Digital identity is on the verge of reshaping how we pay, prove, and transact online. With eIDAS 2.0, the European Union wants every digital interaction, from opening a bank account to tapping your phone at checkout, to be secure, privacy-friendly, and fully under the user’s control. It’s an ambitious plan to build a trusted digital economy where identity flows as seamlessly as money.
But turning that vision into reality won’t be simple, Steve Pannifer says. To make it work, Europe will need to align technology, regulation, and business incentives.
As Senior Vice President of Digital Identity at Fime, Steve has spent over two decades in the space where payments and identity meet. Before joining Fime, he worked as Managing Director at Consult Hyperion, the UK consultancy known for shaping global payment and identity standards. When Consult Hyperion was acquired by Fime, he took on a broader role, leading the company’s global identity strategy.
Pain points are driving momentum
The link between payments and identity has always been obvious, Steve says. “A payment system is basically an identity system with a bit of money transfer happening in the background,” he says. When someone presents a card in a shop, they are authenticating their identity through the card and their PIN. The transfer of money happens later. “So you can think of a payment transaction as an identity transaction designed to enable payment.”
As Europe tightened payment authentication through legislation like PSD2, the industry made progress on reducing fraud within the transaction itself, Steve says. But that only solved part of the problem. The fastest growing fraud today is scams, which happen before the payment. Victims are persuaded to send money willingly, so the payment system simply executes a legitimate instruction.
This exposes a wider gap: stronger authentication inside payment flows is not enough if identity and trust are compromised earlier. That is why reusable, cross-ecosystem digital identity is becoming urgent. No single provider can tackle these issues in isolation. It demands a coordinated, community approach that works across services, not just within payments.
The challenge of European coordination
Governments are now stepping in, with eIDAS 2.0 representing Europe’s most coordinated attempt yet to create a trusted framework for digital identity across borders. Although Steve welcomes that shift, he warns that implementation will be tricky. “There are international standards being used, which is good. But standards can be open to interpretation, and Europe will need to make sure they’re applied consistently. Otherwise interoperability will be hard to achieve.”
He draws a comparison with open banking. In the UK, a tightly managed approach led to interoperability between banks. In Europe, a more loosely coordinated model resulted in fragmented systems. “The difference shows how important it is to coordinate among all stakeholders,” Steve says. “We probably need something like EMVCo for identity: a body that ensures consistent testing and certification.”
The EUDI Wallet in the payments world
In the payments world, Steve sees three clear areas where the EUDI Wallet could make a difference. First, strong customer authentication. Second, initiating payments directly from the wallet. And third, sharing non-payment data such as age verification within a transaction. Of these, he believes authentication is the most straightforward to deliver.
Still, he cautions against unrealistic timelines. “The current plan is for wallets to be available by the end of next year, which is already aggressive. Acceptance is planned a year later. But this is not a one-off launch. It’s an ongoing transformation. Once the first wallets are live, that’s only the start of the journey.”
However, for that journey to succeed, usability will be critical. “If it’s secure but inconvenient, people won’t use it,” Steve says. “You can’t pay enough attention to user experience. Just look at Apple: they have set the bar incredibly high. That’s what consumers expect now, technology that just works. The complexity has to stay in the background.”
The missing business model
Beyond technology and user experience, there is another unresolved question: the business model. “It’s one of the elephants in the room,” Steve says. “eIDAS is government-led and aims to deliver societal value, but within that ecosystem there are multiple stakeholders. Some parts the government can fund, but if the private sector is expected to provide wallets or services, there has to be a viable commercial model.”
That issue becomes especially relevant when payments regulation overlaps with eIDAS. “Under PSD3, banks can outsource strong customer authentication, but they can’t outsource the liability,” Steve explains. “If they rely on a EUDI Wallet they didn’t build and can’t audit, that creates a mismatch between responsibility and control. It’s a gap that needs to be addressed.”
The same goes for merchants and other relying parties. “We always talk about consumer adoption,” he says, “but businesses need a reason to use it too. If checking an ID via a digital wallet doesn’t bring them value compared to the current way, why would they bother?”
Earlier this year, Steve wrote about this very issue, responding to a paper by the Dutch Payments Association that questioned whether PSD3 and eIDAS were working in harmony or conflict. In his article, he agreed that the two frameworks need closer alignment, particularly around liability, interoperability, and assurance, but argued that they don’t have to be at odds. Instead, he proposed that clearer governance and testing requirements could help financial institutions rely on digital identity providers with confidence. “You can’t have a system where responsibility sits with one party but the control sits with another,” he wrote. “Until that’s resolved, large-scale adoption will be slow.”
The goal is clear
Despite the challenges, Steve remains optimistic. eIDAS 2.0, he believes, is essential infrastructure for Europe’s digital future. But it will only succeed if governments, regulators and industry can work together to align security, usability and commercial reality.
“The goal is clear,” he says. “To give people secure, easy ways to interact with the digital world while keeping control of their data. It’s going to take time, but if we get it right, it will change everything.”
