Regulation (EU) 2026/798: what remote EUDI Wallet onboarding changes (and what it doesn't)
Published on 7 April 2026, Implementing Regulation 2026/798 sets the technical standards for remote onboarding of European Digital Identity Wallets. A clear-eyed read for DPOs, CISOs and corporate counsel.

On 7 April 2026, the European Commission published in the Official Journal Implementing Regulation (EU) 2026/798. Behind that austere number lies a long-awaited piece for the digital identity ecosystem: the technical framework for the remote onboarding of future European Digital Identity Wallets, the EUDI Wallets.
For DPOs, CISOs and corporate counsel tracking eIDAS 2.0, the publication finally provides a concrete reference point. It also raises a recurring question we hear often: will the EUDI Wallet make other digital evidence building blocks obsolete, starting with timestamping? Short answer: no. Long answer in the paragraphs below.
What Regulation 2026/798 says, in short
The implementing regulation lays down the technical and procedural specifications applicable to remote onboarding of EUDI Wallet users. It explicitly refers to ETSI TS 119 461 V2.1.1, published in February 2025, which details the identity verification requirements applicable to the registration processes of trust service providers.
Concretely, the text addresses very operational questions:
- how a user can prove their identity without visiting a branch in person,
- which biometric, document-based and technical mechanisms are admitted,
- how to combine these mechanisms to reach a high assurance level under eIDAS,
- which obligations apply to the operator running the onboarding flow.
The full regulation is available on EUR-Lex. The referenced ETSI TS 119 461 standard is on the ETSI portal. For the original eIDAS framework, see Regulation 910/2014.
Why this text arrives now
The eIDAS 2.0 calendar provides that each Member State will offer an EUDI Wallet by December 2026. To meet that deadline, the technical onboarding conditions had to be stabilised, otherwise each country would have built its own framework, with an obvious risk of fragmentation.
Regulation 2026/798 answers that need for harmonisation. It does not describe the wallet's appearance or its end functionalities. It focuses on the entry step: how to reliably bind a user to their digital wallet, remotely, from the very first activation.
Substantial vs. high assurance: the mechanics
The eIDAS regulation distinguishes three assurance levels for electronic identification schemes: low, substantial, high. The challenge of remote onboarding is to reach the high level without physical presence, which has been difficult until now.
The logic adopted by Regulation 2026/798 combines several factors:
- identity document verification (NFC reading of the chip in an ID card or passport, control of visual security elements),
- biometric verification of the person (dynamic selfie, liveness detection),
- matching the document data with the person in front of the camera,
- logging of the operation with timestamping and traceability.
The controlled stacking of these checks reaches the high assurance level without an in-person appointment, which makes the EUDI Wallet usable at the scale of several hundred million European citizens.
What it proves, what it doesn't
This is where the analysis becomes interesting for a DPO or corporate counsel.
An EUDI Wallet provides a robust answer to a precise question: who is the user interacting with my service at a given moment? Once onboarding is performed in line with Regulation 2026/798, the user's identity is attested at a high assurance level, opposable across the European Union.
By contrast, the EUDI Wallet says nothing about:
- the exact form of a file the user has produced or consulted,
- the date a deliverable existed in one version or another,
- the integrity of content between the moment it was created and the moment it is brought to a dispute.
The EUDI Wallet does not replace electronic timestamping, and vice versa. One secures the identity layer (who acts), the other secures the content layer (what was produced, and when). A complete evidentiary file often needs both.
Concrete cases for DPOs and corporate counsel
A few scenarios that illustrate the complementarity.
Signing a dematerialised contract. The EUDI Wallet will let a contracting party attest its identity at the moment of signature. But if you want to prove, two years later, that the version of the signed contract is indeed the one you hold (and not a variant modified afterwards), an electronic timestamp on the signed PDF brings a distinct guarantee.
Submitting an innovation file to a partner. You present a confidential deliverable to an industrial partner. Six months later, you discover a similar feature on their side. The EUDI Wallet would have identified the recipients of your envelope. A timestamp freezes the exact version of the deliverable you sent them, useful to reconstruct priority.
Retaining GDPR evidentiary records. A DPO must be able to demonstrate, where appropriate, that a record of processing or a DPIA existed in a given version on a given date. The EUDI Wallet identifies the author of the document. The timestamp attests its content and its date.
Calendar: what to anticipate
Regulation 2026/798 is in force. That said, its operational deployment depends on the progress of national EUDI Wallet projects. A few milestones to keep in mind.
| Step | Deadline | Implication |
|---|---|---|
| Publication of Regulation 2026/798 | 7 April 2026 | Onboarding technical standards set |
| Each Member State offers an EUDI Wallet | December 2026 | eIDAS 2.0 obligation |
| Acceptance by public services | From 2027 | Progressive rollout |
| Acceptance by certain private actors (banks, telcos, large platforms) | 2027-2028 | Depending on national calendars |
For a DPO or a CISO, the 2026-2027 window is when internal architectures get designed: how to integrate an EUDI Wallet in a user journey, which data to store, which evidence to retain.
Where LegalStamp fits
LegalStamp sits on the content evidence layer, complementary to the identity layer. The service computes the SHA-256 hash of a file directly in the browser, the file never leaves your machine, then anchors that hash on the Bitcoin blockchain via OpenTimestamps. You receive an independently verifiable receipt attesting that this exact file existed at a given date.
It is a mechanism that does not compete with the EUDI Wallet: it sits next to it. The wallet answers the "who?" question; LegalStamp answers the "what, and when?" question.
Let's be honest about scope: LegalStamp is a non-qualified electronic timestamping service under eIDAS. It does not benefit from the presumption of reliability reserved for qualified trust service providers (QTSPs). However, Article 41(1) of the eIDAS regulation prohibits dismissing an electronic timestamp on the sole ground that it is non-qualified. In practice, a LegalStamp timestamp is a piece of evidence that strengthens a body of indicia, to be assessed by the judge in the context of the case.
To go further on the trust services ecosystem, the French ANSSI provides a reference page listing qualified actors.
The LegalStamp free plan allows 3 timestamps per month, with no card and no complex sign-up. Enough to test how to integrate a proof-of-priority routine into your document flow, alongside the identity projects you may be tracking. Discover LegalStamp →
Conclusion
Regulation 2026/798 marks a concrete step of eIDAS 2.0: remote onboarding of EUDI Wallets now has a homogeneous European technical framework. For businesses, it is a clear signal that high-assurance digital identity becomes a standard accessible at scale.
This advance, however, only covers part of the evidentiary landscape. Content evidence, freezing a file in an exact version on a precise date, remains a distinct topic that calls for other tools. The most robust architectures will combine both bricks, owning what each does and what each does not.
FAQ
Disclaimer: this article is provided for informational and educational purposes only. It does not constitute legal advice. For a concrete case (integrating an EUDI Wallet into a business journey, selecting a trust service provider, designing a corporate evidentiary strategy), have your approach validated by an attorney specialised in digital law or by your DPO.
Related articles

eIDAS 2.0 and Qualified Electronic Ledgers (QEL): what the regulation provides for December 2026
May 18, 2026

Paris Court of Appeal, 9 April 2026: an electronic signature is only as strong as its evidence file
May 13, 2026

AI Use Presumption: What the French Senate Bill Means for Creators' Priority Evidence
May 6, 2026