Is Europe sleepwalking into identity-linked internet access?

As Brussels pushes ahead with interoperable digital identity systems for businesses and citizens alike, Lionel Eddy fears that Europe may be moving towards a future in which proving identity becomes an increasingly unavoidable condition of participation online

The European Union is steadily building a continent-wide digital identity infrastructure designed to standardise how businesses and citizens verify themselves online across member states. 

Brussels argues the framework could simplify administration, improve online security and modernise digital interactions across member states. 

One major strand of the EU’s digital identity strategy concerns businesses and legal entities. Under proposals for a European Business Wallet, or EBW, companies would be able to use verified digital credentials to simplify compliance, administration and cross-border operations across the bloc.

In a recently released position paper titled Proposal for a Regulation on EU Business Wallets, BusinessEurope asserted that the EBW has the potential to simplify compliance across corporate, tax, and anti-money laundering regulations, thereby facilitating more efficient navigation of cross-border operations for businesses.

The lobbying organisation emphasised, however, that the process of providing a verified digital business identity should be a “proportionate and low-cost exercise.” A significant degree of assurance is expected to meet the needs of most professional interactions, while heightened levels should be designated for particularly sensitive tasks. The organisation asserted that all levels of assurance should be available within a single business wallet, thus preventing additional administrative burdens for businesses.

Among its technical priorities, the organisation emphasised the importance of role-based authorisation in the wallet, enabling companies to delegate access to multiple employees while ensuring interoperability across EU digital systems.

Earlier in 2025, the European Commission’s Committee on Industry, Research and Energy released [7] a draft proposal for a regulation concerning electronic wallets for businesses. The EU estimates that these business wallets for legal entities could generate annual savings of €150 billion for companies. In response, BusinessEurope cautioned that the wallet should not add another layer of administrative complexity, arguing that harmonisation should remain the primary objective given businesses currently operate across 27 separate national administrative frameworks.

The European Commission has framed the wider initiative as part of its broader push towards digital modernisation and competitiveness. In 2025 the Commission introduced its Competitiveness Compass initiative, intended to prepare Europe for global trends in digital transformation and energy transition. The Draghi report on EU competitiveness similarly outlined proposals aimed at reducing fragmentation, strengthening security and improving Europe’s economic resilience.

However, while the debate surrounding the European Business Wallet largely centres on efficiency, interoperability and administrative burden, the other side of the EU’s digital identity infrastructure — namely its citizen-facing systems — raises far more profound questions around privacy, anonymity and online participation.

At the centre of this second strand of the EU’s digital identity agenda is the EU Digital Identity Wallet, known as the EUDI Wallet, a system intended for individuals, or “natural persons”. 

Under the EUDI framework, which must also remain compatible with the European Business Wallet, citizens would be able to store and present official digital credentials when accessing public services, commercial systems or online platforms across EU member states.

The European Commission argues the framework could improve online security, simplify verification and create safer digital environments. One of the first major practical applications of this approach is now emerging through the EU’s proposed Age Verification App under the Digital Services Act.

In an announcement that reflected the Commission’s growing confidence in the project, the European Commission President Ursula von der Leyen declared that the EU’s Age Verification App will soon be available for download imminently. Intended to protect minors from “harmful and illegal content” under the Digital Services Act (DSA), the app would allow users to verify their age online using digital credentials while supposedly preserving privacy.

Rather than requiring users to repeatedly submit documents directly to websites and platforms, the broader principle behind the EU’s digital identity framework is that verified credentials could eventually be used across multiple services and systems. Supporters argue this could improve privacy and security. 

Users are required to scan or upload a passport or national ID, only to receive an anonymous digital credential that platforms can verify. The Commission claims this ensures that neither governments nor platforms can spy on browsing habits. Von der Leyen and Executive Vice President Henna Virkkunen described the tool as meeting “the highest privacy standards in the world,” claiming it removes excuses for platforms to avoid verifying users’ ages.

The app is expected to be integrated into the broader EU Digital Identity Wallet framework as part of the EU’s wider push towards standardised digital verification systems across member states. The Commission continues to present the initiative as a voluntary and privacy-conscious solution designed to enforce child-protection rules while holding large technology platforms accountable.

Critics, however, argue that the growing interconnection between digital identity systems, online verification tools and broader regulatory frameworks could gradually create a far more intrusive digital environment than Brussels currently acknowledges.

The Electronic Frontier Foundation, a nonprofit civil liberties organisation has pointed out that such systems may undermine anonymity and pose risks to free expression. The organisation cautioned that increasing the scale of verification, particularly when linked to digital wallets, could lead to serious privacy concerns and restrict access to information if the infrastructure expands beyond its stated purpose of protecting children online.

European Digital Rights has also raised concerns, labelling age verification a “sledgehammer approach” that could heighten the risk of data breaches and invasive surveillance practices. “Age verification is a form of exclusion, not empowerment. It disregards the evolving capacities, agency and autonomy of young people. This one-size-fits-all approach risks impeding children’s development, who will see their possibilities to exercise their rights to free expression and access to information restricted or outright denied an approach which many child rights organisations have long warned against,” the organisation stated.

The Conversation contributors Maryline Laurent and Claire Levallois-Barth also warned about the risks surrounding the EUDI framework in a column titled European digital identity wallets: how secure are they and what are the risks? They wrote: “The primary risk for users is being forced to use an EUDIW, which is designed as a kind of digital passkey. This could exclude certain segments of the population, particularly those who cannot afford or can use this type of technology. Another risk concerns privacy. Digital wallets could increase the amount of personal data collected without users’ knowing.”

These concerns deserve to be taken seriously. Systems introduced for apparently reasonable purposes such as convenience, administration or child protection do not exist in isolation. Once digital identity frameworks become integrated across services, platforms and institutions, the pressure for wider adoption can steadily increase. What begins as optional verification can gradually evolve into an expectation of participation.

Currently, the age verification app is being presented as a voluntary tool. Yet history shows that digital infrastructures rarely remain limited to their original purpose once embedded into wider regulatory systems. The merging of age verification tools with the broader EUDI ecosystem risks laying the foundations for a far more centralised and identity-linked digital environment across Europe.

The European Commission insists that the framework complies with the General Data Protection Regulation and prioritises user control. Yet compliance alone cannot resolve the wider political and philosophical questions raised by these systems. If these systems become fully embedded across online services and platforms, Europe could be moving towards a future in which proving identity may increasingly become a condition of participation online.

Lionel Eddy is an author, journalist and digital-rights commentator specialising in biometrics, digital identification systems and state surveillance technologies. His work examines facial recognition, CBDCs, smart-city infrastructures and the civil-liberty implications of digital governance. As Privacy & Digital Governance Correspondent for The European, he writes on privacy, biometric policy, government digital ID proposals and the societal impact of emerging identification technologies.

READ MORE: ‘Facial recognition is leaving the US border — and we should be concerned‘. A lawsuit over ICE agents allegedly using facial recognition on a U.S teenager highlights a broader shift: biometric identification is moving from border control into everyday public life. It’s a troubling development with implications not just for America but for the UK and other democracies, writes Lionel Eddy.

Do you have news to share or expertise to contribute? The European welcomes insights from business leaders and sector specialists. Get in touch with our editorial team to find out more.

_{Main Image: Sadi Hockmuller/Pexels}