Built with OpenEUDI — open source (MIT), live on npm.
GitHub: https://github.com/openeudi · npm:@openeudi/coreand@openeudi/openid4vp
Originally published on eidas-pro.com.
The Developer's Dilemma
You need to verify user identity in your application. Traditionally, that meant integrating a KYC provider — uploading documents, waiting for manual review, handling edge cases. With EUDI Wallets launching in December 2026, there's a new option.
This comparison is written for developers who need to choose between — or migrate from — traditional KYC to EUDI Wallet verification.
Architecture Comparison
Traditional KYC Flow
User uploads document → Your server → KYC API → Queue → AI/Manual review
↓
Result (minutes to days)
↓
Webhook to your server
EUDI Wallet Flow
Your server generates QR → User scans with wallet → Wallet authenticates
↓
Cryptographic VP sent back
↓
Result (2-5 seconds)
Side-by-Side Comparison
| Aspect | Traditional KYC | EUDI Wallet (OpenEUDI) |
|---|---|---|
| Verification time | Minutes to 48 hours | 2-5 seconds |
| User effort | Photo upload, selfie, manual entry | Scan QR, tap approve |
| Data you receive | Full document images, extracted PII | Only requested attributes (e.g., age_over_18) |
| Data you store | Required to store for compliance | No PII storage needed |
| API complexity | REST + webhooks + polling | REST + SSE (real-time) |
| SDK cost | Paid (per verification) | Free (OpenEUDI is MIT) |
| Production cost | Per-verification pricing | Managed service from EUR 49/mo |
| Cryptographic verification | You trust the KYC provider | You verify the issuer's signature yourself |
| Cross-border | Provider-dependent | All 27 EU member states |
| Regulatory basis | Provider-specific compliance | EU Regulation 2024/1183 |
| GDPR burden | High (you store PII) | Low (no PII retention) |
| Offline capability | No | Yes (proximity/NFC flow) |
Integration Effort
Traditional KYC (Typical)
// 1. Create verification session
const session = await kycProvider.createSession({
type: 'identity',
country: 'DE',
documentTypes: ['passport', 'id_card'],
redirectUrl: 'https://yoursite.com/callback',
});
// 2. Redirect user to provider's hosted page
redirect(session.url);
// 3. Handle webhook (async — could be minutes or hours later)
app.post('/webhooks/kyc', async (req, res) => {
const event = verifyWebhookSignature(req.body, secret);
if (event.type === 'verification.completed') {
const result = await kycProvider.getResult(event.verificationId);
// You now have: full name, DOB, document images, selfie, address
// All of this is PII that you must store, protect, and eventually delete
await db.users.update({
kycStatus: result.status,
kycData: encrypt(result.extractedData), // GDPR: encrypted PII storage
kycDocuments: result.documentImages, // GDPR: document retention policy
});
}
res.sendStatus(200);
});
Integration time: 3-5 days typical. Plus webhook infrastructure, error handling, retry logic, and document storage.
EUDI Wallet (OpenEUDI SDK)
import { createVerifier } from '@openeudi/core';
const verifier = createVerifier({ mode: 'demo' });
// 1. Create verification session
app.post('/api/verify', async (req, res) => {
const session = await verifier.createSession({
attributes: ['age_over_18'],
});
res.json({ qrCode: session.qrCode, sessionId: session.sessionId });
});
// 2. SSE endpoint for real-time result (seconds, not hours)
app.get('/api/verify/:id/events', (req, res) => {
res.setHeader('Content-Type', 'text/event-stream');
const session = verifier.getSession(req.params.id);
session.onVerified((result) => {
// You receive: { ageOver18: true, sessionId: '...', verifiedAt: '...' }
// No PII. No documents. No storage obligation.
res.write(`data: ${JSON.stringify(result)}\n\n`);
res.end();
});
});
Integration time: Hours, not days. No webhook infrastructure needed. No PII storage. No document handling.
Data Handling: The GDPR Difference
This is the biggest practical difference for developers.
Traditional KYC — You're a Data Controller
When a KYC provider sends you verification results, you typically receive:
- Full legal name
- Date of birth
- Document number
- Document images (front, back)
- Selfie image
- Address (sometimes)
All of this is personal data under GDPR. You must:
- Encrypt it at rest and in transit
- Define and enforce retention policies
- Support data subject access requests (DSAR)
- Support right to erasure
- Maintain Records of Processing Activities (ROPA)
- Potentially conduct a DPIA
EUDI Wallet — Minimal Data by Design
With OpenEUDI, you request only what you need:
// Age verification: you get a boolean, not a birth date
{ attributes: ['age_over_18'] }
// Result: { ageOver18: true }
// Country compliance is handled by your merchant whitelist/blacklist
// configuration — not by requesting data from the user
No document images. No full names (unless you specifically request them). No storage obligation for the verification result beyond your own audit needs.
The privacy architecture is enforced at the protocol level — the wallet shows the user exactly what's being shared, and the user must approve.
When to Use Which
| Use Case | Recommendation |
|---|---|
| Age verification at checkout | EUDI Wallet — boolean result, no PII |
| Full KYC for financial onboarding | EUDI Wallet for EU citizens; traditional KYC as fallback for non-EU |
| Document-level verification (notarized copies) | Traditional KYC — EUDI Wallet doesn't provide document images |
| Real-time in-person verification | EUDI Wallet (proximity/NFC flow) |
| High-volume automated checks | EUDI Wallet — faster, cheaper at scale |
| Non-EU customers | Traditional KYC — EUDI Wallets are EU-only |
Migration Strategy
If you already have traditional KYC integrated, the migration path is:
- Add EUDI Wallet as a primary option — Install OpenEUDI alongside your existing KYC
- Detect EU users — Offer wallet verification to EU customers, traditional KYC to others
- Measure adoption — Track what percentage of EU users have and use wallets
- Gradually phase out — As wallet adoption grows, reduce reliance on traditional KYC for EU verifications
The OpenEUDI SDK and traditional KYC providers can coexist in the same codebase. You're not replacing one with the other overnight.
The OpenEUDI SDK is MIT-licensed and free (GitHub · npm). For production EUDI Wallet verification with managed WRPAC certificates, see eIDAS Pro's managed plans.
Top comments (0)