Fake eIDAS 2.0 EUDI Wallet QTSP (Qualified Trust Service Provider) trust-list revocation lure — "QTSP trust-list revocation pending — re-attest your wallet provider and EUDI signing keys within 7 days or wallet-relier registration will be suspended" → fake eidas-dashboard.ec.europa.eu harvests QTSP signing keys / wallet-relier creds / Article 45a attestation-of-attributes signing material. eIDAS 2.0 EUDI Wallet rollout (member-state pilots 2025-26 → mandatory by 2027) gives attackers a real and credible regulatory pretext. Real EUDI Wallet provider attestation flows go through ec.europa.eu / enisa.europa.eu / eidas-dashboard.ec.europa.eu / member-state supervisory body portals, never via inbound email link demanding QTSP signing-key re-attestation under deadline pressure. Distinct from `eidas-2-eu-digital-identity-wallet-onboarding-lure` (R7 E2, consumer EUDI Wallet onboarding via national eID) — this signal is specifically the QTSP / trust-list / wallet-provider B2B-trust-service framing. Source: GC1 R9 multiagent council top-5 P0 (S3 EU-reg specialist).

Fake eIDAS 2.0 EUDI Wallet QTSP (Qualified Trust Service Provider) trust-list revocation lure targeting EU trust service providers, wallet providers, and wallet reliers. The phish narrative arrives as: "Your QTSP qualified trust service provider attestation is pending revocation from the eIDAS trusted list — re-attest your wallet provider and EUDI signing keys within 7 days or your wallet relier status will be suspended," or "The European Digital Identity Wallet provider attestation under eIDAS Article 45a is deficient — re-attest your trust list and qualified trust service signing material before the deadline." eIDAS 2.0 EUDI Wallet rollout (member-state pilots 2025-26 → mandatory by 2027) and the corresponding QTSP / trust-list / wallet-relier ecosystem give attackers a real and credible regulatory pretext, especially because the technical onboarding flow for QTSPs and wallet reliers is genuinely under construction — even experienced trust-service operators may mistake the lookalike for a routine pre-mandatory-deadline attestation reminder. Lookalike `eidas-dashboard.ec.europa.eu` / member-state-supervisory-body portals harvest QTSP signing keys (catastrophic — these keys sign qualified electronic signatures, qualified seals, qualified website authentication certificates, and qualified electronic time stamps that have legal effect across the EU under eIDAS Articles 25-42), wallet-relier credentials, and Article 45a attestation-of-attributes signing material. Post-compromise an attacker can issue forged qualified electronic signatures on contracts, forge qualified electronic seals on company communications, and tamper with qualified-website-authentication / wallet attestations across all 27 member states. Real EUDI Wallet provider attestation flows go through ec.europa.eu / enisa.europa.eu / eidas-dashboard.ec.europa.eu / member-state supervisory body portals (BaFin, AMF, CSSF, CONSOB, etc.) using credentials provisioned via the supervisory body's own onboarding process, never via inbound email link demanding QTSP signing-key re-attestation under deadline pressure. Distinct from `eidas-2-eu-digital-identity-wallet-onboarding-lure` (R7 E2, consumer EUDI Wallet onboarding via national eID handshake) — this signal is specifically the QTSP / trust-list / wallet-provider / Article 45a B2B-trust-service framing. Fires when body references eIDAS / EUDI / European Digital Identity / QTSP / qualified trust / trust list / trusted list / wallet provider-relier / attestation of attributes / Article 45 / Article 45a AND contains revocation / re-attest / deficient / deadline / suspend / action-required urgency. Excludes ec.europa.eu, enisa.europa.eu, digital-strategy.ec.europa.eu, eidas-dashboard.ec.europa.eu, and the broader .europa.eu umbrella. Auto-classified as danger via the `-spoof` suffix. Source: GC1 R9 multi-agent council top-5 P0 (S3 EU-reg specialist).