EUDI Wallet and eIDAS 2: Understanding the role of EAA, QEAA and PID credentials for individuals and organizations

The European Union is taking major steps towards creating a unified digital identity ecosystem that simplifies how individuals and organizations interact across borders. At the heart of this initiative is the European Digital Identity Wallet (EUDI Wallet), which allows people and businesses to manage important credentials securely and efficiently. But what exactly are these credentials, and how do they work?

In this article, we’ll break down the 3 key types of credentials defined under the updated eIDAS 2 regulation—Electronic Attestation of Attributes (EAA), Qualified Electronic Attestation of Attributes (QEAA), and Person Identification Data (PID)—in simple terms that everyone can understand. These credentials serve different purposes but together create a trusted, secure system that benefits both individuals and organizations across the European Union (EU).

The basics: what is eIDAS 2?

Before we dive into the credentials, let’s start with a quick explanation of eIDAS 2. The original eIDAS regulation (Electronic Identification, Authentication, and Trust Services) was introduced in 2014 to help EU citizens and businesses carry out secure, cross-border electronic transactions. In other words, it set the rules for how people could use digital identities and trust services (like electronic signatures) throughout Europe.

eIDAS 2 is the new, updated version of that regulation, which focuses even more on creating a seamless, interoperable digital identity system across the EU. A key part of eIDAS 2 is the EUDI Wallet, which allows users to store, manage, and share their digital credentials—whether they’re personal (like ID cards) or professional (like certificates)—with full control over their data.

For organizations, understanding the different types of credentials in eIDAS 2 is crucial for staying compliant, improving security, and building trust with customers, partners, and employees.

What are credentials in eIDAS 2?

In simple terms, credentials are digital documents or pieces of information that prove something about you or your organization.

For example, an ID card proves your identity, a driver’s license shows that you can drive, and a diploma confirms your education level. In the digital world, these credentials can be shared and verified online, making interactions much easier and faster.

Under eIDAS 2, there are three key types of credentials that organizations and individuals need to be aware of:

• Electronic Attestation of Attributes (EAA)
• Qualified Electronic Attestation of Attributes (QEAA)
• Person Identification Data (PID)

Each one serves a specific purpose, so let’s take a closer look at what they mean and how they work.

1. Electronic Attestation of Attributes (EAA): For everyday use

An Electronic Attestation of Attributes (EAA) is the simplest form of credential under eIDAS 2. It’s a digital document issued by an organization (either public or private) that verifies specific information about a person or entity. EAAs are used in non-regulated environments, meaning they don’t have to follow strict legal rules like government-issued credentials do.

Think of an EAA as a practical, flexible way to prove something about yourself in everyday situations. For example, a gym membership card, an event ticket, or a student ID could all be considered EAAs. These credentials are quick and easy to issue, and they’re perfect for organizations that need a straightforward way to interact with customers or employees.

Common examples of EAAs:

• Event tickets for concerts, conferences, or sports games
• Customer loyalty cards that track points and rewards
• Employee access cards for workplace entry and system access
• Membership cards for gyms, clubs, or online communities
• Single-use transit tickets for buses or the metro
• Student ID cards issued by schools or universities
  

Why are EAAs useful?

EAAs are great because they are easy to create and cost-effective for organizations. Any business—from a large retail chain to a small nonprofit—can issue these credentials without needing to meet strict legal requirements. For example, a company might issue digital employee ID cards that allow workers to access office buildings or internal systems. Although these credentials are valid within the company, they’re not meant for use outside the organization’s ecosystem.

For many organizations, EAAs provide a quick, simple solution for managing day-to-day interactions, improving efficiency, and reducing administrative work. They’re not legally binding, but they’re extremely useful for non-regulated, everyday activities.

2. Qualified Electronic Attestation of Attributes (QEAA) : For high-trust, regulated use

On the other end of the spectrum, we have Qualified Electronic Attestation of Attributes (QEAA), which are used in regulated environments. These credentials are much more formal and can only be issued by a Qualified Trust Service Provider (QTSP), an authorized entity that meets strict legal and security standards under eIDAS 2.

QEAAs have the equivalent legal effect as paper-based attestations, providing organizations with legally binding, highly secure digital credentials. These are used in cases where compliance and trust are critical, such as healthcare, finance, or government services.

Common examples of QEAAs:

• Civil status documents like birth certificates, marriage certificates, or adoption records.
• Professional qualifications such as medical or legal licenses, accounting certifications, or teaching credentials.
• Power of attorney documents that authorize someone to act on behalf of another in legal or financial matters.
• Property deeds and titles that verify real estate ownership.
• Business operating licenses that authorize companies to legally operate in specific jurisdictions.

Why are QEAAs important?

QEAAs stand out because they are both legally binding and highly secure. When issued as a QEAA, a credential is verified by a QTSP using cryptographic mechanisms like electronic seals, ensuring that the information is authentic and trusted across the EU.

QEAAs are essential for high-trust, regulated industries such as healthcare, finance, or legal services, where compliance and security are paramount. For instance, a university degree could be issued as a QEAA directly into a graduate’s EUDI Wallet, allowing future employers to easily verify the degree's authenticity. 

3. Person Identification Data (PID): The foundation of identity

Finally, we have Person Identification Data (PID), which is the most foundational form of credential in the EUDI Wallet system. Unlike EAAs and QEAAs, PIDs are issued directly by government authorities and serve as the most fundamental proof of a person or entity’s identity.

Whether you’re an individual or a business, having a reliable way to prove identity is essential in today’s interconnected world. PID provides exactly that—a trusted, government-issued credential that links an individual or organization to their legal status. 

For legal entities, this is often referred to as LPID (Legal Person Identification Data), which is crucial for secure, verified interactions across public and private services.

Common examples of PID:

• For individuals, a government-issued electronic identity card or passport.
• For businesses, LPID would be a company registration certificate that proves legal status.
  

Why is PID important?

PID is the foundation of digital identity within the EUDI Wallet system. It provides the highest level of trust because it’s issued by government authorities and directly links individuals or organizations to their legal standing. This makes it invaluable for activities such as accessing government services, signing contracts, or engaging in financial transactions.

For an individual, a government-issued electronic identity card acts as their PID, enabling them to access services like healthcare or banking. For a business, LPID might be a business registration certificate. Having a trusted PID reduces the risk of fraud and helps both businesses and individuals engage in secure and transparent transactions.

Imagine a company wanting to partner with a new supplier. To ensure the supplier is legitimate, the company can request Legal Person Identification Data (LPID), such as the supplier’s business registration certificate, avoiding potential legal or financial risks.

4. The benefits of using EUDI Wallet credentials—EAA, QEAA, and PID—for organizations

For businesses, the EUDI Wallet offers a host of benefits that go far beyond simply verifying identities. Here are some of the key advantages:

1. Improved efficiency: By using EAAs, organizations can automate and simplify everyday processes.
   
   
2. Enhanced security and trust: With QEAAs and PIDs, businesses can verify identities in high-trust environments. This reduces the risk of fraud and ensures compliance with regulatory standards.
   
   
3. Lower costs: The ability to instantly verify digital credentials eliminates the need for manual checks, paperwork, and costly verification processes. Businesses can reduce their operational costs and focus on growing their business.
   
   
4. Interoperability across the EU: One of the biggest advantages of the EUDI Wallet is that it’s designed to work seamlessly across all EU member states. This means that businesses can trust credentials issued in one country to be valid and recognized in another. 
   
   
5. Full control over data: The EUDI Wallet is built on the principles of Self-Sovereign Identity (SSI), which means that individuals and organizations have full control over their data. 
   
   
6. Future-proofing your business: As the EU moves toward a secure digital identity ecosystem, businesses that adopt the EUDI Wallet early will be ahead of the curve and ready for the future of digital identity management.

Credential adoption in the EUDI Wallet system

While the EUDI Wallet introduces substantial (QEAA) and high-trust (PID/LPID) credentials  for regulated sectors, it’s important to note that most organizations and users may primarily rely on low-level credentials, such as EAA, for everyday interactions.

Today, in markets like France, substantial and high-level credentials are still underused, and some experts project that this trend may continue in the near future. As businesses and governments gradually adopt this new system, the division of credential types may look something like 70% low-level (EAA), 25% substantial (QEAA), and only 5% high-level (or PID).

5. Manage EAA, QEAA, and PID credentials with Talao's EUDI-compliant wallet

As Europe moves towards the full implementation of the EUDI Wallet under eIDAS 2, understanding the different types of credentials—EAA, QEAA, and PID—is essential for organizations. Each credential serves a unique purpose:

• EAAs are practical and flexible for everyday, non-regulated use, perfect for improving efficiency and reducing administrative burdens.
• QEAAs provide a high-trust, legally binding solution for sectors that require strict security and compliance, such as healthcare, law, or finance.
• PIDs offer the most foundational proof of identity, ensuring secure and verifiable interactions with both public and private entities.

At Talao, we are at the forefront of helping organizations manage these credentials. Our digital identity wallets - Talao and Altme - empowers businesses to manage EAAs, QEAAs, and PIDs seamlessly, ensuring compliance with EU regulations while simplifying operations and reducing verification costs.

By adopting these verifiable credentials, organizations can build greater trust with their customers, partners, and employees, streamline day-to-day operations, and ensure that their digital interactions are secure and legally compliant.

For more information on how Talao can help your organization adopt the EUDI Wallet and manage credentials like EAA, QEAA, and PID, contact us today.