The timeline for Germany’s planned digital wallet, dubbed the Eudi-Wallet, is becoming increasingly unstable. Less than seven months before the scheduled launch date of January 2, 2027, more signs are emerging that the prestige project championed by Federal Digital Minister Karsten Wildberger (CDU) may not live up to expectations.
According to the newspaper “Tagesspiegel”, who spoke with several stakeholders involved in the project, the initiative is suffering from disorganized project management and repeatedly postponed deadlines. The Federal Agency for Breakthrough Innovations (Sprind) was tasked with the role in 2024, despite the fact that it is not designed for the operational implementation of such a large-scale project. Compounding these issues are conflicts of interest: the project leader simultaneously worked for the Open Wallet Foundation (OWF), an advocacy group representing the digital identity industry, whose CTO also served on the Sprind jury. Sprind itself has dismissed these concerns.
Concerns also persist regarding technical security. Insiders report that the project has raised internal security concerns that go far beyond mere procedural questions. It is rumored that both Sprind and the leadership of the Federal Office for Information Security (BSI) have ignored these worries. The BSI maintains that it can only provide a final security assessment once the development is fully complete. Furthermore, the Federal Association of Consumer Organisations (VZBV) warns of a “Cookie Banner 2.0”: without robust technical protective mechanisms, users would have to manually decide if every data request is legitimate-even when handling far more sensitive data than previously required.
In addition to these flaws, the wallet falls significantly short of expectations regarding its functionality at the planned launch date. Initially, it is only supposed to contain basic data such as name, date of birth, and address, along with simple digital proofs. Crucial elements, including qualified electronic signatures, pseudonyms, payment authorization, and data portability, will be missing when it goes live. Moreover, the so-called Zero-Knowledge Proof, a procedure that allows, for instance, proving minimum age without revealing the actual birth date, will not be operational in time.
