Market

EU Age Verification App: Five Member States Broke Ranks in 48 Hours — What Merchants Should Plan For

On 29 April 2026 the Commission urged member states to deploy a white-label EU age-verification app integrated with EUDI Wallets. Within 48 hours Germany, Ireland, France, Poland, and Estonia signalled they would not. The fragmentation is now a Council process — and a merchant integration problem.

eIDAS Pro Team
May 8, 2026
10 min read

What happened in nine days

On 29 April 2026 the European Commission adopted a recommendation urging member states to deploy a white-label EU age-verification application by 31 December 2026, designed to integrate with EUDI Wallets and to be promoted alongside an EU age-verification scheme and a list of trusted providers. Within 48 hours, Politico-sourced reporting in Biometric Update had Germany, Ireland, France, Poland, and Estonia on record either declining to deploy the Commission app or pointing to nationally-developed alternatives. By 6 May the pushback was procedural: Council document 8985/26 — circulated in Brussels — formalised member-state concerns into the Council's working track. Greek Digital Minister Dimitris Papastergiou put it bluntly the same week: "There will be many wallets. It does not matter if there are two, three, five or ten apps."

If you are a merchant integrating identity verification at checkout, this is not a Brussels-process story. It is a roadmap input. The political fragmentation visible this week locks in a 2027 reality: many wallets, many national age-verification apps, no single EU integration target. Below is what the public record says, country by country, and what it changes for relying parties planning Article 5f flows.

The Commission's proposal in plain language

The 29 April recommendation has three components, and it is worth separating them because the member-state pushback is not against all three.

Component 1 — A white-label EU app. The Commission, working with a vendor consortium, has produced a downloadable age-verification app whose source can be re-skinned and redistributed by member states under their own branding. The app is meant to bridge the gap between the December 2026 EUDI Wallet availability deadline and the moment national wallets actually become a routine consumer product (which, on current evidence, is well into 2027 for most of the bloc). The recommendation asks member states to have this app deployed by 31 December 2026 — the same day the wallet deadline lands.

Component 2 — An EU age-verification scheme. Around the app, the Commission is sketching a scheme: certification rules, a list of trusted age-verification providers, and a privacy and security baseline that platforms covered by Article 5f(3) of eIDAS 2 — Very Large Online Platforms designated under the Digital Services Act — would use to satisfy their age-assurance obligations.

Component 3 — Wallet integration. The Commission's framing is that the app is a stepping stone, not a competitor: by 2027 the same age claims should be issued and presented through the EUDI Wallet's selective-disclosure mechanism, with the standalone app sunsetting as wallet uptake grows.

Most member-state pushback is against component 1. Components 2 and 3 — the scheme and the wallet path — are not where the political heat is. That distinction matters when you are reading press coverage that conflates them.

The 48-hour break

Within two days of the recommendation, the public record carried five member-state positions distinct enough to qualify as a break.

Germany — declining the Commission app, routing through the wallet. The German position, reported by Biometric Update, is that Germany will not roll out the Commission's app at all. Age verification will instead route through the German EUDI Wallet's selective-disclosure attribute when the wallet launches on 2 January 2027. For a merchant, this is the most important signal: Germany is not opting out of EU age-verification policy. It is opting out of the interim artefact while accelerating the wallet-native solution. If your verification stack runs through the wallet, Germany is the easier integration, not the harder one.

Ireland — preferring nationally-developed software. Ireland indicated it would prefer to build or procure age-verification software domestically. The published reporting frames this as a procurement and accountability preference, consistent with the open public consultation on age assurance Ireland has been running since early 2026 and which we covered in our Ireland age-assurance post. Ireland's track here is closer to a regulated-provider model than to a single state-issued app.

France — sovereign stack first. France's position aligns with its broader policy preference, also visible in the France Identité programme, for a sovereign French stack rather than EU-supplied tooling. The Commission's own EU Reporter coverage acknowledges that several member states will integrate the EU app into their wallet rather than deploy it as a standalone artefact; France is the clearest example of that path.

Poland — national alternative. Poland, which already operates the widely adopted mObywatel app, signalled a preference for nationally-developed age-verification software over a re-skinned EU artefact. The strategic logic is the same in Warsaw as in Paris: a state with an existing, popular national app is unlikely to deploy a parallel one on a Commission timeline.

Estonia — security flag. Estonia raised the loudest single objection. After the Commission's age-verification app demo in early 2026 was hacked within two minutes using a biometrics-bypass technique, and after a further post-launch vulnerability was reported in late April, Estonia's representatives flagged the timing of the recommendation as a "big red flag". Estonia's existing eID infrastructure (mobile-ID, Smart-ID, e-residency) is in many ways more mature than what the EU app currently offers, and the political appetite to deploy a less-secure parallel artefact is correspondingly low.

To these five, add Greece, where Minister Papastergiou's public position — many wallets, many apps, no single point of failure — is functionally a sixth dissent even though Greece has not formally declined to deploy. Finland and the Netherlands are both publicly described as hard maybes.

The Council process

Council document 8985/26, circulated in Brussels on 6 May 2026, is the procedural endpoint of that 48-hour story. It is the artefact that turns a press cycle into Council working-group business. For a merchant, the legal status of an 8985-series Council document is modest — it is a member-state position note, not a binding instrument — but the political signal is large. Once a critical mass of member states route their concerns through the Council, the Commission's December 2026 timeline becomes a target rather than a deadline, and any binding mandate to deploy the app drops off the realistic policy map.

The reading we would recommend for a relying-party integration roadmap is straightforward: assume the Commission's white-label app will be deployed by some member states (likely Spain, Italy, the smaller member states without sovereign alternatives, and possibly the Netherlands), and assume it will not be deployed in Germany, France, Poland, Estonia, or Ireland. Under that assumption, your integration target for age verification across the EU is not one app, and it is not even one app per country: it is the EUDI Wallet's age-attribute interface where wallets exist, and a per-country mix of national apps and regulated third-party providers where they do not.

What this changes for merchants

We have been describing a merchant/RP integration reality for months that some readers found pessimistic. The events of 29 April–6 May make it concrete. Three planning consequences follow.

Consequence 1 — Wallet-first is now the safer default

If your stack assumes "verify age via the EUDI Wallet's age-over-X attribute," you are now aligned with the German, French, Polish, and (eventually) Estonian and Greek positions, and broadly compatible with everyone else. If your stack assumes "verify age via the Commission's white-label app," you are aligned with a smaller and uncertain subset, and you carry the integration cost of the app itself plus the wallet path your customers will increasingly prefer.

This is not a case where waiting for clarity is cheap. The wallet-attribute integration is well-specified — the ETSI TS 119 475 standard governs the relying-party–wallet relationship and is stable enough to build against — and the work compounds. A relying party that ships a wallet-native age-verification flow in Q3 2026 can iterate on it for 18 months before VLOPs face binding Article 5f(3) acceptance obligations. A relying party that waits for app-versus-wallet clarity will start that work eight to twelve months later, against the same deadline.

Consequence 2 — Plan for at least three integration pathways

Under the post-29-April reality, the realistic merchant plan covers three distinct paths to an age claim, and the user's member state determines which one runs.

  • Wallet-attribute path. Where a national EUDI Wallet exists and supports age attestations (Italy now, Germany from 2 January 2027, France in the same window, the Nordics through 2027), the cleanest verification flow runs through the wallet itself.
  • National AV-app path. Where a national age-verification app is the political preference (Ireland, possibly Poland, possibly France for the cohort that does not yet have France Identité), the merchant integrates that app or accepts a regulated third-party provider that consumes it.
  • EU white-label app path. Where a member state actually deploys the Commission app (likely Spain, Italy in transition, the smaller states), the EU app produces the age claim.

This is three paths, not three apps. The good news is that the OpenID4VP and SD-JWT layers underneath the user-facing artefacts are increasingly common across all three. A merchant verifier that handles OpenID4VP presentations and validates SD-JWT credentials against a per-country trust list will, in practice, cover most of the surface area regardless of which front-end produced the claim. Build to the protocol abstraction; absorb the front-end variation as a per-country configuration.

Consequence 3 — Communication strategy needs an update

If your customer-facing copy says "verify your age with the EU's age verification app," your German users will, by 2 January 2027, be reading marketing for a product that does not exist on their phone. The right framing is wallet-first, with a plain-language fallback explaining that the user's national age-verification mechanism — wallet, app, or eID — is acceptable. We covered the underlying communications problem in our post on the 52% Bitkom awareness gap; the post-29-April reality makes "the EU app" a particularly bad piece of vocabulary to put in your funnel.

For German prospects specifically, it is worth being explicit: Germany declining the Commission app is not Germany pulling back from EU age-verification policy. It is Germany routing the same policy through the wallet rather than through a parallel artefact. The integration story for a merchant in Germany is, on balance, simpler than it was a week ago, not harder. We expand on that framing in a separate de-anxiety post on the German position.

What we are watching next

Three signals are worth tracking through Q2–Q3 2026.

Council document follow-up. Document 8985/26 is a position note. The next move is either a Commission revision of the recommendation or a formal Council conclusion adjusting the 31 December 2026 timeline. Either would be reported through the Council's public document register.

Trusted-provider list. The Commission's age-verification scheme depends on a list of certified providers. The publication of that list, and the criteria used to populate it, will determine whether the regulated-third-party model has real traction in Ireland, Poland, and the Nordics, or whether it remains a policy aspiration.

Bitkom and BMDS comms. Germany's wallet launch is on 2 January 2027. Whatever the German federal Ministry for Digital and State Modernisation publishes between now and Q4 2026 about age-verification flows on the wallet will be the most authoritative integration reference for the German market. Track Bitkom press releases and the BMDS digital-strategy page for the technical profile and timing.

Bottom line

Many wallets, many apps. The political fragmentation visible in the first week of May is not a temporary press cycle — it is the integration shape of European age verification through 2027. Merchants who treat the EUDI Wallet as the canonical surface and the per-country app variation as a configuration problem will ship in Q1 2027 with an integration that holds up against fifteen member states by year-end. Merchants who wait for a single EU app are waiting for an artefact that is not coming, and a deadline that has just slipped from the Commission's hands into the Council's.

That is the only practical reading of the 29 April–6 May story. The rest is procedural footnotes.

Tags

EUDI Walletage verificationGermanyIrelandFrancePolandEstoniaArticle 5f(3)fragmentation

Share this article

Help others learn about eIDAS verification

Related Articles

Market

Bitkom: 54% of Germans Want the EUDI Wallet, Only 18% Have a Working eID — The Activation Gap is the Real Problem

The 27 April Bitkom survey reframes the rollout. Intent is high; activated credentials are not. 57% of Germans have never used the eID online function, and the bottleneck for January 2027 is no longer awareness — it is the working-credential gap. What that changes for merchants.

8 min read
Market

EUDI Wallet Rollout Status by Member State — April 2026

EU Digital Identity Wallet readiness across all 27 member states. Who has a live wallet, who has a public sandbox, who is still behind, and when you can verify customers from each country.

11 min read
Market

EU 27 EUDI Wallet Readiness Scorecard, April 2026: Who's Live, Who's Late

Eight months before the December 2026 EUDI Wallet deadline, here is where every EU member state actually stands — by tier, with launch dates, scope, and known gaps.

13 min read