Skip to main content
Real CaseUse Case

PID Provider

Under eIDAS 2.0, every EU citizen gets the right to a European Digital Identity Wallet — and every wallet needs a Person Identification Data (PID) credential at its core. Together with IN Groupe (via ID&D) and a Qualified Trust Service Provider, Credenco is piloting in-person PID issuance for Gemeente Rotterdam: citizens walk up to the municipal desk, present their passport on an OSIA-compliant enrollment station, scan a QR with their Personal Wallet, and walk away with a verifiable PID. From that moment on, they can identify themselves online and in person without ever again handing over a copy of their passport.

The Challenge

Dutch citizens still prove who they are by handing over a passport copy or by logging in with DigiD. Neither approach survives contact with the European Digital Identity Wallet that arrives in 2026. The wallet needs a PID — a Person Identification Data credential — issued by an authoritative source at a high level of assurance.

  • DigiD is a login, not a portable identity credential — it cannot live inside a wallet.
  • Passport copies are insecure, non-revocable and easy to forge.
  • There is no Dutch PID source today that is both EUDI-compliant and issued at assurance level "high".
  • Existing issuing processes at municipalities are paper- and back-office-driven, not wallet-native.

Rotterdam wanted a proof point: can a municipality, at its own desk, issue a standards-conformant PID straight into a citizen's wallet — in minutes, with the same face-to-face assurance that a passport renewal already has?

The Solution

The MVP PID Provider combines an IN Groupe enrollment station at the municipal desk with Credenco's Issuer Portal and Business Wallet infrastructure. One citizen, one visit, one credential.

1. Enrollment at the desk. The citizen presents their Dutch passport or identity card on an IN Groupe OSIA-compliant enrollment station. The chip is read, the document is validated, biometrics are captured where required, and the resulting verified identity attributes are sent to the IN Groupe Identity Gateway.

2. PID issuance to the wallet. The Identity Gateway forwards the verified attributes to Credenco's Demo PID Issuer Portal. The portal generates a PID credential against the EWC PID Rulebook and ARF 2.1, displays a QR code, and the citizen scans it with their Personal Wallet. The credential is delivered over OpenID4VCI and stored locally on the citizen's device.

3. Self-identification, everywhere. From that moment on, the citizen presents the PID — or selective disclosures of it — to any relying party: government portals, banks, notaries, healthcare providers, age-restricted services. Verification happens over OpenID4VP against trusted issuers registered on EBSI.

The entire flow is built on open standards (W3C VC, OID4VCI, OID4VP, DIIP v5, ETSI TS 119 472/471/475) so the resulting PID is interoperable with any EUDI-compliant wallet from day one.

Credenco's Role

Credenco delivers the wallet and issuance stack on top of which Rotterdam's MVP PID Provider runs. Scope:

  • Organization Wallet for Gemeente Rotterdam, with DID management (did:web, did:ebsi), key management and Linked Verifiable Presentations.
  • Demo PID Issuer Portal — a dedicated issuance portal integrated with the IN Groupe Identity Gateway, producing PID credentials against the EWC PID Rulebook.
  • Personal Wallet for citizens, capable of receiving and presenting the PID over OID4VCI / OID4VP.
  • PID credential template — schema, signing profile and trust-framework configuration aligned with ARF 2.1 and eIDAS 2.0.
  • Standards alignment — DIIP v5, ETSI TS 119 472-1/471/475, so the PID interoperates with other EUDI-ready wallets across Europe.
  • FIDES ecosystem integration — the PID Issuer Portal plugs into the FIDES Credential Catalog, making the credential discoverable to other issuers and verifiers.

At a glance

Sector

Public · Identity

Initiative

MVP PID Provider — municipal desk issuance

End client

Gemeente Rotterdam

Consortium

Credenco · IN Groupe (ID&D) · Digidentity · Cleverbase

Standards

EWC PID Rulebook · ARF 2.1 · DIIP v5 · eIDAS 2.0

How PID issuance works

Three steps at the municipal desk — identity verified in person, credential delivered straight into the citizen's wallet.

1. Enrol

Passport read on enrollment station

The citizen presents their passport or ID card on the IN Groupe OSIA-compliant station. The chip is read, the document authenticated, and verified attributes are sent to the Identity Gateway.

2. Authorize

Scan QR with Personal Wallet

The Demo PID Issuer Portal generates a PID credential and displays a QR code. The citizen scans it with their Personal Wallet and consents to the issuance over OpenID4VCI.

3. Identify

PID lives in the wallet

From then on, the PID is used to self-identify — online and in person — via OpenID4VP. Relying parties verify it against trusted issuers registered on EBSI.

What's on a PID credential

PID attributes follow the EWC PID Rulebook and the EU Architecture Reference Framework. Each field is issued, signed and selectively disclosable.

Issued by Gemeente Rotterdam

Given name & family name

Issued by Gemeente Rotterdam

Date & place of birth

Issued by Gemeente Rotterdam

BSN (citizen service number)

Issued by Gemeente Rotterdam

Nationality

Issued by Gemeente Rotterdam

Document number & expiry

Issued by Gemeente Rotterdam

Portrait (optional, per EWC rulebook)

The consortium

A tightly integrated consortium, with each partner owning a specific layer of the PID stack.

Gemeente Rotterdam logo

End client & issuing authority

Gemeente Rotterdam

IN Groupe (ID&D) logo

Enrollment station & Identity Gateway

IN Groupe (ID&D)

Digidentity logo

Qualified Trust Service Provider (QTSP)

Digidentity

Cleverbase logo

Qualified Trust Service Provider (QTSP)

Cleverbase

Credenco logo

Business Wallet, Issuer Portal & PID credential template

Credenco

Impact

What changes when the PID is no longer a login, but a credential the citizen carries.

Your identity, in your wallet

Once issued, the PID lives inside the citizen's Personal Wallet. From then on, every login, every form, every age-check uses the same cryptographically signed credential — no more passport photocopies, no more scans by email.

EUDI-ready from day one

The PID credential is issued against the EWC PID Rulebook and the EU Architecture Reference Framework (ARF 2.1), so it works across the European Digital Identity Wallet ecosystem as member states switch on in 2026.

In-person assurance, digital convenience

High assurance is achieved the way it always has been — face-to-face at a municipal desk with a chip-enabled passport. What is new is that the proof of that moment travels with the citizen, digitally, for years.

Foundation for every other credential

PID is the root credential for the wallet. With it in place, Rotterdam — and any other issuer — can layer diplomas, licences, benefits and residence credentials on top, each one bound to the same verified person.

Future Outlook

Rotterdam's MVP is the first step toward nationwide, municipality-issued PIDs. As the European Digital Identity Wallet rolls out across member states in 2026 and beyond, every Dutch citizen will be able to obtain a PID at their local desk and use it — cross-border, cross-sector — with any EUDI-compliant relying party. On top of that foundation, Rotterdam (and every other issuer) can layer residence credentials, parking permits, benefits, diplomas and licences, each bound to the same verified person.