Criipto Connect 2024: Key Takeaways and Highlights

What are the next steps for digital wallets in Europe? On November 13th, 2024, we hosted our live conference, Criipto Connect, at Bremen Teater in Copenhagen, trying to answer that question.

The main topic was "A Nordic Perspective on Digital Wallets” where we invited European identity experts to share their insights on eIDAS 2.0 and the future of national wallets. We also demoed our own web wallet for the first time, focusing on a simpler and safer identity verification experience.

Read more about the key takeaways and what the speakers had to say.

Key takeaways

• Government and the financial sector plays a pivotal rule in fostering trust and ensuring digital inclusion - this means that our support of eIDAS 2.0 is increasingly important
• Phishing is a tool in a bigger hybrid conflict and in a huge emerging cybercrime arena. We need to build for resilience - from phishing resistant eIDs to a hybrid, local defense in society
• There will always be a difficult balance between usability and security - friction can be necessary and users prefer ease of use and low barriers
• The hybrid public-private model Germany has chosen for developing its national EUDI wallets is both innovative and forward-thinking. Will other countries follow its lead?

Below, you can read about our product launch and each speaker’s talk in detail.

Product launch: Phishing resistant web wallet

How do we create wallets that successfully protect users from phishing?

eIDs still remain vulnerable to phishing, which poses a significant threat, especially since regulations against phishing are still lacking.

Niels Flensted-Jensen gave the first demo of our own web wallet. The wallet leverages MitID’s security, but allows users to verify their identity without needing to use MitID every time.

Through passkeys, we create both a simpler and a safer login experience through biometrics on the user’s phone. While this doesn’t solve all phishing issues, it’s a strong step toward creating safer user experiences.

For businesses requiring frequent logins, this approach reduces dependency on MitID, delivering a smooth and secure two-factor authentication experience.

Flensted-Jensens demo was short and to the point - you can see more details here >

Øyvind Westby Brekke: The future market for eIDs in Europe

We invited the CEO of BankID BankAxept, Øyvind Westby Brekke, to share his perspective on the evolving market for electronic identities (eID) in Europe. Øyvind spoke from a Norwegian perspective about the balance between digital inclusion and exclusion, as well as the role that regulation plays in fostering trust.

He outlined Norway’s achievements with digital inclusion, where tools like BankID have enabled access to over 16,000 public and private services, driving efficiency and ensuring accessibility. However, Brekke highlighted the significant challenge of exclusion for individuals without access to BankID, which limits their ability to use specific services like Vipps.

From a Scandinavian perspective, Brekke emphasized the role of trust in banks and governments as a foundation for success in the high adoption of eIDs. He posed the challenge of replicating this trust across Europe, where both the attitudes towards digitalization and the maturity of eID schemes may differ. New European regulations, such as eIDAS 2.0, aim to address this challenge by creating a unified framework for trust and usability.

Key Takeaways:

1. The double-edged sword of eID adoption: While eIDs like BankID have enabled access and efficiency, they also highlight risks of exclusion for certain groups, necessitating solutions for inclusivity.
   
   
2. Successful eID adoption in Scandinavia: The trust between banks, governments, and citizens in Norway, Sweden, and Denmark provides a valuable example for other European countries.
   
   
3. The role of regulation in building trust: Initiatives like eIDAS 2.0 are crucial in creating a trusted digital identity framework across Europe.

Mikkel Storm Jensen: Phishing, hybrid threats, and strategic context

Mikkel Storm Jensen is a Military Analyst at the Institute for Strategy and War Studies, where he researches cyber conflict and strategy, including the use of the cyber domain in interstate conflict and competition at a strategic level. Furthermore, he focuses on the state's role in ensuring that society has sufficient resilience against cyber attacks and incidents.

Mikkel started by describing the strategic context of modern international relations, where traditional distinctions between peace and war are blurred. States frequently exploit gray zones, leveraging tactics like sabotage, propaganda, and cyberattacks to exert influence without triggering armed conflict. Hybrid threats create dilemmas and impose costs on adversaries while maintaining ambiguity to avoid direct confrontation.

He highlighted the rise of cyber threats, noting a 58% increase in phishing attacks in 2023, alongside significant risks from cybercrime, espionage, and activism. He pointed out that critical infrastructure, such as pipelines and railways, has become a prime target, as evidenced by recent attacks in Denmark and beyond. He also discussed best practices for building cyber resilience, emphasizing centralized oversight and the importance of adaptability in an ever-evolving threat landscape.

Key Takeaways:

1. Hybrid threats exploit ambiguity: States increasingly operate in gray zones between peace and war, using tactics like disinformation, sabotage, and cyberattacks to gain leverage without clear attribution or escalation to armed conflict.
   
   
2. Cyber resilience is critical but challenging: Building resilience requires constant adaptation to evolving threats, centralized oversight, and a balance between sufficient investment and practical limitations. The Danish approach, which decentralizes responsibilities, contrasts with Finland’s more centralized model, showing the complexities of implementing effective strategies.
   
   
3. Critical infrastructure is a key target: Cyberattacks on infrastructure, such as pipelines and railways, demonstrate how vulnerable sectors are exploited to create widespread disruption. Preparing for such attacks demands coordinated national strategies and readiness to respond swiftly.

Peter Gregersen: How do you convince Danes to accept Vipps when they love their MobilePay?

Peter Gregersen is the lead designer at Vipps MobilePay and managed the introduction of Vipps in MobilePay’s user experience and interface. 

Peter started off by sharing the behind-the-scenes story of the merger between Vipps and MobilePay, a process that required balancing user expectations, UX design, and security. He detailed the evolution of MobilePay, the challenges of merging two popular apps, and how the transition was managed in Denmark.

MobilePay has been a solid part of Danish digital payments since its launch in 2013, known for its neat design and simple user experience, which built trust with its users. However, the 2021 announcement that Vipps would acquire MobilePay marked a significant turning point, leading to a complete redesign in March 2024.

After the merger, the app adopted the Vipps interface, which came as a shock to many Danish users. To ease the transition, the team prioritized minimizing changes where possible and focused on promoting security improvements, even though higher security often means added friction. Despite careful planning, the new interface design was met with mixed reactions, as users have strong aversion to changes in familiar tools.

Gregersen concluded by sharing the company’s ongoing efforts to expand internationally, adapt to user feedback, and innovate with features like NFC payments and wishlists.

Key Takeaways:

1. UX evolution builds trust: MobilePay maintained a consistent design over the years, creating a strong connection with users. Major changes, like those after the merger with Vipps, highlight how trust can be disrupted when UX shifts too abruptly.
   
   
2. Balancing security and usability: Higher security features, such as limiting use to one device, can enhance safety but often come at the expense of user satisfaction.
   
   
3. Communication matters in transitions: The team anticipated user resistance and instead decided to focus on the security enhancements. Transparent communication about what changed helped manage expectations.

Torsten Lodderstedt: What are the opportunities and challenges of a national wallet in Germany?

Our fourth speaker of the day was Torsten Lodderstedt: a Digital Identity Architect who currently works for the German Federal Agency for Disruptive Innovation (SPRIN-D) as project lead & lead architect of Germany’s EU Digital Identity Wallet project. He also serves as technical advisor at the OpenWallet Foundation.

Torsten talked about the digital wallet work in Germany, focusing on the opportunities presents by the eIDAS 2.0 framework, the challenges posed by the nation’s complex political structure and historical background, and how the country is positioning itself within the broader European effort to establish interoperable, secure, and user-friendly digital identity for everyone.

Digital wallets in the country are already in broad use, but the field is dominated by large platform providers, such as Apple and Google. This leaves the government with limited control over use cases and data privacy, while restricting the choices for citizens. The German Digital Identity Wallet project featuring open architecture, extensive consultation process and a competition to develop prototypes for future German EUDI wallets was launched to address these challenges. 

German government decided in favor of a hybrid model for wallet providers, where the public and private sectors work side by side. The state is creating its own wallet to maintain control and be able to negotiate with major platform providers, while also fostering competition among private companies to drive innovation. The project puts emphasis on strong security (e.g. with encrypted PID data stored on the phone), while more advanced privacy-preserving features, such as zero-knowledge proofs, are being considered as long-term option. 

Germany’s EUDIW rollout, planned for 2026, represents a significant step toward a unified digital identity framework, with the goal of providing secure, privacy-focused, and interoperable wallets that meet societal needs and adapt to the complexities of the German political system.

Key Takeaways:

1. Balancing public and private roles: Germany’s hybrid model ensures the government retains control over critical risk management while encouraging private companies to innovate and compete in the digital wallet space.
   
   
2. Privacy and security at the forefront: By implementing encryption, cloud-based hardware security modules (HSM), and privacy-preserving features, Germany is prioritizing both user privacy and compliance with a high Level of Assurance (LoA).
   
   
3. Interoperability and user choice are key: The EUDIW aims to enable a uniform feature set across wallets, ensuring users can select their preferred wallet without losing functionality or security.

Panel discussion: the National Adoption of eIDAS 2.0

The last topic of the day was a panel discussion, moderated by Niels Flensted-Jensen. The panel consisted of three identity experts to discuss the implications of eIDAS 2.0 and the European Union Digital Identity Wallet (EUDI Wallet). The speakers shared insights from their respective backgrounds and explored how the framework could address key challenges while fostering innovation and trust.

Before the discussion started, the participants got the chance to say a few words about the topic:

Anders Gjøen, Strategy and Business Development EUeID Trust Service, BankID BankAxept:

Anders highlighted his role in the EU Commission during the negotiation of eIDAS 2.0. He explained that eIDAS 1.0 was born from a digital and military crisis and focused on enabling cross-border public service access. However, it struggled with interoperability and adoption, as the notion of notified eID schemes did not fully work in practice. eIDAS 2.0 was introduced to address the limitations of its predecessor and create a unified European digital identity framework that balances national sovereignty, privacy, and security.

Torsten Lodderstedt, Lead Architect, German EUDI Wallet Project:

Torsten emphasized rapid adoption of simple solutions like COVID certificates during the pandemic, but pointed out their privacy shortcomings. He praised eIDAS 2.0 for its ambitious requirements but noted the difficulties of implementing privacy-preserving and secure solutions, particularly in areas like wallet lifecycle management and usability.

Michael Vognsen Nielsen, Manager, Netcompany:

Michael discussed the disparity in digital identity infrastructure across EU member states and expressed interest in how EUDI Wallets could enable sharing contextual data, such as insurance or salary information. He stressed the need to integrate EUDI into existing, mature infrastructure, especially in countries like Denmark.

Key takeaways from the panel discussion:

1. Balancing Privacy, Security, and Usability:
   While eIDAS 2.0 and the EUDI Wallet emphasize privacy-preserving measures, such as unlinkable data and high Levels of Assurance (LoA), panelists noted that these requirements must be balanced with usability to ensure adoption. Lessons from GDPR suggest that overly complex compliance could hinder smaller players, leaving big tech as dominant providers.
   
   
2. Public vs. Private Roles in Digital Identity:
   The panel explored the tension between public and private sector involvement. Anders and Torsten emphasized the need for public infrastructure to establish trust and sovereignty, while Michael and Niels acknowledged the value of private-sector innovation, such as use case-specific wallets (e.g., for e-prescriptions). A hybrid model was seen as essential for success.
   
   
3. Interoperability and Standardization:
   A recurring theme was the importance of clear standards and protocols to enable cross-border functionality. Anders stressed that a lack of well-defined standards could lead to inconsistent implementations, reducing trust and usability across the EU.
   
   
4. Business Models and Ecosystem Challenges:
   The panel agreed that current eID systems are transactional, but eIDAS 2.0 could enable new business models by supporting broader use cases like health and business data sharing. However, Torsten warned that limited involvement from ecosystem providers could slow adoption and prevent innovation.
   
   
5. Adoption and User Trust:
   Adoption remains a key concern, particularly in countries with less established digital identity infrastructure. Torsten pointed out that consultation processes, like those in Germany’s FUNKE project, are crucial for addressing user needs and fostering trust.

The discussion highlighted the potential of eIDAS 2.0 and the EUDI Wallet to transform digital identity across Europe. However, they also emphasized the challenges of ensuring privacy, usability, and widespread adoption. The panelists agreed that collaboration between public and private sectors, combined with a strong focus on user experience, will be vital for success.

The Criipto Connect feel

Want to learn more?

If you'd like to learn more about Criipto or have any questions, feel free to get in touch with us.

If you're interested in digital identity and want to stay updated on the latest news and upcoming events, subscribe to our newsletter by signing up with your email below.