The European Union's mandate requiring all member states to offer a digital identity wallet by September 2026 is drawing scrutiny from cybersecurity and privacy professionals. Critics argue that centralizing identity credentials in a single application creates an attractive target for sophisticated threat actors.
A coalition of 47 security researchers signed an open letter urging the EU Commission to adopt stronger requirements for selective disclosure—the ability for users to share only the minimum necessary information for each transaction. The current specification allows but does not require this capability.
Proponents counter that the wallet will reduce reliance on commercial identity providers and give citizens greater control over their data. The debate highlights the tension between digital convenience and the potential consequences of creating high-value centralized identity stores.
