Regulation to establish EU Business Wallets
Evaluation of the European Commission’s regulatory proposal.
13 February 2026
German industry welcomes the European Commission’s proposal for the establishment of EU Business Wallets (EBW). The introduction of EU Business Wallets will make it much easier for companies to interact with public administrations across Member States. It has the potential to significantly reduce bureaucratic costs and can act as an anchor of trust between companies and between companies and public authorities. When introducing the wallets, it must be ensured that employees can legitimately carry out certain administrative procedures for their company via the wallet. However, the EU Business Wallet will only strengthen the digital single market if it replaces existing national solutions and is not introduced in addition to them. Otherwise, the 160 billion Euro in savings for businesses estimated by the European Commission will not be unlocked. Apart from Business-to-Government application scenarios, Business-to-Business use cases will significantly accelerate the EU-wide uptake of the EBW
BDI’s policy recommendations at a glance:
EU Business Wallets as part of a full-fledged EU digital identity framework can significantly facilitate the interactions between businesses and governments (B2G) as well as between businesses (B2B). EU Business Wallets will provide organisations with a verified digital business identity. We welcome the clear anchoring of the EBW in the eIDAS ecosystem and the technical and regulatory cornerstones of the EBW While German industry appreciates the European Commission’s proposal for a regulation to establish EBW in general, the co-legislators must adopt targeted amendments to ensure the usability of the EU Business Wallets for both providers and users. Such amendments should include:
â–Ş EBW owner identification data: Since the possibility of using an EBW depends on a data set that is usually issued by public authorities based on registers, Member States must be obliged to create the necessary preconditions.
â–Ş entry into force and application: We suggest that the provisions on the EBW should apply as soon as possible. As German industry needs an EBW for more efficient B2B and B2G interactions, we would appreciate a more ambitious timeline.
To ensure that EU Business Wallets can be seamlessly integrated in business processes and also fulfil businesses’ requirements in terms of data protection and cybersecurity, industry should be closely involved in its development and implementation. For example, the findings developed within the WE BUILD consortium should be considered in the legislative process.
German industry’s policy recommendations
To ensure that businesses can reap the full benefits of the EU Business Wallet, German industry urges the European Commission and Member States to consider the following recommendations when developing the EU Business Wallet:
Article 1 – subject matter
Reducing the bureaucratic burden and streamlining the EU’s rulebook have the potential to unleash Europe’s innovation potential, and thereby, enhancing the EU’s long-term competitiveness. Since businesses have on average 200 contacts with the public administration per year and have to fulfil an everincreasing amount of reporting obligations – not least due to EU legislation –EU Business Wallets as part of a full-fledged EU digital identity framework can facilitate the interactions between businesses and governments (B2G) as well as between businesses (B2B). EU Business Wallets will provide organisations with a verified digital business identity. Therefore, German industry appreciates that the regulation will establish an EU-wide system of digital identities for businesses
Article 3 – definition of an economic operator
According to the Commission’s proposal, every economic operator has the right to use a European Business Wallet. Economic operators are defined very broadly, including also natural persons acting in a commercial or professional capacity. This is a very important clarification. It is essential to ensure that all economically active individuals – particularly the self-employed – can benefit from the advantages of a European Business Wallet, which has much more functionalities than the EUDI Wallet. Equally, this is pivotal for industrial enterprises that work at scale with diverse counterparties: they routinely interact with self-employed professionals – such as tax advisers and lawyers – as well as non-registered sole traders. For these use cases, the European Business Wallet provides a single, interoperable channel for secure credential exchange, onboarding, and contracting, reducing administrative fragmentation and transaction costs across complex supplier and service networks.
The relevance of this group is considerable: in Germany alone, there are around 3.6 million self-employed, including 1.5 million in liberal professions. Of the total 3.6 million, 1.8 million are sole traders. Ensuring that this substantial group can fully utilise the European Business Wallet is therefore essential. For industrial enterprises, this broad coverage translates into tangible benefits: faster onboarding of small suppliers and specialists, streamlined compliance checks (e.g., qualifications and mandates), and improved cross-border interoperability within European value chains. Moreover, the principle of “Business Wallet-by-Default” will increasingly channel sector-specific legislation through the EBW and its functionalities. This will help industry to standardise processes (from identity and mandate verification to e-signatures and attestations) and to increase auditability and trust along supply chains. It is therefore essential that self-employed persons and sole traders can also make full use of these functionalities. By granting freedom of choice for self-employed persons and sole traders, the Commission has found a balanced approach that avoids additional burdens while respecting their individual needs while simultaneously enabling industrial enterprises to rely on a consistent, scalable, and secure interaction model with all their business partners.
Article 4 – Principle of equivalence
German industry welcomes the introduction of the “principle of equivalence” since it will facilitate the timely and wide uptake of the EBW by businesses. It must be ensured that public entities across the EU accept the EBW as having the same legal effect as if the action had been lawfully carried out in person, in paper form, or via any other means or processes that would be deemed compliant with
applicable legal, administrative, or procedural requirements. All public entities must have the necessary technical equipment to utilise the EBW as a means of identification and authentication.
Article 5 – Core functionalities of European Business Wallets
To ensure that companies can but do not have to utilise several European Business Wallets we appreciate that all EBW have to fulfil a set of core functionalities.
In particular, as rightly stated in Recital 17 and inter alia enshrined in Article 5 paragraph 1j, it is of utmost importance that several employees of an entity can utilise a European Business Wallet. To this end, we support the Commission’s proposal that all European Business Wallets must incorporate a mandate and role-based authorisation system that governs access to services and transactions within the European Business Wallets The delegation of authorisations and the establishment of proxy authorisations is a central function of the organisational wallet, as many different employees within a company act on behalf of a company. This enables certain employees to act on behalf of the organisation based on the rights assigned to them. The EU must ensure that the EU Business Wallet provides for the delegation of authorisations within the framework of a comprehensive management of permissions and user roles. To this end, individuals must be able to use their wallets in the corporate context, e.g. to prove ownership of authorisations within the organisation. Henceforth, the EU Business Wallet must be interoperable with the EU Digital Identity for natural persons developed within the framework of eIDAS.
We appreciate that according to Article 5 paragraph 2 providers of EBW can offer additional functionalities beyond those listed in paragraph 1 Article 5. For example, within the framework of the Ecodesign for Sustainable Products Regulation (and potentially other legal acts in future), the EU aspires to introduce a Digital Product Passport (DPP). The EU Business Wallet will be a crucial enabler of the DPP. Organisational identities are the key to the trustworthy implementation of the DPP. The companies within the supply chain in which the product is manufactured are uniquely identified by their organisation's ID. This is stored in the business wallet of the respective organisation. The individual parts created in the development cycle are successively added to the DPP as small (qualified) electronic attribute certificates for each product step, i.e. an entire folder. Hence, the EU Business Wallet should be closely interlinked with the DPP and should function as a trust layer guaranteeing that all information within the DPP is correct and has been inserted by authorised employees from the respective producer.
Article 6 – Technical features for European Business Wallets
Since the European Commission envisions the establishment of an ecosystem of European Business Wallets, a high degree of interoperability and standardisation of requirements and technical features is paramount.
Since business data are highly sensitive, all providers of EU Business Wallets must ensure a very high level of data protection and cybersecurity. Article 6 Number 2 point c rightly requires providers of EBW to implement security-by-design when developing an EBW. Since companies will store, exchange and validate highly sensitive data and conduct sensitive business processes when utilising EBW, maintaining a more than proportionate level of cyber-resilience is crucial for all EBW. All EBWs must fulfil riskadequate cybersecurity requirements including a patch-management system. Thus, robust encryption and state-of-the-art cybersecurity measures are crucial features of the EU Business Wallet. Ideally, the wallets would be operated by a qualified trust service provider (QTSP) or meet the general criteria under Article 24 of the eIDAS Regulation. This is particularly important to establish the necessary trust in the wallets.
When establishing a list of reference standards according to Article 6(5), the European Commission should closely liaise with providers and users of EU Business Wallets in order to take their requirements as well as their technical expertise into account.
Regulation (EU) 2023/2854 (Data Act) grants users the right to access and share data generated by connected products. Article 4 obliges data holders to provide this access. In this respect the EBW should support secure authentication and authorisation, helping businesses to exercise their data access rights and comply with these obligations.
Article 7 – Requirements and obligations for providers of European Business Wallets
German industry strongly supports clear technical and procedural requirements and obligations that all providers of an EBW have to fulfil, since the EBW will fulfil a function as a trust anchor in many B2B and B2G interactions.
With regard to Article 7 (2), German industry appreciates that for trustworthiness- and security-reasons and in light of the sensitivity of the data concerned, all providers of European Business Wallets shall be established in the Union, have their principal place of business and main operations in the Union and not present a risk to the security of the Union.
Article 8 – European Business Wallet owner identification data
We welcome the fact that according to Article 8 the identification data set is issued by a qualified trust service provider (QTSP), a public authority or, where applicable, the European Commission. The possibility of using an EBW therefore depends on a data set that is usually issued by public authorities based on registers. Therefore, Member States must be obliged to create the necessary conditions for this or to issue an identification data record on a mandatory basis. However, we do not need just any data set, but a harmonised data set across Europe, based on the respective legal basis. The content of the wallets must be sufficient to meet legal requirements. An example here is the "qualified identification" as prescribed by the Anti Money Loundering Regulation (AMLR, Regulation (EU) 2024/1624): The AMLR requires the full name (first name, middle name, and surname) of a natural person. The EU institutions must ensure that the EUDI Wallet provides the full name of a natural person.
It also remains unclear what qualitative requirements are imposed on the source of an identification data set. According to Article 8(3)(a), this may be issued by a qualified trust service provider. However, it is not expressly regulated whether the database must be an authentic source or whether the qualified trust service provider's own database is sufficient. It is unclear how the verifiability of the identification data is ensured based on the source if the qualified trust service provider's own database was sufficient Consequently, data provided by a QTSP must be able to be transferred 1:1 into the respective systems of companies without additional verification. Our current understanding is that liability transfers to the QTSP. If they issue an attribute, they must ensure that this information is current, valid and originates from an authentic source.
Article 11 – Notification of providers of European Business Wallets
To ensure that companies of all sizes can function as a provider of European Business Wallets, and to ensure a quick market access for new offers, a lean and efficient notification process is paramount. In this regard, German industry welcomes the notification process outlined in Article 11. We very much appreciate that upon notification by a company of its intention to provide European Business Wallets the supervisory body shall have 30 days to review the information submitted and that if deemed complete and conclusive has another two days to notify the European Commission respectively.
Article 16 – Obligations on public sector bodies
Currently, businesses across the EU are confronted with a high degree of bureaucracy, highly diverging levels of digitalisation of public administration and a lack of interoperability of public services across the Union. Therefore, the European Business Wallets have the potential to significantly simplify the interaction of businesses with public bodies both at Union and at national levels. To quickly unlock the 160 billion Euros in savings for businesses each year, a quick implementation of the Regulation on establishing EU Business Wallets is essential. Hence, German industry strongly objects that public bodies have 24 months after the entry into force of this Regulation to enable economic operators to identify and authenticate, sign or seal, submit documents, and send or receive notifications by using the European Business Wallets – public bodies should have a maximum of twelve months. We also perceive the derogation period outlined in Article 16(3) as too long. The Commission’s proposal directly contradicts its aspiration to simplify the Union’s digital acquis and to reduce unnecessary bureaucracy.
German industry would welcome the implementation of the following amendments to the current draft law:
(1) By [Publications Office, please insert the date 24 12 months after the entry into force of this Regulation] public sector bodies shall enable economic operators to take the following actions by using the core functionalities of European Business Wallets as set out in Article 5(1):
(3) By way of derogation from paragraph 2 and until [Publications Office, insert the date 36 18 months after entry into force of this Regulation], public sector bodies may choose not to offer the qualified electronic registered delivery service referred to in Article 5(1), point (i), and support instead other existing alternative solutions which enable economic operators to take the actions listed in paragraph 1, points (c) and (d), provided those solutions:
Article 17 – Business wallets and other similar instruments and frameworks offered in third countries
Since many European businesses operate in third countries where they already utilise business wallets or systems offering similar functions that are issued by providers established in third countries, German industry appreciates in general that the European Commission may adopt implementing acts establishing that such business wallets or offerings are equivalent to European Business Wallets. It must be ensured that these business wallets or offering have the same level of data protection and guarantee the authenticity and security of the data stored.
Moreover, we also welcome that the Commission may adopt implementing acts establishing that third country frameworks for systems offering similar functions as the European Business Wallets
Article 18 – Issuing of European Business Wallets to economic operators established outside the Union
Since many companies headquartered outside the European Union pursue business activities within the EU, it is important that these companies can also utilise the EBW For example, often non-European companies produce components for EU-based companies and therefore should be enabled to authenticate and identify themselves digitally by using the EBW. An application scenario would be the DPP (see above) where non-EU companies should be able to insert information regarding their components.
Moreover, the European Union must also ensure that the EUDI Wallet or EBW is accepted by third countries since European companies are also pursuing business activities outside the EU and would
massively benefit if the EUDI Wallet and the EBW are accepted as a means to authenticate by private and public actors in third countries.
Article 22 – Entry into force and application
German industry takes a critical view of the fact that the according to Article 22 (2) provisions of the Regulation are only to apply one year after its entry into force, i.e. probably in 2028. We do not fully understand the purpose of this provision, as the Regulation only imposes obligations on public authorities, whereas a separate time limit is used in Article 16. Furthermore, the temporal scope would in principle also cover the provisions on competence for the adoption of implementing acts. We suggest that the provisions on the EBW should apply as soon as possible. As German industry needs an EBW for more efficient B2B and B2G interactions, we would appreciate a more ambitious timeline.
It must be clarified how Member States have to deal with the current obligation to provide an EUDI Wallet for legal entities by 24 December 2026 We assume that the legislative process for the EBW will take approximately 18 months; therefore, the regulation is not expected to be published and enter into force until 2027. By then, however, Member States would already have to have provided an EUDI Wallet for legal entities in accordance with Article 5a(1) of the eIDAS Regulation. For this period, the European Commission is thus calling for redundant solutions de lege lata. To circumvent this, we call on the European Commission to offer Member States at least a non-objection for failure to implement the EUDI Wallet for legal entities until the regulation on the EBW comes into force.
Necessary preparatory work at national level
To ensure that the EBW will be fully operational member states have to ensure that their administrative procedures are End-to-End digitally available:
▪ Speed up the modernisation of public registers: An organisation or a natural person must be uniquely identifiable. This functionality is key. To ensure that the EU Business Wallets can be issued also for German users, relevant authentic sources for the verification of the required attributes for the issuance of the European Business Wallets must be digitally available in Germany. The German administration operates more than often analogue and not-interlinked 375 registers – i.e. databases or systematic collections of information – for the provision of administrative services. At the same time, citizens and companies have to enter even rudimentary data – such as the company name, the type of company or its registered office – in new forms every time they interact with a public authority. The current lack of digital usability of data stored in registers through a concerted modernisation and consolidation of the German register landscape is slowing down administrative digitalisation and significantly increases the administrative burden for companies. In Germany, the “Basisregister” is already collecting data from different registers to set up the “central register”. This process should be accelerated. To our knowledge, it has been decided that the 16-digit EU ID serves as a unique identifier. To our knowledge, all commercial registers in the EU are already harmonised. It remains unclear to us how the unique identification of natural persons will work across Europe, as, for example, a harmonised ID card number is missing. In Germany, we still face a challenge with self-employed individuals. Unlike in other European countries, they are not registered in the commercial register in Germany and will therefore not receive an EU ID. For both points, we have not yet seen a practicable proposal and see an urgent need for action for German legislation here.
â–Ş Provide administrative services digitally: To leverage the full potential of the EU Business Wallet in terms of a comprehensive reduction in bureaucracy, it is necessary that all EU
Member States realise an end-to-end digital availability of all administrative services relevant to businesses This includes all administrative services with high frequency and fast response cycles, all tax and registration matters, submission of permit applications, trade tax notices, applications for funding programmes and many more.
Integration of existing national solutions into the EU Business Wallet
The EU Business Wallet (EBW) should be a unified framework for identity and trust, replacing siloed, inconsistent systems existing with the EU 27. For example, in Germany, companies have to separately register for public organisational accounts in each region (i.e. Land) and for the federal solution, resulting in significant bureaucratic costs as credentials and user roles have to be kept updated for each organisation account. This situation is multiplied by each EU Member State in which a company is doing business. It is of paramount importance that the EU Business Wallet does not further amplify the existing hotchpotch of organisation accounts, registration methods and wallets but rather leads to an EU-wide consolidation of such solutions. The rights and role management, which allows the legal person to manage the operation of the Business Wallet independently and in a differentiated manner through self-administration in order to avoid complex proofs of representation or the maintenance of public lists of mandates, is of utmost importance for German industry. This should be achieved by allowing and enabling the transfer of a company's existing rights and role management concepts within the EBW
Imprint
Bundesverband der Deutschen Industrie e.V. (BDI) / Federation of German Industries
Breite StraĂźe 29, 10178 Berlin www.bdi.eu
T: +49 30 2028-0
EU Transparency Register: 1771817758-48
German Lobbyregister: R000534
Editor Steven Heckler
Senior Expert Cybersecurity and eGovernment Innovation, Security and Technology
T: +49 30 2028-1523
s.heckler@bdi.eu
Document number: D 2215