Back to blog
Actualites

Regulation (EU) 2026/798: what remote EUDI Wallet onboarding changes (and what it doesn't)

Published on 7 April 2026, Implementing Regulation 2026/798 sets the technical standards for remote onboarding of European Digital Identity Wallets. A clear-eyed read for DPOs, CISOs and corporate counsel.

10 min read
Regulation (EU) 2026/798: what remote EUDI Wallet onboarding changes (and what it doesn't)

On 7 April 2026, the European Commission published in the Official Journal Implementing Regulation (EU) 2026/798. Behind that austere number lies a long-awaited piece for the digital identity ecosystem: the technical framework for the remote onboarding of future European Digital Identity Wallets, the EUDI Wallets.

For DPOs, CISOs and corporate counsel tracking eIDAS 2.0, the publication finally provides a concrete reference point. It also raises a recurring question we hear often: will the EUDI Wallet make other digital evidence building blocks obsolete, starting with timestamping? Short answer: no. Long answer in the paragraphs below.

What Regulation 2026/798 says, in short

The implementing regulation lays down the technical and procedural specifications applicable to remote onboarding of EUDI Wallet users. It explicitly refers to ETSI TS 119 461 V2.1.1, published in February 2025, which details the identity verification requirements applicable to the registration processes of trust service providers.

Concretely, the text addresses very operational questions:

  • how a user can prove their identity without visiting a branch in person,
  • which biometric, document-based and technical mechanisms are admitted,
  • how to combine these mechanisms to reach a high assurance level under eIDAS,
  • which obligations apply to the operator running the onboarding flow.
i
Primary sources

The full regulation is available on EUR-Lex. The referenced ETSI TS 119 461 standard is on the ETSI portal. For the original eIDAS framework, see Regulation 910/2014.

Why this text arrives now

The eIDAS 2.0 calendar provides that each Member State will offer an EUDI Wallet by December 2026. To meet that deadline, the technical onboarding conditions had to be stabilised, otherwise each country would have built its own framework, with an obvious risk of fragmentation.

Regulation 2026/798 answers that need for harmonisation. It does not describe the wallet's appearance or its end functionalities. It focuses on the entry step: how to reliably bind a user to their digital wallet, remotely, from the very first activation.

Substantial vs. high assurance: the mechanics

The eIDAS regulation distinguishes three assurance levels for electronic identification schemes: low, substantial, high. The challenge of remote onboarding is to reach the high level without physical presence, which has been difficult until now.

The logic adopted by Regulation 2026/798 combines several factors:

  • identity document verification (NFC reading of the chip in an ID card or passport, control of visual security elements),
  • biometric verification of the person (dynamic selfie, liveness detection),
  • matching the document data with the person in front of the camera,
  • logging of the operation with timestamping and traceability.

The controlled stacking of these checks reaches the high assurance level without an in-person appointment, which makes the EUDI Wallet usable at the scale of several hundred million European citizens.

What it proves, what it doesn't

This is where the analysis becomes interesting for a DPO or corporate counsel.

An EUDI Wallet provides a robust answer to a precise question: who is the user interacting with my service at a given moment? Once onboarding is performed in line with Regulation 2026/798, the user's identity is attested at a high assurance level, opposable across the European Union.

By contrast, the EUDI Wallet says nothing about:

  • the exact form of a file the user has produced or consulted,
  • the date a deliverable existed in one version or another,
  • the integrity of content between the moment it was created and the moment it is brought to a dispute.
!
Identity upstream, content evidence downstream

The EUDI Wallet does not replace electronic timestamping, and vice versa. One secures the identity layer (who acts), the other secures the content layer (what was produced, and when). A complete evidentiary file often needs both.

Concrete cases for DPOs and corporate counsel

A few scenarios that illustrate the complementarity.

Signing a dematerialised contract. The EUDI Wallet will let a contracting party attest its identity at the moment of signature. But if you want to prove, two years later, that the version of the signed contract is indeed the one you hold (and not a variant modified afterwards), an electronic timestamp on the signed PDF brings a distinct guarantee.

Submitting an innovation file to a partner. You present a confidential deliverable to an industrial partner. Six months later, you discover a similar feature on their side. The EUDI Wallet would have identified the recipients of your envelope. A timestamp freezes the exact version of the deliverable you sent them, useful to reconstruct priority.

Retaining GDPR evidentiary records. A DPO must be able to demonstrate, where appropriate, that a record of processing or a DPIA existed in a given version on a given date. The EUDI Wallet identifies the author of the document. The timestamp attests its content and its date.

Calendar: what to anticipate

Regulation 2026/798 is in force. That said, its operational deployment depends on the progress of national EUDI Wallet projects. A few milestones to keep in mind.

StepDeadlineImplication
Publication of Regulation 2026/7987 April 2026Onboarding technical standards set
Each Member State offers an EUDI WalletDecember 2026eIDAS 2.0 obligation
Acceptance by public servicesFrom 2027Progressive rollout
Acceptance by certain private actors (banks, telcos, large platforms)2027-2028Depending on national calendars

For a DPO or a CISO, the 2026-2027 window is when internal architectures get designed: how to integrate an EUDI Wallet in a user journey, which data to store, which evidence to retain.

Where LegalStamp fits

LegalStamp sits on the content evidence layer, complementary to the identity layer. The service computes the SHA-256 hash of a file directly in the browser, the file never leaves your machine, then anchors that hash on the Bitcoin blockchain via OpenTimestamps. You receive an independently verifiable receipt attesting that this exact file existed at a given date.

It is a mechanism that does not compete with the EUDI Wallet: it sits next to it. The wallet answers the "who?" question; LegalStamp answers the "what, and when?" question.

Let's be honest about scope: LegalStamp is a non-qualified electronic timestamping service under eIDAS. It does not benefit from the presumption of reliability reserved for qualified trust service providers (QTSPs). However, Article 41(1) of the eIDAS regulation prohibits dismissing an electronic timestamp on the sole ground that it is non-qualified. In practice, a LegalStamp timestamp is a piece of evidence that strengthens a body of indicia, to be assessed by the judge in the context of the case.

To go further on the trust services ecosystem, the French ANSSI provides a reference page listing qualified actors.

Try LegalStamp for free

The LegalStamp free plan allows 3 timestamps per month, with no card and no complex sign-up. Enough to test how to integrate a proof-of-priority routine into your document flow, alongside the identity projects you may be tracking. Discover LegalStamp →

Conclusion

Regulation 2026/798 marks a concrete step of eIDAS 2.0: remote onboarding of EUDI Wallets now has a homogeneous European technical framework. For businesses, it is a clear signal that high-assurance digital identity becomes a standard accessible at scale.

This advance, however, only covers part of the evidentiary landscape. Content evidence, freezing a file in an exact version on a precise date, remains a distinct topic that calls for other tools. The most robust architectures will combine both bricks, owning what each does and what each does not.

FAQ

It is a Commission implementing regulation that sets the technical standards applicable to the remote onboarding of users of European Digital Identity Wallets (EUDI Wallets). It refers to the ETSI TS 119 461 V2.1.1 standard and is one implementation step of the revised eIDAS regulation.
The European Digital Identity Wallet is an application provided by each EU Member State that allows a citizen to prove their identity, share verified attributes and sign electronically in an interoperable way. Each Member State must offer one by December 2026.
The regulation refers to ETSI TS 119 461 V2.1.1, published in February 2025. This standard describes the requirements for identification components used during the registration processes of trust service providers, in particular for remote onboarding.
No. The two mechanisms address different evidentiary needs. The EUDI Wallet proves a user's identity (who is acting). An electronic timestamp proves that a file or piece of content existed in a specific form at a given date (what was produced, and when). They are complementary.
Not directly. The regulation frames the technical conditions for remote onboarding. The obligation for each Member State to provide an EUDI Wallet by December 2026 stems from the revised eIDAS regulation. Businesses will be affected progressively, especially when they must accept the wallet as a means of identification from their users.
The EUDI Wallet identifies the author or signatory of an act. To freeze the exact version of a deliverable (a contract, a draft patent, a manuscript, source code) at a specific date, you need a separate electronic timestamping mechanism. Both bricks coexist: identity upstream, content evidence downstream.
No. LegalStamp is a non-qualified electronic timestamping service that anchors the SHA-256 hash of a file on the Bitcoin blockchain via OpenTimestamps. Article 41(1) of the eIDAS regulation nonetheless prohibits dismissing an electronic timestamp solely on the grounds that it is non-qualified. Its evidentiary weight is assessed case by case by the court.

Disclaimer: this article is provided for informational and educational purposes only. It does not constitute legal advice. For a concrete case (integrating an EUDI Wallet into a business journey, selecting a trust service provider, designing a corporate evidentiary strategy), have your approach validated by an attorney specialised in digital law or by your DPO.

Jeremy

Jeremy

Fondateur de LegalStamp, passionne par la blockchain et la protection des creations.

Share:

Related articles

Ready to protect your creations?

Create your first proof of priority for free in less than 30 seconds.