EUDI Wallet vs. Traditional KYC: A Developer's Comparison

Built with OpenEUDI — open source (MIT), live on npm. https://github.com/openeudi · npm: @openeudi/core and @openeudi/openid4vp Originally published on eidas-pro.com. You need to verify user identity in your application. Traditionally, that meant integrating a KYC provider — uploading documents, waiting for manual review, handling edge cases. With EUDI Wallets launching in December 2026, there's a new option. This comparison is written for developers who need to choose between — or migrate from — traditional KYC to EUDI Wallet verification. User uploads document → Your server → KYC API → Queue → AI/Manual review ↓ Result (minutes to days) ↓ Webhook to your server Your server generates QR → User scans with wallet → Wallet authenticates ↓ Cryptographic VP sent back ↓ Result (2-5 seconds) Aspect Traditional KYC EUDI Wallet (OpenEUDI) Verification time Minutes to 48 hours 2-5 seconds User effort Photo upload, selfie, manual entry Scan QR, tap approve Data you receive Full document images, extracted PII Only requested attributes (e.g., age_over_18) Data you store Required to store for compliance No PII storage needed API complexity REST + webhooks + polling REST + SSE (real-time) SDK cost Paid (per verification) Free (OpenEUDI is MIT) Production cost Per-verification pricing Managed service from EUR 49/mo Cryptographic verification You trust the KYC provider You verify the issuer's signature yourself Cross-border Provider-dependent All 27 EU member states Regulatory basis Provider-specific compliance EU Regulation 2024/1183 GDPR burden High (you store PII) Low (no PII retention) Offline capability No Yes (proximity/NFC flow) // 1. Create verification session const session = await kycProvider.createSession({ type: 'identity', country: 'DE', documentTypes: ['passport', 'id_card'], redirectUrl: 'https://yoursite.com/callback', }); // 2. Redirect user to provider's hosted page redirect(session.url); // 3. Handle webhook (async — could be minutes or hours later) app.post('/webhooks/kyc', async (req, res) => { const event = verifyWebhookSignature(req.body, secret); if (event.type === 'verification.completed') { const result = await kycProvider.getResult(event.verificationId); // You now have: full name, DOB, document images, selfie, address // All of this is PII that you must store, protect, and eventually delete await db.users.update({ kycStatus: result.status, kycData: encrypt(result.extractedData), // GDPR: encrypted PII storage kycDocuments: result.documentImages, // GDPR: document retention policy }); } res.sendStatus(200); }); Integration time: 3-5 days typical. Plus webhook infrastructure, error handling, retry logic, and document storage. import { createVerifier } from '@openeudi/core'; const verifier = createVerifier({ mode: 'demo' }); // 1. Create verification session app.post('/api/verify', async (req, res) => { const session = await verifier.createSession({ attributes: ['age_over_18'], }); res.json({ qrCode: session.qrCode, sessionId: session.sessionId }); }); // 2. SSE endpoint for real-time result (seconds, not hours) app.get('/api/verify/:id/events', (req, res) => { res.setHeader('Content-Type', 'text/event-stream'); const session = verifier.getSession(req.params.id); session.onVerified((result) => { // You receive: { ageOver18: true, sessionId: '...', verifiedAt: '...' } // No PII. No documents. No storage obligation. res.write(`data: ${JSON.stringify(result)}\n\n`); res.end(); }); }); Integration time: Hours, not days. No webhook infrastructure needed. No PII storage. No document handling. This is the biggest practical difference for developers. When a KYC provider sends you verification results, you typically receive: Full legal name Date of birth Document number Document images (front, back) Selfie image Address (sometimes) All of this is personal data under GDPR. You must: Encrypt it at rest and in transit Define and enforce retention policies Support data subject access requests (DSAR) Support right to erasure Maintain Records of Processing Activities (ROPA) Potentially conduct a DPIA With OpenEUDI, you request only what you need: // Age verification: you get a boolean, not a birth date { attributes: ['age_over_18'] } // Result: { ageOver18: true } // Country compliance is handled by your merchant whitelist/blacklist // configuration — not by requesting data from the user No document images. No full names (unless you specifically request them). No storage obligation for the verification result beyond your own audit needs. The privacy architecture is enforced at the protocol level — the wallet shows the user exactly what's being shared, and the user must approve. Use Case Recommendation Age verification at checkout EUDI Wallet — boolean result, no PII Full KYC for financial onboarding EUDI Wallet for EU citizens; traditional KYC as fallback for non-EU Document-level verification (notarized copies) Traditional KYC — EUDI Wallet doesn't provide document images Real-time in-person verification EUDI Wallet (proximity/NFC flow) High-volume automated checks EUDI Wallet — faster, cheaper at scale Non-EU customers Traditional KYC — EUDI Wallets are EU-only If you already have traditional KYC integrated, the migration path is: Add EUDI Wallet as a primary option — Install OpenEUDI alongside your existing KYC Detect EU users — Offer wallet verification to EU customers, traditional KYC to others Measure adoption — Track what percentage of EU users have and use wallets Gradually phase out — As wallet adoption grows, reduce reliance on traditional KYC for EU verifications The OpenEUDI SDK and traditional KYC providers can coexist in the same codebase. You're not replacing one with the other overnight. The OpenEUDI SDK is MIT-licensed and free (GitHub · npm). For production EUDI Wallet verification with managed WRPAC certificates, see eIDAS Pro's managed plans.