The 11th edition of the ENISA Trust Services Forum and CA Days brought together regulators, supervisory authorities, qualified trust service providers, auditors, and industry experts at a pivotal moment for Europe’s digital identity ecosystem. With eIDAS 2.0 entering into force and most Implementing Acts published, the community gathered to reflect on progress, challenges, and the road ahead.
As every year, SpearIT attended the 2-day event and compiled a set of key takeaways:
Among other, the following key topics were approached:
Compared to previous years, the ecosystem has made significant strides. The European Digital Identity (EUDI) Wallet has emerged as the central pillar, linking identification with trust services and introducing new elements such as electronic attestations of attributes (EAA), electronic archiving, and electronic ledgers. Standards are advancing, pilots are running, and technical specifications are gradually falling into place.
At the same time, the regulatory environment has grown far more complex. The interplay of eIDAS 2.0 with NIS2, the Cyber Resilience Act, DORA, and other legislative frameworks has created overlapping obligations and transition periods. Supervisory bodies now face the delicate task of enabling innovation while safeguarding trust and security in a fast-changing environment.
The EUDI Wallet dominated the discussion. It is widely recognised as the cornerstone of Europe’s digital identity framework, with governments, industry, and large service providers aligning resources around its implementation.
The wallet’s certification and conformity assessment are proving to be highly challenging. Questions remain about the scope of certification, assurance levels, and evaluation of its many components.
Meanwhile, national strategies emphasise interoperability, security, and adoption as critical success factors.
Electronic Attestations of Attributes (EAA) were highlighted as the next major trust service, with potential to become even more important than qualified electronic signatures.
Use cases go far beyond the wallet: digital product passports, healthcare, mobility, and financial services can all benefit from the ability to issue verifiable, portable, and privacy-preserving attestations. Features such as selective disclosure and hybrid attestations are expected to play a key role in adoption.
A recurring question throughout the event was how to fund the ecosystem. Current initiatives are heavily dependent on EU and government funding, but this is not a sustainable long-term model.
Different approaches are under consideration: end-users paying for premium features, service providers paying for attestations, governments contracting trusted providers, or authentic sources covering costs to simplify complexity. For many, the wallet must remain free for citizens in personal use, while professional or business-driven use cases could sustain commercial models.
The consensus is clear: success will depend on balancing three factors — user adoption, sustainability, and security.
Supervision was described as the silent backbone of digital trust. Without harmonised supervisory practices across Member States, cross-border trust cannot be achieved. Yet fragmentation continues to exist, particularly in the way NIS2 requirements are interpreted and enforced.
Privacy and user control were also emphasised as critical adoption factors. Users must be able to trust that the wallet protects their data, provides transparency, and allows them to control how their information is shared.
Certification and conformity assessment are emerging as a hidden bottleneck. Demand for audits of new services such as wallets and EAAs is expected to surge, but accreditation cycles remain slow, and as of today, capacity across conformity assessment bodies remains limited. Without careful coordination, this could delay adoption and undermine confidence in the system.
The forum highlighted one clear theme: collaboration is essential. Member States are already forming clusters to harmonise wallet implementations, achieve economies of scale, and combine expertise. Standards bodies continue to call for broad participation to ensure both maturity and coverage of emerging standards.
The path forward requires coordination between regulators, supervisory bodies, industry, and service providers. Only by working together can Europe ensure the successful rollout of the wallet, avoid fragmentation, and build a sustainable market.
The 2025 forum in Split made clear that Europe’s digital trust ecosystem is no longer in its infancy. Standards, pilots, and legislation are advancing quickly, but the sector remains in an investment-heavy phase with pressing questions about sustainability, supervision, and certification capacity.
The way forward will be determined by three key success factors: user adoption, sustainable business models, and strong security. With open communication, cross-border collaboration, and a commitment to harmonisation, the European digital identity vision is ambitious — and within reach.
