eIDAS 2 Deployment Schedule: EU 2026-2027

Introduction: Why the eIDAS 2 Schedule is Crucial for Your Organisation

Since the entry into force of regulation (EU) 2024/1183 — commonly called eIDAS 2 — the European framework for digital identity and electronic signature has undergone its most profound transformation since 2014. Whilst the revised text is formally adopted, it is its operational deployment, spread between 2024 and 2027, which now concentrates the attention of Chief Information Officers, legal advisers and compliance officers. Understanding the official deployment schedule for the eIDAS 2 regulation in the European Union makes it possible to anticipate obligations, secure contractual processes and avoid any compliance gap. This article deciphers the key stages, expected implementing acts and concrete impacts for French and European companies.

---

1. Reminder: What is eIDAS 2 and Why This Revision?

1.1 The Limitations of eIDAS 1 (2014)

The original eIDAS regulation (No. 910/2014) laid the foundations for digital trust in Europe: mutual recognition of electronic signatures, creation of qualified (QES), simple (SES) and advanced (AdES) levels, and accreditation of Trust Service Providers (TSP). However, ten years of implementation have highlighted several major gaps:

• National fragmentation: less than 19 % of European citizens used a cross-border electronic identification scheme in 2022 according to the European Commission.
• Absence of a digital identity wallet: eIDAS 1 did not provide for a universal instrument allowing each citizen or company to prove their identity online in all Member States.
• Partial coverage: qualified electronic archiving services or attribute attestations were not harmonised.

1.2 The Structural Contributions of eIDAS 2

Adopted on 11 April 2024 and published in the EU Official Journal on 30 April 2024, regulation (EU) 2024/1183 introduces in particular:

• The European Digital Identity Wallet (EUDI Wallet): a digital identity wallet that each Member State must offer to its nationals.
• New qualified trust services: qualified electronic attribute attestations, qualified electronic archiving, remote signature creation device management.
• Expansion of scope: large online platforms (within the meaning of the DSA regulation) will have to accept the EUDI Wallet for user authentication.
• Strengthened governance: creation of a stricter certification framework for TSP compliance.

To deepen the fundamentals of the regulation, our complete guide to eIDAS 2.0 details all regulatory developments.

---

2. The Official eIDAS 2 Deployment Schedule: Stages and Key Dates 2024-2027

eIDAS 2 regulation structures its entry into application around a multi-stage mechanism: entry into force, implementing acts of the Commission, national transposition and effective deployment of tools. Here is the official roadmap.

2.1 Phase 1 — Entry into Force and Delegated Acts (May 2024 – End 2025)

| Date | Stage | |---|---| | 30 April 2024 | Publication of regulation (EU) 2024/1183 in the OJEU | | 20 May 2024 | Official entry into force (D+20 after publication) | | Q3-Q4 2024 | Launch of working groups on implementing acts (eIDAS 2 Toolbox) | | End 2024 | Publication of initial technical specifications for EUDI Wallet (ARF — Architecture Reference Framework v1.4) | | Q1-Q2 2025 | Commission implementing acts on technical specifications of wallets (12-month deadline provided for in Article 5a) | | Q3 2025 | Implementing acts relating to new qualified trust services |

The European Commission published in January 2025 the first batch of implementing acts relating to the common technical specifications of the EUDI Wallet. These texts constitute the mandatory technical basis for Member States.

2.2 Phase 2 — Deployment of Pilot Projects and National Transpositions (2025-2026)

As part of the Large Scale Pilots (LSP) programme, four consortiums have tested the EUDI Wallet since 2023 on more than 360 use cases across 25 Member States:

• EU Digital Identity Wallet Consortium (EUDIW) — 140+ entities
• NOBID — focused on digital payments
• POTENTIAL — identity and attributes
• DC4EU — diplomas and professional qualifications

The results of these pilots directly feed into the implementing acts. On the national level, Member States have 24 months from the entry into application of the implementing acts to deploy their national wallet. In practice, this means that the vast majority of national deployments are expected between mid-2026 and end 2026.

| Period | Expected Actions | |---|---| | Q1-Q2 2026 | Final adoption of outstanding implementing acts (qualified archiving, attribute attestations) | | Q2 2026 | First production versions of EUDI Wallets in leading States (Germany, Netherlands, Spain) | | Q3-Q4 2026 | Gradual deployment across the 27 Member States — opening to professional users | | End 2026 | Obligations to accept EUDI Wallet for online public services (Art. 5b) |

France, via the Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI) and the Direction Interministérielle du Numérique (DINUM), has engaged its adaptation work in 2025. The French wallet project is based on France Identité as a technical foundation.

2.3 Phase 3 — Acceptance Obligations for the Private Sector (2027)

This is the most impactful stage for companies. Article 5b of eIDAS 2 requires that certain private sector providers accept the EUDI Wallet for online identification in the following areas:

• Banking and financial services (account opening, KYC)
• Mobility (transport, vehicle rental)
• Energy (consumer contracts)
• Very large online platforms (within the meaning of the DSA, > 45 million monthly active users in the EU)
• Telecommunications

The mandatory acceptance deadline is set at 12 months after the wallet becomes available in each Member State, which places the actual deadline for most sectors during the first half of 2027.

For companies already using electronic signature solutions compliant with eIDAS, the challenge is to ensure the compatibility of their document flows with the new identity attributes from digital wallets.

---

3. Impact on Trust Service Providers (TSP) and SaaS Editors

3.1 New Obligations for Qualified TSP

Qualified Trust Service Providers (QTSP) must update their certification practices to integrate the new service categories introduced by eIDAS 2:

• Qualified electronic attribute attestations: digital driving licence, diplomas, professional qualifications
• Qualified electronic archiving: service guaranteeing long-term integrity of signed documents
• Remote signature creation device management (RQSCD): clarification of the framework for cloud-based solutions

QTSP have up to 18 months after the publication of revised ETSI standards (expected Q2-Q3 2026) to comply with the new technical requirements, which places the first effective re-certifications in 2027.

3.2 What This Means for User Companies

If your organisation uses a SaaS electronic signature provider — whether a certified QES solution or an advanced signature tool — several compliance questions arise right now:

1. Is your provider updating its certification to integrate eIDAS 2 requirements?
2. Are your signature workflows ready to receive identities from EUDI Wallets?
3. Does your archiving policy meet future qualified electronic archiving requirements?

Our analyses of the comparison of electronic signature solutions now integrate the eIDAS 2 roadmap criterion as a key differentiating factor.

3.3 Technical Reference Standards

The ETSI (European Telecommunications Standards Institute) is responsible for producing the harmonised standards on which eIDAS 2 is based. The work programme for 2025-2027 covers in particular:

• ETSI EN 319 411-1 and -2 (revised): policies and requirements for TSP issuing certificates
• ETSI EN 319 132-1 (XAdES) and EN 319 122-1 (CAdES): advanced and qualified signature formats
• ETSI TS 119 500: trust framework for qualified electronic archiving services
• ISO/IEC 18013-5: protocol for presenting mDL (mobile Driving Licence) attributes, adopted as the technical basis for the EUDI Wallet

---

4. eIDAS 2 Schedule in France: Progress and Specific Obligations

4.1 ANSSI's Role in National Governance

In France, ANSSI is the supervisory authority for Trust Service Providers under eIDAS. In the perspective of eIDAS 2, it manages:

• Adaptation of the general security reference framework (RGS) to integrate new qualified services
• Participation in the eIDAS cooperation group (Article 46e of the regulation)
• Supervision of compliance audits for French QTSP

ANSSI published in March 2025 a national roadmap specifying the steps for adapting the French framework to eIDAS 2, with a review point scheduled for September 2026.

4.2 Obligations for Large French Companies

French companies exceeding the DSA thresholds or operating in sectors targeted by Article 5b must now conduct an impact analysis. The recommended steps are:

1. Map identification flows: identify processes where digital identity is required (KYC, contract signature, client area access)
2. Assess current providers: verify their eIDAS 2 compliance roadmap
3. Plan updates to T&Cs and signature policies: anticipate integration of identity attributes from EUDI Wallets
4. Train legal and IT teams: the technical and legal framework is evolving significantly

For companies managing significant contractual volumes, electronic signature tools in enterprises must be evaluated for their ability to evolve towards eIDAS 2 without service disruption.

4.3 Articulation with Other European Regulations

The deployment of eIDAS 2 does not happen in isolation. It is closely linked with:

• GDPR (2016/679): identity attributes contained in EUDI Wallets constitute personal data subject to the principles of minimisation and purpose limitation
• NIS 2 Directive (2022/2555): TSP are essential entities under NIS 2 and must meet strengthened cybersecurity requirements
• DORA Regulation (2022/2554): financial institutions using trust services for their digital operations must integrate these dependencies in their ICT risk mapping
• Data Regulation (Data Act, 2023/2854): interoperability of identity data between sectors

Companies that have already engaged their NIS 2 compliance will find significant synergies with eIDAS 2 compliance, particularly on risk management and business continuity aspects.

---

5. Preparing Your Organisation Now: The 2026 Checklist

5.1 For Legal and Compliance Departments

• [ ] Read regulation (EU) 2024/1183 in its consolidated version and identify articles applicable to your sector
• [ ] Map contracts and processes requiring updates (signature clauses, retention policy)
• [ ] Verify the cross-border legal validity of your current electronic signatures in the eIDAS 2 context
• [ ] Anticipate integration of qualified attribute attestations (e.g. professional qualification verification for notarial or medical acts)

5.2 For Information Systems Departments

• [ ] Assess the compatibility of your technical stack with EUDI Wallet protocols (OpenID4VP, ISO 18013-5)
• [ ] Identify APIs to be updated with your electronic signature editors
• [ ] Plan integration tests with available pilot wallets in 2026
• [ ] Set up monitoring of Commission implementing acts (notifications in the EU Official Journal)

5.3 For Business Departments

The expected gains from well-anticipated compliance are concrete: reduction of friction in signature journeys through pre-verified identity from the EUDI Wallet, acceleration of KYC processes, and reduction of identity verification costs. To assess the return on investment of your transition, our electronic signature ROI calculator integrates parameters specific to eIDAS 2 compliance.

Finally, organisations considering migration from other solutions to a platform natively prepared for eIDAS 2 can consult our migration guide from DocuSign or YouSign to Certyneo, which details the technical and contractual steps of a seamless transition.

Legal Framework Applicable to eIDAS 2 Deployment

Foundational Texts and Hierarchy of Norms

The deployment of eIDAS 2 is part of a stratified legal corpus whose mastery is essential for any organisation subject to compliance obligations.

Regulation (EU) 2024/1183 of the European Parliament and of the Council — called "eIDAS 2" — is the reference standard. It repeals and replaces regulation (EU) No. 910/2014 (eIDAS 1) on the points it amends, while maintaining the validity of existing certifications during the transition periods provided for in Articles 51 and following. Published in the Official Journal of the EU series L on 30 April 2024, it entered into force on 20 May 2024.

The French Civil Code, Articles 1366 and 1367, confirms the recognition of electronic signature as equivalent to handwritten signature when it meets the conditions for identifying the signatory and ensuring document integrity. These provisions are interpreted in light of European eIDAS law, which takes precedence by virtue of the principle of primacy of Union law.

Regulation (EU) 2016/679 (GDPR) applies in full to processing of personal data carried out within the framework of the EUDI Wallet and trust services. Identity attributes (biographical data, qualifications, licences) constitute personal data within the meaning of Article 4(1) of the GDPR. The minimisation principle (Art. 5(1)(c)) is particularly relevant: service providers must collect only attributes strictly necessary for the purpose of the transaction.

Directive (EU) 2022/2555 (NIS 2), transposed into French law by Law No. 2024-449 of 21 May 2024, classifies qualified Trust Service Providers among essential entities subject to strengthened obligations for cyber risk management, incident notification and supply chain security.

ETSI standards constitute the harmonised technical reference for eIDAS 2:

• ETSI EN 319 401: general requirements for TSP
• ETSI EN 319 411-1/-2: policies for TSP issuing qualified certificates
• ETSI EN 319 132-1: XAdES format (advanced XML signatures)
• ETSI EN 319 122-1: CAdES format (advanced CMS signatures)
• ETSI EN 319 162-1: ASiC format (signature containers)

Legal Risks of Non-Compliance

Failure to comply with eIDAS 2 obligations exposes organisations to several risks:

1. Non-enforceability of signatures: an electronic signature made via a non-compliant TSP may lose the legal presumption of validity, putting the probative value of signed contracts in question.
2. Administrative penalties: national supervisory authorities (ANSSI in France) can impose corrective measures, compliance orders, or even withdrawal of accreditation for TSP.
3. Contractual liability: companies using non-compliant tools may have their liability engaged towards their customers and partners if a dispute concerns the validity of an electronically signed act.
4. Cumulative with GDPR: non-compliant management of identity attributes in the EUDI Wallet can simultaneously expose to CNIL penalties (up to 4% of annual global turnover).

Concrete Use Case Scenarios Against the eIDAS 2 Schedule

Scenario 1 — A Medium-Sized Law Firm Managing Cross-Border Transactions

A business law firm with about fifteen lawyers regularly handling M&A transactions involving counterparties in several EU Member States (Belgium, Netherlands, Spain) currently uses a qualified electronic signature solution for its share sale agreements and confidentiality protocols. With the entry into application of the eIDAS 2 schedule, the firm anticipates two major developments by end 2026:

• Simplified identity verification: foreign counterparties will be able to present their identity attributes via their national EUDI Wallet, eliminating passport copy exchanges and redundant KYC procedures. According to estimates from Commission reports on LSP, the time gain on the identity verification phase is estimated between 40 % and 60 % depending on the jurisdictions involved.
• Enhanced probative value: acts signed with identities attested by qualified EUDI Wallets will benefit from an even more robust legal presumption, reducing the risk of judicial challenge in cross-border disputes.

The firm plans to migrate to a SaaS platform with a documented eIDAS 2 roadmap before Q3 2026, about six months before the first acceptance obligations.

Scenario 2 — An Industrial SME Managing High Volume of Supplier Contracts

An SME in the industrial equipment sector managing about 250 supplier contracts per year, with 30 % involving European partners outside France, faces increasing constraints in verifying identity during onboarding of new suppliers. The current process — request for business registration certificate, copy of legal representative ID, manual verification — typically mobilises 2.5 hours per file according to sectoral benchmarks from buyer federations.

With integration of the EUDI Wallet into its signature workflow by 2027, the SME projects:

• A reduction of 55 to 70 % of time spent on identity verification thanks to qualified attribute attestations (registration number, legal representation)
• A reduction of 80 % of document requests to foreign suppliers
• Enhanced security against document fraud, as attributes are cryptographically verifiable

The SME has identified the need to update its general purchasing terms to integrate reference to eIDAS 2 attestations, in liaison with its legal adviser.

Scenario 3 — A Hospital Group Anticipating Compliance for Digital Medical Acts

A hospital group of approximately 900 beds spread across three sites must manage electronic signature of sensitive medical documents: informed consents, prescriptions, surgical reports and contracts with care providers. French regulations impose qualified signature for certain medical acts with strong legal impact.

In the perspective of the eIDAS 2 schedule, the group anticipates the arrival of qualified attribute attestations for health professional qualifications (RPPS number, specialty, practice facility), which will enable:

• Automating verification of signer quality (doctor, surgeon, pharmacist) without manual verification in professional directories
• Reducing risks of signature attribution errors during replacements and on-call periods
• Facilitating portability of digital medical records between facilities, within the framework of the European health data space (EHDS)

The group estimates that integration of EUDI Wallet flows into its hospital information system (HIS) represents a project of 12 to 18 months, justifying a launch of technical studies from Q3 2026 for production rollout before the sector-specific acceptance obligation.

Conclusion

The deployment schedule for eIDAS 2 regulation in the European Union is now clearly marked out: implementing acts being finalised in 2026, deployment of national EUDI Wallets between mid-2026 and end 2026, and acceptance obligations for the private sector from the first half of 2027. This roadmap leaves a concrete window of action for French and European companies, provided they engage in compliance analysis, provider evaluation and update of contractual processes now.

Waiting until 2027 to achieve compliance risks an urgent transition, with the costs and legal risks this implies. Certyneo, designed natively for eIDAS requirements and with an active roadmap towards eIDAS 2, supports you from today in this transition. Start free on Certyneo and secure your document flows in compliance with the European digital trust framework.