Cryptographer Jaap-Henk Hoepman, a professor at Radboud University in the Netherlands, is one of several hundred experts who have been warning the European Commission since 2022 about the flaws in the European Digital Identity Wallet (EUDI Wallet). His verdict is damning: a system that is technically non-compliant with the very regulation it is supposed to implement, structurally dependent on Google and Apple, blind to the quantum threat, and carrying the risk of mass surveillance across half a billion citizens.
Scheduled for rollout by the European Commission before the end of 2026, the European Digital Identity Wallet — the EUDI Wallet — is billed as a major step toward the Old Continent’s digital sovereignty. The reality Jaap-Henk Hoepman describes is something else entirely: a rushed project, riddled with cryptographic gaps, whose current architecture fails to meet several requirements of the eIDAS 2.0 regulation, particularly on privacy.
A regulation that betrays itself
The original problem is structural: for the first time, a European regulation defined a technical artifact in legal language. The translation between these two laguages — law and engineering — broke down. Largely because the bureaucrats who drafted the regulation and are overseeing its implementation have little grasp of the technology.
The wallet’s technical specifications were developed in near-total isolation, with insufficient consultation of the academic community and NGOs. The European Parliament itself had little say over the architectural choices.
The crux of the problem is user traceability. In the initial version of the project, every identification left a cryptographic fingerprint unique to each user — a stable identifier that, by cross-referencing data from different verifiers, could reconstruct an individual’s digital activities. A mass surveillance mechanism by design, in direct violation of eIDAS 2.0 and the case law of the Court of Justice of the European Union.
The zero-knowledge proof battle
Faced with repeated warnings from the cryptographic community — including Jaap-Henk Hoepman and Olivier Blazy, whom we interviewed previously — the Commission attempted a workaround: rather than a single identifier, issue each user a booklet of single-use identifiers, replenishable on demand. The idea: present a different coupon each time to muddy the trail. Insufficient, says Hoepman. The issuer of those identifiers — the state — holds the full set, which preserves the possibility of centralized, sweeping surveillance.
A robust, battle-tested solution does exist: BBS+ signatures, grounded in zero-knowledge proofs. They allow a user to prove they possess an attribute — “I am over 18” — without ever revealing the underlying information (their date of birth), any identifier, or any traceable cryptographic footprint.
But this signature protocol has yet to make it onto the list of approved cryptographic standards. Institutions are conservative by nature: they only use what has been officially certified. Orange, a European company, developed a working BBS+ prototype for the EUDI — the European Commission did not bother to examine it.
Digital sovereignty, sacrificed to Google and Apple
The irony is brutal. One of the driving ambitions behind the EUDI project was precisely to prevent American tech giants — Apple and Google, which already issue digital driving licenses in the United States — from capturing Europe’s identity market.
Yet the current architecture requires, in countries such as Germany and the Netherlands, that the EUDI application be installed exclusively via the Google Play Store or Apple Store and run only on official Android or iOS devices. Using it on an alternative smartphone running GrapheneOS, CalyxOS, or /e/OS — the open Android variants designed specifically to protect privacy — is simply not possible. The dependency on hardware certification imposed by Google and Apple entrenches exactly the vassalage the project claimed to dismantle.
The quantum gap
The EUDI Wallet incorporates no post-quantum security, even as the U.S. NIST published its first quantum-resistant algorithms in 2024 and most global actors have begun their migration. Hoepman tempers the immediate alarm somewhat: for signatures (as opposed to encryption), keys are renewed every five to ten years — before a sufficiently powerful quantum computer could compromise them. Migration toward post-quantum security remains feasible, but it requires a political will to plan ahead that is currently nowhere in sight.
The silent risk: function creep
Even in the optimistic scenario of a fully secure, privacy-compliant system in line with eIDAS 2.0, what Hoepman calls function creep remains. An identity infrastructure as vast and encompassing as the EUDI Wallet will naturally become the mandatory gateway for everything and anything.
Age verification for digital platforms, already moving through the legislative pipeline, is only the first example. Marital status, financial standing, and any attribute that can technically be attested will follow. The wallet will centralize documents whose dispersal has, until now, served as a safeguard against abuse.
More subtly, the widespread adoption of officially certified proofs will put an end to the small liberties people currently take with the truth to protect their privacy. Today, one invents a false date of birth or a fake phone number to sign up for a service that has no genuine need for it. Tomorrow, that same service will be able to demand a certified proof — and all accredited services will be able to demand what they want, not merely what they need.
Inevitable deployment, adoption by default
On the question of EUDI adoption, Hoepman offers no illusions. The European wallet will replace existing national digital identity systems — DigiD in the Netherlands, for instance, used for tax administration. Usage will be effectively compulsory, much as holding a bank account is today: theoretically optional, practically unavoidable. Tech-savvy holdouts will always be able to turn to VPNs or alternative systems — but they will remain a vanishingly small minority.
The computer science professor does not advocate scrapping the project. He argues for a measured slowdown; for the mandatory — not optional — adoption of zero-knowledge proofs; for genuine independence from Big Tech’s proprietary ecosystems; and for a strict registry of the data each verifier is authorized to request. Safeguards that could have been built in from the start — and whose absence transforms a supposed sovereignty tool into a potential instrument of control.
Time is running out. Deployment is announced for end of 2026. And as Jaap-Henk Hoepman notes soberly in closing: “There is no contingency plan. But it’s the same with digital payments.” A normalization of systemic risk that, in matters of digital identity, sovereignty, and security, ought at the very least to warrant a democratic debate worthy of the name.
