In the document attached I have placed some pointwise comments on and recommendations for the German EUDI wallet architecture: - Comment #1 Architecture does not consistently uses eIDAS concepts, most notably the WSCA - Comment #2 Architecture does not formulate verifiable (cryptographic) security objectives to be met - Comment #3 No analysis/motivation on resistance against high attack potential, e.g. nation states - Comment #4: No clarity on whether the D-wallet WSCA should be based on HSM-firmware or not - Comment #5: No clarity of the mitigation of “Repudiation Risk” Each comment is followed by a recommendation. At the end of the document I have placed a section with the references used. Kind regards, [D-wallets_comments_and_recommendations.pdf](/uploads/f728579ecc6ca6ca8de0e82b706b0987/D-wallets_comments_and_recommendations.pdf) Eric Verheul 28 July 2025