The more we learn, the less we know – that seems to be the best way to describe the implementation of eIDAS 2.0 in the European Union. The further the development of EUDI Wallets moves along, the more we learn about what we still need to do to get to the point where we have a secure, interoperable, and user-ready digital trust infrastructure.
In this interview, Andreas Freitag, Co-CEO of Procivis, discusses what it takes to build such an infrastructure for the European public sector – and the crucial role technology partners like Procivis play in bringing it to life.
A flexible and targeted approach for governments to deliver on eIDAS 2.0
“We started this journey three years ago with one guiding principle: flexibility. And that decision has paid off. The technologies and protocols keep changing, but we’ve built a platform that’s ready to adapt,” Andreas says about the work of Procivis. That flexibility is now proving to be a strategic advantage as eIDAS 2.0 takes shape across Europe.
At the moment, much remains uncertain in the development of eIDAS 2.0: technologies are still evolving, interoperability is a central theme, and stakeholders are grappling with legislative and organizational complexity.
Governments need to start now if they want to comply with eIDAS 2.0. This is where Procivis comes in, as the company offers a scalable, secure solution for digital identities and credentials, compliant with the technical requirements of eIDAS 2.0 in the EU. With a team of around 30 people spread between Zurich and Vienna, the company concentrates on building the actual infrastructure governments need to issue, manage, and verify digital credentials. At the same time, Procivis actively maintains and updates the infrastructure to reflect evolving legal, technical, and interoperability requirements.
The company deliberately avoids areas like regulatory consulting or political lobbying, instead partnering with local experts in each country to handle legal interpretation, implementation strategy, and stakeholder engagement: a targeted approach that has allowed Procivis to move quickly where others are still in discussion mode.
Procivis and Ubiqu partner with the U.S. Department of Homeland Security
Procivis and Ubiqu are among six startups selected for a two-year project with the U.S. Department of Homeland Security to help identify, develop, and implement privacy-enhancing technologies.
In the trial, Ubiqu will be integrating its Remote Secure Element (RSE) technology with digital wallets supporting W3C VCDM and W3C DID standards. This allows users to maintain sole control over their credentials, ensuring transparency and consent, while providing comprehensive recovery solutions – facilitating a highly secure and convenient user experience for digital credential services.
Procivis will further develop its pioneering technology solution Procivis One, a modular end-to-end solution for digital identities and credentials that meets all technical specifications for European eIDAS 2.0, Swiss E-ID, U.S. Department of Homeland Security requirements, and many other regulatory and technical requirements. Due to its modular and flexible architecture, additional requirements can be quickly integrated.
As of last month, Procivis has also integrated Ubiqu’s Remote Secure Element (RSE) into the Procivis One Wallet, enhancing the secure handling of verifiable credentials and identities for all use cases.
Together, Procivis and Ubiqu are helping lay the foundation for a more privacy-preserving digital infrastructure, one that empowers individuals while addressing the complex security demands of national institutions.
27 different ‘flavors’ of eIDAS 2.0 – One platform that supports the country profiles
How do we integrate existing trust services with the new decentralized architecture introduced by the EUDI Wallet? There might be some bridges to gap in the beginning, but Andreas is optimistic: both can – and should – work side by side in one simple, user-friendly app.
Keeping it all in a single app not only makes things easier for citizens, it also makes the most of what governments have already built in terms of signature services. That said, the road ahead won’t be the same for everyone, Andreas says. “We’ll likely end up with 27 different ‘flavors’ of eIDAS 2.0. Every country has its own legacy systems, stakeholders, and politics.” Because of that, he expects a wide mix of approaches to pop up across Europe – some more centralized, others more federated or fully decentralized.
To deal with cross-border interoperability, Procivis is building its platform to handle multiple country-specific profiles. The goal is to make it possible to issue or verify credentials across borders, no matter which wallet or system someone is using. It’s not a one-size-fits-all middleware layer, but a flexible solution that knows how to ‘speak the local dialect’ of each implementation.
Readiness means starting now, not just planning for 2026
Despite the long lead time provided by the EU, and most notably the 2026 target for wallet issuance, it is important to start preparing now, Andreas says. “At the moment, we see many governments postponing technical implementation until governance and regulatory interpretations are finalized: but this sequencing is a strategic mistake.”
Instead, he advocates for what Procivis calls pre-production projects. These are not pilots or proofs of concept, but concrete implementation efforts designed to be foundational, adaptable, and expandable over time. The goal is to address governance and technology in parallel, not sequentially, ensuring that regulatory translations are tested and validated against real-world technical systems.
While countries vary significantly in their level of maturity and internal alignment, the opportunity to test assumptions, identify blockers, and begin stakeholder alignment far outweighs the risk of premature investment, especially with flexible technology stacks that are designed to evolve. “Just PowerPoint presentations and regulation groups are not enough. You need to put hands on the technology, even if not all questions are answered yet,” Andreas adds.
What it takes to achieve Level of Assurance High
Creating a secure digital identity system that meets Level of Assurance High under eIDAS 2.0 involves much more than secure coding practices or strong encryption. It demands a holistic understanding of the identity lifecycle, from onboarding and credential issuance to key storage and transaction validation, says Andreas. “Security isn’t a single feature: it’s an end-to-end discipline. Each step, from how you onboard users to how you store keys and verify claims, must be carefully assessed for risk.”
This calls for a multi-layered approach, Andreas says. Onboarding must be robust, often requiring NFC-based verification of identity documents rather than superficial checks such as selfies or photo uploads. This is especially important as deepfakes and synthetic identities become more sophisticated.
Beyond onboarding, secure key management is a major concern. Options include using secure elements on mobile devices or employing remote secure elements (RSEs), which allow for centralized key storage in hardware security modules (HSMs) while maintaining decentralized control. RSEs, such as those developed by Ubiqu, also offer better backup, recovery, and device migration options – important features as users expect continuity across devices.
Balancing security and usability: What does a risk-based approach look like?
When it comes to balancing security with user experience, we should be taking a pragmatic view, Andreas argues. Not every credential or identity transaction needs the same level of protection you’d use in a high-security data center. Instead, Andreas suggests taking a risk-based approach: stronger security for high-value credentials, and a bit more flexibility for the rest.
At the very least, mobile apps should store cryptographic keys securely, whether that’s on the device or through a remote secure element (RSE). But that’s not enough – users also need ways to back up and recover their credentials, or adoption will suffer. Andreas admits his thinking has evolved here: while he used to prefer software-based cryptography for its convenience, he now sees hardware-based solutions as key to building long-term trust, especially when dealing with legally binding or financial credentials.
True privacy isn’t guaranteed by design alone
When discussing the development of EUDI Wallets, Andreas also points out a key challenge: the tension between protecting user privacy and maintaining government control. He stresses that true privacy isn’t guaranteed by design alone – it depends on transparent implementation and early involvement of civil society to build trust and avoid public pushback.
Don’t wait for perfect clarity. Start with a foundation that’s built to evolve.
Andreas’ advice is simple: “The pressure to get everything right before taking action leads to delays and missed opportunities. You don’t need all the answers before you begin. What you need is a foundation that’s ready to grow and evolve. And the time to lay that foundation is now.”
The path forward with eIDAS 2.0 doesn’t come from waiting for every regulation to be finalized. It’s about starting now with building the right foundation, testing assumptions, and choosing the right partners. Companies like Procivis and Ubiqu don’t try to solve everything; instead, they focus on what matters most: building flexible, secure, and ready-to-implement technology for digital identity infrastructure for governments.
With local partners who know the legal landscape, Procivis and Ubiqu are helping governments to move from planning to action. Don’t wait for 2026 – start building with proven technology, trusted partners, and the flexibility to adapt as things evolve.
