Open Letter to the European Commission, Member States and beyond

Accelerating the EU-wide Trust Infrastructure

The development of an EU-wide Trust Infrastructure (TI) is gaining momentum on several fronts. The most significant advancement is the Commission’s recognition that business wallets (EUBW) will become the cornerstone for both conducting business and interacting seamlessly with all levels of public administration (using same interoperable wallets).

At this critical juncture, several key questions remain:

1.     Awareness of Impact
Have all Member States and enterprise organisations fully recognised the transformative potential of the TI? It will significantly enhance trust, productivity, security, service levels, privacy, and the fight against cybercrime and the grey economy—while fundamentally strengthening the Single Market. Has practical implementation been prioritised accordingly?

2.     Foundation for AI Readiness
Is it understood that verifiable identification and power-of-attorney credentials—issued to and from organisational and staff wallets—are essential foundations for safe and efficient employment practices, and a prerequisite for enabling forthcoming personal and organisational AI agents?

3.     Immediate Focus on Organisational Wallets
Have governments and enterprise stakeholders acknowledged that immediate focus should be on deploying organisational wallets—available from the market with improving interoperability—within all public sector entities, especially municipalities? This is needed to achieving a critical mass of credential flows especially to and from enterprises.

4.     Integration Realities
Is it fully recognised that (i) adopting an organisational wallet application is simple, but (ii) integration into issuer and verifier systems—though routine—requires some time, and (iii) adapting work processes and regulations may demand greater effort? All three steps must be initiated in parallel, without delay.

5.     Public Sector as Catalyst
Is there alignment that regulatory focus should now be on mandating public sector entities to both issue and accept digital credentials? Businesses will naturally follow when public credential flows create the obvious benefits. Regulatory mandates are essential for driving modernisation in public institutions.

6.     Flexibility and Innovation
Will the legislation ensure sufficient flexibility in implementation? Allowing early adopters to lead and innovation to flourish will enable market dynamics to shape the most effective, fit-for-purpose and AI-using solutions. This is key to scalable adoption across diverse business environments.

7.     Enabling Smaller Actors
Has it been acknowledged that the liability model must empower smaller enterprises to act as credential issuers? Unlimited liability would become a critical barrier. A balanced and moderate liability framework is essential for inclusive participation.

8.     Avoiding Overregulation
Is it understood that eIDAS already provides a robust foundation? Additional technical mandates risk stifling innovation. Instead, legislation should support the organic evolution of standards that meet real business needs—especially ensuring seamless interoperability between HAIP and DIIP protocols.

9.     Automation and Cyber Resilience
Are sufficient efforts underway to enable automated verification of identity and power-to-act credentials—including for communications like incoming emails? Given the rising geopolitical tensions and the surge in cybercrime, the need for robust, verifiable credentials has never been more urgent. The threat landscape, especially with AI-enhanced attacks, demands swift and decisive action.

Conclusion
The time to act is now. The Single Market and Europe’s cybersecurity posture can be fundamentally strengthened through the widespread adoption of verifiable credentials. Let us move quickly to ensure eye-opening credential flows begin—and lead the world in secure, trusted digital interactions.

Yours faithfully,
Bo Harald