eIDAS 1 to 2 Transition: Impacts on Signature in 2025

On 20 May 2024, Regulation (EU) 2024/1183 — commonly called eIDAS 2 — was published in the Official Journal of the European Union, progressively repealing Regulation No 910/2014 (eIDAS 1). This text represents the most structuring reform of digital identity and electronic signature in Europe since 2016. For French companies using electronic signature solutions in their contractual workflows, the transition is not a formality: it involves technical, legal and organisational adjustments with a horizon extending to 2026 and beyond. Understanding the eIDAS 1 to eIDAS 2 transition and its impact on electronic signature in 2025 has therefore become a priority for legal, IT and HR departments. This article deciphers the fundamental developments of the framework, the precise transition timeline and the concrete measures to take to remain compliant.

What eIDAS 2 Regulation Fundamentally Changes

From the 2014 Regulation to the 2024 Overhaul: Why Revision Was Necessary

eIDAS 1 laid the foundations for mutual recognition of electronic signatures within the Union. Three hierarchical levels — simple (SES), advanced (AdES) and qualified (QES) — structured the probative value of signatures, backed by a list of trust service providers (TSL). But over ten years, two major gaps emerged.

Firstly, the original regulation applied essentially to relations with public administrations (G2B, G2C). It did not create direct obligations in private transactions (B2B, B2C), leaving a normative vacuum that each Member State filled heterogeneously. Secondly, the rise of digital services — mobile applications, open banking, telemedicine — had revealed the absence of a portable and interoperable digital identity system at the continental level.

eIDAS 2 addresses these two challenges by introducing the European Digital Identity Wallet (EUDIW) and broadening the scope of trust services to new use cases: qualified electronic archiving, qualified attribute attestations, qualified electronic registers (including certified blockchain applications).

The New Categories of Qualified Trust Services

eIDAS 2 extends the list of qualified trust services (article 3 and revised annex IV). In addition to signatures, seals and qualified timestamps already recognised by eIDAS 1, the following are now qualified:

• Qualified electronic archiving services (art. 34 bis): obligation to preserve the integrity and readability of signed documents over the long term, with enhanced requirements for service providers (QTSP).
• Qualified remote signature creation device management services (QRCD): strengthened oversight of remote signature solutions via cloud Hardware Security Modules (HSM).
• Qualified attribute attestations: mechanism allowing a trust third party to certify attributes of an entity (e.g. lawyer status, doctor status) without revealing their entire identity.
• Qualified electronic registers: recognition of distributed registers under strict auditability and resilience conditions.

For users of electronic signature solutions, this extension means that qualified trust services available on the market will diversify, and that the selection criteria for a service provider (QTSP) must incorporate these new capabilities.

The EUDIW: Digital Identity Wallet as Signature Infrastructure

The most visible innovation of eIDAS 2 remains the EUDIW. Each Member State will be required to make available to its citizens and residents a free, interoperable digital identity wallet with all other Member States by 26 November 2026 (deadline for national compliance under article 5 bis). This wallet will allow:

• authenticating the user with a high level of assurance (LoA High) without resorting to a third-party identification provider;
• electronically signing documents with qualified value (QES) directly from the wallet;
• sharing selective identity attributes (selective disclosure), thereby respecting the data minimisation principle of the GDPR.

For businesses, the EUDIW theoretically simplifies identity verification procedures prior to qualified signature, removing friction from video-identification or face-to-face identification. In practice, impact will depend on the pace of national deployment — France launched a pilot experiment in 2025 under the "France Identité" programme.

Precise Timeline for eIDAS 1 to eIDAS 2 Transition

The Regulatory Milestones to Know

Regulation 2024/1183 entered into force on 20 May 2024, but its application is progressive. Here are the key deadlines:

| Date | Event | |------|-------| | 20 May 2024 | Publication in OJ, formal entry into force | | 20 November 2024 | 6-month deadline for Commission adoption of implementing acts (EUDIW technical specifications) | | End 2025 | Publication of revised ETSI standards (EN 319 411-1/2, EN 319 401) integrating eIDAS 2 requirements | | 26 May 2026 | Deadline for Member State compliance on new categories of qualified services | | 26 November 2026 | Mandatory availability of EUDIW by each Member State | | 2027-2028 | Full revision of national trust lists (TSL) and accreditation of new QTSPs |

eIDAS 1 remains valid and signatures issued under its regime retain full legal value. There is no obligation to re-sign existing documents. Conversely, qualified trust service providers will need to renew their accreditation under the new technical standards by 2027.

What Does Not Change and What to Monitor

Continuity is a cardinal principle of the transition. The three signature levels (SES, AdES, QES) are maintained with their definitions unchanged. The presumption of equivalence with a handwritten signature attached to QES (article 25 eIDAS 1, repeated at article 27 eIDAS 2) remains in effect. The probative value of your current electronic signatures is not questioned.

What must be monitored, however: the implementing acts published by the European Commission throughout 2025-2026 will set the precise technical specifications of the EUDIW and new service categories. These level 2 texts have considerable practical importance for integrators and software publishers. For businesses using electronic signature in their HR or legal processes, it is recommended to ask your service provider for an eIDAS 2 compliance roadmap.

Concrete Impact on Businesses and Their Signature Solutions

Which Workflows Are Affected as Priority?

The eIDAS 1 to eIDAS 2 transition does not have the same impact depending on the signature level used. For businesses, three situations can be distinguished:

Simple electronic signature (SES): used for low-value amendments, proof of receipt, internal forms. No immediate update obligation. Probative rules remain governed by the Civil Code (art. 1366-1367) and not directly by eIDAS.

Advanced electronic signature (AdES/AdESQC): businesses using B2B solutions for commercial contracts, dematerialised employment contracts or real estate deeds must verify that their service provider maintains compliance with ETSI standards EN 319 132 (XAdES), EN 319 122 (CAdES) and EN 319 142 (PAdES) in their revised versions for eIDAS 2. These standards will be published by ETSI by end 2025.

Qualified electronic signature (QES): qualified service providers (QTSP) will need to undergo new eIDAS 2 accreditation. The transitional period provides a reasonable deadline (until 2027), but calls for tender issued from 2025 should integrate eIDAS 2 compliance clauses in selection criteria. For organisations comparing available options, the comparison of electronic signature solutions allows you to assess the maturity of publishers on this subject.

New Requirements for Qualified Trust Service Providers (QTSP)

eIDAS 2 toughens requirements applicable to QTSPs on three major points:

1. System security: mandatory alignment with NIS2 (Directive (EU) 2022/2555) for QTSPs, now classified as essential entities. This translates into obligations to notify incidents within 24 hours, annual security audits and implementation of business continuity plans.

1. Strengthened liability: article 13 eIDAS 2 expands the liability regime for QTSPs. In case of proven breach, the burden of proof is reversed: the service provider must demonstrate that it was not negligent, not the other way around.

1. Mandatory interoperability: QTSPs will need to expose standardised APIs compatible with the EUDIW to allow native integration of identity wallets. This requirement will accelerate modernisation of the integration interfaces available to developers.

For businesses considering switching service providers in this context, migrating from DocuSign or YouSign to an eIDAS 2-compliant solution is a course of action that should be anticipated now rather than urgently in 2027.

Personal Data and eIDAS 2: Articulation with GDPR

The EUDIW collects and processes personal identity data. eIDAS 2 explicitly provides (recital 11 and article 5 bis §14) that the entire system must be GDPR-compliant (Regulation (EU) 2016/679). Several points to note:

• Selective disclosure: the wallet must allow users to share only attributes strictly necessary for the transaction (minimisation principle, art. 5(1)(c) GDPR). For a contract signature, only verification of majority could be shared without revealing the full date of birth.
• Transfers outside the EU: personal data processed under the EUDIW cannot be transferred outside the EEA except with appropriate safeguards (art. 46 GDPR). Service providers using US cloud infrastructure must document their compliance.
• Signature log retention: the archiving of signature evidence must respect a duration proportionate to the nature of the document. The new eIDAS 2 qualified archiving service provides a technical framework to meet this requirement.

Businesses managing international employment contracts are particularly affected by this GDPR/eIDAS 2 articulation, especially when signatories reside outside the EU.

Legal Framework Applicable to eIDAS 1 to eIDAS 2 Transition

Reference Documents

The transition rests on a set of documents essential to master:

At European level:

• Regulation (EU) No 910/2014 (eIDAS 1): still in force until its progressive repeal by eIDAS 2. Defines the three signature levels (SES, AdES, QES) and the regime for QTSPs.
• Regulation (EU) 2024/1183 (eIDAS 2): entered into force on 20 May 2024. Substantially modifies eIDAS 1 without immediately repealing it. Provisions relating to the EUDIW apply upon publication of implementing acts.
• Regulation (EU) 2016/679 (GDPR): applies in full to the processing of identity data under the EUDIW and signature processes. Article 5 bis §14 of eIDAS 2 explicitly recalls this subordination.
• Directive (EU) 2022/2555 (NIS2): imposes strengthened cybersecurity obligations on QTSPs, now classified as essential entities. Transposed into French law by Ordinance No 2024-821 of 20 June 2024 (pending implementing decree).

At French level:

• Civil Code, articles 1366 and 1367: foundation of the probative value of writings in electronic form. Article 1366 establishes equivalence between electronic and paper writing under conditions. Article 1367 gives qualified signature (QES) the same probative force as a handwritten signature.
• Decree No 2017-1416 of 28 September 2017: specifies conditions for using electronic signature in private deeds. Remains applicable during the transitional period.
• General Security Reference (RGS) v2: for French administrations, the RGS requires use of solutions referenced by ANSSI. Its update to integrate eIDAS 2 is expected during 2026.

ETSI Technical Standards Applicable

ETSI standards constitute the level 3 of the normative hierarchy. Current applicable versions:

• EN 319 132-1/2: XAdES format (advanced XML signatures)
• EN 319 122-1/2: CAdES format (advanced CMS signatures)
• EN 319 142-1/2: PAdES format (advanced PDF signatures)
• EN 319 401: general requirements for trust service providers
• EN 319 411-1/2: requirements for CAs issuing qualified certificates

These standards will be revised by end 2025 to incorporate new eIDAS 2 requirements. Contracts with QTSPs should include a clause for updating to revised versions without additional cost.

Legal Risks of Non-Compliance

A signature issued by a service provider that would no longer be accredited after 2027 would not automatically lose its legal value for already-signed documents, but it would no longer benefit from the legal presumption of equivalence with a handwritten signature (art. 25 eIDAS). The burden of proving the signature's integrity and the signer's identity would then rest entirely with the business in case of litigation. This probative risk is particularly sensitive for deeds where the limitation period is long (5 years in commercial law, 30 years for real property rights).

Usage Scenarios: How Organisations Anticipate eIDAS 2 Transition

Scenario 1: A 25-Person Law Firm Rationalises Its Documentary Compliance

A law firm specialising in business law, with approximately 25 employees and intense activity in signature of mandates, deeds of cession and settlement agreements, had used an advanced signature solution (AdES) for all its workflows until 2024. Upon announcement of eIDAS 2, the firm conducted an audit of its 1,200 annually signed documents to identify those requiring QES under new bar recommendations.

Result: 15% of deeds (approximately 180 per year) were reclassified to qualified signature, securing the probative regime of these documents. The firm negotiated with its signature editor a clause guaranteeing eIDAS 2 compliance upon publication of implementing acts, without additional cost. The administrative time linked to verification of signatory identity decreased by 40% thanks to anticipation of EUDIW integration planned for 2026.

Scenario 2: A 150-Employee Industrial SME Secures Its Supplier Contractual Chain

An industrial SME managing approximately 350 supplier contracts per year — purchase orders, NDAs, framework contracts — operated with two distinct signature solutions for its internal and external flows, creating fragmentation of audit evidence. In the context of eIDAS 2 transition and new qualified archiving requirements, IT decided to unify its platform.

By migrating to a single solution integrating qualified electronic archiving (future eIDAS 2 category), the SME reduced its secure storage costs by 30% and consolidated its signature evidence in a digital safe deposit box compliant with standards. The entire documentary chain is now auditable in less than 2 minutes during supplier checks — a growing requirement of their customers in the automotive industry.

Scenario 3: A Hospital Group of Approximately 600 Beds Prepares EUDIW Integration

A public hospital group used qualified electronic signature for its medical contracts and public procurement, in accordance with public procurement code obligations. With eIDAS 2, IT identified two priority issues: future integration of the "France Identité" wallet for independent doctors working in the facility, and NIS2 compliance of its QTSP.

The group included in its digital strategic roadmap 2025-2028 a specific lot "eIDAS 2 compliance", with a provisional budget of 45,000 € for technical migration and staff training. The objective is to be able to accept signatures via EUDIW from national deployment scheduled for November 2026, thus reducing contractualisation delays with liberal health professionals from 3 days to less than 4 hours on average according to available sectoral benchmarks.

Conclusion

The eIDAS 1 to eIDAS 2 transition is not a rupture but a structured evolution, with a precise timeline extending to 2027. Impacts on electronic signature are real — expansion of qualified services, arrival of the EUDIW, toughened NIS2 requirements for QTSPs — but manageable provided they are anticipated. Businesses that act now benefit from a margin to audit their workflows, secure their contracts with service providers and train their teams without urgent regulatory pressure.

Certyneo supports businesses in this transition with a clear eIDAS 2 compliance roadmap, signature formats kept up to date and an architecture ready for EUDIW integration. Ready to secure your signature flows in this new regulatory framework? Discover our offers and get started free on Certyneo.