Partner — eGovTech, eID & Trust Services Principal Consultant
In the digital economy, trust is not an abstract principle — it is engineered.
As governments and organizations transition toward the eIDAS 2.0 framework and the EU Digital Identity Wallet (EUDIW), the ability to design and assure robust identity and trust infrastructures becomes mission-critical.
SpearIT provides independent, multidisciplinary advisory for the design, evaluation, and assurance of national eID schemes, digital wallets, and qualified trust service infrastructures.
Our consultants bring together regulatory expertise, cryptographic assurance, and practical experience gained through years of involvement in national eID design, peer review processes, and qualified trust service audits.
We help clients navigate the complete lifecycle of trust service and eID system development: from conceptual architecture and policy design to conformity assessment and cross-border recognition.
Our work ensures that identity systems are technically sound, regulatorily aligned, and verifiably trustworthy.
Whether you are defining a national eID scheme, implementing a wallet ecosystem, or operating a qualified trust service, our independent assessments identify architectural weaknesses, compliance gaps, and assurance opportunities early, saving time, cost, and risk during certification and operation.
We serve as a neutral advisory partner, interpreting ETSI standards, eIDAS requirements, and supervisory expectations with precision while maintaining vendor and auditor independence.
This objectivity allows us to give clear, defensible guidance that regulators trust and providers can implement with confidence.
The shift from eIDAS 1.0 to eIDAS 2.0 marks a profound evolution in Europe’s digital trust framework.
The Regulation expands the trust landscape beyond qualified certificates to encompass digital wallets, remote identity proofing, and electronic attestations of attributes (QEAAs).
Our experts help clients interpret these new obligations and transform them into actionable design and assurance measures.
We assess wallet architectures against the EU Toolbox specifications, review RQSCD implementations, and ensure compliance with ETSI EN 319 400-series standards.
We also support alignment with emerging post-quantum cryptography (PQC) standards to future-proof trust ecosystems.
Trust service and eID certification depend as much on documentation and governance as on technology.
SpearIT assists in drafting Certificate Policies (CP), Certification Practice Statements (CPS), and related governance documents that accurately reflect technical and organizational controls.
Our approach bridges the gap between auditors’ expectations and operators’ realities, ensuring that documentation is compliant, defensible, and operationally practical.
We also perform Level of Assurance (LoA) assessments and readiness reviews, helping organizations demonstrate that their identity or signing services meet the assurance criteria required for recognition or notification under eIDAS.
Remote identity proofing is becoming the cornerstone of modern trust ecosystems. However, achieving LoA High remotely requires rigorous controls, advanced supervision mechanisms, and regulatory foresight.
SpearIT provides expert guidance on the design and evaluation of remote onboarding processes aligned with ETSI EN 119 461, EUIW Remote Onboarding guidelines, and ENISA recommendations.
We help clients balance user convenience with fraud resistance, ensuring solutions remain auditable, privacy-preserving, and technically sound.
The EUDIW is the most ambitious component of the eIDAS 2.0 framework — and the most demanding to get right. Wallet solutions must satisfy the Architecture and Reference Framework (ARF), a growing body of Implementing and Delegated Acts, and a certification regime that cuts across Common Criteria, ETSI, ISO/IEC 18013-5, and emerging national schemes. Few organisations have the combined regulatory, cryptographic, and mobile-security expertise to navigate this landscape end-to-end.
SpearIT supports Member States, wallet providers, and conformity assessment bodies across the full EUDIW lifecycle: from reference architecture and protocol selection, to the drafting of national certification scheme requirements, to readiness for CAB evaluation and coordination with national accreditation bodies.
We translate the ARF and the Commission's Implementing Acts on certification, integrity, core functionalities, and trust frameworks into concrete architectural decisions. Our advisory covers WSCA/WSCD design choices — including hybrid wallets that must co-exist with legacy national eID apps — PID and (Q)EAA issuance over OID4VCI with the High Assurance Interoperability Profile (HAIP), proximity presentation over ISO/IEC 18013-5, OID4VP for remote flows, Wallet Unit Attestation and Wallet Instance Attestation structures, and Relying Party authentication and registration under CIR 2025/848.
We help clients make defensible decisions on the hard questions: where the WSCD actually lives, how device binding and key attestation interact with StrongBox and Secure Enclave, how QTSP responsibilities are separated from wallet provider responsibilities, and how PID Providers integrate with civil registries and existing notified eID schemes. Our architectures are designed not only to pass certification, but to operate sustainably across the wallet's lifecycle.
The EUDIW certification framework combines a horizontal EU layer with Member State-defined schemes for the wallet solution itself. SpearIT supports national authorities and ENISA-adjacent mandates in drafting the technical and organisational requirements that underpin these schemes.
Our subject-matter experts team is periodically contributing to publications in digital identity and cybersecurity niches. Below you will find 2 resources relevant to our eID & trust services offering.
2024-03
PDF, 4.1MB
2024-04
PDF, 1.6MB
Our team participated in the research design and co-authored the Cloud Security Alliance (CSA) report on HSM-as-a-Service use cases paper. Readers can understand better this common model in modern WebPKI and rQSCD cases, understand its hardware and technological aspects, logical and physical security considerations, as well as best practices for the design, configuration, operation and compliance.
Our success stories highlight our work with governments, regulators, and trust service providers to design, assure, and secure national eID schemes and trust service ecosystems recognized across Europe and beyond, through:
