To this end, the eIDAS Regulation (EU) 2024/1183 also obliges all member states to introduce a
digital wallet (eIDAS wallet) for their 440 million EU citizens by 28. November 2026
Epicenter works has long acknowledged the risk associated to storing certified personal data without establishing a clear protocol for the reasons entities can claim to access this information. While it seems that this principle of responsibility has not been acknowledged, Epicenter has proposed the creation of a transparency platform that would allow concerned entities to register and claim access to data for their specific ues cases, this is described here: https://epicenter.works/fileadmin/medienspiegel/user_upload/eIDAS_Monitor-concept_note.pdf
but in the meantime more is coming, EU is willing under the guise of simplification, to aggressively stripe the few digital protections hardly acquired, it is called Digital Omnibus: Digital Omnibus: Consultation response to the call for evidence - European Digital Rights (EDRi)
Epicenter works reminds us of the vulnerability of the integration of a digital wallet under the eIDAS. The main reason they invoke are the law lacking clear intention to certify the entities accessing the wallet as the certification schemes are unclear it is left to the user to determine if an entity has the legitimate right to access specific data, and this can be a very delicate operation as not every user is a lawyer. In this context the digital omnibus threatens to even more undermine the privacy already at risk. Epicenter Works explains their worrisome in the response to the digital omnibus call for evidence they have published