Qualified eIDAS Service Providers: The Official 2026 List

Why is the "qualified" eIDAS status decisive for your business?

Since the eIDAS Regulation (No. 910/2014) came into force, the European electronic signature market has been deeply restructured around a three-tier hierarchy: simple electronic signature (SES), advanced electronic signature (AES), and qualified electronic signature (QES). The latter is the only one to benefit from a legal presumption of equivalence with a handwritten signature throughout all Member States of the European Union.

For a company to be able to offer qualified signatures, it must imperatively have been audited and registered on the Trust List of its Member State. In France, it is the National Agency for the Security of Information Systems (ANSSI) that maintains this official register, which is in turn republished in the centralised European list managed by the European Commission.

Understanding this architecture is fundamental before signing any sensitive commercial contract. To delve deeper into the regulatory foundations, our comprehensive guide to eIDAS 2.0 Regulation details all the obligations and developments introduced by the revised eIDAS 2.0 Regulation (EU Regulation 2024/1183).

---

How are qualified trust service providers certified?

The path to Qualified Trust Service Provider (QTSP) status is demanding. It involves an audit conducted by an accredited Conformity Assessment Body (CAB), in accordance with ETSI EN 319 401 standards (general requirements) and ETSI EN 319 411-2 for qualified certificates.

ANSSI qualification steps

1. Submission of qualification file: the provider submits its technical, security and organisational documentation to ANSSI.
2. Audit by an accredited CAB: a third-party body — such as Bureau Veritas, LSTI or Apave Certification — verifies compliance on-site and on file.
3. Qualification decision: ANSSI grants the qualification and registers the provider on the French Trust List (TL-FR).
4. Periodic renewal: the qualification is re-evaluated, generally every two years, to guarantee the maintenance of requirements.

What does the audit specifically verify?

The auditor examines in particular:

• The physical security of data centres hosting cryptographic keys (HSM modules certified CC EAL 4+ or FIPS 140-2 Level 3 minimum);
• The Certification Policies (CP) and Certification Practice Statements (CPS) published by the provider;
• Procedures for identity verification of signatories (face-to-face or remote identity verification in line with EN 419 241-1 standard);
• Revocation management and availability of OCSP/CRL services.

These criteria explain why only a handful of players achieve and maintain this level of certification in France.

---

Qualified eIDAS service providers registered in France in 2026

The official list of qualified providers is accessible at any time on the official European Commission portal (eidas.ec.europa.eu/efts), filtering by "France" and the "QCertESig" service (Qualified Certificate for Electronic Signature). Here are the players that were listed in the register at the time of writing this article (June 2026):

French players registered on the Trust List

| Provider | Type of qualified service | Particularity | |---|---|---| | Certigna (Dhimyotis) | Qualified certificates, qualified time-stamping | La Poste group, certified eIDAS since 2016 | | Certinomis | Qualified certificates | La Poste subsidiary, focused on public sector | | ChamberSign France | Qualified certificates | Network of Chambers of Commerce, strong SME/VSE anchoring | | Keynectis / DocuSign France | Qualified certificates | Acquired by DocuSign, maintained ANSSI label | | Universign (Tessi) | Qualified certificates, time-stamping | Market pioneer, integrated into Tessi group | | Entrust (formerly Datacard) | Qualified certificates | International player, Trust List multi-Member States | | Oodrive Sign | Qualified certificates | French sovereign editor, SecNumCloud qualified |

> Warning: this list is provided for informational purposes only. Only the official Trust List of the European Commission is authoritative. Always verify current status on the ETSI portal before any contractual commitment.

Foreign service providers recognised in France via the European Trust List

Under the principle of mutual recognition laid down in Article 25 of the eIDAS Regulation, a qualified signature issued by a QTSP registered on the trust list of another Member State produces the same legal effects in France. Among frequently used non-French players:

• Namirial (Italy): strong in remote qualified signature (QES remote signing);
• SwissSign (Switzerland): note that Switzerland is not an EU member; recognition is partial;
• Qualified.one / Asseco Data Systems (Poland): European public player, frequent in cross-border markets.

To compare these solutions based on your business needs, consult our comparison of electronic signature solutions which analyses the criteria of price, compliance and API integration.

---

How to choose the right qualified eIDAS provider for your organisation?

Being listed on the Trust List is a necessary but not sufficient condition. Choosing a QTSP should be based on several complementary criteria.

Technical and integration criteria

• REST API or SDK available: essential for automating signature in your business workflows (ERP, HRIS, CRM);
• Supported signature formats: PAdES for PDFs, XAdES for XML, CAdES for binary files — all standardised by ETSI EN 319 100;
• Service availability: SLA greater than 99.9% contractually guaranteed, with maintenance windows scheduled outside business hours;
• Data hosting: prefer hosting in France or within the EU, ideally SecNumCloud qualified for sensitive data.

Legal and compliance criteria

• Verify that the provider provides an up-to-date qualification report (less than 24 months);
• Require a published Certification Policy (CP) publicly accessible and audited;
• Ensure that the general conditions explicitly provide for the delivery of qualified certificates within the meaning of Annex I of the eIDAS Regulation.

Operational and support criteria

• Signatory enrolment procedure: face-to-face at a branch, eIDAS-compliant video identification or NFC from an electronic identity document;
• French-language support with contractual response times;
• Training and documentation available for your legal and IT teams.

If your organisation manages significant HR document workflows, our dedicated page on electronic signature for HR teams details specific use cases (employment contracts, amendments, onboarding) and recommended signature levels by document type.

---

eIDAS 2.0: what changes for qualified providers in 2026?

The eIDAS 2.0 Regulation (EU Regulation 2024/1183, which came into force progressively from May 2024) introduces several structural developments that directly impact QTSPs and their clients.

The European Digital Identity Wallet (EUDI Wallet)

Article 6a of the revised Regulation requires Member States to provide, by September 2026, a digital identity wallet (EUDI Wallet) recognised throughout the EU. For qualified providers, this means:

• The obligation to accept identity attributes from the wallet as proof of identity for signatory enrolment;
• The emergence of a new qualified service: the delivery of qualified electronic attestations of attributes (Qualified Electronic Attestation of Attributes, QEAA).

New qualified services and expansion of scope

eIDAS 2.0 expands the list of qualified trust services to include:

• Qualified electronic archiving services (QPDS, Article 45f);
• Services for managing remote signature creation devices (QRCD).

These developments represent both a compliance constraint (tight timelines for existing providers) and an opportunity for differentiation for new entrants capable of quickly integrating the technical specifications published by ENISA and ETSI.

For businesses considering a migration from an existing platform to a more compliant solution, our migration guide from DocuSign or YouSign to Certyneo presents the concrete steps and regulatory vigilance points.

Legal framework applicable to qualified eIDAS providers

eIDAS Regulation and European law

The legal foundation is the Regulation (EU) No. 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market (known as the "eIDAS Regulation"), as amended by Regulation (EU) 2024/1183 (eIDAS 2.0). This Regulation is directly applicable in all Member States without national transposition.

Its key provisions for qualified providers:

• Article 17: obligation for each Member State to designate a supervisory body (in France, ANSSI);
• Article 20: procedure for supervision, audit and registration on the trust list;
• Article 25: presumption of equivalence between QES and handwritten signature, with guaranteed legal effect throughout the EU;
• Annex I: requirements relating to qualified certificates for electronic signature;
• Annex II: requirements relating to qualified signature creation devices (QSCD).

French law

In domestic law, electronic signature is governed by:

• Civil Code, Articles 1366 and 1367: Article 1366 recognises the evidentiary value of electronic writing provided that the identity of the author and the integrity of the document are guaranteed. Article 1367 specifies that electronic signature consisting of a reliable identification process benefits from a presumption of reliability when created in accordance with the implementing decree;
• Decree No. 2017-1416 of 28 September 2017: defines the conditions under which qualified electronic signature is presumed reliable in France, expressly referring to the eIDAS Regulation;
• Ordinance No. 2005-674 of 16 June 2005 on the performance of certain contractual formalities by electronic means.

Personal data protection

Enrolment and signature processes involve the processing of personal data (identity data, biometrics for video identification). The qualified provider is subject to Regulation (EU) 2016/679 (GDPR) and must in particular:

• Designate a DPO if processing is on a large scale;
• Document processing in the CNIL register;
• Govern transfers outside the EU with appropriate safeguards (standard contractual clauses, adequacy decision).

Cybersecurity and resilience

Since October 2024, the NIS2 Directive (2022/2555/EU) applies to qualified trust service providers, classified as essential entities. They must implement cyber risk management measures, notify significant incidents to ANSSI within 24 hours, and be subject to regular audits. Non-compliance exposes them to fines of up to €10 million or 2% of global annual turnover.

Technical reference standards

• ETSI EN 319 401: general requirements for trust service providers;
• ETSI EN 319 411-2: policy profile for qualified certificates;
• ETSI EN 319 132: XAdES signature formats;
• ETSI EN 319 122: CAdES signature formats;
• ETSI EN 319 162: PAdES signature formats (PDF).

Use cases: when is qualified eIDAS signature essential?

Scenario 1 — A law firm managing private deeds with high probative value

A mid-sized law firm with about twenty lawyers handles dozens of share transfers, settlement agreements and warranties of assets and liabilities (GAP) each month. These deeds involve sums often exceeding several hundred thousand euros and are likely to be contested in court.

Before migrating to a qualified eIDAS provider, the firm used an advanced signature solution (AES), which was sufficient for most everyday deeds. After an incident where the opposing party challenged the authenticity of a signature in a dispute, the firm decided to use QES for all high-stakes deeds. Result: a 90% reduction in time spent producing evidence of signature during litigation, thanks to the irrefutable legal presumption attached to QES. The unit surcharge per signature (approximately €2 to €5 depending on volumes) was fully offset by the reduction in litigation costs.

Scenario 2 — A mid-sized industrial company managing cross-border supplier contracts

A medium-sized enterprise (SME) in the industrial equipment sector, with suppliers established in France, Germany, Italy and Poland, had to send framework contracts by post or organise in-person signing meetings, generating delays of 10 to 21 working days per contract.

By deploying a solution connected to a European QTSP listed on the Trust List, the company reduced the signature cycle to less than 48 hours on average. Mutual recognition between Member States guarantees legal value without the need for further legalisation. On a portfolio of 350 annual supplier contracts, the estimated savings in administrative and logistics costs exceed €40,000 per year, according to figures consistent with industry studies published by the ACFE and APQC.

Scenario 3 — A hospital group subject to healthcare sector requirements

A hospital group of approximately 1,200 beds must electronically sign public contracts, clinical research agreements and contracts with hospital practitioners. These documents are subject to the Public Procurement Code, which requires an electronic signature compliant with the RGS (General Security Framework) at level ** or, since the dematerialisation of public markets, at an equivalent eIDAS level.

By relying on a QTSP listed on the French Trust List, the hospital group guarantees compliance with Article R. 2132-7 of the Public Procurement Code whilst reducing the signature time for contracts from 15 days to less than 72 hours. API integration with the hospital information system (HIS) made it possible to automate the sending and monitoring of documents, freeing up approximately 0.4 FTE on administrative tasks related to contracts.

Conclusion

Choosing a qualified eIDAS provider is not a simple software purchase: it is a strategic decision that commits the probative value of your deeds, the regulatory compliance of your organisation and the trust of your business and institutional partners. In 2026, with the progressive entry into force of eIDAS 2.0 and new NIS2 obligations, the level of requirement is only increasing.

The essential points to remember: systematically check registration on the official Trust List, require a published Certification Policy, and adapt the signature level (QES, AES, SES) to the legal stakes of each document.

Certyneo supports you in this approach by giving you access to qualified certificates via registered QTSPs, a robust API integration and dedicated legal support. Ready to move to qualified signature? Request a demo or create your Certyneo account and get your organisation into compliance today.