TU Munich research: eVault closes the gap to the EUDI Wallet
Starting in 2026, every EU citizen will receive an EUDI Wallet — a digital vault for credentials of every kind. The infrastructure is in place, the regulation is set, and the first wallet providers are rolling out their products. One decisive question remains open, however: how do legally binding documents actually get into that wallet? That is exactly where our project, developed together with the Technical University of Munich, comes in: the eVault BürgerTresor.
The Problem: Empty Wallets
The European Digital Identity is a done deal — but without a practical way to issue and qualify-sign documents, the wallets stay empty. Four structural gaps prevent productive use today:
Empty wallets. The EUDI Wallet is being rolled out, but there is no standardised process to get documents of every kind — certificates, deeds, contracts, attestations — inside it.
QES complexity. Verifying documents and applying a qualified electronic signature (QES) requires standardised workflows. They are missing at most public authorities and companies today.
No machine-readable formats. Documents exist as unstructured files. Administrative workflows, however, need structured digital twins to process data automatically.
No validation infrastructure. There is no standardised process to validate documents between an issuer and a holder and to deliver them into the wallet.
The Solution: eVault as a Signature Bridge
*The responsibility split in the eVault flow: BundID identifies, eVault prepares, authority signs, wallet stores.*
eVault is not another wallet. It is the bridge between document issuers and the EUDI Wallet — compatible with every wallet provider and open to any type of document. The division of responsibilities is deliberately simple:
BundID identifies. One-time authentication happens via existing infrastructure (BundID, the German eID app, or the EUDI Wallet itself).
eVault prepares. Documents are signed with an advanced electronic signature (AES), a structured digital twin is generated, and the package is forwarded to the issuing organisation.
The authority signs. The responsible body verifies the document — the way a notary verifies a purchase contract — and applies the qualified electronic signature (QES).
The result: a legally binding digital credential in the EUDI Wallet, without every authority having to build its own ingest and validation infrastructure.
The Flow in Three Phases
*From registration to EUDI Wallet — the full eVault process, animated.*
Phase 1 — Registration
The citizen registers with BundID at the eVault.
A smart contract generates a unique **cryptID **[π, σ] and books the transaction on the C-Chain.
The citizen receives the cryptID as a personal cryptographic identity.
The cryptID is unique like DNA — it replaces login, password and chip card and becomes the basis for every subsequent signature.
Phase 2 — Upload a Document
The citizen creates document D, encrypts it and signs it with an advanced electronic signature (AES).
Uploads [AES; D] into the eVault.
The eVault generates the **digital twin **Z — structured, machine-readable metadata in XML or CSV — and books the transaction on the C-Chain.
The digital twin is the key to later integration with administrative workflows: alongside the original document, a structured data record is now available that a government IT system can ingest directly.
Phase 3 — Send and QES
The citizen sends [AES; D; Z] to the responsible organisation — for example a district administration office.
The authority verifies the document and applies the qualified electronic signature (QES).
[QES; AES; D; Z] is delivered into the citizen's EUDI Wallet.
The document is now legally binding in the wallet and can be reused at any time — with other authorities, employers or insurers.
The Technology Behind eVault
C-Chain — the Performant Alternative to Blockchain
C-Chain was developed by Prof. Rudolf Bayer (Professor Emeritus of Computer Science at TU München and, among other things, inventor of the B-tree). It serves as the ledger for all wallet transactions — and deliberately avoids the known weaknesses of classical blockchains:
Instant final settlement. Every booking is final the moment it lands. No waiting, no probabilistic confirmations.
No proof-of-work. Cryptographic certification replaces PoW. No energy problem, no ecological footprint.
Perfect scalability. One chain per citizen — compatible with the EUDI Wallet architecture. Every transaction history belonging to one person is a single click away.
IoT and edge ready. Runs on microcontrollers and edge devices with hardware security modules (HSMs) — extremely lightweight and performant.
cryptID — Identity Without Infrastructure
A citizen's personal cryptographic identity is generated once and then replaces all conventional authentication methods: no login, no password, no chip card. Once verified — via BundID, the German eID app or the EUDI Wallet itself — it stays valid indefinitely.
Digital Twin — Machine-Readable Metadata
On upload, every document is automatically translated into a structured metadata record. The twin follows open formats (XML/CSV) and can be ingested directly by administrative workflows — a point that the current EUDI specification deliberately leaves open.
What Sets eVault Apart from a Pure EUDI Wallet
Three points position eVault as complementary infrastructure to the wallet, not as a competing product:
Machine-readable processing. Digital twins make direct integration into administrative workflows possible. A school certificate lands in the wallet not only as a PDF but also as a structured data record.
Legal entities and the Business Wallet. eVault addresses the European Business Wallet perspective as well: companies and organisations as issuers and recipients of credentials.
Non-Qualified Trust Service Provider. eVault gives municipal and corporate actors a certification role as a bridge between issuers and wallets — without every single body having to take on the full Trust Service Provider process.
Project Status and Timeline
Phase
Status
Research
Completed
Prototype
Available
Beta phase
Active since Q1/2026
EUDI integration
Target: Q4/2026
Rollout in model region
In preparation
Roughly three to four person-years of development work have gone into the project so far. Rollout will happen in two stages: first in a model region, then nationwide.
What is needed next: integration with EUDI wallet providers, certification as a Trust Service Provider, pilot projects with model regions and the connection to the federal IT architecture.
The Team
Prof. Rudolf Bayer, Ph.D. — Project lead and research. Emeritus professor of computer science at TU München, inventor of the B-tree and developer of the C-Chain technology.
Felix Stürmer — Concept and implementation. Computer scientist with a focus on human–computer interaction, responsible for UX, architecture and the technical implementation of eVault.
Interested in a Pilot Partnership?
Public authorities, wallet providers and administrative-workflow vendors who want to get validated documents into the EUDI Wallet are welcome to reach out to the project team directly. All details, the technical approach and the roadmap are documented on the project page.
The EUDI Wallet is a done deal — the real question is no longer whether but how documents get into it securely. The eVault BürgerTresor closes that gap with an architecture built on clear roles (BundID, eVault, authority), established cryptography and the C-Chain developed at TU München. The prototype exists, the beta is running, and integration with the EUDI Wallet is scheduled for Q4/2026. Now it is time for partnerships to turn the bridge into production infrastructure.
