ENISA

The European Union Agency for Cybersecurity (ENISA) opened a public consultation on a draft EU Digital Identity Wallet certification scheme on 3 April 2026, a significant milestone in establishing the security-assurance requirements that wallet implementations must achieve under eIDAS2. The certification scheme will define how the EU Digital Wallet intersects with the Cyber Resilience Act (CRA) product-security requirements that apply from 11 December 2027.

ENISA is the EU's central cybersecurity agency, responsible for developing cybersecurity certification schemes, threat-landscape assessments and supporting member-state CERTs. It publishes the annual ENISA Threat Landscape report, manages the EU cybersecurity certification framework under the Cybersecurity Act, and provides technical guidance to the European Commission on NIS2 and CRA implementation.

For technology vendors building EU Digital Identity Wallet infrastructure, ENISA's certification consultation is the primary technical-standard input document. The intersection of eIDAS2 certification and CRA product-security obligations creates a dual-compliance engineering requirement: wallets must meet both identity-assurance standards and connected-product vulnerability-reporting obligations. ENISA's consultation period ran to 31 March; the published scheme will determine conformance testing requirements across 27 member states.