On 2026-06-23, Saudi Arabia’s SASO issued Technical Notice SASO/STI 2026-087, setting a new compliance condition for Mobile Credentials used in government and critical infrastructure deployments: from 2026-10-01, such systems must pass eIDAS 2.0 interoperability certification and provide EUDI Wallet compatibility test reports. For suppliers of biometric mobile credentials, NFC token products, and Bluetooth identity devices, this is not just a paperwork update; it changes the access path for targeted projects and makes certification readiness a direct part of procurement and delivery.

What the technical notice now requires

The confirmed change is narrow but significant. SASO/STI 2026-087 applies to Mobile Credentials systems intended for government and critical infrastructure deployments. It states that, starting 2026-10-01, these systems must obtain eIDAS 2.0 interoperability certification and submit an EUDI Wallet compatibility test report. The notice also makes clear that biometric mobile credentials, NFC identity tokens, and Bluetooth-based identity token products fall within the affected product path.

Where the pressure will be felt across the chain

Suppliers facing project entry checks

For direct suppliers and exporters, the main impact is likely to appear at the project qualification stage. If a product is positioned for government or critical infrastructure use, buyers may now treat certification evidence and compatibility testing as entry requirements rather than optional documentation. That affects bid preparation, sample submission, and the timing of delivery commitments.

Manufacturers and integrators adjusting product files

Manufacturers and system integrators will need to align product specifications, technical files, and test documentation with the stated interoperability and wallet-compatibility requirements. The practical issue is not only the device itself, but also whether the supporting records can be presented in a way that matches procurement and compliance review expectations.

Testing and certification services under closer scrutiny

Testing laboratories and certification-related service providers may see more demand for structured interoperability evidence. Because the notice names both eIDAS 2.0 interoperability certification and EUDI Wallet compatibility testing, the quality and traceability of test output become part of the commercial path, not merely an after-sales support item.

Buyers and procurement teams revising acceptance criteria

For procurement teams, especially in public-sector or critical-infrastructure projects, the notice may reshape acceptance checklists. Procurement documents, supplier qualification forms, and technical evaluation criteria may now need to ask explicitly for the relevant certification and test report set before award or delivery can proceed.

What companies should review first

Check whether the product scope is covered

Companies should first verify whether their Mobile Credentials offerings are intended for government or critical infrastructure deployments. That scope matters because the notice ties the requirement to those deployment contexts, not to all mobile identity products in general.

Prepare certification and test documentation early

Where the product falls under the notice, companies should review whether they can produce eIDAS 2.0 interoperability certification evidence and an EUDI Wallet compatibility test report in a form suitable for customer review. If the documentation is not ready, the risk will likely show up in bid qualification and project scheduling.

Align sales commitments with the 2026-10-01 timing

The stated effective date means delivery promises, tender timelines, and supplier qualification schedules should be checked against the compliance cutoff. Even without additional enforcement detail, the date itself is enough to require planning in advance, especially for products with longer certification lead times.

Watch for further official execution language

Because the notice provided in the input does not include granular execution procedures, companies should continue watching for any follow-up wording on test methods, document formats, acceptance procedures, or transition handling. Those details will determine how the requirement is applied in practice.

How to read this move right now

Analysis shows that this is best understood as an execution signal rather than a general policy statement. SASO has already tied a defined product category to a specific compliance gate and a specific date, which means the market should treat it as an active market-access requirement for the covered deployment scenarios. At the same time, the absence of detailed implementation language means industry participants still need to watch for the exact certification and testing path that will be used in project execution.

From an industry perspective, the key point is that interoperability has moved from a technical preference to a compliance condition for certain identity products. That shift matters not only to product teams, but also to procurement, documentation, and delivery planning.

What this means for the market next

This notice should be read as a clear compliance update with immediate relevance for affected suppliers, buyers, and certification service providers. It does not justify broad conclusions beyond the stated scope, but it does indicate that Mobile Credentials for government and critical infrastructure deployment in Saudi Arabia may now face a more specific entrance requirement tied to eIDAS 2.0 and EUDI Wallet compatibility. The most practical response is to treat the rule as active, while continuing to monitor the detailed execution language and customer-side adoption.

Source basis and what still needs verification

This article is generated from the title, event date, and summary provided by the user. The source types that are typically relevant to this kind of development include official regulatory notices, standards-body publications, certification guidance, and related procurement or industry announcements. No specific official source link was provided in the input, so the underlying notice and any follow-up materials still need to be continuously verified against official releases. Further attention should remain on implementation details, certification interpretation, tender document changes, industry feedback, and actual supplier execution.