If initial issuance request (batch or single) had a deferred response (transaction_id instead of the credential itself) wallet must remember the response encryption information specified in the initial request
When accesing the deferred endpoint with the transaction_id returned by the issuer, wallet must expect that the response should be encrypted based on the encryption information kept from step 1.
Based on discussion under OpenID4VCI issue https://github.com/openid/OpenID4VCI/issues/286 encrypted responses for deferred issuance requests must be supported the following way:
Also indicated here