Qualified eIDAS Providers: The Official 2026 List

Why is the "qualified" eIDAS status decisive for your business?

Since the entry into force of the eIDAS regulation (No 910/2014), the European electronic signature market has been profoundly restructured around a three-level hierarchy: simple electronic signature (SES), advanced electronic signature (AES) and qualified electronic signature (QES). The latter is the only one to benefit from a legal presumption of equivalence with a handwritten signature in all Member States of the European Union.

For a company to be able to offer qualified signatures, it must imperatively have been audited and registered on the trust list (Trust List) of its Member State. In France, it is the National Agency for Information Systems Security (ANSSI) that maintains this official register, republished in turn in the centralised European list managed by the European Commission.

Understanding this architecture is fundamental before signing any sensitive business contract. To go further on regulatory foundations, our comprehensive guide on eIDAS 2.0 regulation details all the obligations and changes introduced by the revised eIDAS 2.0 regulation (EU Regulation 2024/1183).

---

How are qualified trust service providers certified?

The path to the status of Qualified Trust Service Provider (QTSP) is demanding. It involves an audit carried out by an accredited Conformity Assessment Body (CAB), in accordance with ETSI EN 319 401 standards (general requirements) and ETSI EN 319 411-2 for qualified certificates.

ANSSI qualification steps

1. Submission of qualification file: the provider submits its technical, security and organisational documentation to ANSSI.
2. Audit by an accredited CAB: a third-party body — such as Bureau Veritas, LSTI or Apave Certification — verifies compliance on-site and on documents.
3. Qualification decision: ANSSI issues the qualification and registers the provider on the French trust list (TL-FR).
4. Periodic renewal: the qualification is re-evaluated, generally every two years, to guarantee the maintenance of requirements.

What does the audit concretely verify?

The auditor examines in particular:

• The physical security of data centres hosting cryptographic keys (HSM modules certified CC EAL 4+ or FIPS 140-2 Level 3 minimum) ;
• The certification policies (CP) and certification practice statements (CPS) published by the provider ;
• The procedures for identity verification of signatories (face-to-face or remote identity verification compliant with EN 419 241-1 standard) ;
• The management of revocations and the availability of OCSP/CRL services.

These criteria explain why only a handful of players achieve and maintain this level of certification in France.

---

Qualified eIDAS providers listed in France in 2026

The official list of qualified providers is accessible at any time on the official portal of the European Commission (eidas.ec.europa.eu/efts), by filtering on "France" and the service "QCertESig" (Qualified Certificate for Electronic Signature). Here are the players that were registered on the register at the time of writing this article (June 2026):

French players listed on the Trust List

| Provider | Type of qualified service | Particularity | |---|---|---| | Certigna (Dhimyotis) | Qualified certificates, qualified time-stamping | La Poste group, eIDAS certified since 2016 | | Certinomis | Qualified certificates | La Poste subsidiary, public sector oriented | | ChamberSign France | Qualified certificates | Network of CCIs, strong SME/micro-enterprise anchor | | Keynectis / DocuSign France | Qualified certificates | Acquired by DocuSign, ANSSI label maintained | | Universign (Tessi) | Qualified certificates, time-stamping | Market pioneer, integrated into Tessi group | | Entrust (ex-Datacard) | Qualified certificates | International player, multi-Member State Trust List | | Oodrive Sign | Qualified certificates | French sovereign publisher, SecNumCloud qualified |

> Disclaimer: this list is provided for informational purposes only. Only the official Trust List of the European Commission is authoritative. Always verify current status on the ETSI portal before any contractual commitment.

Foreign providers recognised in France via the European Trust List

By virtue of the principle of mutual recognition laid down in Article 25 of the eIDAS regulation, a qualified signature issued by a QTSP registered on the trust list of another Member State produces the same legal effects in France. Among non-French players frequently used:

• Namirial (Italy): strong in remote qualified signature (QES remote signing) ;
• SwissSign (Switzerland): note that Switzerland is not an EU member; recognition is partial ;
• Qualified.one / Asseco Data Systems (Poland): public European player, frequent in cross-border markets.

To compare these solutions according to your business needs, consult our comparison of electronic signature solutions which analyses price, compliance and API integration criteria.

---

How to choose the right qualified eIDAS provider for your organisation?

Being listed on the Trust List is a necessary but not sufficient condition. The choice of a QTSP must be based on several complementary criteria.

Technical and integration criteria

• REST API or SDK available: essential to automate signature in your business workflows (ERP, HRIS, CRM) ;
• Supported signature formats: PAdES for PDFs, XAdES for XMLs, CAdES for binary files — all standardised by ETSI EN 319 100 ;
• Service availability: SLA greater than 99.9% guaranteed contractually, with maintenance slots scheduled outside business hours ;
• Data hosting: prefer hosting in France or the EU, ideally SecNumCloud qualified for sensitive data.

Legal and compliance criteria

• Verify that the provider provides an up-to-date qualification report (less than 24 months old) ;
• Require a published certification policy (CP) accessible to the public and audited ;
• Ensure that the general conditions explicitly provide for the delivery of qualified certificates within the meaning of Annex I of the eIDAS regulation.

Operational and support criteria

• Enrolment procedure for signatories: face-to-face at an agency, video identification compliant with eIDAS or NFC from an electronic identity document ;
• Support in English with contractual response times ;
• Training and documentation available for your legal and IT teams.

If your organisation manages significant HR document flows, our dedicated page on electronic signature for HR teams details specific use cases (employment contracts, amendments, onboarding) and recommended signature levels by document type.

---

eIDAS 2.0: what changes for qualified providers in 2026?

The eIDAS 2.0 regulation (EU Regulation 2024/1183, progressively entering into force since May 2024) introduces several structural changes that directly impact QTSPs and their clients.

The European Digital Identity Wallet (EUDI Wallet)

Article 6a of the revised regulation requires Member States to provide, by September 2026, a digital identity wallet (EUDI Wallet) recognised throughout the EU. For qualified providers, this means:

• The obligation to accept identity attributes issued from the wallet as proof of identity for enrolment of signatories ;
• The emergence of a new qualified service: the delivery of qualified electronic attestations of attributes (Qualified Electronic Attestation of Attributes, QEAA).

New qualified services and extension of scope

eIDAS 2.0 expands the list of qualified trust services to include:

• Qualified electronic archiving services (QPDS, article 45f) ;
• Services for managing remote signature creation devices (QRCD).

These developments represent both a compliance constraint (tight deadlines for existing providers) and an opportunity for differentiation for new entrants capable of quickly integrating the technical specifications published by ENISA and ETSI.

For organisations planning a migration from an existing platform to a more compliant solution, our migration guide from DocuSign or YouSign to Certyneo presents concrete steps and regulatory vigilance points.

Legal framework applicable to qualified eIDAS providers

eIDAS regulation and European law

The legal foundation is the Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market (the "eIDAS regulation"), as amended by Regulation (EU) 2024/1183 (eIDAS 2.0). This regulation is directly applicable in all Member States without national transposition.

Its key provisions for qualified providers:

• Article 17: obligation for each Member State to designate a supervisory body (in France, ANSSI) ;
• Article 20: supervision, audit and registration procedures on the trust list ;
• Article 25: presumption of equivalence between QES and handwritten signature, with guaranteed legal effect throughout the EU ;
• Annex I: requirements relating to qualified certificates for electronic signature ;
• Annex II: requirements relating to qualified signature creation devices (QSCD).

French law

Under internal law, electronic signature is governed by:

• Civil Code, Articles 1366 and 1367: Article 1366 recognises the evidentiary value of the electronic writing provided that it guarantees the identity of the author and the integrity of the document. Article 1367 clarifies that electronic signature consisting of a reliable identification process is presumed reliable when created in accordance with the implementing decree ;
• Decree No 2017-1416 of 28 September 2017: defines the conditions under which qualified electronic signature is presumed reliable in France, by explicitly referring to the eIDAS regulation ;
• Ordinance No 2005-674 of 16 June 2005 relating to the fulfilment of certain contractual formalities by electronic means.

Personal data protection

Enrolment and signature processes involve the processing of personal data (identity data, biometrics for video identification). The qualified provider is subject to the Regulation (EU) 2016/679 (GDPR) and must in particular:

• Appoint a DPO if processing is on a large scale ;
• Document treatments in the CNIL register ;
• Govern transfers outside the EU by appropriate safeguards (standard contractual clauses, adequacy decision).

Cybersecurity and resilience

Since October 2024, the NIS2 Directive (2022/2555/EU) applies to qualified trust service providers, classified as essential entities. They must implement cyber risk management measures, notify significant incidents to ANSSI within 24 hours, and undergo regular audits. Non-compliance exposes companies to fines of up to €10 million or 2% of annual worldwide turnover.

Reference technical standards

• ETSI EN 319 401: general requirements for trust service providers ;
• ETSI EN 319 411-2: policy profile for qualified certificates ;
• ETSI EN 319 132: XAdES signature formats ;
• ETSI EN 319 122: CAdES signature formats ;
• ETSI EN 319 162: PAdES signature formats (PDF).

Use cases: when is qualified eIDAS signature essential?

Scenario 1 — A law firm managing high-value probative deeds

A business law firm of about twenty staff members processes several dozen share transfers, settlement agreements and warranty and indemnity agreements (GAP) each month. These deeds commit sums often exceeding several hundred thousand euros and are likely to be contested in court.

Before migrating to a qualified eIDAS provider, the firm used an advanced signature solution (AES), which was sufficient for the majority of routine deeds. After an incident where the opposing party challenged the authenticity of a signature during litigation, the firm chose QES for all high-stakes deeds. Result: 90% reduction in time spent producing evidence of signature during contentious proceedings, thanks to the irrefutable legal presumption attached to QES. The unit surcharge per signature (approximately €2 to €5 depending on volumes) was fully absorbed by the reduction in litigation costs.

Scenario 2 — A mid-sized industrial company managing cross-border supplier contracts

A mid-sized enterprise (ETI) in the industrial equipment sector, with suppliers established in France, Germany, Italy and Poland, previously had to send its framework contracts by post or organise in-person signing meetings, creating delays of 10 to 21 working days per contract.

By deploying a solution connected to a European QTSP listed on the Trust List, the company reduced the signature cycle to less than 48 hours on average. Mutual recognition between Member States guarantees legal value without need for additional legalisation. With a portfolio of 350 supplier contracts per year, the estimated savings in administrative and logistics costs exceed €40,000 per year, according to ranges consistent with sector studies published by ACFE and APQC.

Scenario 3 — A hospital group subject to healthcare sector requirements

A hospital group of approximately 1,200 beds must electronically sign public contracts, clinical research agreements and hospital practitioner contracts. These documents are subject to the Code of Public Procurement, which requires electronic signature compliant with the RGS (General Security Reference) at level ** or, since the dematerialisation of public contracts, an equivalent eIDAS level.

By relying on a QTSP listed on the French Trust List, the group guarantees compliance with Article R. 2132-7 of the Public Procurement Code whilst reducing contract signature times from 15 days to less than 72 hours. API integration with the hospital information system (SIH) enabled automation of document sending and tracking, freeing up approximately 0.4 FTE on contract-related administrative tasks.

Conclusion

Choosing a qualified eIDAS provider is not a simple software purchase: it is a strategic decision that engages the probative value of your deeds, the regulatory compliance of your organisation and the trust of your commercial and institutional partners. In 2026, with the progressive entry into force of eIDAS 2.0 and new NIS2 obligations, the level of requirements is only increasing.

The essential points to remember: systematically verify registration on the official Trust List, require a published certification policy, and adapt the signature level (QES, AES, SES) to the legal stakes of each document.

Certyneo supports you in this approach by giving you access to qualified certificates via listed QTSPs, a robust integration API and dedicated legal support. Ready to switch to qualified signature? Request a demo or create your account on Certyneo and bring your organisation into compliance today.