Community

Join the Community

24,237
Expert opinions
40,776
Total members
360
New members (last 30 days)
222
New opinions (last 30 days)
29,313
Total comments
Join Sign in

Zero Trust in Europe

  1 Be the first to comment
Bo Harald
Bo Harald
Chairman/Founding member, board member
Trust Infra for Real Time Economy Prgrm & MyData,
Location
Helsinki Region
Followers
27
Opinions
587
Unfollow

In the EUDI  Zero Trust is not a formal eIDAS 2 term but a security philosophy that EU wallet and infrastructure designers are actively adopting.

1. Zero Trust Basics

  • Default stance: Never trust, always verify.
  • Every actor—wallets, issuers, verifiers, and even networks—is treated as potentially compromised.
  • Continuous authentication, authorization, and integrity checks are applied at every step, not just at the perimeter.

2. Why It Matters for EUDI

  • Decentralized credentials: Because EUDI wallets will hold verifiable credentials issued by many different entities across borders, you cannot assume any network segment or participant is safe.
  • Dynamic verification: A verifier must cryptographically validate each credential against trusted lists (e.g., EU trust registries) instead of trusting the transport channel or the user’s device.
  • AI-agent & automation risk: As automated agents start using EUDI wallets, Zero Trust prevents rogue agents or spoofed services from slipping through.
  • Supply chain hardening: Wallet providers, QTSPs, and trust registries are themselves continuously verified—no “just because it’s a bank, it’s safe” shortcuts.

3. How It’s Applied

  • Mutual authentication: Wallet ↔ service interactions use mutual TLS, signed challenges, and issuer/verifier attestations.
  • Selective disclosure & proofs: Instead of handing over full documents, wallets use minimal disclosure proofs(e.g., show “over 18” without exposing birthdate).
  • Revocation & freshness checks: Verifiers check real-time revocation lists or status endpoints, not cached trust assumptions.
  • Segmentation & least privilege: Even within a wallet ecosystem, components (like presentation clients, signing modules, and storage) are isolated with least privilege.

4. The Big Picture

Zero Trust ensures legal certainty + technical security for EUDI. Without it, a single compromised node could undermine cross-border trust. The EU is effectively saying: Don’t trust the pipes or the players—trust the math, the signatures, and the registries.

Forward-looking takeaway: As AI-agents and automated workflows start transacting via EUDI wallets, Zero Trust + verifiable credentials becomes the backbone of safe, borderless digital interactions in the Single Market. 

Needless to say that banks must be at the table.

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

1466
 

Share

 
1
 
 
 

Channels

/artificial intelligence /identity
 

Artificial Intelligence and Financial Services

Artificial Intelligence and Financial Services

Join group

516 opinions 148 members

Comments: (1)

Bo Harald

Bo Harald Chairman/Founding member, board member at Trust Infra for Real Time Economy Prgrm & MyData,

Author

There isn’t a single, standalone protocol that everyone calls “Zero Trust Authorisation Protocol.” Zero Trust is a security architecture and mindset—“never trust, always verify”—rather than a formal RFC-defined wire protocol. What you’ll actually see in production are protocol stacks and policy engines built to enforce Zero Trust principles:

  • Authentication & Federation:

    • OIDC / OAuth 2.0 – Used for delegated auth with continuous verification.

    • SAML 2.0 – Older but still used in enterprises.

    • FIDO2/WebAuthn – Phishing-resistant, passwordless auth for Zero Trust endpoints.

  • Policy Decision/Enforcement:

    • XACML or OPA (Open Policy Agent) – Express fine-grained, attribute-based access control (ABAC).

    • SPIFFE/SPIRE – Secure workload identities in service meshes.

    • gRPC/Envoy + mTLS – For microservice-to-microservice trust with certificate rotation.

  • Zero Trust Frameworks/Specs:

    • NIST SP 800-207 – The de facto reference for Zero Trust architecture.

    • CNCF Zero Trust Working Groups – Define patterns for cloud-native stacks.

    • Google BeyondCorp – A reference implementation (not a protocol) showing continuous verification of user, device, and context.

So if you’re looking for one standardised “Zero Trust authorisation protocol,” it doesn’t exist. The industry achieves Zero Trust by composing existing protocols (OAuth 2.0 + OIDC + mTLS + ABAC/RBAC engines) under strict “verify every access, every time” policies. If you need a starting point:

  1. NIST SP 800-207 – for architecture principles.

  2. OAuth 2.0 + OIDC with continuous re-auth and device posture checks.

  3. OPA or XACML for dynamic, context-aware authorisation decisions.

  4. mTLS/SPIFFE for workload identities inside your network.

That’s the current state of play—Zero Trust is a design pattern, not a new protocol.

 
 
Bo Harald
Bo Harald
Chairman/Founding member, board member
Trust Infra for Real Time Economy Prgrm & MyData,
Member since
04 Nov 2008
Location
Helsinki Region
Followers
27
Following
0
Opinions
587
Unfollow

How much will enterprises save when taking EUBWs in use - including also fraud and cyber crime

The Digital Credentials Query Language (DCQL)

Credentials not anchored in law - versus anchored

Enterprise credentials carry bigger payloads than personal ones

ID-Wallets as Control Panels for AI-Agents and Robots 2

See all Opinions from Bo

More expert opinions

Mark Whale

Mark Whale Partner at FICO

Who'd want to be a Chief Risk Officer in 2025? The expanding universe of banking risk

Andrew Bonsall

Andrew Bonsall COO at AperiData

How open banking data can transform SME lending

2

Teo Blidarus

Teo Blidarus CEO and Co-Founder at FintechOS

Banks Can’t Treat Stablecoins and Tokenized Deposits as “Just Another Payment Method”

2

Steve Morgan

Steve Morgan Banking Industry Market Lead at Pegasystems

Technical Debt and Legacy Systems Are Holding Banks Back

See all opinions

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Join the Community

24,237
Expert opinions
40,776
Total members
360
New members (last 30 days)
222
New opinions (last 30 days)
29,313
Total comments
Join Sign in

Trending

Milko Filipov

Milko Filipov Senior Manager at valantic

The Emergence of Agentic Commerce: How AI Agents Are Transforming E-Commerce

Carlos Kazuo Missao

Carlos Kazuo Missao Global Head of Innovation Solutions at GFT

Not Sure How To Approach Stablecoins? Three Ways Companies Are Building Them Today.

Shikko Nijland

Shikko Nijland CEO at INNOPAY Oliver Wyman

Agentic Commerce: Building the Trust Framework for Machine-Initiated Payments

Laurent Descout

Laurent Descout CEO at NEO Capital Markets

Payments are shaping the next era of fintech

Now Hiring

All companies

Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.

Please read our Privacy Policy.

Accept