For inquiries about GlobalPlatform or website assistance, contact secretariat@globalplatform.org.

Back to all Blogs

Part One: EU Digital Identity Wallets – Security, Reach & Convenience with Secure Elements

Gil Bernabeu, CTO and Jean-Daniel Aussel, eID Wallet Task Force Chair, of GlobalPlatform.

This blog has been written in collaboration with the GlobalPlatform eID Wallet Task Force to share insight on Secure Elements and their role in EUDI Wallet deployments. For more information, check out:

The EUDI Wallet will securely store and manage identity documents, such as passports, driving licences, and health records, in a single application. It will allow users to easily authenticate themselves when making online transactions, accessing government services, and in other situations where identity verification or digital signature is required.

The security of the wallet is therefore essential. Security failures can dramatically affect all actors in the wallet value chain, from the citizen and government right through to the service providers that consume the identity. This is why the EUDI Wallet regulations mandate a high level of assurance (LoA), to ensure that the wallet security will be resistant to attackers with a high attack potential.

To support the ecosystem, the Architecture Reference Framework (ARF) [1] provides a set of specifications needed to develop a secure and interoperable EUDI Wallet Solution based on common standards and practices. It summarizes two key architecture requirements as:

  • The Wallet Secure Cryptographic Device (WSCD) - trusted hardware providing a secure environment and storage for cryptographic assets (such as keys) and for running the WSCA. This includes the keystore but also the environment where the security-critical functions are executed.
  • The Wallet Secure Cryptographic Application (WSCA) - can be seen as the secure application using the WSCD. The ARF 1.4 also mentions that the WSCA must run securely on the WSCD.

To meet these requirements, the EU has mandated that a secure element (SE) should be used within the device, typically a smartphone. This first blog shares insights on why SEs have been mandated and how they can help member states reach as many citizens as possible. Part two will look more closely at the value they can bring in helping member states achieve security and convenience for successful EUDI Wallet implementations.

Secure elements: the foundation for EUDI Wallet deployments

SEs are a proven technology deployed on most smartphones. They already provide security to mass-market sensitive applications, such as mobile network authentication and contactless payments.

A SE is a tamper-resistant platform capable of securely hosting applications and their confidential and cryptographic data, and as such are perfectly suited to implement a WSCD. Most SEs today are based on the Java Card operating system and, as such, can execute WSCA securely as Java Card applets.

Secure Element technology has evolved over the last 40 years from the first payment card integrations. There are now multiple form factors of SE, including smart cards and embedded chips in smartphones, like embedded SIMs (eSIMs) or embedded Secure Elements (eSE).

SEs are standardized by GlobalPlatform, and 62+ billion GlobalPlatform SEs have been issued to-date[2].

The EU has recognized SE technologies for their ability to protect EUDI wallets while retaining convenience and ease of use.

Achieving Reach for EUDI Wallets

The EU’s goal is to have about 80 percent of European citizens using an EUDI Wallet to manage identity documents, access services, and make secure digital payments by the end of the decade. Wallets therefore need to be able to be deployed securely at scale.

This data shows the already significant penetration of embedded SE technologies and the expected momentum near-term to continue supporting the EU’s wallet adoption goals.

Today’s smartphones support three types of GlobalPlatform SEs:

  • Embedded SE (eSE) – these SEs are owned and managed by the smartphone manufacturers and are present to provide security and support use cases such as contactless payments, ticketing, and virtual car keys.
  • Embedded SIMs (eSIM), also called embedded UICC (eUICC) – these SEs are also owned by the smartphone manufacturers and implement specifications standardized by the 3GPP and the GSMA. This allows mobile network operators (MNO) worldwide to independently install their network connectivity profiles.
  • Removable SIMs (SIM), also called UICC – owned by the MNOs, these SEs implement the SIM specifications standardized by the 3GPP and, optionally, the same GSMA Remote Subscription Provisioning (RSP) specifications as eUICCs.

All mobile phones contain at least one UICC and/or eUICC, and to-date more than 62 billion GlobalPlatform-certified SEs have been shipped worldwide. All smartphones shipped in Europe therefore feature at least one UICC, embedded SE or eUICC, which enables the secure deployment of digital identity wallets to a large proportion of citizens.

Supporting SE Adoption for EUDI Wallets

By using a technology that is already built into the vast majority of today’s smartphones, the GlobalPlatform SE is the foundation for a new digital ecosystem across Europe.

GlobalPlatform is therefore helping Member States better protect their citizens’ identity and related data by optimizing its SE specifications for EUDI Wallet schemes. New solutions are being introduced to help bring the SE to the EUDI Wallet and, in turn, make it accessible to a broad audience. These include the Secure Application for Mobile (SAM) framework, which provides a secure platform for ID applets to be deployed with certificate-based content management, and the Cryptographic Service Provider (CSP) specification for certifying third-party digital ID applets.

To get stakeholders up to speed on these new solutions and understand how to access, program and manage SEs, GlobalPlatform is hosting a two-day training session on October 8th and 9th. The first day will enable attendees to develop a foundational understanding of SE, while the second day will explore identity-related technologies for SE, including SAM and CSP.

Following the training, GlobalPlatform is also gathering experts from around the ecosystem for its second eID Wallet Seminar in Brussels on October 10th. The seminar will deep-dive into the technologies available to help member states deploy EUDI Wallets swiftly and securely.

Keep an eye out for part two of the blog for a closer look at the value SEs can bring in helping member states achieve security and convenience for successful EUDI Wallet implementations.

 

[1] https://github.com/eu-digital-identity-wallet/eudi-doc-architecture-and-reference-framework/blob/main/docs/arf.md

[2] https://globalplatform.org/wp-content/uploads/2024/08/GlobalPlatform_AnnualReport2024_R3.pdf

[3] https://european-union.europa.eu/principles-countries-history/key-facts-and-figures/life-eu_en#:~:text=The%20EU%20covers%20over%204%20million%20km%C2%B2%20and%20has%20448.4%20million%20inhabitants

[4] https://www.counterpointresearch.com/insights/podcast-50-percent-smartphones-embedded-hardware-security-2025/

[5] https://www.counterpointresearch.com/insights/gd-thales-idemia-pacesetters-in-2023-esim-enablement-rankings/

[6] https://www.counterpointresearch.com/insights/over-9-billion-esim-capable-devices-to-be-shipped-by-2030/

[7] https://www.counterpointresearch.com/insights/over-9-billion-esim-capable-devices-to-be-shipped-by-2030/

[8] https://www.abiresearch.com/news-resources/chart-data/esim-market/

If you are a media representative, analyst, or conference organizer with a question, please email us at: pressoffice@globalplatform.org

GlobalPlatform
Hey There!

It seems you are using an outdated browser, unfortunately this means that our website will not render properly for you. Update your browser to view this website correctly.

GOOGLE CHROME
DOWNLOAD
FIREFOX
DOWNLOAD
MICROSOFT EDGE
DOWNLOAD