The European Union launched the European Digital Identity Wallet (EUDIW) initiative, which has become a significant
development for consumers and Original Equipment Manufacturers (OEMs). NXP Semiconductors plays an active role in
supporting this transformative initiative, which promises to reshape how digital identity is managed and secured
across
Europe and potentially beyond.
Under the electronic
Identification, Authentication and Trust Services (eIDAS) 2.0 regulation the European Digital
Identity Framework officially came into force in May 2024 and rollout is scheduled to be completed by
2027.
Described as
“a mobile app enabling users to identify themselves to public and private online services, all over Europe”, every
EU
Member State must provide at least one EUDIW version built according to common specifications.
Alongside secure ID functionality, the EUDIW enables users to store and share digital documents such as passports,
driving licenses, university qualifications, health records and travel documents. Beyond serving as a digital ID and
a
secure container for digital credentials, the EUDIW also supports Qualified
Electronic
Signatures and Seals (QES). These
digital signatures hold the same legal validity as handwritten signatures, enabling fast and secure authentication
of
documents and transactions.
The role of the Secure Element in EUDIW
Given the high sensitivity, confidentiality and value of the data involved, the EUDIW is designed to have the
strictest
security standards. eIDAS 2.0 mandates the use of a Wallet Secure Creation Device (WSCD
), a certified component
providing trusted storage and isolation for sensitive data. In mobile devices, the Secure Element (SE) fulfils this
critical role, providing a tamper-resistant environment for cryptographic data storage.
Typically, SEs are robust microcontrollers engineered to resist tampering and protect cryptographic operations.
Unlike
cloud solutions, they ensure that identity data is physically isolated on the user’s device, with access strictly
controlled by the user. Furthermore, SEs enable secure offline identity verification, enhancing reliability in any
scenario.
Security measures built in
SEs are certified to Common Criteria EAL5+ with the highest level of security evaluation (AVA_VAN.5). This
certification
demonstrates advanced protection against tampering, side-channel analysis, fault injection and other sophisticated
attacks. Collectively, there measures deliver the highest level of security, meeting eIDAS requirement security
level
high.
Supporting unique use cases
Embedded Secure Elements (eSE) support use cases that cannot be matched by cloud solutions. Hardware-based security
ensures that even without connectivity or when the device has no battery, users can securely access identity
credentials
and complete verification tasks. That guarantees both privacy and availability regardless of network connection.
User control and privacy
SEs ensure that identity data is physically isolated and protected on the user’s device, with access strictly
controlled
by the user. This local data management ensures privacy and gives individuals greater confidence and autonomy over
their
credentials. In contrast, remote cloud solutions store data outside the user’s control and doesn’t offer a security
level that matches the protection provided by SEs.
NXP’s expertise in secure identity
NXP stands at the forefront of secure identification and mobile connectivity, offering OEMs a trusted foundation for
integrating NFC services into smartphones, wearables and other connected devices. With a legacy rooted in secure
identity technologies – spanning electronic passports and national ID programs – NXP brings decades of expertise to
the
digital realm. Our eSE solutions, deployed globally in hundreds of millions of devices, deliver proven security and
reliability for mobile payments, transit and authentication. NXP’s mobile wallet extends into an end-to-end solution
for
a myriad of security applications such as NFC-based payments, mobile ticketing, eSIM and spatial-aware applications
enabled by UWB.
This greatly simplifies development and accelerates time-to-market for secure embedded services. And as a key
contributor to GlobalPlatform standards, NXP ensures its solutions meet stringent security and interoperability
requirements.
Looking ahead, NXP is leading the way in Post-Quantum Cryptography
(PQC). Embedding next-generation cryptography
directly into the hardware root of trust. This strategic integration enables secure boot, encrypted communications
and
crypto agility across mobile, IoT, automotive and industrial applications. Ensuring long-term resilience in an
increasingly complex landscape.
Driving innovation and standards together
Through continuous innovation in standardization, certification and secure hardware, NXP is supporting the EU’s
mission
to establish a trustworthy, interoperable infrastructure for digital trust and identity. Contributing both technical
leadership and practical expertise to ensure alignment with eIDAS 2.0 regulations.
That includes actively participating in GlobalPlatform, the international standards body for securing digital
services
and devices. GlobalPlatform sets the specifications that determine how SEs operate in diverse environments. For the
EUDIW, these standards govern secure applet deployment, offline credential verification and remote lifecycle
management.
For more information, read GlobalPlatform’s
positioning paper co-authored with NXP outlining how SEs can satisfy the
EUDIW’s most stringent security requirements.
