verify that an entity is not already registered elsewhere, so double registration should not occur.

This step is more than administrative. It formally establishes the relying party’s role and responsibilities within the ecosystem.

What do relying parties have to declare during registration?

Andrea:
Among the various formal requirements listed in Annex I of the implementing regulation, one obligation deserves particular attention.

For each intended use, the relying party must declare a precise list of the data it intends to request from users’ wallets. This includes specific attributes and attestations.

This requirement is strict by design. Requesting data beyond what has been declared is explicitly identified as a ground for cancellation under Article 6. It reinforces core principles such as purpose limitation and data minimisation.

What happens once a relying party is registered?

Andrea:
Once registration is complete, the relying party receives a relying party registration certificate.

This certificate effectively acts as the relying party’s identity card within the EU Digital Identity Wallet ecosystem. It contains all the relevant information needed to identify the relying party and its authorised purposes.

Alongside this, there is an access certificate, which governs how the relying party technically interacts with wallets. This is enforced through wallet-relying party access certificates and access policies. These define how the relying party authenticates itself and accesses user data.

For a pan-European system to work, these certificates and policies must be syntactically and semantically harmonised across Member States.

From a user’s point of view, what changes?

Andrea:
Transparency is a fundamental part of the design.

Wallets are able to warn users if a relying party requests data beyond what is registered or authorised. This gives users clarity about what is being requested and why, and it reinforces trust in the system.

At the same time, it encourages relying parties to operate strictly within their declared entitlements.

What do you see as the biggest challenge ahead?

Andrea:
The legal framework itself is relatively clear. The real challenge lies in technical convergence.

Ensuring that relying parties, wallets, and national systems interact in a compatible and interoperable way across the EU will require careful implementation and coordination.

→ So, that is why early preparation matters? Especially working with partners (like us) who understand both the regulatory and technical dimensions of this ecosystem?

Andrea:
I believe so, yes. 

Any final thoughts?

Andrea:
I’d just add that implementing Regulation (EU) 2025/848 makes one thing very clear: Relying parties are central actors in the EU Digital Identity Wallet trust model.

They are required to formally register, keep their information accurate and up to date, and operate strictly within their declared purposes and entitlements. That discipline is what allows trust to be built and maintained at the EU scale.

Why this matters for eID Easy

At eID Easy, compliance is not something we add at the end. It is something we start with.

Understanding and operationalising relying party obligations is a big part of how we help organisations approach the EU Digital Identity Wallet in a way that is responsible, transparent, and grounded in the regulatory reality.

Thank you, Andrea.
Until the next eID Easy Conversations.