Architecture Reference Framework (ARF)

The Architecture Reference Framework (ARF) is the master technical specification developed by the European Commission, in collaboration with Member States and technical experts, to guide the implementation of the European Digital Identity Wallet. Published and regularly updated as part of the eIDAS 2.0 toolbox process, the ARF defines the overall system architecture, component interactions, credential formats, communication protocols, security requirements, and trust model for the EUDIW ecosystem.

The ARF specifies that the wallet must support at least two credential formats: SD-JWT (Selective Disclosure JSON Web Token) for representing credentials as signed JSON structures with built-in selective disclosure, and mdoc (ISO 18013-5) originally developed for mobile driving licences but adapted as a general-purpose credential format. For presentation protocols, the ARF mandates support for OpenID for Verifiable Credentials (OpenID4VC), including OpenID4VP (Verifiable Presentations) for presenting credentials and OpenID4VCI (Verifiable Credential Issuance) for receiving them. The ARF also addresses wallet attestation mechanisms, specifically how a relying party can verify that a wallet application is genuine and certified, and key management requirements, including the use of secure elements or trusted execution environments on the user's device.

Security and privacy are core concerns: the ARF includes requirements for preventing relying party tracking, ensuring unlinkability of transactions where appropriate, and supporting pseudonymous authentication. For organisations building wallet solutions, developing relying party integrations, or issuing credentials, the ARF is the essential technical reference. It is a living document, updated through successive versions to reflect feedback from Large-Scale Pilots and ongoing standardisation work in bodies like ETSI, CEN, and ISO.