Arbiter — eIDAS 2.0 Compliance API

eIDAS 2.0 Compliance. Delivered.

The single API to accept EU Digital Identity Wallets for health and finance. Meet eIDAS 2.0 mandatory acceptance without building identity infrastructure from scratch.

Supporting OIDC4VP, SD-JWT, mdoc, and all 27 EU member states. Privacy-preserving. Developer-first. Enterprise-ready.

Mandatory acceptance deadline: December 2027. Integration requires 12-18 months of lead time. Start now.

eIDAS 2.0 Is Coming. Most Companies Aren't Ready.

The transition from eIDAS 1.0 to eIDAS 2.0 is the most significant digital identity shift in a decade. It moves from voluntary, fragmented national schemes to mandatory, harmonized EUDI Wallet acceptance across the EU.

Regulatory Complexity

eIDAS 2.0 mandates acceptance of EU Digital Identity Wallets by December 2027. The technical standards — OIDC4VP, SD-JWT, mdoc, qualified electronic signatures, Level of Assurance High — are complex and still evolving across Implementing Acts.

Tight Deadlines

Member states must issue EUDI Wallets by December 2026. Health and finance companies face a mandatory acceptance cliff edge in 2027 — and integration requires 12-18 months of lead time.

Infrastructure Burden

Building in-house means supporting dual credential formats (mdoc and SD-JWT), managing Trust Lists across 27 member states, and implementing same-device and cross-device OIDC4VP flows. Estimated 5-year TCO exceeds $2.2M.

There's a simpler path to compliance

Build vs. Buy: The eIDAS 2.0 Integration Decision

Building eIDAS 2.0 infrastructure in-house is a commitment to maintaining critical, high-risk identity systems. Here's what that looks like.

Build In-House

  • Requires scarce OIDC4VP, SD-JWT, mdoc, and PKI specialists
  • Daily Trust List synchronization across 27 member states
  • Constant refactoring as ARF specifications evolve
  • Dual credential parser (CBOR + JSON) development
  • 9-18 months to production. $2.2M+ estimated 5-year TCO

Buy with Arbiter

  • Single REST API — no cryptography expertise required
  • Automatic Trust List sync and protocol translation
  • SDK updates handle ARF specification changes
  • Unified response format — mdoc and SD-JWT abstracted
  • Live in weeks. Predictable subscription pricing

Purpose-Built for Health and Finance

eIDAS 2.0 affects every sector, but the stakes are highest where trust, data sensitivity, and regulatory compliance are non-negotiable. Article 5f mandates acceptance wherever Strong Customer Authentication is required by law.

Healthcare and Health Insurance

Authenticate patients and policyholders with EU Digital Identity Wallets for medical records, insurance claims, and telehealth. Meet cross-border care requirements with cryptographically verified identity.

  • Patient identity verification for cross-border care
  • Health insurance onboarding with selective disclosure
  • Secure EHR access at Level of Assurance High

Banking and Financial Services

Streamline KYC and Strong Customer Authentication with eID. Satisfies eIDAS 2.0, PSD2/SCA requirements, and reduces onboarding costs by up to 90% compared to manual identity verification.

  • Automated KYC with digital wallet verification
  • PSD2 Strong Customer Authentication compliance
  • Cross-border financial services across all EU member states

eID Authentication in Three Steps

From OIDC4VP presentation requests to cryptographic verification — Arbiter handles the complexity behind a simple API call.

1

Initiate Authentication

Your platform triggers an eID authentication request via Arbiter's REST API or SDK, specifying the Level of Assurance and attributes needed. Supports both same-device and cross-device flows.

2

Client Authenticates with EUDI Wallet

The client uses their EU Digital Identity Wallet on their device. Arbiter handles the OIDC4VP presentation request, Trust List verification, and both SD-JWT and mdoc credential validation in real time.

3

Receive Verified Identity

You receive a cryptographically verified response with only the requested attributes via selective disclosure. Full eIDAS 2.0 compliance is met — no raw PII on your servers, and liability shifts to the credential Issuer.

Built for the EU Digital Identity Ecosystem

Full Architecture Reference Framework (ARF) compatibility. Both credential formats. All Levels of Assurance. Every member state.

eIDAS 2.0 Native

EU Digital Identity Wallets, qualified electronic signatures, Qualified Electronic Attestations of Attributes (QEAAs), and all Levels of Assurance supported out of the box.

Pan-EU Coverage

All 27 member states through one integration. Automatic Trust List synchronization and support for new national wallets as they launch.

Developer-First SDK

REST API, language-specific SDKs, sandbox environment, and comprehensive documentation. Go live in weeks, not months.

Privacy by Design

Selective disclosure ensures minimal data collection. No PII stored on your servers. Full alignment with GDPR data minimization principles.

Real-Time Verification

Sub-second identity verification with live status callbacks. No document uploads, no manual review, no OCR errors.

Enterprise-Grade Security

End-to-end encryption, device binding verification, SOC 2 readiness, and audit trails for compliance reporting.

Why Health and Finance Leaders Choose Arbiter

You Focus on Care and Finance. We Handle Identity.

Arbiter abstracts the regulatory and technical complexity of eIDAS 2.0 — from OIDC4VP flows to Trust List management — so your team can focus on building great products for patients and clients.

Turn Compliance into Conversion.

Current identity verification has 15-30% abandonment rates. EUDI Wallet flows are comparable to 'Sign in with Apple' — reducing drop-off to under 5% and cutting KYC costs by up to 90%.

One Integration. Every EU Market.

Integrate once with Arbiter's API. We handle interoperability across mdoc and SD-JWT credential formats, schema mappings, and regulatory updates across all 27 member states.

eIDAS 2.0 Frequently Asked Questions

Common questions about eIDAS 2.0 compliance, EUDI Wallet integration, and the mandatory acceptance timeline.

What is eIDAS 2.0 and how does it differ from eIDAS 1.0?
eIDAS 2.0 (Regulation EU 2024/1183) is the updated European regulation for digital identity. Unlike eIDAS 1.0, which was voluntary and government-centric, eIDAS 2.0 mandates that all 27 EU member states issue EUDI Wallets to citizens by December 2026. It also requires mandatory acceptance by private sector Relying Parties in banking, telecom, transport, and Very Large Online Platforms by December 2027.
When is the eIDAS 2.0 mandatory acceptance deadline?
The key deadlines are: Implementing Acts finalized in Q4 2024-Q1 2025, member state EUDI Wallet issuance by December 2026, and mandatory acceptance by private sector Relying Parties (banking, telecoms, transport, VLOPs) by December 2027. Given integration complexity, enterprises should begin implementation 12-18 months before the acceptance deadline.
Who must comply with eIDAS 2.0 mandatory acceptance?
Article 5f of eIDAS 2.0 compels acceptance wherever Strong Customer Authentication is required by EU or national law. This includes banks and payment service providers (via PSD2/SCA), telecommunications companies (SIM registration), transport services, energy and utilities, and Very Large Online Platforms (VLOPs) with over 45 million monthly active users as defined by the Digital Services Act.
Should we build eIDAS 2.0 integration in-house or buy a solution?
Building in-house requires specialists in OIDC4VP, SD-JWT, mdoc/CBOR, and PKI — rare and expensive talent. You must also maintain Trust List synchronization across 27 member states and keep pace with evolving ARF specifications. Estimated 5-year in-house TCO exceeds $2.2M. A middleware provider like Arbiter transforms this into a predictable subscription, delivers integration in weeks instead of months, and automatically handles protocol updates and new credential formats.
What credential formats does the EUDI Wallet ecosystem use?
The Architecture Reference Framework (ARF) mandates support for two credential formats: ISO/IEC 18013-5 (mdoc) using CBOR encoding, originally designed for mobile driving licenses, and IETF SD-JWT (Selective Disclosure JSON Web Token) using JSON. Relying Parties must support both formats. Arbiter abstracts this dual-stack complexity behind a single REST API.
How does eIDAS 2.0 reduce GDPR liability for Relying Parties?
eIDAS 2.0 supports Selective Disclosure, allowing users to share only specific attributes (e.g., proving 'over 18' without revealing exact date of birth). This reduces the amount of personal data Relying Parties receive and store, minimizing GDPR data breach liability. Additionally, the liability for data accuracy shifts from the RP to the credential Issuer (the member state or Trust Service Provider).

Ready to Meet eIDAS 2.0 Head-On?

Stop losing customers to identity verification friction. See how Arbiter can make your health or finance platform eIDAS 2.0 compliant with a single integration.

Zero identity data on your servers. Liability shifts to the credential Issuer. Go live before the 2027 deadline.