Why do mobile operators need an EU Wallet verifier?

Under eIDAS 2.0 Article 5f, large private relying parties that are required by law or contract to use strong user authentication for online identification — explicitly including the telecommunications sector — must accept the EU Digital Identity Wallet. The practical compliance window is treated as 2027. Operators that wait until the deadline miss the integration runway with their CRM, BSS and activation systems.

What telecom workflows does it replace?

Document-upload KYC, in-store ID checks and third-party video-ID for prepaid SIM registration; manual ID checks for eSIM activation; passport scans for number portability requests; document chains for B2B SIM fleets and corporate-account changes.

Does this work with eSIM?

Yes. The verifier sits in front of activation. A customer scans a QR code, the wallet presents the requested attributes over OID4VP, the verifier returns the verified fields to your activation system, and only then is the eSIM profile or QR-code issued. Zero-touch remote onboarding with a high-assurance identity step in the middle.

Can the operator issue credentials too — not just verify?

That is a logical follow-on. Once an operator can verify wallets it can also issue wallet-readable credentials — for example a credential asserting that a given wallet holder controls a given phone number. CodeB's verifier substrate is built so an issuer module can be added alongside without a re-architecture.

Is the wallet verifier self-hosted?

Yes. The whole CodeB stack runs on a Windows + IIS server you control. No third-party identity cloud handles the wallet presentation. Audit trail and policy decisions stay on premises, which matters for sector regulators and GDPR scope.

For telecoms

EU Wallet verifier for SIM, eSIM and verified phone-number trust.

Mobile operators, MVNOs, eSIM brands and telecom retailers face a 2027 acceptance window for the EU Digital Identity Wallet. CodeB is a self-hosted verifier that drops into SIM registration, eSIM activation, number portability and B2B account workflows — without a national-identity-cloud middleman.

Talk to us Verifier API →

Why now. Under eIDAS 2.0 Article 5f, large private relying parties required by law or contract to use strong user authentication for online identification — explicitly including electronic communications — must accept the EU Wallet. Member States are expected to issue wallets by end-2026; the practical compliance window for telecoms is treated as 2027. Integration, CRM mapping and store-flow rework take months — not weeks.

01 / The telecom reality

Why identity is the new bottleneck.

KYC is fragmented & expensive

Prepaid SIM registration relies on a patchwork of in-store document checks, document uploads and third-party video-ID. Video-ID has high abandonment rates — and in 2026 is increasingly spoofable with generative AI (face-swap and voice-clone deepfakes on a webcam feed). Manual checks scale linearly with headcount.

SIM-swap fraud bleeds margin

Account takeover via SIM swap remains a leading channel for financial-account fraud. Operators carry reputation cost, regulator scrutiny and reimbursement disputes — even when the original ID check was technically valid.

eSIM amplifies the problem

Remote profile download removes the natural friction of a shop visit. Without a high-assurance identity step in the activation flow, you trade onboarding ease for fraud exposure.

27 wallets, not one

Each Member State issues variations of the wallet — different trust registries, PID schemas, local implementations. Maintaining 27 integrations in-house is a never-ending cost line.

02 / What CodeB adds

One verifier endpoint. Every compliant wallet.

Wallet verifier substrate

OID4VP 1.0 + HAIP — the same protocol the EU reference wallet implementation speaks. Selective disclosure via SD-JWT VC. Verifier-attestation JAR signed with ES256. The wallet talks to your server, not a vendor cloud.

OID4VP 1.0SD-JWT VCHAIP

SIM & eSIM activation hook

Pre-built attribute request profiles for prepaid, postpaid, eSIM, business SIM and number portability. Verified PID lands in your CRM/BSS via webhook before activation completes. Audit row stored locally.

PID over OID4VPWebhook to BSSAudit trail

MSISDN binding (roadmap)

Once the operator can verify wallets, it can also bind a verified MSISDN to a wallet identity — the foundation for future phone-number-as-credential issuance. Slot reserved in the verifier substrate; not yet a billable feature.

In developmentIssuer-ready

Retail + remote modes

In-store: shop assistant shows a QR on a tablet; the customer scans with their wallet; verified attributes flow to the till. Remote: same flow inside the operator app or web onboarding journey.

QR + deeplinkMobile-firstRetail tablet

03 / Worked example

An eSIM brand serving travellers across the EU.

A travel-eSIM operator offers prepaid data packs across 12 countries. Today, identity is collected via document upload + selfie video, processed by an external KYC vendor. Per-activation cost is high; conversion suffers on mobile; fraud catches a small but visible long-tail.

Customer picks a data pack on the operator's app, taps Verify with EU Wallet.
Wallet presents the requested attributes — given name, family name, date of birth, country of residence — with selective disclosure so nothing extra leaves the wallet.
The CodeB verifier validates the SD-JWT VC chain, returns the verified fields to the operator's activation backend.
Backend issues the eSIM profile QR within the same session. No document upload, no human review queue, no third-party KYC bill.
Audit row stored: which attributes were requested, which were returned, policy version, timestamp — nothing that wasn't strictly necessary.

Activation latency falls from minutes to seconds. Cost per activation drops. Fraud surface narrows. The carrier didn't change.

04 / Where it fits in your stack

Seven concrete telecom workflows.

Prepaid SIM registration

Replace document-upload or in-store ID checks with a wallet QR. Verified PID flows to your activation system. Compliance-grade audit trail without storing scanned passports.

eSIM onboarding

Add a high-assurance identity step to remote activation. Issue the eSIM profile only after the wallet presentation succeeds. Zero-touch end-to-end.

Number portability

Confirm the requestor is the rightful subscriber via wallet PID before initiating an outbound port. Cuts port-out fraud and reduces customer-care escalations.

SIM-swap re-authentication

Before swapping a SIM, re-verify the subscriber's PID through the wallet. Hard limit on social-engineered store-floor swaps.

Age-gated content

For operators acting as ISPs or content hubs, request a wallet attestation of "over 18" without collecting the actual birth date. Selective disclosure reduces GDPR scope.

Account-recovery

Wallet-as-recovery: a subscriber locked out of their account presents their wallet, receives a one-time password-reset link. No call-centre identity quiz.

05 / Why now — the compliance window

The 2026/2027 runway is short.

Late 2026

Member States are expected to issue wallets to citizens and residents. Real users start carrying the wallet on their phones. Pilot-only flows are no longer enough.

2027

Article 5f acceptance kicks in for large telecom service providers required by law or contract to use strong user authentication. Operators that haven't integrated by then face commercial & reputational exposure on top of regulatory exposure.

2028 onward

The market shifts from compliance to monetisation: phone-number trust credentials, wallet-mediated B2B identity, cross-border KYC reuse, anti-fraud APIs. Operators that integrated early own the customer experience.

Now — Q4 2026

The window where you pilot, integrate with your CRM/BSS and shake out the store flows. CodeB's verifier ships today; the issuer module is on the roadmap so you don't have to rip it out later.

06 / Deployment

Three paths — sized to the operator.

MVNO / eSIM brand

One server alongside your activation API. Lightweight tenant. No telco-grade HA required for pilot. Production after 4–6 weeks of integration.

Telecom retailer

Tablet at the till runs a thin shop-assistant UI; the verifier runs in the back office. Per-store rollout without changing the retail till stack.

Tier-1 operator

On-premises gateway behind your IAM. Tenants per brand, per country, per BSS region. Issuer module on the same substrate when MSISDN credentials go live.

Sovereign & local

Windows + IIS on your own hardware. No third-party identity cloud handles the presentation. Audit row, policy version and verified attributes stay on premises.

Telecom-grade pilot in weeks, not quarters.

Tell us about your activation flow, the wallet pilots you're already tracking, and the regulator you answer to. We'll map which pieces of CodeB you need to turn on first — and which can wait.

Get in touch →