Brief on EUDI vs SEDI from Jori Lehtinen on 2026-02-12 (public-credentials@w3.org from February 2026)

From: Jori Lehtinen <lehtinenjori03@gmail.com>
Date: Thu, 12 Feb 2026 11:02:08 +0200
To: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Message-ID: <CAA6zkAtrtppEy5PdqhCMN1GsK4ApbinaJqkJzBPHMh5pkySgow@mail.gmail.com>
I was left somewhat confused by the conversation earlier and did some
research. I quickly noticed that the EU is making real efforts toward VCs
and DIDs, so I was wondering: what is the actual problem here?

I think part of it is that “EU work” is not one single thing. EBSI is
clearly doing DID/VC work, but the EUDI Wallet / eIDAS track seems to be
evolving somewhat separately, and the EUDI Wallet ARF does not appear to be
explicitly DID-centric today (there is an open discussion/request to
include DIDs). So technical alignment might happen over time, but the
disagreement on this list seems to be about more than just formats.

I think the philosophical difference that people react to is essentially
this:

SEDI says identity is separate from the state. The state only verifies or
endorses that identity as a trust anchor for something controlled by the
individual. That makes a lot of sense to me: the individual’s identity and
endorsements of that identity move with the individual, instead of residing
in the state.

EUDI, by contrast, keeps the identity more coupled to the state (via
state-recognized schemes / anchor credentials), instead of “only endorsing”
an identity controlled by the user. That may be because EUDI originally
grew out of making national eID systems interoperable at the EU level, and
those national eID systems often carry that power imbalance where the
individual’s identity depends on the state.

So the question is: is EUDI’s imbalanced model really necessary, and why?
And if it is not necessary, what is the model everyone could agree on, for
example, a DID controlled by the individual, as the subject for
state-issued Verifiable Credentials, where the state’s role is to issue
verifiable trust anchors for the entities that want state-backed
verification?

I hope this can clarify the current situation for everyone and result in a
productive conversation.

Anyways, here is the brief:
------------------------------

*Brief on EUDI vs SEDI*

*What they share (surface similarities)*

   -

   Wallet-based delivery
   -

   Support (at least in principle) for selective disclosure
   -

   Interest in cross-border / cross-domain interoperability

*What differs (and why it matters to people)*

   -

   *Root of identity / trust anchor*
   -

      *SEDI:* identity is inherent to the individual; the state
      endorses/attests.
      -

      *EUDI:* identity is primarily anchored in state-issued identity and
      regulated national schemes.

   This matters because it sets the power model: does the individual carry
   identity and get endorsements, or does the individual’s identity depend on
   a state-issued anchor?
   -

   *Anti-tracking / “phone home” risk*
   -

      *SEDI:* explicitly prohibits mechanisms that allow the state to
      monitor, surveil, or track identity presentations.
      -

      *EUDI:* privacy goals exist, but critics worry about structural
      “phone home” surfaces and gatekeeper risk.

   This matters because identity presentation is an obvious place to build
   silent telemetry if we don’t prevent it by design.
   -

   *Ecosystem control / platform capture risk*
   -

      *SEDI:* has stronger ecosystem duties (e.g., Duty of Loyalty).
      -

      *EUDI:* is a heavily regulated ecosystem (certification, trust lists,
      relying-party obligations), and some worry that mandatory OS/platform
      integration shifts gatekeeping power to platforms.

   Decentralized identity does not care whether resolution happens in OS
   code, application-layer code, or elsewhere, the concern is whether any
   layer becomes a mandatory gatekeeper.

*Interoperability framing*

   -

   Technical convergence (VC formats, crypto suites,
   presentation/verification protocols) can help a lot, but only if the
   governance model does not require weakening the stronger protections.
   -

   A possible convergence point: an individual-controlled identifier (e.g.,
   DID), with states issuing VCs as attestations (personhood, residency,
   etc.), without the wallet becoming a tracking or gatekeeper surface.

------------------------------

Regards,
Jori Lehtinen
Received on Thursday, 12 February 2026 09:02:28 UTC