Welcome Access Premium provides a secure, user-friendly and efficient way to manage digital access cards, and can replace traditional physical cards to improve security and reduce administrative workload. By using biometric authentication (Face ID, Touch ID) and encrypted storage, Apple Wallet ensures that only authorised individuals gain access to buildings and resources.
This solution helps organisations comply with ISO 27001 and NIS2 requirements by offering automatic updates to access lists, logging of all access events, and remote deletion of cards when needed. Welcome Access Premium eliminates the risk of lost or cloned cards while giving users a more seamless access experience via their phone or smartwatch.
NIS2 (Network and Information Security Directive 2) is the EU's updated cybersecurity directive that sets stricter requirements for the protection of critical
infrastructure and digital services. The directive requires organisations to implement risk-based security measures, including access control, encryption, logging and incident management, to minimise the risk of cyberattacks and unauthorised access. NIS2 controls also require that security incidents are monitored, reported and handled proactively to ensure robust digital resilience.
We have put together an overview of which NIS2 requirements are met with Welcome Access Premium and the access card in Apple or Google Wallet.
Apple Wallet vs. Physical Cards – NIS2 Compliance
NIS2 Requirement | Apple Wallet (Digital Cards) | Physical Cards |
Art. 21 – Risk management and security measures | ✅ Apple Wallet offers biometric authentication and encrypted
✅ Apple Wallet offers biometric authentication and encrypted storage to minimise the attack surface.
✅ Cards can be removed remotely to prevent misuse | ❌ Cards can be lost or stolen, and can be used without additional authentication.
❌ No remote deletion, cards must be manually blocked by the security department |
Art. 21b – Access control and identity management | ✅ Multi-Factor Authentication (MFA) with biometrics and device-based authentication
✅ Automatic card updates and blocking when needed | ❌ Often no MFA – physical cards can be used by anyone if lost
❌ Requires manual management for updating and blocking |
Art. 21c – Cryptography and data protection | ✅ All Wallet data is encrypted with AES-256 and stored in the Secure Enclave
✅ Transfers are encrypted with TLS 1.2/1.3, and card data cannot be copied | ❌ RFID and magnetic stripe cards can be copied and counterfeited. Unencrypted cards can be easily copied
❌ No dynamic encryption, and data can be extracted from legacy access systems |
Art. 23 – Security incidents and incident management | ✅ Wallet can be integrated with SIEM tools for logging access and alerting on unauthorised use.
✅ Cards can be blocked in real-time if compromised | ❌ Limited logging, many access systems do not record individual users
❌ No immediate notification of suspicious use of stolen cards |
Art. 24 – Supplier management and third-party risk | ✅ Apple Wallet is PCI DSS compliant and ISO 27001 compliant
✅ Apple does not store Wallet data on servers, reducing third-party risk | ❌ Dependent on third-party providers with varying levels of security
❌ Cards can be tracked or counterfeited without effective security controls |
Art. 28 – Compliance with legal and regulatory requirements | ✅ GDPR-kompatibel: Ingen sentral lagring av personopplysninger
✅ Brukeren har full kontroll over kort og kan slette dem når som helst | ❌ Cards may contain personal information such as name and title, which could violate GDPR if lost |
Do you need help?
Chat with us via the AI chatbot at the bottom right of the screen, or send an email to support@welcomeworkdays.com.
