How to benefit from digital credentials without losing your mind over regulations and technical standards
Digital credential wallets are moving from vision to reality. With initiatives such as Switzerland’s national wallet (SWIYU) and the European Digital Identity Wallet (EUDI, eIDAS2), a new infrastructure for trusted digital interactions is emerging across public and private sectors. At its core, this shift changes the nature of digital data. Credential wallets provide cryptographically sealed attributes that are directly bound to a person and issued by trusted authorities. Instead of relying on self-declared information or uploaded documents, organizations receive verifiable data whose authenticity and integrity can be validated instantly. Trust is no longer recreated in every interaction — it becomes reusable and verifiable by design. Organizations will still collect the attributes needed for their processes and decisions. What fundamentally changes is the role of verification. Rather than being a manual, resource-intensive step, authenticity becomes a built-in property of the data itself — similar to how a digital signature can be validated automatically. Verification moves from an operational burden to a technical foundation that enables immediate, confident decision-making.
A simple example makes this tangible. Today, onboarding a new customer often means collecting documents, checking their authenticity, and storing evidence for audits. With credential wallets, the process shifts. A customer presents a verified identity or age credential from their wallet. The organization still decides whether to onboard the customer — but it no longer needs to validate the authenticity of the data itself, it can be directly archived. Just like a signed PDF can be verified in seconds, the credential can be validated instantly, including its issuer and integrity. What used to be a verification workflow becomes a automated verification check.
For organizations, this shift represents a fundamental upgrade in how digital trust is established. Onboarding processes become faster and more user-friendly, compliance checks more reliable, and cross-border services more scalable. Whether confirming identity, age eligibility, or professional qualifications, credential wallets enable a model where trust is reused instead of rebuilt in every interaction.
Yet behind this seemingly simple promise lies a new level of complexity. Wallet ecosystems introduce new roles, standards, and trust dependencies that go far beyond traditional digital identity systems. Companies must navigate evolving regulatory frameworks, technical interoperability requirements, and new liability models while rethinking how trust is integrated into their digital journeys.
This paper aims to untangle that complexity. It explains how credential wallet ecosystems work, where they create tangible business value, and how organizations can adopt them pragmatically — without getting lost in standards, certifications, or infrastructure decisions. The goal is not to turn every company into a wallet expert, but to provide a clear path toward leveraging digital credentials as a competitive and operational advantage.
Interdependencies within the trust diamond
The apparent simplicity of credential wallets hides a deeper structural shift. Accepting wallet-based credentials is not just a technical integration — it places organizations inside a broader trust ecosystem. Once a company participates in the ecosystem, it assumes new responsibilities that go beyond APIs and user journeys. Trust is no longer created unilaterally but emerges from shared roles, assurance models, and interdependent actors.
This introduces a new category of organizational obligations. Companies must understand which credentials they are allowed to rely on, under what assurance levels, and with which liability implications. They need governance models for trust decisions, auditability of verification processes, and clarity on regulatory expectations. In other words, wallet adoption brings not only technical requirements but also due diligence obligations.
Build or buy?
Crucially, trust in wallet ecosystems is not guaranteed by technology alone. Cryptography ensures integrity, but real-world trust is established through audits, certifications, operational controls, and adherence to recognized trust frameworks. Assurance is created through a combination of technical validation and institutional credibility.
For this reason, many organizations will rely on qualified trust service providers (QTSPs) or similar certified partners. Such providers combine technical expertise in wallet interoperability and credential validation with the organizational maturity required for operating within regulated trust frameworks. By leveraging established trust providers, companies can participate in wallet ecosystems without having to build and maintain the full stack of certifications, controls, and regulatory interpretations themselves. Attempting to build these capabilities in-house effectively means taking on the role of a trust provider. In regulated environments, this can amount to becoming a de facto QTSP — including certification processes, recurring audits, liability exposure, and ongoing compliance operations. This represents a significant long-term commitment in terms of investment and organizational complexity.
At the current stage of market maturity, this path is rarely justified for most organizations. Credential wallet ecosystems are still evolving, and standards, adoption levels, and regulatory interpretations continue to develop. For many companies, partnering with established trust providers offers a more pragmatic entry point: it allows them to capture early value and build experience while retaining strategic flexibility as the ecosystem matures.
Swisscom’s approach: A modular toolset to meet every challenge
Wallet adoption is not a single capability but a transformation that spans strategy, technology, governance, and compliance. Rather than offering isolated products, Swisscom follows an end-to-end enablement approach that supports organizations across the full adoption journey — from initial evaluation to operational scale.
The journey starts with strategic clarity. Through a structured Wallet Readiness Workshop, Swisscom analyzes existing customer journeys and business processes to identify where wallet-based trust creates real value. The focus goes beyond compliance: Which use cases generate measurable ROI? Where do reusable credentials improve conversion, automation, or fraud resilience? The outcome is a tailored roadmap that prioritizes high-impact adoption paths.
Participation in wallet ecosystems also requires organizational readiness. Swisscom supports this through an organizational identity and onboarding capability that helps companies manage their presence in trust ecosystems. This includes handling ecosystem requirements, managing lifecycle changes, and maintaining audit-relevant documentation as standards evolve.
To ensure trusted operation, Swisscom enables process-level compliance readiness. Individual use cases are assessed to define the required controls, assurance levels, and reporting structures. This ensures wallet-based interactions are not only technically functional but also regulatorily defensible and audit-ready.
To support gradual adoption, Swisscom also enables trusted verification without requiring fully wallet-native journeys. With its discrete validation capabilities, organizations can perform high-assurance verification checks — for example on signed documents — without exchanging raw files. This allows companies to automate verification-driven processes today while preparing for future wallet-native interactions.
Finally, as a qualified trust service provider (QTSP), Swisscom enables legally binding electronic signatures within wallet-based flows. This includes one-shot signature capabilities that allow users to sign with high assurance without prior onboarding, making trusted signatures immediately accessible to partners, relying parties, and wallet ecosystems.
- Wallet Readiness Workshop: Structured assessment to identify high-value use cases, evaluate ROI, and define a pragmatic wallet adoption roadmap
- Wallet Interaction Layer: Abstraction layer for reading and verifying wallet credentials, shielding process owners from standards and interoperability complexity.
- Organizational Identity & Ecosystem Onboarding: Support for managing presence in trust ecosystems, including governance requirements, lifecycle changes, and audit documentation.
- Process-Level Compliance Enablement: Definition of assurance levels, controls, and reporting structures to ensure regulatorily defensible wallet usage.
- Discrete Validation Capabilities: Trusted verification of signed data without sharing raw documents, enabling automation today and preparing processes for wallet-native flows.
- QTSP Signature Enablement: High-assurance electronic signatures, including one-shot signing, directly embedded into wallet-based journeys.
By using these services – individually or as a bundle – companies ensure that all legal requirements are fulfilled and technical standards are met. Swisscom Trust Services is certified and regularly audited under both the EU and Swiss e-IDAS and Zertes digital signature laws. Thus, by outsourcing regulatory and technical complexity, organizations can benefit from the wallets without losing time, money, or even their minds seeking to comply with the underlying infrastructure.
Want to learn more on how you can ramp up your wallet project faster?
Have a look at our new white paper here.
.svg)
.svg)
