1. Start with a smaller ecosystem
    1. Many successful approaches to identity control the level of complexity by limiting the initial size of the ecosystem of services and identity providers. Start with an easier user journey to build scale, and add as you learn. Identity verification and authentication are separate concepts, and many services have successfully controlled complexity by offering a strong digital credential first, adding identity verification as an additional service later.
    2.  The Australian government, for example, controlled the growth in complexity by choosing to solve the problems within government first, and build success there, before attempting to involve the private sector. For example, The Scottish government prioritizes maximizing user data reuse across public sector services, prioritizing success in this ecosystem over private sector opportunities, and reducing identity verification.
  2. Work on both the supply and demand side
    1. Successful programs design for the needs of users first, then for organizational convenience. However, with identity spanning multiple services, the only way of ensuring a good user experience is for identity programs to work closely with the teams providing those services to understand their needs. This can encompass making it as easy as possible to technically integrate with your service, by using open standards, clear documentation, sandboxes and examples in the open. Also by making it bureaucratically simple to get started by eliminating procurement and setup. Finally working with service teams to help them understand how and when identity is best integrated into each user journey, for example by sharing and pooling user research.
  3. Build community
    1. This is no substitute for direct research with users to understand their needs, but successful approaches often involve intense work to build consensus with stakeholders on problem solving, or getting closer to groups of users and experts. This can be in the form of engagement with privacy stakeholders and industry associations. A common approach is to use the generation of a trust framework as a focus for conversation and agreement, and as a means to bring people in and understand their concerns and needs. Focusing stakeholder attention at the level of a trust framework allows you to discuss and agree what is important, agnostic of technology or vendor.
  4. Make sure you can learn and iterate rapidly
    1. It’s important to put yourself in the position where you can test your riskiest assumption with users as early as possible. This means that you may need to organize your program so that the aspects you are least certain about, are in a position where you are most easily able to learn and change. Successful programs keep development of the parts of their service they are least certain about close, putting them in the hands of teams they are sure are able to learn and adapt quickly. [1]


Ideas for Mitigation of Risks associated with EUDI Wallet

  1. Rely on base standards → Build on widely accepted specs (W3C Verifiable Credentials, DIDs, OIDC4VC, ISO 18013-5) that will remain compatible with EUDI.

  2. Focus on domain use cases → Implement specific education & research needs (e.g. attributes, group/role management, research federation scenarios) as identified by projects like DC4EU and FIM4R.

  3. Use modular architecture → Separate a standards-compliant core from domain-specific modules, so you can adapt to future EUDI requirements without full redesign.

  4. Engage with EU initiatives → Follow deliverables, drafts, and outputs from projects (DC4EU, eduGAIN, EUDI working groups) to stay aligned.

  5. Prepare a bridge layer → Design a conversion/translation mechanism so your wallet’s credentials can be mapped to future EUDI formats if differences appear.


References:

[1] How to control your biggest risks in digital identity — Public Digital