The European Union Agency for Cybersecurity (ENISA) launched a public consultation on April 3, 2026, on its draft candidate EU Digital Wallet certification scheme, inviting feedback from stakeholders by April 30. The scheme aims to certify European Digital Identity (EUDI) Wallets under the Cybersecurity Act, ensuring high security and privacy standards for users across the EU.
ENISA, the EU agency for cybersecurity, published the draft candidate scheme (v0.4.614) for public review, developed with a dedicated Ad Hoc Working Group. The consultation seeks to validate the scheme's principles and gather input on its annexes. A webinar is scheduled for April 8 to provide information and answer questions.
Background and Prior Developments
The consultation follows the adoption of a regulation establishing the European Digital Identity Framework, after which the European Commission requested ENISA's support for certification. In February 2026, ENISA signed a €1.6 million Contribution Agreement with the Commission, funded by the Digital Europe Work Programme 2025-2027, to support the development of national certification schemes by Member States. Member States are required to provide at least one certified EU Digital Identity Wallet by the end of 2026.
This initiative builds on a broader debate about the EU Digital Identity framework. In the European Parliament plenary on March 25, 2026, MEPs Emilio Navarro and Anna Schmidt clashed over the balance between EU centralization and national sovereignty. Navarro advocated for a strong EU-level authority and binding deadlines, while Schmidt favored flexible guidelines and national control. ENISA's certification scheme, while technical, leans toward harmonization, potentially aligning more with Navarro's vision of uniform standards.
Policy Orientations and Trade-offs
The certification scheme aims to provide a coherent cybersecurity framework for digital wallets, which have rarely undergone formal certification until 2026. It seeks to facilitate compliance for manufacturers, improve transparency, and support secure digital products. The scheme is mandatory for wallets seeking EU-wide recognition, but the certification process itself is voluntary for manufacturers unless required by national transposition.
Key trade-offs include: increasing security and consumer protection versus potential compliance costs for businesses; EU-wide interoperability versus national flexibility; and enhanced trust in digital identity versus administrative burden on manufacturers and national authorities.
Impact on Stakeholders
- EU digital wallet manufacturers: Must comply with the certification scheme, incurring costs for testing and conformity assessment, but gain access to a larger, harmonized market.
- National authorities: Required to develop and oversee national certification schemes, with ENISA support, but face pressure to meet the 2026 deadline.
- EU consumers: Benefit from secure, privacy-protected digital wallets that are interoperable across borders, enhancing convenience and trust.
- EU taxpayers: Fund ENISA's activities through the Digital Europe Programme, but may see long-term savings from reduced fraud and streamlined digital services.
Expected Institutional Follow-up
After the consultation closes on April 30, ENISA will analyze feedback and finalize the scheme. The scheme will then be submitted to the European Commission for adoption. ENISA will continue to support Member States in developing national certification schemes and will discuss the EUDI Wallet at the 2026 European Cybersecurity Certification Conference on April 15 in Cyprus.