Supported Standards and Technologies
ETSI standards in this document link to the published version index. Select the latest version for current requirements. For the latest tracking of standards and technical specifications for the EUDI Wallet ecosystem, see EUDI Wallet Standards and Technical Specifications.
Issuing credentials
Credential formats
Issue all types of attestations in SD-JWT VC, ISO mdoc, and W3C VC formats.
Cryptographic detail
| Standard | Representation | Proof/signature types |
|---|---|---|
| IETF SD-JWT VC | SD-JWT |
|
| ISO/IEC 18013-5:2021 | mdoc | |
| W3C Data Integrity Proofs (embedded) | JSON-LD in Compacted Document Form | |
| W3C VC-JOSE-COSE (enveloping) |
|
ETSI coverage
Configure and issue SD-JWT VC attestations, including Qualified EAAs (QEAA) via qualified electronic seal using Sign8 (CSC API) · ETSI TS 119 472-1 · ETSI TS 119 472-3
Configure and issue ISO mdoc attestations, including Qualified EAAs (QEAA) via qualified electronic seal using Sign8 (CSC API) · ETSI TS 119 472-1 · ETSI TS 119 472-3
Configure attestations with embedded disclosure policies · ETSI TS 119 472-1 · ETSI TS 119 472-2
Issuance protocol
Use OpenID4VCI 1.0 to issue attestations.
ETSI coverage
Issue attestations via standard EUDI issuance interfaces · ETSI TS 119 472-1 · ETSI TS 119 472-3
Credential lifecycle and revocation
Manage issued credentials through suspension, revocation, and refresh. Supported revocation methods: Bitstring Status List v1.0, Token Status List, Certificate Revocation List.
ETSI coverage
Trigger lifecycle events (refresh) via standard EUDI protocols · ETSI TS 119 472-1 · ETSI TS 119 472-3
Create and manage status lists for revocation and suspension · ETSI TS 119 472-1
Trust infrastructure
Consume trusted lists to verify the authenticity of ecosystem participants during issuance.
ETSI coverage
Use Lists of Trusted Entities (LoTE) to verify trusted entities in the EUDI ecosystem · ETSI TS 119 602
Use EUDI Trusted Lists (TL) and Lists Of Trusted Lists (LOTL) to verify the authenticity of trust services · ETSI TS 119 612 · ETSI TS 119 615
Identifiers and signing keys
Sign issued credentials using X.509 certificates, raw keys, or DIDs (did:key, did:web, did:jwk, did:webvh). For QEAA issuance, qualified electronic seals are supported via Sign8 (CSC API).
Certificates may be issued by an external CA or by your own self-signed root CA created in Procivis One.
Supported key storage for signing:
- Azure Key Vault (HSM)
- Internal encrypted database
Verifying credentials
Credential formats
Request and verify all types of attestations in SD-JWT VC, ISO mdoc, and W3C VC formats.
Cryptographic detail
| Standard | Representation | Proof/signature types |
|---|---|---|
| IETF SD-JWT VC | SD-JWT |
|
| ISO/IEC 18013-5:2021 | mdoc | |
| W3C Data Integrity Proofs (embedded) | JSON-LD in Compacted Document Form | |
| W3C VC-JOSE-COSE (enveloping) |
|
Backwards compatibility: Procivis One supports verification of proofs using VCDM 1.1.
ETSI coverage
Request and verify SD-JWT VC attestations · ETSI TS 119 472-1 · ETSI TS 119 472-2
Request and verify ISO mdoc attestations · ETSI TS 119 472-1 · ETSI TS 119 472-2
Verification protocols
Request credential presentations online or in proximity.
Supported protocols
Remote (can be done from anywhere)
- OpenID4VP v1.0 and Draft 20
- ISO/IEC 18013-7 Annex B (online retrieval via OID4VP)
Proximity (requires physical presence)
- ISO/IEC 18013-5: NFC or QR code device engagement, BLE data retrieval
- OpenID4VP over BLE
- OpenID4VP over MQTT (proprietary adaptation of OID4VP over BLE)
ETSI coverage
Request and verify attestations via standard EUDI presentation interfaces · ETSI TS 119 472-1 · ETSI TS 119 472-2
Request and verify ISO mdoc attestations in proximity verification use cases · ETSI TS 119 472-2
Access and Registration Certificates
Present Access and Registration Certificates to wallets during the authentication process.
ETSI coverage
Trust infrastructure
Consume trusted lists to verify the authenticity of ecosystem participants during verification.
ETSI coverage
Use Lists of Trusted Entities (LoTE) to verify trusted entities in the EUDI ecosystem · ETSI TS 119 602
Use EUDI Trusted Lists (TL) and Lists of Trusted Lists (LOTL) to verify the authenticity of trust services · ETSI TS 119 612 · ETSI TS 119 615
Identifiers and signing keys
Sign requests using X.509 certificates, raw keys, or DIDs (did:key, did:web, did:jwk, did:webvh).
Certificates may be issued by an external CA or by your own self-signed root CA created in Procivis One.
Supported key storage:
- Azure Key Vault (HSM)
- Internal encrypted database
Wallets
Procivis One provides:
- Wallet SDK for building EUDI-compliant wallet applications on iOS, Android, and React Native
- Wallet Provider backend for managing wallet units including unit attestations and user communications
- Server-based EUDI Business Wallet with multi-tenancy and OpenID Connect integration
Credential formats
Receive and hold attestations in SD-JWT VC, ISO mdoc, and W3C VC formats.
Cryptographic detail
| Standard | Representation | Proof/signature types |
|---|---|---|
| IETF SD-JWT VC | SD-JWT |
|
| ISO/IEC 18013-5:2021 | mdoc | |
| W3C Data Integrity Proofs (embedded) | JSON-LD in Compacted Document Form | |
| W3C VC-JOSE-COSE (enveloping) |
|
ETSI coverage
Receive and hold SD-JWT VC attestations · ETSI TS 119 472-1 · ETSI TS 119 472-3
Receive and hold ISO mdoc attestations · ETSI TS 119 472-1 · ETSI TS 119 472-3
Issuance and presentation protocols
Receive attestations via OpenID4VCI 1.0. Present attestations online or in proximity.
Supported presentation protocols
Remote (can be done from anywhere)
- OpenID4VP v1.0 and Draft 20
- ISO/IEC 18013-7 Annex B (online retrieval via OpenID4VP)
Proximity (requires physical presence)
- ISO/IEC 18013-5: NFC or QR code device engagement, BLE data retrieval
- OpenID4VP over BLE
- OpenID4VP over MQTT (proprietary adaptation of OID4VP over BLE)
ETSI coverage
Receive attestations via standard EUDI issuance interfaces · ETSI TS 119 472-1 · ETSI TS 119 472-3
Present SD-JWT VC attestations online · ETSI TS 119 472-1 · ETSI TS 119 472-2
Present ISO mdoc attestations online and in proximity · ETSI TS 119 472-1 · ETSI TS 119 472-2
Access and Registration Certificates
Verify and validate RP Access and Registration Certificates, including from published registration information.
ETSI coverage
Disclosure policies
Process and enforce embedded disclosure policies, including verification of relying party entitlements against issuer-defined policies.
ETSI coverage
Process embedded disclosure policies · ETSI TS 119 472-1 · ETSI TS 119 472-2 · ETSI TS 119 472-3
Verify WRP entitlements against issuer policies · ETSI TS 119 472-3 · ETSI TS 119 475
Wallet Unit Attestation (WUA/WIA)
Present Wallet Unit Attestations (WUA) and Wallet Instance Attestations (WIA) as proof in credential requests, including instance attestation and key attestation.
ETSI coverage
Support WUA and WIA in credential requests · ETSI TS 119 472-3
Attestation lifecycle
Automatic refresh of attestations held in the wallet.
ETSI coverage
Configurable refresh of held attestations · ETSI TS 119 472-1
Qualified Electronic Signatures
Sign documents using an external QES service via wallet-driven PAdES signatures on PDF documents held on the device.
ETSI coverage
Wallet-driven PAdES signatures · ETSI EN 319 142-1
Trust infrastructure
Subscribe to trusted lists to verify the authenticity of ecosystem participants.
ETSI coverage
Use Lists of Trusted Entities (LoTE) to verify trusted entities in the EUDI ecosystem · ETSI TS 119 602
Use EUDI Trusted Lists (TL) and Lists of Trusted Lists (LOTL) to verify the authenticity of trust services · ETSI TS 119 612 · ETSI TS 119 615
Identifiers and signing keys
The SDK automatically selects an appropriate key storage layer and generates required key pairs based on issuer requirements. Storage priority and key algorithm selection are configurable, and manual override is supported. DID creation is also supported where needed.
Supported DID methods: did:key, did:web, did:jwk, did:webvh.
Supported key storage:
- Secure Enclave (iOS) and Android Keystore (TEE or Strongbox)
- Remote Secure Element (iOS and Android) using Ubiqu
- Internal encrypted database
Wallet Provider
Manage wallet units and Wallet Unit Attestations (WUA) via management APIs. App integrity verification is performed during unit registration using platform-native mechanisms (Secure Enclave on iOS, Android Keystore on Android).
Business Wallet
Procivis One supports business wallet use cases within the EUDI ecosystem, combining wallet and issuance capabilities in a single unit. ETSI standards coverage will be added as specifications are finalized.
Wallet-Relying Party Registration and Certificate Issuance
Register wallet-relying parties (WRPs), publish registration information via public APIs, and issue Access and Registration Certificates.
ETSI coverage
Register WRPs and publish registration information · ETSI TS 119 475
Issue Access and Registration Certificates to relying parties · ETSI TS 119 475 · ETSI TS 119 411-8
Commission Implementing Regulation (EU) 2025/848 · CIR (EU) 2025/848
Trust Management
Publish Lists of Trusted Entities (LoTE) for consumption by issuers, wallets, and verifiers in the EUDI ecosystem.
ETSI coverage
Publish and manage LoTE · ETSI TS 119 602